1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/android_keymaster.h>
18
19 #include <vector>
20
21 #include <assert.h>
22 #include <string.h>
23
24 #include <stddef.h>
25
26 #include <cppbor.h>
27 #include <cppbor_parse.h>
28
29 #include <keymaster/UniquePtr.h>
30 #include <keymaster/android_keymaster_utils.h>
31 #include <keymaster/attestation_context.h>
32 #include <keymaster/cppcose/cppcose.h>
33 #include <keymaster/key.h>
34 #include <keymaster/key_blob_utils/ae.h>
35 #include <keymaster/key_factory.h>
36 #include <keymaster/keymaster_context.h>
37 #include <keymaster/km_date.h>
38 #include <keymaster/km_openssl/openssl_err.h>
39 #include <keymaster/km_openssl/openssl_utils.h>
40 #include <keymaster/logger.h>
41 #include <keymaster/operation.h>
42 #include <keymaster/operation_table.h>
43 #include <keymaster/remote_provisioning_utils.h>
44 #include <keymaster/secure_deletion_secret_storage.h>
45
46 namespace keymaster {
47
48 namespace {
49
50 using cppcose::constructCoseEncrypt;
51 using cppcose::constructCoseMac0;
52 using cppcose::CoseKey;
53 using cppcose::EC2;
54 using cppcose::ES256;
55 using cppcose::generateCoseMac0Mac;
56 using cppcose::kAesGcmNonceLength;
57 using cppcose::P256;
58 using cppcose::x25519_HKDF_DeriveKey;
59
60 template <keymaster_tag_t T>
CheckPatchLevel(const AuthorizationSet & tee_enforced,const AuthorizationSet & sw_enforced,TypedTag<KM_UINT,T> tag,uint32_t current_patchlevel)61 keymaster_error_t CheckPatchLevel(const AuthorizationSet& tee_enforced,
62 const AuthorizationSet& sw_enforced, TypedTag<KM_UINT, T> tag,
63 uint32_t current_patchlevel) {
64 uint32_t key_patchlevel;
65 if (tee_enforced.GetTagValue(tag, &key_patchlevel) ||
66 sw_enforced.GetTagValue(tag, &key_patchlevel)) {
67 if (key_patchlevel < current_patchlevel) {
68 return KM_ERROR_KEY_REQUIRES_UPGRADE;
69 } else if (key_patchlevel > current_patchlevel) {
70 LOG_E("Key blob invalid! key patchlevel %lu is > current patchlevel %lu",
71 (unsigned long)key_patchlevel, (unsigned long)current_patchlevel);
72 return KM_ERROR_INVALID_KEY_BLOB;
73 }
74 }
75 return KM_ERROR_OK;
76 }
77
CheckVersionInfo(const AuthorizationSet & tee_enforced,const AuthorizationSet & sw_enforced,const KeymasterContext & context)78 keymaster_error_t CheckVersionInfo(const AuthorizationSet& tee_enforced,
79 const AuthorizationSet& sw_enforced,
80 const KeymasterContext& context) {
81 uint32_t os_version;
82 uint32_t os_patchlevel;
83 context.GetSystemVersion(&os_version, &os_patchlevel);
84
85 keymaster_error_t err =
86 CheckPatchLevel(tee_enforced, sw_enforced, TAG_OS_PATCHLEVEL, os_patchlevel);
87 if (err != KM_ERROR_OK) return err;
88
89 // Also check the vendor and boot patchlevels if available.
90 auto vendor_patchlevel = context.GetVendorPatchlevel();
91 if (vendor_patchlevel.has_value()) {
92 err = CheckPatchLevel(tee_enforced, sw_enforced, TAG_VENDOR_PATCHLEVEL,
93 vendor_patchlevel.value());
94 if (err != KM_ERROR_OK) return err;
95 }
96 auto boot_patchlevel = context.GetBootPatchlevel();
97 if (boot_patchlevel.has_value()) {
98 err = CheckPatchLevel(tee_enforced, sw_enforced, TAG_BOOT_PATCHLEVEL,
99 boot_patchlevel.value());
100 if (err != KM_ERROR_OK) return err;
101 }
102
103 return KM_ERROR_OK;
104 }
105
106 const keymaster_key_param_t kKeyMintEcdsaP256Params[] = {
107 Authorization(TAG_PURPOSE, KM_PURPOSE_ATTEST_KEY),
108 Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC), Authorization(TAG_KEY_SIZE, 256),
109 Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256), Authorization(TAG_EC_CURVE, KM_EC_CURVE_P_256),
110 Authorization(TAG_NO_AUTH_REQUIRED),
111 // The certificate generated by KM will be discarded, these values don't matter.
112 Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), Authorization(TAG_CERTIFICATE_NOT_AFTER, 0)};
113
getMacFunction(bool test_mode,RemoteProvisioningContext * rem_prov_ctx)114 cppcose::HmacSha256Function getMacFunction(bool test_mode,
115 RemoteProvisioningContext* rem_prov_ctx) {
116 if (test_mode) {
117 return [](const cppcose::bytevec& input) {
118 const cppcose::bytevec macKey(32);
119 return cppcose::generateHmacSha256(macKey, input);
120 };
121 }
122
123 return [rem_prov_ctx](const cppcose::bytevec& input) -> cppcose::ErrMsgOr<cppcose::HmacSha256> {
124 auto mac = rem_prov_ctx->GenerateHmacSha256(input);
125 if (!mac) {
126 return "Remote provisioning context failed to sign MAC.";
127 }
128 return *mac;
129 };
130 }
131
blob2Pair(const keymaster_blob_t & blob)132 std::pair<const uint8_t*, size_t> blob2Pair(const keymaster_blob_t& blob) {
133 return {blob.data, blob.data_length};
134 }
135
136 constexpr int kP256AffinePointSize = 32;
137 constexpr int kRoTVersion1 = 40001;
138
139 } // anonymous namespace
140
AndroidKeymaster(KeymasterContext * context,size_t operation_table_size,int32_t message_version)141 AndroidKeymaster::AndroidKeymaster(KeymasterContext* context, size_t operation_table_size,
142 int32_t message_version)
143 : context_(context), operation_table_(new (std::nothrow) OperationTable(operation_table_size)),
144 message_version_(message_version) {}
145
~AndroidKeymaster()146 AndroidKeymaster::~AndroidKeymaster() {}
147
AndroidKeymaster(AndroidKeymaster && other)148 AndroidKeymaster::AndroidKeymaster(AndroidKeymaster&& other)
149 : context_(move(other.context_)), operation_table_(move(other.operation_table_)),
150 message_version_(other.message_version_) {}
151
152 // TODO(swillden): Unify support analysis. Right now, we have per-keytype methods that determine if
153 // specific modes, padding, etc. are supported for that key type, and AndroidKeymaster also has
154 // methods that return the same information. They'll get out of sync. Best to put the knowledge in
155 // the keytypes and provide some mechanism for AndroidKeymaster to query the keytypes for the
156 // information.
157
158 template <typename T>
check_supported(const KeymasterContext & context,keymaster_algorithm_t algorithm,SupportedResponse<T> * response)159 bool check_supported(const KeymasterContext& context, keymaster_algorithm_t algorithm,
160 SupportedResponse<T>* response) {
161 if (context.GetKeyFactory(algorithm) == nullptr) {
162 response->error = KM_ERROR_UNSUPPORTED_ALGORITHM;
163 return false;
164 }
165 return true;
166 }
167
GetVersion(const GetVersionRequest &,GetVersionResponse * rsp)168 void AndroidKeymaster::GetVersion(const GetVersionRequest&, GetVersionResponse* rsp) {
169 if (rsp == nullptr) return;
170
171 rsp->major_ver = 2;
172 rsp->minor_ver = 0;
173 rsp->subminor_ver = 0;
174 rsp->error = KM_ERROR_OK;
175 }
176
GetVersion2(const GetVersion2Request & req)177 GetVersion2Response AndroidKeymaster::GetVersion2(const GetVersion2Request& req) {
178 GetVersion2Response rsp;
179 rsp.km_version = context_->GetKmVersion();
180 rsp.km_date = kKmDate;
181 rsp.max_message_version = MessageVersion(rsp.km_version, rsp.km_date);
182 rsp.error = KM_ERROR_OK;
183
184 // Determine what message version we should use.
185 message_version_ = NegotiateMessageVersion(req, rsp);
186
187 LOG_D("GetVersion2 results: %d, %d, %d, %d", rsp.km_version, rsp.km_date,
188 rsp.max_message_version, message_version_);
189 return rsp;
190 }
191
SupportedAlgorithms(const SupportedAlgorithmsRequest &,SupportedAlgorithmsResponse * response)192 void AndroidKeymaster::SupportedAlgorithms(const SupportedAlgorithmsRequest& /* request */,
193 SupportedAlgorithmsResponse* response) {
194 if (response == nullptr) return;
195
196 response->error = KM_ERROR_OK;
197
198 size_t algorithm_count = 0;
199 const keymaster_algorithm_t* algorithms = context_->GetSupportedAlgorithms(&algorithm_count);
200 if (algorithm_count == 0) return;
201 response->results_length = algorithm_count;
202 response->results = dup_array(algorithms, algorithm_count);
203 if (!response->results) response->error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
204 }
205
206 template <typename T>
GetSupported(const KeymasterContext & context,keymaster_algorithm_t algorithm,keymaster_purpose_t purpose,const T * (OperationFactory::* get_supported_method)(size_t * count)const,SupportedResponse<T> * response)207 void GetSupported(const KeymasterContext& context, keymaster_algorithm_t algorithm,
208 keymaster_purpose_t purpose,
209 const T* (OperationFactory::*get_supported_method)(size_t* count) const,
210 SupportedResponse<T>* response) {
211 if (response == nullptr || !check_supported(context, algorithm, response)) return;
212
213 const OperationFactory* factory = context.GetOperationFactory(algorithm, purpose);
214 if (!factory) {
215 response->error = KM_ERROR_UNSUPPORTED_PURPOSE;
216 return;
217 }
218
219 size_t count;
220 const T* supported = (factory->*get_supported_method)(&count);
221 response->SetResults(supported, count);
222 }
223
SupportedBlockModes(const SupportedBlockModesRequest & request,SupportedBlockModesResponse * response)224 void AndroidKeymaster::SupportedBlockModes(const SupportedBlockModesRequest& request,
225 SupportedBlockModesResponse* response) {
226 GetSupported(*context_, request.algorithm, request.purpose,
227 &OperationFactory::SupportedBlockModes, response);
228 }
229
SupportedPaddingModes(const SupportedPaddingModesRequest & request,SupportedPaddingModesResponse * response)230 void AndroidKeymaster::SupportedPaddingModes(const SupportedPaddingModesRequest& request,
231 SupportedPaddingModesResponse* response) {
232 GetSupported(*context_, request.algorithm, request.purpose,
233 &OperationFactory::SupportedPaddingModes, response);
234 }
235
SupportedDigests(const SupportedDigestsRequest & request,SupportedDigestsResponse * response)236 void AndroidKeymaster::SupportedDigests(const SupportedDigestsRequest& request,
237 SupportedDigestsResponse* response) {
238 GetSupported(*context_, request.algorithm, request.purpose, &OperationFactory::SupportedDigests,
239 response);
240 }
241
SupportedImportFormats(const SupportedImportFormatsRequest & request,SupportedImportFormatsResponse * response)242 void AndroidKeymaster::SupportedImportFormats(const SupportedImportFormatsRequest& request,
243 SupportedImportFormatsResponse* response) {
244 if (response == nullptr || !check_supported(*context_, request.algorithm, response)) return;
245
246 size_t count;
247 const keymaster_key_format_t* formats =
248 context_->GetKeyFactory(request.algorithm)->SupportedImportFormats(&count);
249 response->SetResults(formats, count);
250 }
251
SupportedExportFormats(const SupportedExportFormatsRequest & request,SupportedExportFormatsResponse * response)252 void AndroidKeymaster::SupportedExportFormats(const SupportedExportFormatsRequest& request,
253 SupportedExportFormatsResponse* response) {
254 if (response == nullptr || !check_supported(*context_, request.algorithm, response)) return;
255
256 size_t count;
257 const keymaster_key_format_t* formats =
258 context_->GetKeyFactory(request.algorithm)->SupportedExportFormats(&count);
259 response->SetResults(formats, count);
260 }
261
GetHmacSharingParameters()262 GetHmacSharingParametersResponse AndroidKeymaster::GetHmacSharingParameters() {
263 GetHmacSharingParametersResponse response(message_version());
264 KeymasterEnforcement* policy = context_->enforcement_policy();
265 if (!policy) {
266 response.error = KM_ERROR_UNIMPLEMENTED;
267 return response;
268 }
269
270 response.error = policy->GetHmacSharingParameters(&response.params);
271 return response;
272 }
273
274 ComputeSharedHmacResponse
ComputeSharedHmac(const ComputeSharedHmacRequest & request)275 AndroidKeymaster::ComputeSharedHmac(const ComputeSharedHmacRequest& request) {
276 ComputeSharedHmacResponse response(message_version());
277 KeymasterEnforcement* policy = context_->enforcement_policy();
278 if (!policy) {
279 response.error = KM_ERROR_UNIMPLEMENTED;
280 return response;
281 }
282 response.error = policy->ComputeSharedHmac(request.params_array, &response.sharing_check);
283
284 return response;
285 }
286
287 VerifyAuthorizationResponse
VerifyAuthorization(const VerifyAuthorizationRequest & request)288 AndroidKeymaster::VerifyAuthorization(const VerifyAuthorizationRequest& request) {
289 KeymasterEnforcement* policy = context_->enforcement_policy();
290 if (!policy) {
291 VerifyAuthorizationResponse response(message_version());
292 response.error = KM_ERROR_UNIMPLEMENTED;
293 return response;
294 }
295
296 return policy->VerifyAuthorization(request);
297 }
298
GenerateTimestampToken(GenerateTimestampTokenRequest & request,GenerateTimestampTokenResponse * response)299 void AndroidKeymaster::GenerateTimestampToken(GenerateTimestampTokenRequest& request,
300 GenerateTimestampTokenResponse* response) {
301 KeymasterEnforcement* policy = context_->enforcement_policy();
302 if (!policy) {
303 response->error = KM_ERROR_UNIMPLEMENTED;
304 } else {
305 response->token.challenge = request.challenge;
306 response->error = policy->GenerateTimestampToken(&response->token);
307 }
308 }
309
AddRngEntropy(const AddEntropyRequest & request,AddEntropyResponse * response)310 void AndroidKeymaster::AddRngEntropy(const AddEntropyRequest& request,
311 AddEntropyResponse* response) {
312 response->error = context_->AddRngEntropy(request.random_data.peek_read(),
313 request.random_data.available_read());
314 }
315
get_key_factory(const AuthorizationSet & key_description,const KeymasterContext & context,keymaster_error_t * error)316 const KeyFactory* get_key_factory(const AuthorizationSet& key_description,
317 const KeymasterContext& context, //
318 keymaster_error_t* error) {
319 keymaster_algorithm_t algorithm;
320 const KeyFactory* factory{};
321 if (!key_description.GetTagValue(TAG_ALGORITHM, &algorithm) ||
322 !(factory = context.GetKeyFactory(algorithm))) {
323 *error = KM_ERROR_UNSUPPORTED_ALGORITHM;
324 }
325 return factory;
326 }
327
GenerateKey(const GenerateKeyRequest & request,GenerateKeyResponse * response)328 void AndroidKeymaster::GenerateKey(const GenerateKeyRequest& request,
329 GenerateKeyResponse* response) {
330 if (response == nullptr) return;
331
332 const KeyFactory* factory =
333 get_key_factory(request.key_description, *context_, &response->error);
334 if (!factory) return;
335
336 UniquePtr<Key> attest_key;
337 if (request.attestation_signing_key_blob.key_material_size) {
338 attest_key = LoadKey(request.attestation_signing_key_blob, request.attest_key_params,
339 &response->error);
340 if (response->error != KM_ERROR_OK) return;
341 }
342
343 if (request.key_description.Contains(TAG_PURPOSE, KM_PURPOSE_ATTEST_KEY) &&
344 request.key_description.GetTagCount(TAG_PURPOSE) > 1) {
345 // ATTEST_KEY cannot be combined with any other purpose.
346 response->error = KM_ERROR_INCOMPATIBLE_PURPOSE;
347 return;
348 }
349
350 response->enforced.Clear();
351 response->unenforced.Clear();
352 response->error = factory->GenerateKey(request.key_description,
353 move(attest_key), //
354 request.issuer_subject,
355 &response->key_blob, //
356 &response->enforced,
357 &response->unenforced, //
358 &response->certificate_chain);
359 }
360
GenerateRkpKey(const GenerateRkpKeyRequest & request,GenerateRkpKeyResponse * response)361 void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request,
362 GenerateRkpKeyResponse* response) {
363 if (response == nullptr) return;
364
365 auto rem_prov_ctx = context_->GetRemoteProvisioningContext();
366 if (rem_prov_ctx == nullptr) {
367 response->error = static_cast<keymaster_error_t>(kStatusFailed);
368 return;
369 }
370
371 // Generate the keypair that will become the attestation key.
372 GenerateKeyRequest gen_key_request(message_version_);
373 gen_key_request.key_description.Reinitialize(kKeyMintEcdsaP256Params,
374 array_length(kKeyMintEcdsaP256Params));
375 GenerateKeyResponse gen_key_response(message_version_);
376 GenerateKey(gen_key_request, &gen_key_response);
377 if (gen_key_response.error != KM_ERROR_OK) {
378 response->error = static_cast<keymaster_error_t>(kStatusFailed);
379 return;
380 }
381
382 // Retrieve the certificate and parse it to build a COSE_Key
383 if (gen_key_response.certificate_chain.entry_count != 1) {
384 // Error: Need the single non-signed certificate with the public key in it.
385 response->error = static_cast<keymaster_error_t>(kStatusFailed);
386 return;
387 }
388 std::vector<uint8_t> x_coord(kP256AffinePointSize);
389 std::vector<uint8_t> y_coord(kP256AffinePointSize);
390 response->error =
391 GetEcdsa256KeyFromCert(gen_key_response.certificate_chain.begin(), x_coord.data(),
392 x_coord.size(), y_coord.data(), y_coord.size());
393 if (response->error != KM_ERROR_OK) {
394 response->error = static_cast<keymaster_error_t>(kStatusFailed);
395 return;
396 }
397
398 cppbor::Map cose_public_key_map = cppbor::Map()
399 .add(CoseKey::KEY_TYPE, EC2)
400 .add(CoseKey::ALGORITHM, ES256)
401 .add(CoseKey::CURVE, P256)
402 .add(CoseKey::PUBKEY_X, x_coord)
403 .add(CoseKey::PUBKEY_Y, y_coord);
404 if (request.test_mode) {
405 cose_public_key_map.add(CoseKey::TEST_KEY, cppbor::Null());
406 }
407
408 std::vector<uint8_t> cosePublicKey = cose_public_key_map.canonicalize().encode();
409
410 auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx);
411 auto macedKey = constructCoseMac0(macFunction, {} /* externalAad */, cosePublicKey);
412 if (!macedKey) {
413 response->error = static_cast<keymaster_error_t>(kStatusFailed);
414 return;
415 }
416 std::vector<uint8_t> enc = macedKey->encode();
417 response->maced_public_key = KeymasterBlob(enc.data(), enc.size());
418 response->key_blob = std::move(gen_key_response.key_blob);
419 response->error = KM_ERROR_OK;
420 }
421
GenerateCsr(const GenerateCsrRequest & request,GenerateCsrResponse * response)422 void AndroidKeymaster::GenerateCsr(const GenerateCsrRequest& request,
423 GenerateCsrResponse* response) {
424 if (response == nullptr) return;
425
426 auto rem_prov_ctx = context_->GetRemoteProvisioningContext();
427 if (rem_prov_ctx == nullptr) {
428 LOG_E("Couldn't get a pointer to the remote provisioning context, returned null.", 0);
429 response->error = static_cast<keymaster_error_t>(kStatusFailed);
430 return;
431 }
432
433 auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx);
434 auto pubKeysToSign = validateAndExtractPubkeys(request.test_mode, request.num_keys,
435 request.keys_to_sign_array, macFunction);
436 if (!pubKeysToSign.isOk()) {
437 LOG_E("Failed to validate and extract the public keys for the CSR", 0);
438 response->error = static_cast<keymaster_error_t>(pubKeysToSign.moveError());
439 return;
440 }
441
442 std::vector<uint8_t> ephemeral_mac_key(SHA256_DIGEST_LENGTH, 0 /* value */);
443 if (GenerateRandom(ephemeral_mac_key.data(), ephemeral_mac_key.size()) != KM_ERROR_OK) {
444 LOG_E("Failed to generate a random mac key.", 0);
445 response->error = static_cast<keymaster_error_t>(kStatusFailed);
446 return;
447 }
448
449 auto ephemeral_mac_function = [&ephemeral_mac_key](const cppcose::bytevec& input) {
450 return cppcose::generateHmacSha256(ephemeral_mac_key, input);
451 };
452
453 auto pubKeysToSignMac =
454 generateCoseMac0Mac(ephemeral_mac_function, std::vector<uint8_t>{}, *pubKeysToSign);
455 if (!pubKeysToSignMac) {
456 LOG_E("Failed to generate COSE_Mac0 over the public keys to sign.", 0);
457 response->error = static_cast<keymaster_error_t>(kStatusFailed);
458 return;
459 }
460 response->keys_to_sign_mac = KeymasterBlob(pubKeysToSignMac->data(), pubKeysToSignMac->size());
461
462 std::unique_ptr<cppbor::Map> device_info_map = rem_prov_ctx->CreateDeviceInfo();
463 std::vector<uint8_t> device_info = device_info_map->encode();
464 response->device_info_blob = KeymasterBlob(device_info.data(), device_info.size());
465 auto protectedDataPayload = rem_prov_ctx->BuildProtectedDataPayload(
466 request.test_mode, //
467 ephemeral_mac_key /* Payload */,
468 cppbor::Array() /* AAD */
469 .add(std::pair(request.challenge.begin(),
470 request.challenge.end() - request.challenge.begin()))
471 .add(std::move(device_info_map))
472 .add(std::pair(pubKeysToSignMac->data(), pubKeysToSignMac->size()))
473 .encode());
474 if (!protectedDataPayload) {
475 LOG_E("Failed to construct ProtectedData: %s", protectedDataPayload.moveMessage().c_str());
476 response->error = static_cast<keymaster_error_t>(kStatusFailed);
477 return;
478 }
479
480 std::vector<uint8_t> ephemeralPrivKey(X25519_PRIVATE_KEY_LEN);
481 std::vector<uint8_t> ephemeralPubKey(X25519_PUBLIC_VALUE_LEN);
482 X25519_keypair(ephemeralPubKey.data(), ephemeralPrivKey.data());
483
484 auto eek = validateAndExtractEekPubAndId(request.test_mode, request.endpoint_enc_cert_chain);
485 if (!eek.isOk()) {
486 LOG_E("Failed to validate and extract the endpoint encryption key.", 0);
487 response->error = static_cast<keymaster_error_t>(eek.moveError());
488 return;
489 }
490
491 auto sessionKey =
492 x25519_HKDF_DeriveKey(ephemeralPubKey, ephemeralPrivKey, eek->first, true /* senderIsA */);
493 if (!sessionKey) {
494 LOG_E("Failed to derive the session key.", 0);
495 response->error = static_cast<keymaster_error_t>(kStatusFailed);
496 return;
497 }
498
499 std::vector<uint8_t> nonce(kAesGcmNonceLength, 0 /* value */);
500 if (GenerateRandom(nonce.data(), nonce.size()) != KM_ERROR_OK) {
501 LOG_E("Failed to generate a random nonce.", 0);
502 response->error = static_cast<keymaster_error_t>(kStatusFailed);
503 return;
504 }
505 auto coseEncrypted = constructCoseEncrypt(*sessionKey, //
506 nonce, //
507 protectedDataPayload.moveValue(), //
508 {}, // aad
509 buildCertReqRecipients(ephemeralPubKey, eek->second));
510
511 if (!coseEncrypted) {
512 LOG_E("Failed to construct a COSE_Encrypt ProtectedData structure", 0);
513 response->error = static_cast<keymaster_error_t>(kStatusFailed);
514 return;
515 }
516 std::vector<uint8_t> payload = coseEncrypted->encode();
517 response->protected_data_blob = KeymasterBlob(payload.data(), payload.size());
518 response->error = KM_ERROR_OK;
519 }
520
GetKeyCharacteristics(const GetKeyCharacteristicsRequest & request,GetKeyCharacteristicsResponse * response)521 void AndroidKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
522 GetKeyCharacteristicsResponse* response) {
523 if (response == nullptr) return;
524
525 UniquePtr<Key> key;
526 response->error =
527 context_->ParseKeyBlob(KeymasterKeyBlob(request.key_blob), request.additional_params, &key);
528 if (response->error != KM_ERROR_OK) return;
529
530 // scavenge the key object for the auth lists
531 response->enforced = move(key->hw_enforced());
532 response->unenforced = move(key->sw_enforced());
533
534 response->error = CheckVersionInfo(response->enforced, response->unenforced, *context_);
535 }
536
BeginOperation(const BeginOperationRequest & request,BeginOperationResponse * response)537 void AndroidKeymaster::BeginOperation(const BeginOperationRequest& request,
538 BeginOperationResponse* response) {
539 if (response == nullptr) return;
540 response->op_handle = 0;
541
542 UniquePtr<Key> key = LoadKey(request.key_blob, request.additional_params, &response->error);
543 if (!key) return;
544
545 response->error = KM_ERROR_UNKNOWN_ERROR;
546 keymaster_algorithm_t key_algorithm;
547 if (!key->authorizations().GetTagValue(TAG_ALGORITHM, &key_algorithm)) return;
548
549 response->error = KM_ERROR_UNSUPPORTED_PURPOSE;
550 OperationFactory* factory = key->key_factory()->GetOperationFactory(request.purpose);
551 if (!factory) return;
552
553 uint32_t sd_slot = key->secure_deletion_slot();
554
555 OperationPtr operation(
556 factory->CreateOperation(move(*key), request.additional_params, &response->error));
557 if (operation.get() == nullptr) return;
558
559 operation->set_secure_deletion_slot(sd_slot);
560
561 if (operation->authorizations().Contains(TAG_TRUSTED_CONFIRMATION_REQUIRED)) {
562 if (!operation->create_confirmation_verifier_buffer()) {
563 response->error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
564 return;
565 }
566 }
567
568 if (context_->enforcement_policy()) {
569 km_id_t key_id;
570 response->error = KM_ERROR_UNKNOWN_ERROR;
571 if (!context_->enforcement_policy()->CreateKeyId(request.key_blob, &key_id)) return;
572 operation->set_key_id(key_id);
573 response->error = context_->enforcement_policy()->AuthorizeOperation(
574 request.purpose, key_id, operation->authorizations(), request.additional_params,
575 0 /* op_handle */, true /* is_begin_operation */);
576 if (response->error != KM_ERROR_OK) return;
577 }
578
579 response->output_params.Clear();
580 response->error = operation->Begin(request.additional_params, &response->output_params);
581 if (response->error != KM_ERROR_OK) return;
582
583 response->op_handle = operation->operation_handle();
584 response->error = operation_table_->Add(move(operation));
585 }
586
UpdateOperation(const UpdateOperationRequest & request,UpdateOperationResponse * response)587 void AndroidKeymaster::UpdateOperation(const UpdateOperationRequest& request,
588 UpdateOperationResponse* response) {
589 if (response == nullptr) return;
590
591 response->error = KM_ERROR_INVALID_OPERATION_HANDLE;
592 Operation* operation = operation_table_->Find(request.op_handle);
593 if (operation == nullptr) return;
594
595 Buffer* confirmation_verifier_buffer = operation->get_confirmation_verifier_buffer();
596 if (confirmation_verifier_buffer != nullptr) {
597 size_t input_num_bytes = request.input.available_read();
598 if (input_num_bytes + confirmation_verifier_buffer->available_read() >
599 kConfirmationMessageMaxSize + kConfirmationTokenMessageTagSize) {
600 response->error = KM_ERROR_INVALID_ARGUMENT;
601 operation_table_->Delete(request.op_handle);
602 return;
603 }
604 if (!confirmation_verifier_buffer->reserve(input_num_bytes)) {
605 response->error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
606 operation_table_->Delete(request.op_handle);
607 return;
608 }
609 confirmation_verifier_buffer->write(request.input.peek_read(), input_num_bytes);
610 }
611
612 if (context_->enforcement_policy()) {
613 response->error = context_->enforcement_policy()->AuthorizeOperation(
614 operation->purpose(), operation->key_id(), operation->authorizations(),
615 request.additional_params, request.op_handle, false /* is_begin_operation */);
616 if (response->error != KM_ERROR_OK) {
617 operation_table_->Delete(request.op_handle);
618 return;
619 }
620 }
621
622 response->error =
623 operation->Update(request.additional_params, request.input, &response->output_params,
624 &response->output, &response->input_consumed);
625 if (response->error != KM_ERROR_OK) {
626 // Any error invalidates the operation.
627 operation_table_->Delete(request.op_handle);
628 }
629 }
630
FinishOperation(const FinishOperationRequest & request,FinishOperationResponse * response)631 void AndroidKeymaster::FinishOperation(const FinishOperationRequest& request,
632 FinishOperationResponse* response) {
633 if (response == nullptr) return;
634
635 response->error = KM_ERROR_INVALID_OPERATION_HANDLE;
636 Operation* operation = operation_table_->Find(request.op_handle);
637 if (operation == nullptr) return;
638
639 Buffer* confirmation_verifier_buffer = operation->get_confirmation_verifier_buffer();
640 if (confirmation_verifier_buffer != nullptr) {
641 size_t input_num_bytes = request.input.available_read();
642 if (input_num_bytes + confirmation_verifier_buffer->available_read() >
643 kConfirmationMessageMaxSize + kConfirmationTokenMessageTagSize) {
644 response->error = KM_ERROR_INVALID_ARGUMENT;
645 operation_table_->Delete(request.op_handle);
646 return;
647 }
648 if (!confirmation_verifier_buffer->reserve(input_num_bytes)) {
649 response->error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
650 operation_table_->Delete(request.op_handle);
651 return;
652 }
653 confirmation_verifier_buffer->write(request.input.peek_read(), input_num_bytes);
654 }
655
656 if (context_->enforcement_policy()) {
657 response->error = context_->enforcement_policy()->AuthorizeOperation(
658 operation->purpose(), operation->key_id(), operation->authorizations(),
659 request.additional_params, request.op_handle, false /* is_begin_operation */);
660 if (response->error != KM_ERROR_OK) {
661 operation_table_->Delete(request.op_handle);
662 return;
663 }
664 }
665
666 response->error = operation->Finish(request.additional_params, request.input, request.signature,
667 &response->output_params, &response->output);
668 if (response->error != KM_ERROR_OK) {
669 operation_table_->Delete(request.op_handle);
670 return;
671 }
672
673 // Invalidate the single use key from secure storage after finish.
674 if (operation->hw_enforced().Contains(TAG_USAGE_COUNT_LIMIT, 1)) {
675 if (context_->secure_deletion_secret_storage() != nullptr) {
676 context_->secure_deletion_secret_storage()->DeleteKey(
677 operation->secure_deletion_slot());
678 } else if (context_->secure_key_storage() != nullptr) {
679 context_->secure_key_storage()->DeleteKey(operation->key_id());
680 }
681 }
682
683 // If the operation succeeded and TAG_TRUSTED_CONFIRMATION_REQUIRED was
684 // set, the input must be checked against the confirmation token.
685 if (response->error == KM_ERROR_OK && confirmation_verifier_buffer != nullptr) {
686 keymaster_blob_t confirmation_token_blob;
687 if (!request.additional_params.GetTagValue(TAG_CONFIRMATION_TOKEN,
688 &confirmation_token_blob)) {
689 response->error = KM_ERROR_NO_USER_CONFIRMATION;
690 response->output.Clear();
691 } else {
692 if (confirmation_token_blob.data_length != kConfirmationTokenSize) {
693 LOG_E("TAG_CONFIRMATION_TOKEN wrong size, was %zd expected %zd",
694 confirmation_token_blob.data_length, kConfirmationTokenSize);
695 response->error = KM_ERROR_INVALID_ARGUMENT;
696 response->output.Clear();
697 } else {
698 keymaster_error_t verification_result = context_->CheckConfirmationToken(
699 confirmation_verifier_buffer->begin(),
700 confirmation_verifier_buffer->available_read(), confirmation_token_blob.data);
701 if (verification_result != KM_ERROR_OK) {
702 response->error = verification_result;
703 response->output.Clear();
704 }
705 }
706 }
707 }
708
709 operation_table_->Delete(request.op_handle);
710 }
711
AbortOperation(const AbortOperationRequest & request,AbortOperationResponse * response)712 void AndroidKeymaster::AbortOperation(const AbortOperationRequest& request,
713 AbortOperationResponse* response) {
714 if (!response) return;
715
716 Operation* operation = operation_table_->Find(request.op_handle);
717 if (!operation) {
718 response->error = KM_ERROR_INVALID_OPERATION_HANDLE;
719 return;
720 }
721
722 response->error = operation->Abort();
723 operation_table_->Delete(request.op_handle);
724 }
725
ExportKey(const ExportKeyRequest & request,ExportKeyResponse * response)726 void AndroidKeymaster::ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response) {
727 if (response == nullptr) return;
728
729 UniquePtr<Key> key;
730 response->error =
731 context_->ParseKeyBlob(KeymasterKeyBlob(request.key_blob), request.additional_params, &key);
732 if (response->error != KM_ERROR_OK) return;
733
734 UniquePtr<uint8_t[]> out_key;
735 size_t size;
736 response->error = key->formatted_key_material(request.key_format, &out_key, &size);
737 if (response->error == KM_ERROR_OK) {
738 response->key_data = out_key.release();
739 response->key_data_length = size;
740 }
741 }
742
AttestKey(const AttestKeyRequest & request,AttestKeyResponse * response)743 void AndroidKeymaster::AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response) {
744 if (!response) return;
745
746 UniquePtr<Key> key = LoadKey(request.key_blob, request.attest_params, &response->error);
747 if (!key) return;
748
749 keymaster_blob_t attestation_application_id;
750 if (request.attest_params.GetTagValue(TAG_ATTESTATION_APPLICATION_ID,
751 &attestation_application_id)) {
752 key->sw_enforced().push_back(TAG_ATTESTATION_APPLICATION_ID, attestation_application_id);
753 }
754
755 response->certificate_chain =
756 context_->GenerateAttestation(*key, request.attest_params, {} /* attestation_signing_key */,
757 {} /* issuer_subject */, &response->error);
758 }
759
UpgradeKey(const UpgradeKeyRequest & request,UpgradeKeyResponse * response)760 void AndroidKeymaster::UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response) {
761 if (!response) return;
762
763 KeymasterKeyBlob upgraded_key;
764 response->error = context_->UpgradeKeyBlob(KeymasterKeyBlob(request.key_blob),
765 request.upgrade_params, &upgraded_key);
766 if (response->error != KM_ERROR_OK) return;
767 response->upgraded_key = upgraded_key.release();
768 }
769
ImportKey(const ImportKeyRequest & request,ImportKeyResponse * response)770 void AndroidKeymaster::ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response) {
771 if (response == nullptr) return;
772
773 const KeyFactory* factory =
774 get_key_factory(request.key_description, *context_, &response->error);
775 if (!factory) return;
776
777 if (context_->enforcement_policy() &&
778 request.key_description.GetTagValue(TAG_EARLY_BOOT_ONLY) &&
779 !context_->enforcement_policy()->in_early_boot()) {
780 response->error = KM_ERROR_EARLY_BOOT_ENDED;
781 return;
782 }
783
784 UniquePtr<Key> attest_key;
785 if (request.attestation_signing_key_blob.key_material_size) {
786
787 attest_key =
788 LoadKey(request.attestation_signing_key_blob, {} /* params */, &response->error);
789 if (response->error != KM_ERROR_OK) return;
790 }
791
792 if (request.key_description.Contains(TAG_PURPOSE, KM_PURPOSE_ATTEST_KEY) &&
793 request.key_description.GetTagCount(TAG_PURPOSE) > 1) {
794 // ATTEST_KEY cannot be combined with any other purpose.
795 response->error = KM_ERROR_INCOMPATIBLE_PURPOSE;
796 return;
797 }
798
799 response->error = factory->ImportKey(request.key_description, //
800 request.key_format, //
801 request.key_data, //
802 move(attest_key), //
803 request.issuer_subject, //
804 &response->key_blob, //
805 &response->enforced, //
806 &response->unenforced, //
807 &response->certificate_chain);
808 }
809
DeleteKey(const DeleteKeyRequest & request,DeleteKeyResponse * response)810 void AndroidKeymaster::DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response) {
811 if (!response) return;
812 response->error = context_->DeleteKey(KeymasterKeyBlob(request.key_blob));
813 }
814
DeleteAllKeys(const DeleteAllKeysRequest &,DeleteAllKeysResponse * response)815 void AndroidKeymaster::DeleteAllKeys(const DeleteAllKeysRequest&, DeleteAllKeysResponse* response) {
816 if (!response) return;
817 response->error = context_->DeleteAllKeys();
818 }
819
Configure(const ConfigureRequest & request,ConfigureResponse * response)820 void AndroidKeymaster::Configure(const ConfigureRequest& request, ConfigureResponse* response) {
821 if (!response) return;
822 response->error = context_->SetSystemVersion(request.os_version, request.os_patchlevel);
823 }
824
825 ConfigureVendorPatchlevelResponse
ConfigureVendorPatchlevel(const ConfigureVendorPatchlevelRequest & request)826 AndroidKeymaster::ConfigureVendorPatchlevel(const ConfigureVendorPatchlevelRequest& request) {
827 ConfigureVendorPatchlevelResponse rsp(message_version());
828 rsp.error = context_->SetVendorPatchlevel(request.vendor_patchlevel);
829 return rsp;
830 }
831
832 ConfigureBootPatchlevelResponse
ConfigureBootPatchlevel(const ConfigureBootPatchlevelRequest & request)833 AndroidKeymaster::ConfigureBootPatchlevel(const ConfigureBootPatchlevelRequest& request) {
834 ConfigureBootPatchlevelResponse rsp(message_version());
835 rsp.error = context_->SetBootPatchlevel(request.boot_patchlevel);
836 return rsp;
837 }
838
839 ConfigureVerifiedBootInfoResponse
ConfigureVerifiedBootInfo(const ConfigureVerifiedBootInfoRequest & request)840 AndroidKeymaster::ConfigureVerifiedBootInfo(const ConfigureVerifiedBootInfoRequest& request) {
841 ConfigureVerifiedBootInfoResponse rsp(message_version());
842 rsp.error = context_->SetVerifiedBootInfo(request.boot_state, request.bootloader_state,
843 request.vbmeta_digest);
844 return rsp;
845 }
846
has_operation(keymaster_operation_handle_t op_handle) const847 bool AndroidKeymaster::has_operation(keymaster_operation_handle_t op_handle) const {
848 return operation_table_->Find(op_handle) != nullptr;
849 }
850
LoadKey(const keymaster_key_blob_t & key_blob,const AuthorizationSet & additional_params,keymaster_error_t * error)851 UniquePtr<Key> AndroidKeymaster::LoadKey(const keymaster_key_blob_t& key_blob,
852 const AuthorizationSet& additional_params,
853 keymaster_error_t* error) {
854 if (!error) return {};
855
856 UniquePtr<Key> key;
857 KeymasterKeyBlob key_material;
858 *error = context_->ParseKeyBlob(KeymasterKeyBlob(key_blob), additional_params, &key);
859 if (*error != KM_ERROR_OK) return {};
860
861 *error = CheckVersionInfo(key->hw_enforced(), key->sw_enforced(), *context_);
862 if (*error != KM_ERROR_OK) return {};
863
864 return key;
865 }
866
ImportWrappedKey(const ImportWrappedKeyRequest & request,ImportWrappedKeyResponse * response)867 void AndroidKeymaster::ImportWrappedKey(const ImportWrappedKeyRequest& request,
868 ImportWrappedKeyResponse* response) {
869 if (!response) return;
870
871 KeymasterKeyBlob secret_key;
872 AuthorizationSet key_description;
873 keymaster_key_format_t key_format;
874
875 response->error =
876 context_->UnwrapKey(request.wrapped_key, request.wrapping_key, request.additional_params,
877 request.masking_key, &key_description, &key_format, &secret_key);
878
879 if (response->error != KM_ERROR_OK) {
880 return;
881 }
882
883 int sid_idx = key_description.find(TAG_USER_SECURE_ID);
884 if (sid_idx != -1) {
885 uint8_t sids = key_description[sid_idx].long_integer;
886 if (!key_description.erase(sid_idx)) {
887 response->error = KM_ERROR_UNKNOWN_ERROR;
888 return;
889 }
890 if (sids & HW_AUTH_PASSWORD) {
891 key_description.push_back(TAG_USER_SECURE_ID, request.password_sid);
892 }
893 if (sids & HW_AUTH_FINGERPRINT) {
894 key_description.push_back(TAG_USER_SECURE_ID, request.biometric_sid);
895 }
896
897 if (context_->GetKmVersion() >= KmVersion::KEYMINT_1) {
898 key_description.push_back(TAG_CERTIFICATE_NOT_BEFORE, 0);
899 key_description.push_back(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime);
900 }
901 }
902
903 const KeyFactory* factory = get_key_factory(key_description, *context_, &response->error);
904 if (!factory) return;
905
906 response->error = factory->ImportKey(key_description, //
907 key_format, //
908 secret_key, //
909 {} /* attest_key */, //
910 {} /* issuer_subject */, //
911 &response->key_blob, //
912 &response->enforced, //
913 &response->unenforced, //
914 &response->certificate_chain);
915 }
916
EarlyBootEnded()917 EarlyBootEndedResponse AndroidKeymaster::EarlyBootEnded() {
918 EarlyBootEndedResponse response(message_version());
919 response.error = KM_ERROR_UNIMPLEMENTED;
920
921 if (context_->enforcement_policy()) {
922 context_->enforcement_policy()->early_boot_ended();
923 response.error = KM_ERROR_OK;
924 }
925
926 return response;
927 }
928
DeviceLocked(const DeviceLockedRequest & request)929 DeviceLockedResponse AndroidKeymaster::DeviceLocked(const DeviceLockedRequest& request) {
930 DeviceLockedResponse response(message_version());
931 response.error = KM_ERROR_UNIMPLEMENTED;
932
933 if (context_->enforcement_policy()) {
934 context_->enforcement_policy()->device_locked(request.passwordOnly);
935 response.error = KM_ERROR_OK;
936 }
937
938 return response;
939 }
940
GetRootOfTrust(const GetRootOfTrustRequest & request)941 GetRootOfTrustResponse AndroidKeymaster::GetRootOfTrust(const GetRootOfTrustRequest& request) {
942 GetRootOfTrustResponse response(message_version());
943
944 if (!context_->attestation_context()) {
945 LOG_E("Have no attestation context, cannot get RootOfTrust", 0);
946 response.error = KM_ERROR_UNIMPLEMENTED;
947 return response;
948 }
949
950 const AttestationContext::VerifiedBootParams* vbParams =
951 context_->attestation_context()->GetVerifiedBootParams(&response.error);
952 if (response.error != KM_ERROR_OK) {
953 LOG_E("Error retrieving verified boot params: %lu", response.error);
954 return response;
955 }
956
957 auto boot_patch_level = context_->GetBootPatchlevel();
958 if (!boot_patch_level) {
959 LOG_E("Error retrieving boot patch level: %lu", response.error);
960 response.error = KM_ERROR_UNIMPLEMENTED;
961 return response;
962 }
963
964 if (!context_->enforcement_policy()) {
965 LOG_E("Have no enforcement policy, cannot get RootOfTrust", 0);
966 response.error = KM_ERROR_UNIMPLEMENTED;
967 return response;
968 }
969
970 auto macFunction =
971 [&](const std::vector<uint8_t>& data) -> cppcose::ErrMsgOr<cppcose::HmacSha256> {
972 auto mac = context_->enforcement_policy()->ComputeHmac(data);
973 if (!mac) return "Failed to compute HMAC";
974 return *std::move(mac);
975 };
976
977 auto maced_root_of_trust = cppcose::constructCoseMac0(
978 macFunction, //
979 request.challenge,
980 cppbor::SemanticTag(kRoTVersion1, cppbor::Array( //
981 blob2Pair(vbParams->verified_boot_key), //
982 vbParams->device_locked, //
983 vbParams->verified_boot_state, //
984 blob2Pair(vbParams->verified_boot_hash), //
985 *boot_patch_level))
986 .encode());
987
988 if (!maced_root_of_trust) {
989 LOG_E("Error MACing RoT: %s", maced_root_of_trust.message().c_str());
990 response.error = KM_ERROR_UNKNOWN_ERROR;
991 } else {
992 response.error = KM_ERROR_OK;
993 response.rootOfTrust =
994 cppbor::SemanticTag(cppcose::kCoseMac0SemanticTag, *std::move(maced_root_of_trust))
995 .encode();
996 }
997
998 return response;
999 }
1000
1001 } // namespace keymaster
1002