1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_CONTEXT_H_ 18 #define TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_CONTEXT_H_ 19 20 #include <stdlib.h> 21 22 #include <keymaster/UniquePtr.h> 23 #include <keymaster/attestation_context.h> 24 #include <keymaster/keymaster_context.h> 25 #include <keymaster/soft_key_factory.h> 26 27 #include <keymaster/km_openssl/software_random_source.h> 28 29 #include "trusty_keymaster_enforcement.h" 30 #include "trusty_remote_provisioning_context.h" 31 #include "trusty_secure_deletion_secret_storage.h" 32 33 namespace keymaster { 34 35 class KeyFactory; 36 37 static const int kAuthTokenKeySize = 32; 38 39 class TrustyKeymasterContext : public KeymasterContext, 40 AttestationContext, 41 SoftwareKeyBlobMaker, 42 SoftwareRandomSource { 43 public: 44 TrustyKeymasterContext(); 45 GetKmVersion()46 KmVersion GetKmVersion() const override { 47 return AttestationContext::version_; 48 } 49 SetKmVersion(KmVersion version)50 void SetKmVersion(KmVersion version) { 51 AttestationContext::version_ = version; 52 } 53 GetSecurityLevel()54 keymaster_security_level_t GetSecurityLevel() const override { 55 return KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT; 56 } 57 58 keymaster_error_t SetSystemVersion(uint32_t os_version, 59 uint32_t os_patchlevel) override; 60 void GetSystemVersion(uint32_t* os_version, 61 uint32_t* os_patchlevel) const override; 62 63 const KeyFactory* GetKeyFactory( 64 keymaster_algorithm_t algorithm) const override; 65 OperationFactory* GetOperationFactory( 66 keymaster_algorithm_t algorithm, 67 keymaster_purpose_t purpose) const override; 68 const keymaster_algorithm_t* GetSupportedAlgorithms( 69 size_t* algorithms_count) const override; 70 71 const VerifiedBootParams* GetVerifiedBootParams( 72 keymaster_error_t* error) const override; 73 74 keymaster_error_t CreateKeyBlob( 75 const AuthorizationSet& key_description, 76 keymaster_key_origin_t origin, 77 const KeymasterKeyBlob& key_material, 78 KeymasterKeyBlob* blob, 79 AuthorizationSet* hw_enforced, 80 AuthorizationSet* sw_enforced) const override; 81 82 keymaster_error_t UpgradeKeyBlob( 83 const KeymasterKeyBlob& key_to_upgrade, 84 const AuthorizationSet& upgrade_params, 85 KeymasterKeyBlob* upgraded_key) const override; 86 87 keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob, 88 const AuthorizationSet& additional_params, 89 UniquePtr<Key>* key) const override; 90 91 keymaster_error_t DeleteKey(const KeymasterKeyBlob& blob) const override; 92 keymaster_error_t DeleteAllKeys() const override; 93 94 keymaster_error_t AddRngEntropy(const uint8_t* buf, 95 size_t length) const override; 96 97 keymaster_error_t GetAuthTokenKey(keymaster_key_blob_t* key) const; 98 99 std::unique_ptr<cppbor::Map> GetDeviceIds() const; 100 enforcement_policy()101 KeymasterEnforcement* enforcement_policy() override { 102 return &enforcement_policy_; 103 } 104 attestation_context()105 AttestationContext* attestation_context() override { return this; } 106 secure_deletion_secret_storage()107 SecureDeletionSecretStorage* secure_deletion_secret_storage() override { 108 return &secure_deletion_secret_storage_; 109 } 110 111 keymaster_error_t VerifyAndCopyDeviceIds( 112 const AuthorizationSet& attestation_params, 113 AuthorizationSet* values_to_attest) const override; 114 115 Buffer GenerateUniqueId(uint64_t creation_date_time, 116 const keymaster_blob_t& application_id, 117 bool reset_since_rotation, 118 keymaster_error_t* error) const override; 119 120 KeymasterKeyBlob GetAttestationKey(keymaster_algorithm_t algorithm, 121 keymaster_error_t* error) const override; 122 123 CertificateChain GetAttestationChain( 124 keymaster_algorithm_t algorithm, 125 keymaster_error_t* error) const override; 126 127 CertificateChain GenerateAttestation( 128 const Key& key, 129 const AuthorizationSet& attest_params, 130 UniquePtr<Key> attest_key, 131 const KeymasterBlob& issuer_subject, 132 keymaster_error_t* error) const override; 133 134 CertificateChain GenerateSelfSignedCertificate( 135 const Key& key, 136 const AuthorizationSet& cert_params, 137 bool fake_signature, 138 keymaster_error_t* error) const override; 139 140 keymaster_error_t SetBootParams( 141 uint32_t /* os_version */, 142 uint32_t /* os_patchlevel */, 143 const Buffer& verified_boot_key, 144 keymaster_verified_boot_t verified_boot_state, 145 bool device_locked, 146 const Buffer& verified_boot_hash); 147 148 virtual keymaster_error_t UnwrapKey( 149 const KeymasterKeyBlob& wrapped_key_blob, 150 const KeymasterKeyBlob& wrapping_key_blob, 151 const AuthorizationSet& wrapping_key_params, 152 const KeymasterKeyBlob& masking_key, 153 AuthorizationSet* wrapped_key_params, 154 keymaster_key_format_t* wrapped_key_format, 155 KeymasterKeyBlob* wrapped_key_material) const override; 156 157 keymaster_error_t CheckConfirmationToken( 158 const uint8_t* input_data, 159 size_t input_data_size, 160 const uint8_t confirmation_token[kConfirmationTokenSize]) 161 const override; 162 GetRemoteProvisioningContext()163 RemoteProvisioningContext* GetRemoteProvisioningContext() const override { 164 return trusty_remote_provisioning_context_.get(); 165 } 166 SetVendorPatchlevel(uint32_t vendor_patchlevel)167 keymaster_error_t SetVendorPatchlevel(uint32_t vendor_patchlevel) override { 168 if (vendor_patchlevel_.has_value() && 169 vendor_patchlevel != vendor_patchlevel_.value()) { 170 // Can't set patchlevel to a different value. 171 return KM_ERROR_INVALID_ARGUMENT; 172 } 173 vendor_patchlevel_ = vendor_patchlevel; 174 trusty_remote_provisioning_context_->SetVendorPatchlevel( 175 vendor_patchlevel); 176 return KM_ERROR_OK; 177 } 178 SetBootPatchlevel(uint32_t boot_patchlevel)179 keymaster_error_t SetBootPatchlevel(uint32_t boot_patchlevel) override { 180 if (boot_patchlevel_.has_value() && 181 boot_patchlevel != boot_patchlevel_.value()) { 182 // Can't set patchlevel to a different value. 183 return KM_ERROR_INVALID_ARGUMENT; 184 } 185 boot_patchlevel_ = boot_patchlevel; 186 trusty_remote_provisioning_context_->SetBootPatchlevel(boot_patchlevel); 187 return KM_ERROR_OK; 188 } 189 GetVendorPatchlevel()190 std::optional<uint32_t> GetVendorPatchlevel() const override { 191 return vendor_patchlevel_; 192 } 193 GetBootPatchlevel()194 std::optional<uint32_t> GetBootPatchlevel() const override { 195 return boot_patchlevel_; 196 } 197 198 private: 199 bool SeedRngIfNeeded() const; 200 bool ShouldReseedRng() const; 201 bool ReseedRng(); 202 bool InitializeAuthTokenKey(); 203 keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description, 204 keymaster_key_origin_t origin, 205 AuthorizationSet* hw_enforced, 206 AuthorizationSet* sw_enforced, 207 bool has_secure_deletion) const; 208 keymaster_error_t BuildHiddenAuthorizations( 209 const AuthorizationSet& input_set, 210 AuthorizationSet* hidden) const; 211 keymaster_error_t DeriveMasterKey(KeymasterKeyBlob* master_key, 212 const EncryptedKey& enc_key) const; 213 keymaster_error_t GetKdfState(EncryptedKey* info) const; 214 KmErrorOr<DeserializedKey> DeserializeKmCompatKeyBlob( 215 const KeymasterKeyBlob& blob) const; 216 KmErrorOr<DeserializedKey> DeserializeKeyBlob( 217 const KeymasterKeyBlob& blob) const; 218 219 /* 220 * CreateAuthEncryptedKeyBlob takes a key description authorization set, key 221 * material, and hardware and software authorization sets and produces an 222 * encrypted and integrity-checked key blob. 223 * 224 * This method is called by CreateKeyBlob and UpgradeKeyBlob. 225 */ 226 keymaster_error_t CreateAuthEncryptedKeyBlob( 227 const AuthorizationSet& key_description, 228 const KeymasterKeyBlob& key_material, 229 const AuthorizationSet& hw_enforced, 230 const AuthorizationSet& sw_enforced, 231 const std::optional<SecureDeletionData>& secure_deletion_data, 232 KeymasterKeyBlob* blob) const; 233 234 TrustyKeymasterEnforcement enforcement_policy_; 235 TrustySecureDeletionSecretStorage secure_deletion_secret_storage_; 236 237 UniquePtr<KeyFactory> aes_factory_; 238 UniquePtr<KeyFactory> ec_factory_; 239 UniquePtr<KeyFactory> hmac_factory_; 240 UniquePtr<KeyFactory> rsa_factory_; 241 UniquePtr<KeyFactory> tdes_factory_; 242 243 bool rng_initialized_; 244 mutable int calls_since_reseed_; 245 uint8_t auth_token_key_[kAuthTokenKeySize]; 246 bool auth_token_key_initialized_; 247 248 bool root_of_trust_set_ = false; 249 bool version_info_set_ = false; 250 BootParams boot_params_; 251 VerifiedBootParams verified_boot_params_ = { 252 .verified_boot_key = {}, 253 .verified_boot_hash = {}, 254 .verified_boot_state = KM_VERIFIED_BOOT_UNVERIFIED, 255 .device_locked = false}; 256 UniquePtr<TrustyRemoteProvisioningContext> 257 trusty_remote_provisioning_context_; 258 std::optional<uint32_t> vendor_patchlevel_; 259 std::optional<uint32_t> boot_patchlevel_; 260 mutable std::vector<uint8_t> unique_id_hbk_; 261 }; 262 263 } // namespace keymaster 264 265 #endif // TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_CONTEXT_H_ 266