1; encrypted_key_material is AES-GCM encrypted with: 2; - key derived as described below 3; - plaintext is the CBOR-serialization of `KeyMaterial` 4; - nonce value is fixed, all zeroes 5; - no additional data 6; 7; Key derivation uses HKDF (RFC 5869) with HMAC-SHA256 to generate an AES-256 key: 8; - input keying material = a root key held in hardware 9; - salt = absent 10; - info = the following three or four chunks of context data concatenated: 11; - content of `EncryptedKeyBlob.key_derivation_input` (a random nonce) 12; - CBOR-serialization of `EncryptedKeyBlob.characteristics` 13; - CBOR-serialized array of additional hidden `KeyParam` items associated with the key, specifically: 14; - [Tag_ApplicationId, bstr] if required 15; - [Tag_ApplicationData, bstr] if required 16; - [Tag_RootOfTrust, bstr .cbor RootOfTrustInfo] 17; - (if secure storage is available) CBOR serialization of the `SecureDeletionData` structure, with: 18; - `factory_reset_secret` always populated 19; - `secure_deletion_secret` populated with: 20; - all zeroes (if `EncryptedKeyBlob.secure_deletion_slot` is empty) 21; - the contents of the slot (if `EncryptedKeyBlob.secure_deletion_slot` is non-empty) 22EncryptedKeyBlob = &( 23 [0, EncryptedKeyBlobV1] ; Version::V1 24) 25Version = &( 26 Version_V1: 0, 27) 28EncryptedKeyBlobV1 = [ 29 characteristics: [* KeyCharacteristics], 30 key_derivation_input: bstr .size 32, 31 kek_context: bstr, 32 encrypted_key_material: #6.16(Cose_Encrypt0), 33 secure_deletion_slot: [? SecureDeletionSlot], 34] 35KeyCharacteristics = [ 36 security_level: SecurityLevel, 37 authorizations: [* KeyParam], 38] 39Cose_Encrypt0 = [ protected: bstr, unprotected: { * (int / tstr) => any }, ciphertext: bstr / nil ] 40KeyMaterial = &( 41 ; For each variant the `bool` second entry indicates whether the bstr for the key material 42 ; is opaque (true), or explicit (false). 43 [32, bool, bstr], ; Algorithm_Aes 44 [33, bool, bstr], ; Algorithm_TripleDes 45 [128, bool, bstr], ; Algorithm_Hmac 46 ; An explicit RSA key is in the form of an ASN.1 DER encoding of a PKCS#1 `RSAPrivateKey` 47 ; structure, as specified by RFC 3447 sections A.1.2 and 3.2. 48 [1, bool, bstr], ; Algorithm_Rsa 49 ; An explicit EC key for a NIST curve is in the form of an ASN.1 DER encoding of a 50 ; `ECPrivateKey` structure, as specified by RFC 5915 section 3. 51 ; An explicit EC key for curve 25519 is the raw key bytes. 52 [3, bool, [EcCurve, CurveType, bstr]], ; Algorithm_Ec 53) 54SecureDeletionSlot = int 55SecureDeletionData = [ 56 factory_reset_secret: bstr .size 32, 57 secure_deletion_secret: bstr .size 16, 58] 59RootOfTrustInfo = [ 60 verified_boot_key: bstr, 61 device_boot_locked: bool, 62 verified_boot_state: VerifiedBootState, 63] 64VerifiedBootState = &( 65 VerifiedBootState_Verified: 0, 66 VerifiedBootState_SelfSigned: 1, 67 VerifiedBootState_Unverified: 2, 68 VerifiedBootState_Failed: 3, 69) 70SecurityLevel = &( 71 SecurityLevel_Software: 0, 72 SecurityLevel_TrustedEnvironment: 1, 73 SecurityLevel_Strongbox: 2, 74 SecurityLevel_Keystore: 100, 75) 76KeyParam = &( 77 [268435458, Algorithm], ; Tag_Algorithm 78 [536870916, BlockMode], ; Tag_BlockMode 79 [536870918, PaddingMode], ; Tag_Padding 80 [536870917, Digest], ; Tag_Digest 81 [268435466, EcCurve], ; Tag_EcCurve 82 [268436158, KeyOrigin], ; Tag_Origin 83 [536870913, KeyPurpose], ; Tag_Purpose 84 [805306371, KeySizeInBits], ; Tag_KeySize 85 [1879048199, bstr], ; Tag_CallerNonce 86 [805306376, int], ; Tag_MinMacLength 87 [1342177480, RsaExponent], ; Tag_RsaPublicExponent 88 [1879048394, true], ; Tag_IncludeUniqueId 89 [536871115, Digest], ; Tag_RsaOaepMgfDigest 90 [1879048494, true], ; Tag_BootloaderOnly 91 [1879048495, true], ; Tag_RollbackResistance 92 [1879048497, true], ; Tag_EarlyBootOnly 93 [1610613136, DateTime], ; Tag_ActiveDatetime 94 [1610613137, DateTime], ; Tag_OriginationExpireDatetime 95 [1610613138, DateTime], ; Tag_UsageExpireDatetime 96 [805306772, int], ; Tag_MaxUsesPerBoot 97 [805306773, int], ; Tag_UsageCountLimit 98 [805306869, int], ; Tag_UserId 99 [-1610612234, int], ; Tag_UserSecureId 100 [1879048695, true], ; Tag_NoAuthRequired 101 [268435960, int], ; Tag_UserAuthType 102 [805306873, int], ; Tag_AuthTimeout 103 [1879048698, true], ; Tag_AllowWhileOnBody 104 [1879048699, true], ; Tag_TrustedUserPresenceRequired 105 [1879048700, true], ; Tag_TrustedConfirmationRequired 106 [1879048701, true], ; Tag_UnlockedDeviceRequired 107 [-1879047591, bstr], ; Tag_ApplicationId 108 [-1879047492, bstr], ; Tag_ApplicationData 109 [1610613437, DateTime], ; Tag_CreationDatetime 110 [-1879047488, bstr], ; Tag_RootOfTrust 111 [805307073, int], ; Tag_OsVersion 112 [805307074, int], ; Tag_OsPatchlevel 113 [-1879047484, bstr], ; Tag_AttestationChallenge 114 [-1879047483, bstr], ; Tag_AttestationApplicationId 115 [-1879047482, bstr], ; Tag_AttestationIdBrand 116 [-1879047481, bstr], ; Tag_AttestationIdDevice 117 [-1879047480, bstr], ; Tag_AttestationIdProduct 118 [-1879047479, bstr], ; Tag_AttestationIdSerial 119 [-1879047478, bstr], ; Tag_AttestationIdImei 120 [-1879047469, bstr], ; Tag_AttestationIdSecondImei 121 [-1879047477, bstr], ; Tag_AttestationIdMeid 122 [-1879047476, bstr], ; Tag_AttestationIdManufacturer 123 [-1879047475, bstr], ; Tag_AttestationIdModel 124 [805307086, int], ; Tag_VendorPatchlevel 125 [805307087, int], ; Tag_BootPatchlevel 126 [1879048912, true], ; Tag_DeviceUniqueAttestation 127 [1879048914, true], ; Tag_StorageKey 128 [-1879047191, bstr], ; Tag_Nonce 129 [805307371, int], ; Tag_MacLength 130 [1879049196, true], ; Tag_ResetSinceIdRotation 131 [-2147482642, bstr], ; Tag_CertificateSerial 132 [-1879047185, bstr], ; Tag_CertificateSubject 133 [1610613744, DateTime], ; Tag_CertificateNotBefore 134 [1610613745, DateTime], ; Tag_CertificateNotAfter 135 [805307378, int], ; Tag_MaxBootLevel 136 [-1879047468, bstr], ; Tag_ModuleHash 137) 138Tag = &( 139 Tag_Invalid: 0, 140 Tag_Purpose: 536870913, 141 Tag_Algorithm: 268435458, 142 Tag_KeySize: 805306371, 143 Tag_BlockMode: 536870916, 144 Tag_Digest: 536870917, 145 Tag_Padding: 536870918, 146 Tag_CallerNonce: 1879048199, 147 Tag_MinMacLength: 805306376, 148 Tag_EcCurve: 268435466, 149 Tag_RsaPublicExponent: 1342177480, 150 Tag_IncludeUniqueId: 1879048394, 151 Tag_RsaOaepMgfDigest: 536871115, 152 Tag_BootloaderOnly: 1879048494, 153 Tag_RollbackResistance: 1879048495, 154 Tag_HardwareType: 268435760, 155 Tag_EarlyBootOnly: 1879048497, 156 Tag_ActiveDatetime: 1610613136, 157 Tag_OriginationExpireDatetime: 1610613137, 158 Tag_UsageExpireDatetime: 1610613138, 159 Tag_MinSecondsBetweenOps: 805306771, 160 Tag_MaxUsesPerBoot: 805306772, 161 Tag_UsageCountLimit: 805306773, 162 Tag_UserId: 805306869, 163 Tag_UserSecureId: -1610612234, 164 Tag_NoAuthRequired: 1879048695, 165 Tag_UserAuthType: 268435960, 166 Tag_AuthTimeout: 805306873, 167 Tag_AllowWhileOnBody: 1879048698, 168 Tag_TrustedUserPresenceRequired: 1879048699, 169 Tag_TrustedConfirmationRequired: 1879048700, 170 Tag_UnlockedDeviceRequired: 1879048701, 171 Tag_ApplicationId: -1879047591, 172 Tag_ApplicationData: -1879047492, 173 Tag_CreationDatetime: 1610613437, 174 Tag_Origin: 268436158, 175 Tag_RootOfTrust: -1879047488, 176 Tag_OsVersion: 805307073, 177 Tag_OsPatchlevel: 805307074, 178 Tag_UniqueId: -1879047485, 179 Tag_AttestationChallenge: -1879047484, 180 Tag_AttestationApplicationId: -1879047483, 181 Tag_AttestationIdBrand: -1879047482, 182 Tag_AttestationIdDevice: -1879047481, 183 Tag_AttestationIdProduct: -1879047480, 184 Tag_AttestationIdSerial: -1879047479, 185 Tag_AttestationIdImei: -1879047478, 186 Tag_AttestationIdMeid: -1879047477, 187 Tag_AttestationIdManufacturer: -1879047476, 188 Tag_AttestationIdModel: -1879047475, 189 Tag_VendorPatchlevel: 805307086, 190 Tag_BootPatchlevel: 805307087, 191 Tag_DeviceUniqueAttestation: 1879048912, 192 Tag_IdentityCredentialKey: 1879048913, 193 Tag_StorageKey: 1879048914, 194 Tag_AttestationIdSecondImei: -1879047469, 195 Tag_AssociatedData: -1879047192, 196 Tag_Nonce: -1879047191, 197 Tag_MacLength: 805307371, 198 Tag_ResetSinceIdRotation: 1879049196, 199 Tag_ConfirmationToken: -1879047187, 200 Tag_CertificateSerial: -2147482642, 201 Tag_CertificateSubject: -1879047185, 202 Tag_CertificateNotBefore: 1610613744, 203 Tag_CertificateNotAfter: 1610613745, 204 Tag_MaxBootLevel: 805307378, 205 Tag_ModuleHash: -1879047468, 206) 207Algorithm = &( 208 Algorithm_Rsa: 1, 209 Algorithm_Ec: 3, 210 Algorithm_Aes: 32, 211 Algorithm_TripleDes: 33, 212 Algorithm_Hmac: 128, 213) 214BlockMode = &( 215 BlockMode_Ecb: 1, 216 BlockMode_Cbc: 2, 217 BlockMode_Ctr: 3, 218 BlockMode_Gcm: 32, 219) 220Digest = &( 221 Digest_None: 0, 222 Digest_Md5: 1, 223 Digest_Sha1: 2, 224 Digest_Sha224: 3, 225 Digest_Sha256: 4, 226 Digest_Sha384: 5, 227 Digest_Sha512: 6, 228) 229EcCurve = &( 230 EcCurve_P224: 0, 231 EcCurve_P256: 1, 232 EcCurve_P384: 2, 233 EcCurve_P521: 3, 234 EcCurve_Curve25519: 4, 235) 236CurveType = &( 237 CurveType_Nist: 0, 238 CurveType_EdDsa: 1, 239 CurveType_Xdh: 2, 240) 241KeyOrigin = &( 242 KeyOrigin_Generated: 0, 243 KeyOrigin_Derived: 1, 244 KeyOrigin_Imported: 2, 245 KeyOrigin_Reserved: 3, 246 KeyOrigin_SecurelyImported: 4, 247) 248KeyPurpose = &( 249 KeyPurpose_Encrypt: 0, 250 KeyPurpose_Decrypt: 1, 251 KeyPurpose_Sign: 2, 252 KeyPurpose_Verify: 3, 253 KeyPurpose_WrapKey: 5, 254 KeyPurpose_AgreeKey: 6, 255 KeyPurpose_AttestKey: 7, 256) 257HardwareAuthenticatorType = &( 258 HardwareAuthenticatorType_None: 0, 259 HardwareAuthenticatorType_Password: 1, 260 HardwareAuthenticatorType_Fingerprint: 2, 261 HardwareAuthenticatorType_Any: -1, 262) 263PaddingMode = &( 264 PaddingMode_None: 1, 265 PaddingMode_RsaOaep: 2, 266 PaddingMode_RsaPss: 3, 267 PaddingMode_RsaPkcs115Encrypt: 4, 268 PaddingMode_RsaPkcs115Sign: 5, 269 PaddingMode_Pkcs7: 64, 270) 271DateTime = int 272KeySizeInBits = int 273RsaExponent = int 274 275