1 /*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/soft_keymaster_context.h>
18
19 #include <memory>
20 #include <time.h>
21
22 #include <openssl/aes.h>
23 #include <openssl/rand.h>
24 #include <openssl/sha.h>
25
26 #include <keymaster/android_keymaster_utils.h>
27 #include <keymaster/logger.h>
28
29 #include "aes_key.h"
30 #include "auth_encrypted_key_blob.h"
31 #include "ec_keymaster0_key.h"
32 #include "ec_keymaster1_key.h"
33 #include "hmac_key.h"
34 #include "integrity_assured_key_blob.h"
35 #include "keymaster0_engine.h"
36 #include "ocb_utils.h"
37 #include "openssl_err.h"
38 #include "rsa_keymaster0_key.h"
39 #include "rsa_keymaster1_key.h"
40
41 using std::unique_ptr;
42
43 namespace keymaster {
44
45 namespace {
46 static uint8_t master_key_bytes[AES_BLOCK_SIZE] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
47 const int NONCE_LENGTH = 12;
48 const int TAG_LENGTH = 16;
49 const KeymasterKeyBlob MASTER_KEY(master_key_bytes, array_length(master_key_bytes));
50 } // anonymous namespace
51
SoftKeymasterContext(const std::string & root_of_trust)52 SoftKeymasterContext::SoftKeymasterContext(const std::string& root_of_trust)
53 : rsa_factory_(new RsaKeyFactory(this)), ec_factory_(new EcKeyFactory(this)),
54 aes_factory_(new AesKeyFactory(this)), hmac_factory_(new HmacKeyFactory(this)),
55 km1_dev_(nullptr), root_of_trust_(root_of_trust) {}
56
~SoftKeymasterContext()57 SoftKeymasterContext::~SoftKeymasterContext() {}
58
SetHardwareDevice(keymaster0_device_t * keymaster0_device)59 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster0_device_t* keymaster0_device) {
60 if (!keymaster0_device)
61 return KM_ERROR_UNEXPECTED_NULL_POINTER;
62
63 if ((keymaster0_device->flags & KEYMASTER_SOFTWARE_ONLY) != 0) {
64 LOG_E("SoftKeymasterContext only wraps hardware keymaster0 devices", 0);
65 return KM_ERROR_INVALID_ARGUMENT;
66 }
67
68 km0_engine_.reset(new Keymaster0Engine(keymaster0_device));
69 rsa_factory_.reset(new RsaKeymaster0KeyFactory(this, km0_engine_.get()));
70 ec_factory_.reset(new EcdsaKeymaster0KeyFactory(this, km0_engine_.get()));
71 // Keep AES and HMAC factories.
72
73 return KM_ERROR_OK;
74 }
75
SetHardwareDevice(keymaster1_device_t * keymaster1_device)76 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster1_device_t* keymaster1_device) {
77 if (!keymaster1_device)
78 return KM_ERROR_UNEXPECTED_NULL_POINTER;
79
80 km1_dev_ = keymaster1_device;
81
82 km1_engine_.reset(new Keymaster1Engine(keymaster1_device));
83 rsa_factory_.reset(new RsaKeymaster1KeyFactory(this, km1_engine_.get()));
84 ec_factory_.reset(new EcdsaKeymaster1KeyFactory(this, km1_engine_.get()));
85
86 // All AES and HMAC operations should be passed directly to the keymaster1 device. Explicitly
87 // do not handle them, to provoke errors in case the higher layers fail to send them to the
88 // device.
89 aes_factory_.reset(nullptr);
90 hmac_factory_.reset(nullptr);
91
92 return KM_ERROR_OK;
93 }
94
GetKeyFactory(keymaster_algorithm_t algorithm) const95 KeyFactory* SoftKeymasterContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
96 switch (algorithm) {
97 case KM_ALGORITHM_RSA:
98 return rsa_factory_.get();
99 case KM_ALGORITHM_EC:
100 return ec_factory_.get();
101 case KM_ALGORITHM_AES:
102 return aes_factory_.get();
103 case KM_ALGORITHM_HMAC:
104 return hmac_factory_.get();
105 default:
106 return nullptr;
107 }
108 }
109
110 static keymaster_algorithm_t supported_algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC,
111 KM_ALGORITHM_AES, KM_ALGORITHM_HMAC};
112
113 keymaster_algorithm_t*
GetSupportedAlgorithms(size_t * algorithms_count) const114 SoftKeymasterContext::GetSupportedAlgorithms(size_t* algorithms_count) const {
115 *algorithms_count = array_length(supported_algorithms);
116 return supported_algorithms;
117 }
118
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose) const119 OperationFactory* SoftKeymasterContext::GetOperationFactory(keymaster_algorithm_t algorithm,
120 keymaster_purpose_t purpose) const {
121 KeyFactory* key_factory = GetKeyFactory(algorithm);
122 if (!key_factory)
123 return nullptr;
124 return key_factory->GetOperationFactory(purpose);
125 }
126
TranslateAuthorizationSetError(AuthorizationSet::Error err)127 static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) {
128 switch (err) {
129 case AuthorizationSet::OK:
130 return KM_ERROR_OK;
131 case AuthorizationSet::ALLOCATION_FAILURE:
132 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
133 case AuthorizationSet::MALFORMED_DATA:
134 return KM_ERROR_UNKNOWN_ERROR;
135 }
136 return KM_ERROR_OK;
137 }
138
SetAuthorizations(const AuthorizationSet & key_description,keymaster_key_origin_t origin,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)139 static keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description,
140 keymaster_key_origin_t origin,
141 AuthorizationSet* hw_enforced,
142 AuthorizationSet* sw_enforced) {
143 sw_enforced->Clear();
144
145 for (auto& entry : key_description) {
146 switch (entry.tag) {
147 // These cannot be specified by the client.
148 case KM_TAG_ROOT_OF_TRUST:
149 case KM_TAG_ORIGIN:
150 LOG_E("Root of trust and origin tags may not be specified", 0);
151 return KM_ERROR_INVALID_TAG;
152
153 // These don't work.
154 case KM_TAG_ROLLBACK_RESISTANT:
155 LOG_E("KM_TAG_ROLLBACK_RESISTANT not supported", 0);
156 return KM_ERROR_UNSUPPORTED_TAG;
157
158 // These are hidden.
159 case KM_TAG_APPLICATION_ID:
160 case KM_TAG_APPLICATION_DATA:
161 break;
162
163 // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in
164 // hw_enforced, in which case we defer to its decision.
165 default:
166 if (hw_enforced->GetTagCount(entry.tag) == 0)
167 sw_enforced->push_back(entry);
168 break;
169 }
170 }
171
172 sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
173 sw_enforced->push_back(TAG_ORIGIN, origin);
174 return TranslateAuthorizationSetError(sw_enforced->is_valid());
175 }
176
CreateKeyBlob(const AuthorizationSet & key_description,const keymaster_key_origin_t origin,const KeymasterKeyBlob & key_material,KeymasterKeyBlob * blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const177 keymaster_error_t SoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description,
178 const keymaster_key_origin_t origin,
179 const KeymasterKeyBlob& key_material,
180 KeymasterKeyBlob* blob,
181 AuthorizationSet* hw_enforced,
182 AuthorizationSet* sw_enforced) const {
183 keymaster_error_t error = SetAuthorizations(key_description, origin, hw_enforced, sw_enforced);
184 if (error != KM_ERROR_OK)
185 return error;
186
187 AuthorizationSet hidden;
188 error = BuildHiddenAuthorizations(key_description, &hidden);
189 if (error != KM_ERROR_OK)
190 return error;
191
192 return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob);
193 }
194
ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & hidden,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)195 static keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob,
196 const AuthorizationSet& hidden,
197 KeymasterKeyBlob* key_material,
198 AuthorizationSet* hw_enforced,
199 AuthorizationSet* sw_enforced) {
200 Buffer nonce, tag;
201 KeymasterKeyBlob encrypted_key_material;
202 keymaster_error_t error = DeserializeAuthEncryptedBlob(blob, &encrypted_key_material,
203 hw_enforced, sw_enforced, &nonce, &tag);
204 if (error != KM_ERROR_OK)
205 return error;
206
207 if (nonce.available_read() != OCB_NONCE_LENGTH || tag.available_read() != OCB_TAG_LENGTH)
208 return KM_ERROR_INVALID_KEY_BLOB;
209
210 return OcbDecryptKey(*hw_enforced, *sw_enforced, hidden, MASTER_KEY, encrypted_key_material,
211 nonce, tag, key_material);
212 }
213
214 // Note: This parsing code in below is from system/security/softkeymaster/keymaster_openssl.cpp's
215 // unwrap_key function, modified for the preferred function signature and formatting. It does some
216 // odd things, but they have been left unchanged to avoid breaking compatibility.
217 static const uint8_t SOFT_KEY_MAGIC[] = {'P', 'K', '#', '8'};
218 const uint64_t HUNDRED_YEARS = 1000LL * 60 * 60 * 24 * 365 * 100;
ParseOldSoftkeymasterBlob(const KeymasterKeyBlob & blob,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const219 keymaster_error_t SoftKeymasterContext::ParseOldSoftkeymasterBlob(
220 const KeymasterKeyBlob& blob, KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
221 AuthorizationSet* sw_enforced) const {
222 long publicLen = 0;
223 long privateLen = 0;
224 const uint8_t* p = blob.key_material;
225 const uint8_t* end = blob.key_material + blob.key_material_size;
226
227 int type = 0;
228 ptrdiff_t min_size =
229 sizeof(SOFT_KEY_MAGIC) + sizeof(type) + sizeof(publicLen) + 1 + sizeof(privateLen) + 1;
230 if (end - p < min_size) {
231 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
232 return KM_ERROR_INVALID_KEY_BLOB;
233 }
234
235 if (memcmp(p, SOFT_KEY_MAGIC, sizeof(SOFT_KEY_MAGIC)) != 0)
236 return KM_ERROR_INVALID_KEY_BLOB;
237 p += sizeof(SOFT_KEY_MAGIC);
238
239 for (size_t i = 0; i < sizeof(type); i++)
240 type = (type << 8) | *p++;
241
242 for (size_t i = 0; i < sizeof(type); i++)
243 publicLen = (publicLen << 8) | *p++;
244
245 if (p + publicLen > end) {
246 LOG_W("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
247 return KM_ERROR_INVALID_KEY_BLOB;
248 }
249 p += publicLen;
250
251 if (end - p < 2) {
252 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
253 return KM_ERROR_INVALID_KEY_BLOB;
254 }
255
256 for (size_t i = 0; i < sizeof(type); i++)
257 privateLen = (privateLen << 8) | *p++;
258
259 if (p + privateLen > end) {
260 LOG_W("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
261 return KM_ERROR_INVALID_KEY_BLOB;
262 }
263
264 // Just to be sure, make sure that the ASN.1 structure parses correctly. We don't actually use
265 // the EVP_PKEY here.
266 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
267 if (pkey.get() == nullptr)
268 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
269
270 EVP_PKEY* tmp = pkey.get();
271 const uint8_t* key_start = p;
272 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
273 LOG_W("Failed to parse PKCS#8 key material (if old SW key)", 0);
274 return KM_ERROR_INVALID_KEY_BLOB;
275 }
276
277 // All auths go into sw_enforced, including those that would be HW-enforced if we were faking
278 // auths for a HW-backed key.
279 hw_enforced->Clear();
280 keymaster_error_t error = FakeKeyAuthorizations(pkey.get(), sw_enforced, sw_enforced);
281 if (error != KM_ERROR_OK)
282 return error;
283
284 if (!key_material->Reset(privateLen))
285 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
286 memcpy(key_material->writable_data(), key_start, privateLen);
287
288 return KM_ERROR_OK;
289 }
290
ParseKeyBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const291 keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
292 const AuthorizationSet& additional_params,
293 KeymasterKeyBlob* key_material,
294 AuthorizationSet* hw_enforced,
295 AuthorizationSet* sw_enforced) const {
296 // This is a little bit complicated.
297 //
298 // The SoftKeymasterContext has to handle a lot of different kinds of key blobs.
299 //
300 // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The
301 // raw key material and auth sets should be extracted and returned. This is the kind
302 // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys.
303 //
304 // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key.
305 // They should be decrypted and the key material and auth sets extracted and returned.
306 //
307 // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked
308 // on the front. They don't have auth sets, so reasonable defaults are generated and
309 // returned along with the raw key material.
310 //
311 // 4. New keymaster0 hardware key blobs. These are integrity-assured but not encrypted (though
312 // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob
313 // and auth sets should be extracted and returned.
314 //
315 // 5. Keymaster1 hardware key blobs. These are raw hardware key blobs. They contain auth
316 // sets, which we retrieve from the hardware module.
317 //
318 // 6. Old keymaster0 hardware key blobs. These are raw hardware key blobs. They don't have
319 // auth sets so reasonable defaults are generated and returned along with the key blob.
320 //
321 // Determining what kind of blob has arrived is somewhat tricky. What helps is that
322 // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to
323 // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably
324 // unlikely that hardware keys would have the same header. So anything that is neither
325 // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be
326 // keymaster0 hardware.
327
328 AuthorizationSet hidden;
329 keymaster_error_t error = BuildHiddenAuthorizations(additional_params, &hidden);
330 if (error != KM_ERROR_OK)
331 return error;
332
333 // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed
334 // blob).
335 error = DeserializeIntegrityAssuredBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
336 if (error != KM_ERROR_INVALID_KEY_BLOB)
337 return error;
338
339 // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob.
340 error = ParseOcbAuthEncryptedBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
341 if (error == KM_ERROR_OK)
342 LOG_D("Parsed an old keymaster1 software key", 0);
343 if (error != KM_ERROR_INVALID_KEY_BLOB)
344 return error;
345
346 // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob.
347 error = ParseOldSoftkeymasterBlob(blob, key_material, hw_enforced, sw_enforced);
348 if (error == KM_ERROR_OK)
349 LOG_D("Parsed an old sofkeymaster key", 0);
350 if (error != KM_ERROR_INVALID_KEY_BLOB)
351 return error;
352
353 if (km1_dev_)
354 return ParseKeymaster1HwBlob(blob, additional_params, key_material, hw_enforced,
355 sw_enforced);
356 else if (km0_engine_)
357 return ParseKeymaster0HwBlob(blob, key_material, hw_enforced, sw_enforced);
358
359 LOG_E("Failed to parse key; not a valid software blob, no hardware module configured", 0);
360 return KM_ERROR_INVALID_KEY_BLOB;
361 }
362
AddRngEntropy(const uint8_t * buf,size_t length) const363 keymaster_error_t SoftKeymasterContext::AddRngEntropy(const uint8_t* buf, size_t length) const {
364 RAND_add(buf, length, 0 /* Don't assume any entropy is added to the pool. */);
365 return KM_ERROR_OK;
366 }
367
GenerateRandom(uint8_t * buf,size_t length) const368 keymaster_error_t SoftKeymasterContext::GenerateRandom(uint8_t* buf, size_t length) const {
369 if (RAND_bytes(buf, length) != 1)
370 return KM_ERROR_UNKNOWN_ERROR;
371 return KM_ERROR_OK;
372 }
373
ParseKeymaster1HwBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const374 keymaster_error_t SoftKeymasterContext::ParseKeymaster1HwBlob(
375 const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params,
376 KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
377 AuthorizationSet* sw_enforced) const {
378 assert(km1_dev_);
379
380 keymaster_blob_t client_id = {nullptr, 0};
381 keymaster_blob_t app_data = {nullptr, 0};
382 keymaster_blob_t* client_id_ptr = nullptr;
383 keymaster_blob_t* app_data_ptr = nullptr;
384 if (additional_params.GetTagValue(TAG_APPLICATION_ID, &client_id))
385 client_id_ptr = &client_id;
386 if (additional_params.GetTagValue(TAG_APPLICATION_DATA, &app_data))
387 app_data_ptr = &app_data;
388
389 // Get key characteristics, which incidentally verifies that the HW recognizes the key.
390 keymaster_key_characteristics_t* characteristics;
391 keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr,
392 app_data_ptr, &characteristics);
393 if (error != KM_ERROR_OK)
394 return error;
395 unique_ptr<keymaster_key_characteristics_t, Characteristics_Delete> characteristics_deleter(
396 characteristics);
397
398 LOG_D("Module \"%s\" accepted key", km1_dev_->common.module->name);
399
400 hw_enforced->Reinitialize(characteristics->hw_enforced);
401 sw_enforced->Reinitialize(characteristics->sw_enforced);
402 *key_material = blob;
403 return KM_ERROR_OK;
404 }
405
ParseKeymaster0HwBlob(const KeymasterKeyBlob & blob,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const406 keymaster_error_t SoftKeymasterContext::ParseKeymaster0HwBlob(const KeymasterKeyBlob& blob,
407 KeymasterKeyBlob* key_material,
408 AuthorizationSet* hw_enforced,
409 AuthorizationSet* sw_enforced) const {
410 assert(km0_engine_);
411
412 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> tmp_key(km0_engine_->GetKeymaster0PublicKey(blob));
413
414 if (!tmp_key)
415 return KM_ERROR_INVALID_KEY_BLOB;
416
417 LOG_D("Module \"%s\" accepted key", km0_engine_->device()->common.module->name);
418 keymaster_error_t error = FakeKeyAuthorizations(tmp_key.get(), hw_enforced, sw_enforced);
419 if (error == KM_ERROR_OK)
420 *key_material = blob;
421
422 return error;
423 }
424
FakeKeyAuthorizations(EVP_PKEY * pubkey,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const425 keymaster_error_t SoftKeymasterContext::FakeKeyAuthorizations(EVP_PKEY* pubkey,
426 AuthorizationSet* hw_enforced,
427 AuthorizationSet* sw_enforced) const {
428 hw_enforced->Clear();
429 sw_enforced->Clear();
430
431 switch (EVP_PKEY_type(pubkey->type)) {
432 case EVP_PKEY_RSA: {
433 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
434 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
435 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
436 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
437 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
438 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
439 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
440 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
441 hw_enforced->push_back(TAG_PADDING, KM_PAD_NONE);
442 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
443 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
444 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PSS);
445 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
446
447 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
448 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
449 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_ENCRYPT);
450 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_DECRYPT);
451
452 unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pubkey));
453 if (!rsa)
454 return TranslateLastOpenSslError();
455 hw_enforced->push_back(TAG_KEY_SIZE, RSA_size(rsa.get()) * 8);
456 uint64_t public_exponent = BN_get_word(rsa->e);
457 if (public_exponent == 0xffffffffL)
458 return KM_ERROR_INVALID_KEY_BLOB;
459 hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
460 break;
461 }
462
463 case EVP_PKEY_EC: {
464 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
465 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
466 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
467 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
468 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
469 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
470 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
471 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
472
473 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
474 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
475
476 UniquePtr<EC_KEY, EC_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pubkey));
477 if (!ec_key.get())
478 return TranslateLastOpenSslError();
479 size_t key_size_bits;
480 keymaster_error_t error =
481 EcKeyFactory::get_group_size(*EC_KEY_get0_group(ec_key.get()), &key_size_bits);
482 if (error != KM_ERROR_OK)
483 return error;
484 hw_enforced->push_back(TAG_KEY_SIZE, key_size_bits);
485 break;
486 }
487
488 default:
489 return KM_ERROR_UNSUPPORTED_ALGORITHM;
490 }
491
492 sw_enforced->push_back(TAG_ALL_USERS);
493 sw_enforced->push_back(TAG_NO_AUTH_REQUIRED);
494
495 return KM_ERROR_OK;
496 }
497
BuildHiddenAuthorizations(const AuthorizationSet & input_set,AuthorizationSet * hidden) const498 keymaster_error_t SoftKeymasterContext::BuildHiddenAuthorizations(const AuthorizationSet& input_set,
499 AuthorizationSet* hidden) const {
500 keymaster_blob_t entry;
501 if (input_set.GetTagValue(TAG_APPLICATION_ID, &entry))
502 hidden->push_back(TAG_APPLICATION_ID, entry.data, entry.data_length);
503 if (input_set.GetTagValue(TAG_APPLICATION_DATA, &entry))
504 hidden->push_back(TAG_APPLICATION_DATA, entry.data, entry.data_length);
505
506 hidden->push_back(TAG_ROOT_OF_TRUST, reinterpret_cast<const uint8_t*>(root_of_trust_.data()),
507 root_of_trust_.size());
508
509 return TranslateAuthorizationSetError(hidden->is_valid());
510 }
511
512 } // namespace keymaster
513