/*
* Copyright 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "integrity_assured_key_blob.h"
#include <assert.h>
#include <new>
#include <openssl/hmac.h>
#include <openssl/mem.h>
#include <keymaster/android_keymaster_utils.h>
#include <keymaster/authorization_set.h>
#include "openssl_err.h"
namespace keymaster {
static const uint8_t BLOB_VERSION = 0;
static const size_t HMAC_SIZE = 8;
static const char HMAC_KEY[] = "IntegrityAssuredBlob0";
inline size_t min(size_t a, size_t b) {
if (a < b)
return a;
return b;
}
class HmacCleanup {
public:
explicit HmacCleanup(HMAC_CTX* ctx) : ctx_(ctx) {}
~HmacCleanup() { HMAC_CTX_cleanup(ctx_); }
private:
HMAC_CTX* ctx_;
};
static keymaster_error_t ComputeHmac(const uint8_t* serialized_data, size_t serialized_data_size,
const AuthorizationSet& hidden, uint8_t hmac[HMAC_SIZE]) {
size_t hidden_bytes_size = hidden.SerializedSize();
UniquePtr<uint8_t[]> hidden_bytes(new (std::nothrow) uint8_t[hidden_bytes_size]);
if (!hidden_bytes.get())
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
hidden.Serialize(hidden_bytes.get(), hidden_bytes.get() + hidden_bytes_size);
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
const EVP_MD* md = EVP_sha256();
if (!HMAC_Init_ex(&ctx, HMAC_KEY, sizeof(HMAC_KEY), md, NULL /* engine */))
return TranslateLastOpenSslError();
HmacCleanup cleanup(&ctx);
uint8_t tmp[EVP_MAX_MD_SIZE];
unsigned tmp_len;
if (!HMAC_Update(&ctx, serialized_data, serialized_data_size) ||
!HMAC_Update(&ctx, hidden_bytes.get(), hidden_bytes_size) || //
!HMAC_Final(&ctx, tmp, &tmp_len))
return TranslateLastOpenSslError();
assert(tmp_len >= HMAC_SIZE);
memcpy(hmac, tmp, min(HMAC_SIZE, tmp_len));
return KM_ERROR_OK;
}
keymaster_error_t SerializeIntegrityAssuredBlob(const KeymasterKeyBlob& key_material,
const AuthorizationSet& hidden,
const AuthorizationSet& hw_enforced,
const AuthorizationSet& sw_enforced,
KeymasterKeyBlob* key_blob) {
size_t size = 1 /* version */ + //
key_material.SerializedSize() + //
hw_enforced.SerializedSize() + //
sw_enforced.SerializedSize() + //
HMAC_SIZE;
if (!key_blob->Reset(size))
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
uint8_t* p = key_blob->writable_data();
*p++ = BLOB_VERSION;
p = key_material.Serialize(p, key_blob->end());
p = hw_enforced.Serialize(p, key_blob->end());
p = sw_enforced.Serialize(p, key_blob->end());
return ComputeHmac(key_blob->key_material, p - key_blob->key_material, hidden, p);
}
keymaster_error_t DeserializeIntegrityAssuredBlob(const KeymasterKeyBlob& key_blob,
const AuthorizationSet& hidden,
KeymasterKeyBlob* key_material,
AuthorizationSet* hw_enforced,
AuthorizationSet* sw_enforced) {
const uint8_t* p = key_blob.begin();
const uint8_t* end = key_blob.end();
if (p > end || p + HMAC_SIZE > end)
return KM_ERROR_INVALID_KEY_BLOB;
uint8_t computed_hmac[HMAC_SIZE];
keymaster_error_t error = ComputeHmac(key_blob.begin(), key_blob.key_material_size - HMAC_SIZE,
hidden, computed_hmac);
if (error != KM_ERROR_OK)
return error;
if (CRYPTO_memcmp(key_blob.end() - HMAC_SIZE, computed_hmac, HMAC_SIZE) != 0)
return KM_ERROR_INVALID_KEY_BLOB;
return DeserializeIntegrityAssuredBlob_NoHmacCheck(key_blob, key_material, hw_enforced,
sw_enforced);
}
keymaster_error_t DeserializeIntegrityAssuredBlob_NoHmacCheck(const KeymasterKeyBlob& key_blob,
KeymasterKeyBlob* key_material,
AuthorizationSet* hw_enforced,
AuthorizationSet* sw_enforced) {
const uint8_t* p = key_blob.begin();
const uint8_t* end = key_blob.end() - HMAC_SIZE;
if (p > end)
return KM_ERROR_INVALID_KEY_BLOB;
if (*p != BLOB_VERSION)
return KM_ERROR_INVALID_KEY_BLOB;
++p;
if (!key_material->Deserialize(&p, end) || //
!hw_enforced->Deserialize(&p, end) || //
!sw_enforced->Deserialize(&p, end))
return KM_ERROR_INVALID_KEY_BLOB;
return KM_ERROR_OK;
}
} // namespace keymaster;