chromeos-base/arc-keymaster/files/keymaster-context-hooks.patch - mirrors/cros/chromiumos/overlays/chromiumos-overlay - Git at Google

 Ensure that context functions overridden in ARC Keymaster do not change
 underneath us by upstream. If they do this patch will fail.

 This is not meant to be actually applied, it's just used to make upstream
 changes obvious.

 diff --git a/contexts/pure_soft_keymaster_context.cpp b/contexts/pure_soft_keymaster_context.cpp
 index b4d1fb7..ed5fdca 100644
 --- a/contexts/pure_soft_keymaster_context.cpp
 +++ b/contexts/pure_soft_keymaster_context.cpp
 @@ -105,24 +105,6 @@ OperationFactory* PureSoftKeymasterContext::GetOperationFactory(keymaster_algori
      return key_factory->GetOperationFactory(purpose);
  }

 -keymaster_error_t PureSoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description,
 -                                                      const keymaster_key_origin_t origin,
 -                                                      const KeymasterKeyBlob& key_material,
 -                                                      KeymasterKeyBlob* blob,
 -                                                      AuthorizationSet* hw_enforced,
 -                                                      AuthorizationSet* sw_enforced) const {
 -    keymaster_error_t error = SetKeyBlobAuthorizations(key_description, origin, os_version_,
 -                                                       os_patchlevel_, hw_enforced, sw_enforced);
 -    if (error != KM_ERROR_OK)
 -        return error;
 -
 -    AuthorizationSet hidden;
 -    error = BuildHiddenAuthorizations(key_description, &hidden, softwareRootOfTrust);
 -    if (error != KM_ERROR_OK)
 -        return error;
 -
 -    return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob);
 -}

  keymaster_error_t PureSoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
                                                         const AuthorizationSet& upgrade_params,
 @@ -135,74 +117,6 @@ keymaster_error_t PureSoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlo
      return UpgradeSoftKeyBlob(key, os_version_, os_patchlevel_, upgrade_params, upgraded_key);
  }

 -keymaster_error_t PureSoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
 -                                                         const AuthorizationSet& additional_params,
 -                                                         UniquePtr<Key>* key) const {
 -    // This is a little bit complicated.
 -    //
 -    // The SoftKeymasterContext has to handle a lot of different kinds of key blobs.
 -    //
 -    // 1.  New keymaster1 software key blobs.  These are integrity-assured but not encrypted.  The
 -    //     raw key material and auth sets should be extracted and returned.  This is the kind
 -    //     produced by this context when the KeyFactory doesn't use keymaster0 to back the keys.
 -    //
 -    // 2.  Old keymaster1 software key blobs.  These are OCB-encrypted with an all-zero master key.
 -    //     They should be decrypted and the key material and auth sets extracted and returned.
 -    //
 -    // 3.  Old keymaster0 software key blobs.  These are raw key material with a small header tacked
 -    //     on the front.  They don't have auth sets, so reasonable defaults are generated and
 -    //     returned along with the raw key material.
 -    //
 -    // Determining what kind of blob has arrived is somewhat tricky.  What helps is that
 -    // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to
 -    // parse as anything else.  Old keymaster0 software key blobs have a header.  It's reasonably
 -    // unlikely that hardware keys would have the same header.  So anything that is neither
 -    // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be
 -    // keymaster0 hardware.
 -
 -    AuthorizationSet hw_enforced;
 -    AuthorizationSet sw_enforced;
 -    KeymasterKeyBlob key_material;
 -    keymaster_error_t error;
 -
 -    auto constructKey = [&, this] () mutable -> keymaster_error_t {
 -        // GetKeyFactory
 -        if (error != KM_ERROR_OK) return error;
 -        keymaster_algorithm_t algorithm;
 -        if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) &&
 -            !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) {
 -            return KM_ERROR_INVALID_ARGUMENT;
 -        }
 -        auto factory = GetKeyFactory(algorithm);
 -        return factory->LoadKey(move(key_material), additional_params, move(hw_enforced),
 -                                move(sw_enforced), key);
 -    };
 -
 -    AuthorizationSet hidden;
 -    error = BuildHiddenAuthorizations(additional_params, &hidden, softwareRootOfTrust);
 -    if (error != KM_ERROR_OK)
 -        return error;
 -
 -    // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed
 -    // blob).
 -    error = DeserializeIntegrityAssuredBlob(blob, hidden, &key_material, &hw_enforced, &sw_enforced);
 -    if (error != KM_ERROR_INVALID_KEY_BLOB)
 -        return constructKey();
 -
 -    // Wasn't an integrity-assured blob.  Maybe it's an OCB-encrypted blob.
 -    error = ParseOcbAuthEncryptedBlob(blob, hidden, &key_material, &hw_enforced, &sw_enforced);
 -    if (error == KM_ERROR_OK)
 -        LOG_D("Parsed an old keymaster1 software key", 0);
 -    if (error != KM_ERROR_INVALID_KEY_BLOB)
 -        return constructKey();
 -
 -    // Wasn't an OCB-encrypted blob.  Maybe it's an old softkeymaster blob.
 -    error = ParseOldSoftkeymasterBlob(blob, &key_material, &hw_enforced, &sw_enforced);
 -    if (error == KM_ERROR_OK)
 -        LOG_D("Parsed an old sofkeymaster key", 0);
 -
 -    return constructKey();
 -}

  keymaster_error_t PureSoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& /* blob */) const {
      // Nothing to do for software-only contexts.
 diff --git a/include/keymaster/contexts/pure_soft_keymaster_context.h b/include/keymaster/contexts/pure_soft_keymaster_context.h
 index 3a1156d..ed2f92b 100644
 --- a/include/keymaster/contexts/pure_soft_keymaster_context.h
 +++ b/include/keymaster/contexts/pure_soft_keymaster_context.h
 @@ -59,9 +59,6 @@ class PureSoftKeymasterContext: public KeymasterContext,
      keymaster_error_t UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
                                       const AuthorizationSet& upgrade_params,
                                       KeymasterKeyBlob* upgraded_key) const override;
 -    keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob,
 -                                   const AuthorizationSet& additional_params,
 -                                   UniquePtr<Key>* key) const override;
      keymaster_error_t DeleteKey(const KeymasterKeyBlob& blob) const override;
      keymaster_error_t DeleteAllKeys() const override;
      keymaster_error_t AddRngEntropy(const uint8_t* buf, size_t length) const override;
 @@ -79,10 +76,6 @@ class PureSoftKeymasterContext: public KeymasterContext,
      /*********************************************************************************************
       * Implement SoftwareKeyBlobMaker
       */
 -    keymaster_error_t CreateKeyBlob(const AuthorizationSet& auths, keymaster_key_origin_t origin,
 -                                    const KeymasterKeyBlob& key_material, KeymasterKeyBlob* blob,
 -                                    AuthorizationSet* hw_enforced,
 -                                    AuthorizationSet* sw_enforced) const override;

      keymaster_error_t
      UnwrapKey(const KeymasterKeyBlob& wrapped_key_blob, const KeymasterKeyBlob& wrapping_key_blob,
	Ensure that context functions overridden in ARC Keymaster do not change
	underneath us by upstream. If they do this patch will fail.

	This is not meant to be actually applied, it's just used to make upstream
	changes obvious.

	diff --git a/contexts/pure_soft_keymaster_context.cpp b/contexts/pure_soft_keymaster_context.cpp
	index b4d1fb7..ed5fdca 100644
	--- a/contexts/pure_soft_keymaster_context.cpp
	+++ b/contexts/pure_soft_keymaster_context.cpp
	@@ -105,24 +105,6 @@ OperationFactory* PureSoftKeymasterContext::GetOperationFactory(keymaster_algori
	return key_factory->GetOperationFactory(purpose);
	}

	-keymaster_error_t PureSoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description,
	- const keymaster_key_origin_t origin,
	- const KeymasterKeyBlob& key_material,
	- KeymasterKeyBlob* blob,
	- AuthorizationSet* hw_enforced,
	- AuthorizationSet* sw_enforced) const {
	- keymaster_error_t error = SetKeyBlobAuthorizations(key_description, origin, os_version_,
	- os_patchlevel_, hw_enforced, sw_enforced);
	- if (error != KM_ERROR_OK)
	- return error;
	-
	- AuthorizationSet hidden;
	- error = BuildHiddenAuthorizations(key_description, &hidden, softwareRootOfTrust);
	- if (error != KM_ERROR_OK)
	- return error;
	-
	- return SerializeIntegrityAssuredBlob(key_material, hidden, hw_enforced, sw_enforced, blob);
	-}

	keymaster_error_t PureSoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
	const AuthorizationSet& upgrade_params,
	@@ -135,74 +117,6 @@ keymaster_error_t PureSoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlo
	return UpgradeSoftKeyBlob(key, os_version_, os_patchlevel_, upgrade_params, upgraded_key);
	}

	-keymaster_error_t PureSoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
	- const AuthorizationSet& additional_params,
	- UniquePtr<Key>* key) const {
	- // This is a little bit complicated.
	- //
	- // The SoftKeymasterContext has to handle a lot of different kinds of key blobs.
	- //
	- // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The
	- // raw key material and auth sets should be extracted and returned. This is the kind
	- // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys.
	- //
	- // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key.
	- // They should be decrypted and the key material and auth sets extracted and returned.
	- //
	- // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked
	- // on the front. They don't have auth sets, so reasonable defaults are generated and
	- // returned along with the raw key material.
	- //
	- // Determining what kind of blob has arrived is somewhat tricky. What helps is that
	- // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to
	- // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably
	- // unlikely that hardware keys would have the same header. So anything that is neither
	- // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be
	- // keymaster0 hardware.
	-
	- AuthorizationSet hw_enforced;
	- AuthorizationSet sw_enforced;
	- KeymasterKeyBlob key_material;
	- keymaster_error_t error;
	-
	- auto constructKey = [&, this] () mutable -> keymaster_error_t {
	- // GetKeyFactory
	- if (error != KM_ERROR_OK) return error;
	- keymaster_algorithm_t algorithm;
	- if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) &&
	- !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) {
	- return KM_ERROR_INVALID_ARGUMENT;
	- }
	- auto factory = GetKeyFactory(algorithm);
	- return factory->LoadKey(move(key_material), additional_params, move(hw_enforced),
	- move(sw_enforced), key);
	- };
	-
	- AuthorizationSet hidden;
	- error = BuildHiddenAuthorizations(additional_params, &hidden, softwareRootOfTrust);
	- if (error != KM_ERROR_OK)
	- return error;
	-
	- // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed
	- // blob).
	- error = DeserializeIntegrityAssuredBlob(blob, hidden, &key_material, &hw_enforced, &sw_enforced);
	- if (error != KM_ERROR_INVALID_KEY_BLOB)
	- return constructKey();
	-
	- // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob.
	- error = ParseOcbAuthEncryptedBlob(blob, hidden, &key_material, &hw_enforced, &sw_enforced);
	- if (error == KM_ERROR_OK)
	- LOG_D("Parsed an old keymaster1 software key", 0);
	- if (error != KM_ERROR_INVALID_KEY_BLOB)
	- return constructKey();
	-
	- // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob.
	- error = ParseOldSoftkeymasterBlob(blob, &key_material, &hw_enforced, &sw_enforced);
	- if (error == KM_ERROR_OK)
	- LOG_D("Parsed an old sofkeymaster key", 0);
	-
	- return constructKey();
	-}

	keymaster_error_t PureSoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& /* blob */) const {
	// Nothing to do for software-only contexts.
	diff --git a/include/keymaster/contexts/pure_soft_keymaster_context.h b/include/keymaster/contexts/pure_soft_keymaster_context.h
	index 3a1156d..ed2f92b 100644
	--- a/include/keymaster/contexts/pure_soft_keymaster_context.h
	+++ b/include/keymaster/contexts/pure_soft_keymaster_context.h
	@@ -59,9 +59,6 @@ class PureSoftKeymasterContext: public KeymasterContext,
	keymaster_error_t UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
	const AuthorizationSet& upgrade_params,
	KeymasterKeyBlob* upgraded_key) const override;
	- keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob,
	- const AuthorizationSet& additional_params,
	- UniquePtr<Key>* key) const override;
	keymaster_error_t DeleteKey(const KeymasterKeyBlob& blob) const override;
	keymaster_error_t DeleteAllKeys() const override;
	keymaster_error_t AddRngEntropy(const uint8_t* buf, size_t length) const override;
	@@ -79,10 +76,6 @@ class PureSoftKeymasterContext: public KeymasterContext,
	/*********************************************************************************************
	* Implement SoftwareKeyBlobMaker
	*/
	- keymaster_error_t CreateKeyBlob(const AuthorizationSet& auths, keymaster_key_origin_t origin,
	- const KeymasterKeyBlob& key_material, KeymasterKeyBlob* blob,
	- AuthorizationSet* hw_enforced,
	- AuthorizationSet* sw_enforced) const override;

	keymaster_error_t
	UnwrapKey(const KeymasterKeyBlob& wrapped_key_blob, const KeymasterKeyBlob& wrapping_key_blob,