Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 23590680da5415d29b63257e5f6b5f8bed1d1274^! / . / cppcose / cppcose.cpp
commit23590680da5415d29b63257e5f6b5f8bed1d1274[log] [tgz]
authorSeth Moore <sethmo@google.com>Fri Apr 30 11:42:31 2021 -0700
committerSeth Moore <sethmo@google.com>Tue May 25 07:57:01 2021 -0700
tree711cd1ef4eb4b92d5fc510c88b32bf527a29e617
parent4d2dbc87058c30b6a30424f728ef3d651eb5305c [diff] [blame]
Delegate some MAC operations to the provisioning context

The MAC key used to authenticate the public keys between the GenerateRkp
and GenerateCsr calls is supposed to be known _only_ to the secure
element. The code was passing the MAC key up from the context, which
makes the security guarantee difficult or impossible on some platforms.

Generate the MAC by delegating to the provisioning context. This required
refactoring a bit of code to use a callback for MAC calculation instead
of passing the raw MAC key around.

Bug: 182928606
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: RemoteProvisionerUnitTests
Change-Id: Id9a04ee0e0b1abc11d616ef53f41569cdaae3182
Merged-In: Id9a04ee0e0b1abc11d616ef53f41569cdaae3182

diff --git a/cppcose/cppcose.cpp b/cppcose/cppcose.cpp
index e17f273..2d8652e 100644
--- a/cppcose/cppcose.cpp
+++ b/cppcose/cppcose.cpp

@@ -53,12 +53,22 @@
 
 }  // namespace
 
-ErrMsgOr<bytevec> generateCoseMac0Mac(const bytevec& macKey, const bytevec& externalAad,
-                                      const bytevec& payload) {
-    if (macKey.empty()) {
-        return "Empty MAC key";
-    }
+ErrMsgOr<HmacSha256> generateHmacSha256(const bytevec& key, const bytevec& data) {
+    HmacSha256 digest;
+    unsigned int outLen;
+    uint8_t* out = HMAC(EVP_sha256(),              //
+                        key.data(), key.size(),    //
+                        data.data(), data.size(),  //
+                        digest.data(), &outLen);
 
+    if (out == nullptr || outLen != digest.size()) {
+        return "Error generating HMAC";
+    }
+    return digest;
+}
+
+ErrMsgOr<HmacSha256> generateCoseMac0Mac(HmacSha256Function macFunction, const bytevec& externalAad,
+                                         const bytevec& payload) {
     auto macStructure = cppbor::Array()
                             .add("MAC0")
                             .add(cppbor::Map().add(ALGORITHM, HMAC_256).canonicalize().encode())
@@ -66,32 +76,24 @@
                             .add(payload)
                             .encode();
 
-    bytevec macTag(SHA256_DIGEST_LENGTH);
-    uint8_t* out = macTag.data();
-    unsigned int outLen;
-    out = HMAC(EVP_sha256(),                              //
-               macKey.data(), macKey.size(),              //
-               macStructure.data(), macStructure.size(),  //
-               out, &outLen);
-
-    assert(out != nullptr && outLen == macTag.size());
-    if (out == nullptr || outLen != macTag.size()) {
+    auto macTag = macFunction(macStructure);
+    if (!macTag) {
         return "Error computing public key MAC";
     }
 
-    return macTag;
+    return *macTag;
 }
 
-ErrMsgOr<cppbor::Array> constructCoseMac0(const bytevec& macKey, const bytevec& externalAad,
-                                          const bytevec& payload) {
-    auto tag = generateCoseMac0Mac(macKey, externalAad, payload);
+ErrMsgOr<cppbor::Array> constructCoseMac0(HmacSha256Function macFunction,
+                                          const bytevec& externalAad, const bytevec& payload) {
+    auto tag = generateCoseMac0Mac(macFunction, externalAad, payload);
     if (!tag) return tag.moveMessage();
 
     return cppbor::Array()
         .add(cppbor::Map().add(ALGORITHM, HMAC_256).canonicalize().encode())
         .add(cppbor::Map() /* unprotected */)
         .add(payload)
-        .add(tag.moveValue());
+        .add(std::pair(tag->begin(), tag->end()));
 }
 
 ErrMsgOr<bytevec /* payload */> verifyAndParseCoseMac0(const cppbor::Item* macItem,
@@ -118,7 +120,10 @@
         return "Unsupported Mac0 algorithm";
     }
 
-    auto macTag = generateCoseMac0Mac(macKey, {} /* external_aad */, payload->value());
+    auto macFunction = [&macKey](const bytevec& input) {
+        return generateHmacSha256(macKey, input);
+    };
+    auto macTag = generateCoseMac0Mac(macFunction, {} /* external_aad */, payload->value());
     if (!macTag) return macTag.moveMessage();
 
     if (macTag->size() != tag->value().size() ||