On-device signing: verify the public key.

While we can generally trust the key properties of the Keystore key to be correct, the public key certificate that Keystore returns in KeyMetadata is simply retrieved from an on-disk database. This allows an attacker that gets filesystem access to simply modify the public key, and we will happily accept that (and the artifacts that are signed with the private key component). To prevent this, sign the public key itself with another HMAC key that carries the same boot level as the signing key. This is secure, because in order to forge such a signature, an attacker would need to create an HMAC key with the same boot level, which is not possible once early boot has passed. Bug: 187862706 Test: TEST_MAPPING Change-Id: I688fff83f73b1df4e91c3fa03c43df647703d9f8
author: Martijn Coenen <maco@google.com> 2021-04-21 10:44:04 +0200
committer: Martijn Coenen <maco@google.com> 2021-05-25 08:47:37 +0200
commit: 7278a33e1c0cd20fccf4cfd9f49537ccde49c2d0 (patch)
tree: aea2cf10d71b278be9036e78aad0639f5a216f11 /ondevice-signing/KeyConstants.h
parent: 9b885740bff1fdf8a110f19b3530e98360b40b4a (diff)
download: security-7278a33e1c0cd20fccf4cfd9f49537ccde49c2d0.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/ondevice-signing/KeyConstants.h b/ondevice-signing/KeyConstants.h
index 9e1a5137..ccc9251c 100644
--- a/ondevice-signing/KeyConstants.h
+++ b/ondevice-signing/KeyConstants.h
@@ -16,3 +16,6 @@
 
 static constexpr int kRsaKeySize = 2048;
 static constexpr int kRsaKeyExponent = 65537;
+
+static constexpr int kHmacKeySize = 256;
+static constexpr int kHmacMinMacLength = 256;
author	Martijn Coenen <maco@google.com>	2021-04-21 10:44:04 +0200
committer	Martijn Coenen <maco@google.com>	2021-05-25 08:47:37 +0200
commit	7278a33e1c0cd20fccf4cfd9f49537ccde49c2d0 (patch)
tree	aea2cf10d71b278be9036e78aad0639f5a216f11 /ondevice-signing/KeyConstants.h
parent	9b885740bff1fdf8a110f19b3530e98360b40b4a (diff)
download	security-7278a33e1c0cd20fccf4cfd9f49537ccde49c2d0.tar.gz