Droidcedas : Jelly Edible Bean Hardware-Backed Credential Storage

Oleh Didiet86

Friday, July 27, 2018

Bagikan :

Tweet

Along amongst all the user facing novel app encryption has been properly announced, spell the residuum rest by in addition to large covered upwards past times upper grade APIs. This, of course, is non fair, so let's telephone recollect them upwards (the listing is likely non exhaustive):

• RSA in addition to DSA primal generation in addition to signatures are at nowadays implemented inwards native code for meliorate performance
• TLS v1.2 support
• improved organization primal store
• new OpenSSL interface (engine) to the organization primal store
• new primal administration HAL factor -- keymaster
• hardware-backed keymaster implementation on Milky Way Nexus in addition to Nexus 7

The offset 2 features are by in addition to large self-explanatory, but the residuum merit around exploration. Let's aspect into each 1 inwards turn.

System primal shop improvements

As nosotros guide hold already discussed, the organization primal shop inwards Android is provided past times a native daemon that encrypts secrets using a primal derived from the device unlock password, stores them on disk in addition to regulates primal access based on UID. In ICS in addition to previous versions, the keystore daemon only stores opaque encrypted blobs in addition to the solely meatdata available (UID of possessor in addition to primal name) was encoded inwards the file call nether which blobs are stored. In Jelly Bean (JB), blobs also guide hold a version land in addition to a type field. The next primal types are newly defined:

• TYPE_GENERIC
• TYPE_MASTER_KEY
• TYPE_KEY_PAIR

TYPE_GENERIC is used for primal blobs saved using the previous get/put interface, in addition to TYPE_MASTER_KEY is, of course, solely used for the primal shop master copy key. The newly added TYPE_KEY_PAIR is used for primal blobs created using the novel GENERATE in addition to IMPORT commands. Before nosotros larn into to a greater extent than details, hither are the keystore commands added inwards Jelly Bean:

• GENERATE
• IMPORT
• SIGN
• VERIFY
• GET_PUBKEY
• DEL_KEY
• GRANT
• UNGRANT

In lodge to exercise a primal stored using the pre-JB implementation, nosotros needed to offset export the raw primal bytes, in addition to so exercise them to initialize an actual primal object. Thus fifty-fifty though the primal blob is encrypted on disk, the land text primal eventually needed to live exposed (in memory). The novel commands allow us generate an RSA primal pair in addition to sign or verify information without the primal always leaving the primal store. There is even so no agency to specify primal size for generated keys, it is fixed at 2048 bits. There is no restriction for importing keys though, so shorter (or longer keys) tin live used equally good (confirmed for 512-4096 chip keys). Importing requires that keys are encoded using the PKCS#8 format. The sign functioning doesn't exercise whatever automatic padding in addition to thus requires input information to live equal to the RSA primal size (it's essentially performs raw RSA encryption using the mortal key). VERIFY takes the primal name, signed information in addition to signature value equally input, in addition to outputs the verification result. GET_PUBKEY industrial plant equally expected -- it returns the populace primal inwards X.509 format. As mentioned above, the keystore daemon does access command based on UID, in addition to pre-JB a procedure could exercise solely a primal it had created itself. The novel GRANT / UNGRANT commands allow the OS to temporarily allow access to organization keys to other processes. The grants are non persisted, so they are lost on restart.

Key shop OpenSSL engine

The side past times side add-on to Android's safety organization is the keystore-backed OpenSSL engine (pluggable cryptographic module). It solely supports loading of in addition to signing amongst RSA mortal keys, but that is normally plenty to implement key-based authentication (such equally SSL customer authentication). This pocket-sized engine makes it possible for native code that uses OpenSSL APIs to exercise mortal keys saved inwards the organization primal shop without whatever code modifications. It also has a Java wrapper (OpenSSLEngine), which is used to implement the KeyChain.getPrivateKey() API. Thus all apps that larn a mortal primal reference via the KeyChain API larn the exercise goodness of using the novel native implementation.

keymaster module overview

And finally, fourth dimension for our characteristic presentation -- the keymaster module in addition to its hardware-based implementation on Milky Way Nexus (and Nexus 7, but that currently has no relevant beginning code inwards AOSP, so nosotros volition focus on the GN). Jelly Bean introduces a novel libhardware (aka HAL) module, called keymaster. It defines structures in addition to methods for generating keys in addition to signing/verifying data. The keymaster module is meant to decouple Android from the actual device safety hardware, in addition to a typical implementation would exercise a vendor-provided library to communicate amongst the crypto-enabled hardware. Jelly Bean comes amongst a default softkeymaster module that does all primal operations inwards software solely (using the ubiquitous OpenSSL). It is used on the emulator in addition to likely volition live included inwards devices that lack dedicated cryptographic hardware. The currently defined operations are listed below. Only RSA is supported at present.

• generate_keypair
• import_keypair
• sign_data
• verify_data
• get_keypair_public
• delete_keypair
• delete_all

If those aspect familiar, this is because they are pretty much the same equally the newly added keystore commands listed inwards the previous section. All of the asymmetric primal operations exposed past times the keystore daemon are implemented past times calling the organization keymaster module. Thus if the keymaster HAL module is backed past times a hardware cryptographic device, all upper grade commands in addition to APIs that exercise the keystore daemon interface automatically larn to exercise hardware crypto.

Galaxy Nexus keymaster implementation

Let's aspect at how this is implemented on Milky Way Nexus, starting from the lowest level, the actual hardware. Milky Way Nexus is built using the Texas Instruments OMAP4460 SoC, which integrates TI's M-Shield (not to live confused amongst nShield) mobile safety technology. Among other things, M-Shield provides cryptographic acceleration, a secure random expose generator in addition to secure on-chip primal storage. On top of that sits TI's Security Middleware Component (SMC), which is essentially a Trusted Execution Environment (TEE, Global Platform specs in addition to white paper) implementation. The actual software is past times Trusted Logic Mobility, marketed nether the call Trusted Foundations. Looking at this TI white paper, it looks similar secure primal storage was planned for ICS (Android 4.0), but apparently, it got pushed to dorsum to Jelly Bean (4.1). Cf. this contention from the white paper: 'Android 4.0 also introduces a novel keychain API in addition to underlying encrypted storage that are protected past times M-Shield hardware safety on the OMAP four platform.'.  

With all the buzzwords in addition to abbreviations out of the way, let's say a few words nearly TEE. As the call implies, TEE is defined equally a logical execution environment, divide from the device's principal OS, referred to equally the REE (Rich Execution Environment). Its purpose is both to protect assets in addition to execute trusted code. It is also required to live protected against sure enough physical attacks, although the grade of protection is typically lower that that of a tamper-resistant module such equally a Secure Element (SE). The TEE tin host trusted applications (TAs) which utilize the TEE's services via the standardized internal APIs. Those autumn nether four categories:

• trusted storage
• cryptographic operations
• time-related
• arithmetical (for dealing amongst large numbers)

Applications running inwards the REE (the Android OS in addition to apps) tin solely communicate amongst TAs via a depression grade Client API (essentially sending commands in addition to receiving responses synchronously, where the protocol is defined past times each TA). The Client API also lets the REE in addition to TA applications portion retentivity inwards a controlled fashion for efficient information transfer.

Finally, let's run into how all this is tied together inwards the GN construct of Jelly Bean. Influenza A virus subtype H5N1 generic PKCS#11 module (libtf_crypto_sst.so) uses the TEE Client API to communicate amongst a TA that implements hashing, primal generation, encryption/decryption, signing/verification in addition to random expose generation. Since at that spot doesn't seem to a 'official' bespeak the TA on the Milky Way Nexus, in addition to its commands map pretty much one-to-one to PKCS#11 interfaces, nosotros volition live calling it the 'token TA' from at nowadays on. The GN keymaster HAL module calls the PKCS#11 module to implement RSA primal pair generation in addition to import, equally good equally signing in addition to verification. This inwards plough is used past times the keystore daemon to implement the corresponding commands.

However, it turns out that the hardware-backed keymaster module is non inwards the latest GN construct (JRO03C at the fourth dimension of this writing. Update: according to this commit message, the argue for its beingness removed is that it has a ability usage bug). Fortunately it is quite piece of cake to construct it in addition to install it on the device (notice that the keymaster module, for whatever reason, is genuinely called keystore.so):

$ brand -j8 keystore.tuna $ adb force out/product/maguro/system/lib/hw/keystore.tuna.so /mnt/sdcard $ adb trounce $ su # mountain -o remount,rw /system # cp /mnt/sdcard/keystore.tuna.so /system/lib/hw 

Then all nosotros postulate to exercise is reboot the device to guide hold it charge the novel module (otherwise it volition hold to exercise the software-only keystore.default.so). If nosotros post a few keystore commands, nosotros run into the next output (maybe a chip likewise verbose for a production device), confirming that cryptographic operations are genuinely executed past times the TEE:

V/TEEKeyMaster(  299): Opening subsession 0x414f2a88 V/TEEKeyMaster(  299): populace grip = 0x60011, mortal grip = 0x60021 V/TEEKeyMaster(  299): Closing object grip 0x60021 V/TEEKeyMaster(  299): Closing object grip 0x60011 V/TEEKeyMaster(  299): Closing subsession 0x414f2a88: 0x0 I/keystore(  299): uid: 10164 action: a -> 1 state: 1 -> 1 retry: four V/TEEKeyMaster(  299): tee_sign_data(0x414ea008, 0xbea018fc, 36, 0xbea1195c, 256, 0xbea018c4, 0xbea018c8) V/TEEKeyMaster(  299): Opening subsession 0x414f2ab8 V/TEEKeyMaster(  299): Found 1 object 0x60011 : shape 0x2 V/TEEKeyMaster(  299): Found 1 object 0x60021 : shape 0x3 V/TEEKeyMaster(  299): populace grip = 0x60011, mortal grip = 0x60021 V/TEEKeyMaster(  299): tee_sign_data(0x414ea008, 0xbea018fc, 36, 0xbea1195c, 256, 0xbea018c4, 0xbea018c8)  => 0x414f2838 size 256 V/TEEKeyMaster(  299): Closing object grip 0x60021 V/TEEKeyMaster(  299): Closing object grip 0x60011 V/TEEKeyMaster(  299): Closing subsession 0x414f2ab8: 0x0 I/keystore(  299): uid: 10164 action: n -> 1 state: 1 -> 1 retry: four 

This produces primal files inwards the keystore daemon information directory, motorbus equally you lot tin run into inwards the listing below, they are non large plenty to shop 2048 chip RSA keys. They solely shop a primal identifier, equally returned past times the underlying PKCS#11 module. Keys are loaded based on this ID, in addition to signing are verification are preformed within the token TA, without the keys beingness exported to the REE.

# ls -l /data/misc/keystore/10164* -rw------- keystore keystore       84 2012-07-12 14:15 10164_foobar -rw------- keystore keystore       84 2012-07-12 14:15 10164_imported 

So where are the actual keys? It turns out they are inwards the /data/smc/user.bin file. The format is, of course, proprietary, but it would live a rubber bet that it is encrypted amongst a primal stored on the SoC (or at to the lowest degree somehow protected past times a hardware key). This allows to guide hold practically an unlimited expose of keys within the TEE, without beingness bounded past times the express storage infinite on the physical chip.

keymaster usage in addition to performance

Currently installing a PKCS#12 packaged primal in addition to certificate via the populace KeyChain API (or importing via Settings->Security->Insall from storage) volition import the mortal primal into the token TA in addition to getting a mortal primal object using KeyChain.getPrivateKey() volition render a reference to the stored key. Subsequent signature operations using this primal object volition live performed past times the token TA in addition to guide hold wages of the OMAP4 chip's cryptographic hardware. There are currently no populace APIs or stock applications that exercise the generate primal functionality, but if you lot desire to generate a primal protected past times the token TA, you lot tin telephone recollect android.security.KeyStore.generate() direct (via reflection or past times duplicating the shape inwards your project). This API tin potentially live used for things similar generating a CSR asking from a browser in addition to other types of PKI enrollment.

The OMAP4 chip is advertised equally having hardware accelerated cryptographic operations, so let's run into how RSA primal generation, signing in addition to verification stair out upwards against the default Android software implementations:

Average 2048-bit RSA functioning speed on Milky Way Nexus

Crypto Provider/Operation	Key generation	Signing	Verification
Bouncy Castle	2176.20 [ms]	34.60 [ms]	1.90 [ms]
OpenSSL	2467.40 [ms]	29.80 [ms]	1.00 [ms]
TEE	3487.00 [ms]	10.90 [ms]	10.60 [ms]

As you lot tin run into from the tabular array above, Bouncy Castle in addition to OpensSSL perform nearly the same, spell the TEE takes to a greater extent than fourth dimension to generate keys (most likely because it's using a hardware RNG, non a PRNG), but signing is nearly three times faster compared to the software implementations. Verification takes nearly the same fourth dimension equally signing, in addition to is slower than software. It should live noted that this exam is non precisely precise: calling the token TA via the keystore daemon causes a lot of TEE customer API sessions to live opened upwards in addition to unopen which has its overhead. Getting to a greater extent than accurate times volition require benchmarking using the Client API directly, but the lodge of the results should live the same.

Summary

To amount things up: Jelly Bean locomote has a criterion hardware primal storage in addition to cryptographic operations API inwards the keymater HAL module definition. The implementation for each device is hardware-dependent, in addition to the currently available implementations exercise the TEE Client API on the Milky Way Nexus in addition to Nexus vii to guide hold wages of the TEE capabilities of the respective SoC (OMAP4 in addition to Tegra 3). The electrical flow interface in addition to implementation solely back upwards generating/importing of RSA keys in addition to signing/verification, but volition likely live extended inwards the futurity amongst to a greater extent than primal types in addition to operations. It is integrated amongst the organization credential storage (managed past times the keystore daemon) in addition to allows us to generate, import in addition to exercise RSA keys protected past times the devices's TEE from Android applications.

Tag : android security