feat: allow set custom keybox to OMK

Signed-off-by: qwq233 <[email protected]>

Author: qwq233

service/src/main/aidl/top/qwq2333/ohmykeymint/IOhMyKsService.aidl

@@ -1,6 +1,7 @@
 package top.qwq2333.ohmykeymint;
 
 import android.hardware.security.keymint.SecurityLevel;
+import android.hardware.security.keymint.Certificate;
 import android.hardware.security.keymint.Tag;
 import android.system.keystore2.Domain;
 import android.system.keystore2.IKeystoreSecurityLevel;
@@ -41,6 +42,9 @@ interface IOhMyKsService {
     KeyDescriptor[] listEntriesBatched(in @nullable CallerInfo ctx, in Domain domain, in long nspace,
             in @nullable String startingPastAlias);
 
-
     byte[] getSupplementaryAttestationInfo(in Tag tag);
+
+    void updateEcKeybox(in byte[] key, in List<Certificate> chain);
+
+    void updateRsaKeybox(in byte[] key, in List<Certificate> chain);
 }

service/src/main/java/io/github/a13e300/tricky_store/Config.kt

@@ -43,7 +43,7 @@ object Config {
     }
 
     private fun updateKeyBox(f: File?) = runCatching {
-        CertHack.readFromXml(f?.readText())
+        CertHack.readFromXml(f?.readText(), getOmk())
     }.onFailure {
         Logger.e("failed to update keybox", it)
     }
@@ -129,6 +129,7 @@ object Config {
 
     private val omkDeathRecipient = object : IBinder.DeathRecipient {
         override fun binderDied() {
+            Logger.e("OMK process exited. Reset OMK to null.")
             (omk as? IInterface)?.asBinder()?.unlinkToDeath(this, 0)
             omk = null
         }
@@ -139,6 +140,7 @@ object Config {
             val binder = ServiceManager.getService("omk") ?: return null
             binder.linkToDeath(omkDeathRecipient, 0)
             omk = IOhMyKsService.Stub.asInterface(binder)
+            updateKeyBox(File(root, KEYBOX_FILE))
         }
         return omk
     }

service/src/main/java/io/github/a13e300/tricky_store/KeystoreInterceptor.kt

@@ -45,18 +45,18 @@ object KeystoreInterceptor : BinderInterceptor() {
         val omk = getOmk()
         Logger.d("KeystoreInceptor onPreTransact code=$code")
         when (code) {
-            getSecurityLevelTransaction -> {
-                omk ?: return Skip
-
-                val level = data.readInt()
-
-                Parcel.obtain().apply {
-                    writeNoException()
-                    writeStrongBinder(omk.getSecurityLevel(level).asBinder())
-                }.run {
-                    return OverrideReply(0, this)
-                }
-            }
+            /*            getSecurityLevelTransaction -> {
+                            omk ?: return Skip
+
+                            val level = data.readInt()
+
+                            Parcel.obtain().apply {
+                                writeNoException()
+                                writeStrongBinder(omk.getSecurityLevel(level).asBinder())
+                            }.run {
+                                return OverrideReply(0, this)
+                            }
+                        }*/
             getKeyEntryTransaction -> {
                 Logger.d("KeystoreInceptor getKeyEntryTransaction pre $target uid=$callingUid pid=$callingPid dataSz=${data.dataSize()}")
                 if (Config.needGenerate(callingUid))

service/src/main/java/io/github/a13e300/tricky_store/keystore/CertHack.java

@@ -58,6 +58,7 @@
 import java.security.spec.RSAKeyGenParameterSpec;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Comparator;
 import java.util.Date;
 import java.util.HashMap;
@@ -75,6 +76,7 @@
 import io.github.a13e300.tricky_store.Config;
 import io.github.a13e300.tricky_store.Logger;
 import io.github.a13e300.tricky_store.UtilKt;
+import top.qwq2333.ohmykeymint.IOhMyKsService;
 
 public final class CertHack {
     private static final ASN1ObjectIdentifier OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.11129.2.1.17");
@@ -124,7 +126,7 @@ private static byte[] getByteArrayFromAsn1(ASN1Encodable asn1Encodable) throws C
         return derOctectString.getOctets();
     }
 
-    public static void readFromXml(String data) {
+    public static void readFromXml(String data, IOhMyKsService omk) {
         keyboxes.clear();
         if (data == null) {
             Logger.i("clear all keyboxes");
@@ -159,6 +161,37 @@ public static void readFromXml(String data) {
                 var pemKp = parseKeyPair(privateKey);
                 var kp = new JcaPEMKeyConverter().getKeyPair(pemKp);
                 keyboxes.put(algo, new KeyBox(pemKp, kp, certificateChain));
+
+                if (omk != null) {
+                    try {
+                        if (keyboxAlgorithm.equalsIgnoreCase("ecdsa")) {
+                            ArrayList<android.hardware.security.keymint.Certificate> list = new ArrayList<>();
+
+                            for (int j = 0; j < numberOfCertificates; j++) {
+                                Map<String, String> certData = xmlParser.obtainPath(
+                                        "AndroidAttestation.Keybox.Key[" + i + "].CertificateChain.Certificate[" + j + "]");
+                                var cert = new android.hardware.security.keymint.Certificate();
+                                cert.encodedCertificate = Base64.getDecoder().decode(UtilKt.parsePemToBase64(certData.get("text")));
+                                list.add(cert);
+                            }
+
+                            omk.updateEcKeybox(Base64.getDecoder().decode(UtilKt.parsePemToBase64(privateKey)), list);
+                        } else if (keyboxAlgorithm.equalsIgnoreCase("rsa")) {
+                            ArrayList<android.hardware.security.keymint.Certificate> list = new ArrayList<>();
+                            for (int j = 0; j < numberOfCertificates; j++) {
+                                Map<String, String> certData = xmlParser.obtainPath(
+                                        "AndroidAttestation.Keybox.Key[" + i + "].CertificateChain.Certificate[" + j + "]");
+                                var cert = new android.hardware.security.keymint.Certificate();
+                                cert.encodedCertificate = Base64.getDecoder().decode(UtilKt.parsePemToBase64(certData.get("text")));
+                                list.add(cert);
+                            }
+
+                            omk.updateRsaKeybox(Base64.getDecoder().decode(UtilKt.parsePemToBase64(privateKey)), list);
+                        }
+                    } catch (Exception e) {
+                        Logger.e("Unable to update keybox to OMK", e);
+                    }
+                }
             }
             Logger.i("update " + numberOfKeyboxes + " keyboxes");
         } catch (Throwable t) {

service/src/main/java/io/github/a13e300/tricky_store/util.kt

@@ -126,6 +126,17 @@ fun String.toDER() = DEROctetString(this.toByteArray())
 fun DEROctetString.toTaggedObj(tag: Int, explicit: Boolean = true) = DERTaggedObject(explicit, tag, this)
 fun String.trimLine() = trim().split("\n").joinToString("\n") { it.trim() }
 
+const val BEGIN = "-----BEGIN.*?-----"
+const val END = "-----END.*?-----"
+
+fun parsePemToBase64(str: String): String {
+    val result = str.trimLine()
+        .replace(BEGIN.toRegex(RegexOption.MULTILINE), "")
+        .replace(END.toRegex(RegexOption.MULTILINE), "")
+        .replace("\n", "")
+    return result
+}
+
 fun Parcelable.toBytes(): ByteArray {
     val p = Parcel.obtain()
     return try {