1; encrypted_key_material is AES-GCM encrypted with: 2; - key derived as described below 3; - plaintext is the CBOR-serialization of `KeyMaterial` 4; - nonce value is fixed, all zeroes 5; - no additional data 6; 7; Key derivation uses HKDF (RFC 5869) with HMAC-SHA256 to generate an AES-256 key: 8; - input keying material = a root key held in hardware 9; - salt = absent 10; - info = the following three or four chunks of context data concatenated: 11; - content of `EncryptedKeyBlob.key_derivation_input` (a random nonce) 12; - CBOR-serialization of `EncryptedKeyBlob.characteristics` 13; - CBOR-serialized array of additional hidden `KeyParam` items associated with the key, specifically: 14; - [Tag_ApplicationId, bstr] if required 15; - [Tag_ApplicationData, bstr] if required 16; - [Tag_RootOfTrust, bstr .cbor RootOfTrustInfo] 17; - (if secure storage is available) CBOR serialization of the `SecureDeletionData` structure, with: 18; - `factory_reset_secret` always populated 19; - `secure_deletion_secret` populated with: 20; - all zeroes (if `EncryptedKeyBlob.secure_deletion_slot` is empty) 21; - the contents of the slot (if `EncryptedKeyBlob.secure_deletion_slot` is non-empty) 22EncryptedKeyBlob = &( 23 [0, EncryptedKeyBlobV1] ; Version::V1 24) 25Version = &( 26 Version_V1: 0, 27) 28EncryptedKeyBlobV1 = [ 29 characteristics: [* KeyCharacteristics], 30 key_derivation_input: bstr .size 32, 31 kek_context: bstr, 32 encrypted_key_material: #6.16(Cose_Encrypt0), 33 secure_deletion_slot: [? SecureDeletionSlot], 34] 35KeyCharacteristics = [ 36 security_level: SecurityLevel, 37 authorizations: [* KeyParam], 38] 39Cose_Encrypt0 = [ protected: bstr, unprotected: { * (int / tstr) => any }, ciphertext: bstr / nil ] 40KeyMaterial = &( 41 ; For each variant the `bool` second entry indicates whether the bstr for the key material 42 ; is opaque (true), or explicit (false). 43 [32, bool, bstr], ; Algorithm_Aes 44 [33, bool, bstr], ; Algorithm_TripleDes 45 [128, bool, bstr], ; Algorithm_Hmac 46 ; An explicit RSA key is in the form of an ASN.1 DER encoding of a PKCS#1 `RSAPrivateKey` 47 ; structure, as specified by RFC 3447 sections A.1.2 and 3.2. 48 [1, bool, bstr], ; Algorithm_Rsa 49 ; An explicit EC key for a NIST curve is in the form of an ASN.1 DER encoding of a 50 ; `ECPrivateKey` structure, as specified by RFC 5915 section 3. 51 ; An explicit EC key for curve 25519 is the raw key bytes. 52 [3, bool, [EcCurve, CurveType, bstr]], ; Algorithm_Ec 53) 54SecureDeletionSlot = int 55SecureDeletionData = [ 56 factory_reset_secret: bstr .size 32, 57 secure_deletion_secret: bstr .size 16, 58] 59RootOfTrustInfo = [ 60 verified_boot_key: bstr, 61 device_boot_locked: bool, 62 verified_boot_state: VerifiedBootState, 63] 64VerifiedBootState = &( 65 VerifiedBootState_Verified: 0, 66 VerifiedBootState_SelfSigned: 1, 67 VerifiedBootState_Unverified: 2, 68 VerifiedBootState_Failed: 3, 69) 70SecurityLevel = &( 71 SecurityLevel_Software: 0, 72 SecurityLevel_TrustedEnvironment: 1, 73 SecurityLevel_Strongbox: 2, 74 SecurityLevel_Keystore: 100, 75) 76KeyParam = &( 77 [268435458, Algorithm], ; Tag_Algorithm 78 [536870916, BlockMode], ; Tag_BlockMode 79 [536870918, PaddingMode], ; Tag_Padding 80 [536870917, Digest], ; Tag_Digest 81 [268435466, EcCurve], ; Tag_EcCurve 82 [268436158, KeyOrigin], ; Tag_Origin 83 [536870913, KeyPurpose], ; Tag_Purpose 84 [805306371, KeySizeInBits], ; Tag_KeySize 85 [1879048199, bstr], ; Tag_CallerNonce 86 [805306376, int], ; Tag_MinMacLength 87 [1342177480, RsaExponent], ; Tag_RsaPublicExponent 88 [1879048394, true], ; Tag_IncludeUniqueId 89 [536871115, Digest], ; Tag_RsaOaepMgfDigest 90 [1879048494, true], ; Tag_BootloaderOnly 91 [1879048495, true], ; Tag_RollbackResistance 92 [1879048497, true], ; Tag_EarlyBootOnly 93 [1610613136, DateTime], ; Tag_ActiveDatetime 94 [1610613137, DateTime], ; Tag_OriginationExpireDatetime 95 [1610613138, DateTime], ; Tag_UsageExpireDatetime 96 [805306772, int], ; Tag_MaxUsesPerBoot 97 [805306773, int], ; Tag_UsageCountLimit 98 [805306869, int], ; Tag_UserId 99 [-1610612234, int], ; Tag_UserSecureId 100 [1879048695, true], ; Tag_NoAuthRequired 101 [268435960, int], ; Tag_UserAuthType 102 [805306873, int], ; Tag_AuthTimeout 103 [1879048698, true], ; Tag_AllowWhileOnBody 104 [1879048699, true], ; Tag_TrustedUserPresenceRequired 105 [1879048700, true], ; Tag_TrustedConfirmationRequired 106 [1879048701, true], ; Tag_UnlockedDeviceRequired 107 [-1879047591, bstr], ; Tag_ApplicationId 108 [-1879047492, bstr], ; Tag_ApplicationData 109 [1610613437, DateTime], ; Tag_CreationDatetime 110 [-1879047488, bstr], ; Tag_RootOfTrust 111 [805307073, int], ; Tag_OsVersion 112 [805307074, int], ; Tag_OsPatchlevel 113 [-1879047484, bstr], ; Tag_AttestationChallenge 114 [-1879047483, bstr], ; Tag_AttestationApplicationId 115 [-1879047482, bstr], ; Tag_AttestationIdBrand 116 [-1879047481, bstr], ; Tag_AttestationIdDevice 117 [-1879047480, bstr], ; Tag_AttestationIdProduct 118 [-1879047479, bstr], ; Tag_AttestationIdSerial 119 [-1879047478, bstr], ; Tag_AttestationIdImei 120 [-1879047469, bstr], ; Tag_AttestationIdSecondImei 121 [-1879047477, bstr], ; Tag_AttestationIdMeid 122 [-1879047476, bstr], ; Tag_AttestationIdManufacturer 123 [-1879047475, bstr], ; Tag_AttestationIdModel 124 [805307086, int], ; Tag_VendorPatchlevel 125 [805307087, int], ; Tag_BootPatchlevel 126 [1879048912, true], ; Tag_DeviceUniqueAttestation 127 [1879048914, true], ; Tag_StorageKey 128 [-1879047191, bstr], ; Tag_Nonce 129 [805307371, int], ; Tag_MacLength 130 [1879049196, true], ; Tag_ResetSinceIdRotation 131 [-2147482642, bstr], ; Tag_CertificateSerial 132 [-1879047185, bstr], ; Tag_CertificateSubject 133 [1610613744, DateTime], ; Tag_CertificateNotBefore 134 [1610613745, DateTime], ; Tag_CertificateNotAfter 135 [805307378, int], ; Tag_MaxBootLevel 136) 137Tag = &( 138 Tag_Invalid: 0, 139 Tag_Purpose: 536870913, 140 Tag_Algorithm: 268435458, 141 Tag_KeySize: 805306371, 142 Tag_BlockMode: 536870916, 143 Tag_Digest: 536870917, 144 Tag_Padding: 536870918, 145 Tag_CallerNonce: 1879048199, 146 Tag_MinMacLength: 805306376, 147 Tag_EcCurve: 268435466, 148 Tag_RsaPublicExponent: 1342177480, 149 Tag_IncludeUniqueId: 1879048394, 150 Tag_RsaOaepMgfDigest: 536871115, 151 Tag_BootloaderOnly: 1879048494, 152 Tag_RollbackResistance: 1879048495, 153 Tag_HardwareType: 268435760, 154 Tag_EarlyBootOnly: 1879048497, 155 Tag_ActiveDatetime: 1610613136, 156 Tag_OriginationExpireDatetime: 1610613137, 157 Tag_UsageExpireDatetime: 1610613138, 158 Tag_MinSecondsBetweenOps: 805306771, 159 Tag_MaxUsesPerBoot: 805306772, 160 Tag_UsageCountLimit: 805306773, 161 Tag_UserId: 805306869, 162 Tag_UserSecureId: -1610612234, 163 Tag_NoAuthRequired: 1879048695, 164 Tag_UserAuthType: 268435960, 165 Tag_AuthTimeout: 805306873, 166 Tag_AllowWhileOnBody: 1879048698, 167 Tag_TrustedUserPresenceRequired: 1879048699, 168 Tag_TrustedConfirmationRequired: 1879048700, 169 Tag_UnlockedDeviceRequired: 1879048701, 170 Tag_ApplicationId: -1879047591, 171 Tag_ApplicationData: -1879047492, 172 Tag_CreationDatetime: 1610613437, 173 Tag_Origin: 268436158, 174 Tag_RootOfTrust: -1879047488, 175 Tag_OsVersion: 805307073, 176 Tag_OsPatchlevel: 805307074, 177 Tag_UniqueId: -1879047485, 178 Tag_AttestationChallenge: -1879047484, 179 Tag_AttestationApplicationId: -1879047483, 180 Tag_AttestationIdBrand: -1879047482, 181 Tag_AttestationIdDevice: -1879047481, 182 Tag_AttestationIdProduct: -1879047480, 183 Tag_AttestationIdSerial: -1879047479, 184 Tag_AttestationIdImei: -1879047478, 185 Tag_AttestationIdMeid: -1879047477, 186 Tag_AttestationIdManufacturer: -1879047476, 187 Tag_AttestationIdModel: -1879047475, 188 Tag_VendorPatchlevel: 805307086, 189 Tag_BootPatchlevel: 805307087, 190 Tag_DeviceUniqueAttestation: 1879048912, 191 Tag_IdentityCredentialKey: 1879048913, 192 Tag_StorageKey: 1879048914, 193 Tag_AttestationIdSecondImei: -1879047469, 194 Tag_AssociatedData: -1879047192, 195 Tag_Nonce: -1879047191, 196 Tag_MacLength: 805307371, 197 Tag_ResetSinceIdRotation: 1879049196, 198 Tag_ConfirmationToken: -1879047187, 199 Tag_CertificateSerial: -2147482642, 200 Tag_CertificateSubject: -1879047185, 201 Tag_CertificateNotBefore: 1610613744, 202 Tag_CertificateNotAfter: 1610613745, 203 Tag_MaxBootLevel: 805307378, 204) 205Algorithm = &( 206 Algorithm_Rsa: 1, 207 Algorithm_Ec: 3, 208 Algorithm_Aes: 32, 209 Algorithm_TripleDes: 33, 210 Algorithm_Hmac: 128, 211) 212BlockMode = &( 213 BlockMode_Ecb: 1, 214 BlockMode_Cbc: 2, 215 BlockMode_Ctr: 3, 216 BlockMode_Gcm: 32, 217) 218Digest = &( 219 Digest_None: 0, 220 Digest_Md5: 1, 221 Digest_Sha1: 2, 222 Digest_Sha224: 3, 223 Digest_Sha256: 4, 224 Digest_Sha384: 5, 225 Digest_Sha512: 6, 226) 227EcCurve = &( 228 EcCurve_P224: 0, 229 EcCurve_P256: 1, 230 EcCurve_P384: 2, 231 EcCurve_P521: 3, 232 EcCurve_Curve25519: 4, 233) 234CurveType = &( 235 CurveType_Nist: 0, 236 CurveType_EdDsa: 1, 237 CurveType_Xdh: 2, 238) 239KeyOrigin = &( 240 KeyOrigin_Generated: 0, 241 KeyOrigin_Derived: 1, 242 KeyOrigin_Imported: 2, 243 KeyOrigin_Reserved: 3, 244 KeyOrigin_SecurelyImported: 4, 245) 246KeyPurpose = &( 247 KeyPurpose_Encrypt: 0, 248 KeyPurpose_Decrypt: 1, 249 KeyPurpose_Sign: 2, 250 KeyPurpose_Verify: 3, 251 KeyPurpose_WrapKey: 5, 252 KeyPurpose_AgreeKey: 6, 253 KeyPurpose_AttestKey: 7, 254) 255HardwareAuthenticatorType = &( 256 HardwareAuthenticatorType_None: 0, 257 HardwareAuthenticatorType_Password: 1, 258 HardwareAuthenticatorType_Fingerprint: 2, 259 HardwareAuthenticatorType_Any: -1, 260) 261PaddingMode = &( 262 PaddingMode_None: 1, 263 PaddingMode_RsaOaep: 2, 264 PaddingMode_RsaPss: 3, 265 PaddingMode_RsaPkcs115Encrypt: 4, 266 PaddingMode_RsaPkcs115Sign: 5, 267 PaddingMode_Pkcs7: 64, 268) 269DateTime = int 270KeySizeInBits = int 271RsaExponent = int 272 273