1 /*
2 * Copyright 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymasterV4_0/attestation_record.h>
18
19 #include <android-base/logging.h>
20 #include <assert.h>
21
22 #include <openssl/asn1t.h>
23 #include <openssl/bn.h>
24 #include <openssl/evp.h>
25 #include <openssl/x509.h>
26
27 #include <keymasterV4_0/authorization_set.h>
28 #include <keymasterV4_0/openssl_utils.h>
29
30 #define AT __FILE__ ":" << __LINE__
31
32 namespace android {
33 namespace hardware {
34 namespace keymaster {
35 namespace V4_0 {
36
37 struct stack_st_ASN1_TYPE_Delete {
operator ()android::hardware::keymaster::V4_0::stack_st_ASN1_TYPE_Delete38 void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
39 };
40
41 struct ASN1_STRING_Delete {
operator ()android::hardware::keymaster::V4_0::ASN1_STRING_Delete42 void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); }
43 };
44
45 struct ASN1_TYPE_Delete {
operator ()android::hardware::keymaster::V4_0::ASN1_TYPE_Delete46 void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); }
47 };
48
49 #define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER)
50
51 typedef struct km_root_of_trust {
52 ASN1_OCTET_STRING* verified_boot_key;
53 ASN1_BOOLEAN* device_locked;
54 ASN1_ENUMERATED* verified_boot_state;
55 ASN1_OCTET_STRING* verified_boot_hash;
56 } KM_ROOT_OF_TRUST;
57
58 ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = {
59 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING),
60 ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN),
61 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED),
62 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_hash, ASN1_OCTET_STRING),
63 } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
64 IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
65
66 typedef struct km_auth_list {
67 ASN1_INTEGER_SET* purpose;
68 ASN1_INTEGER* algorithm;
69 ASN1_INTEGER* key_size;
70 ASN1_INTEGER_SET* digest;
71 ASN1_INTEGER_SET* padding;
72 ASN1_INTEGER* ec_curve;
73 ASN1_INTEGER* rsa_public_exponent;
74 ASN1_INTEGER* active_date_time;
75 ASN1_INTEGER* origination_expire_date_time;
76 ASN1_INTEGER* usage_expire_date_time;
77 ASN1_NULL* no_auth_required;
78 ASN1_INTEGER* user_auth_type;
79 ASN1_INTEGER* auth_timeout;
80 ASN1_NULL* allow_while_on_body;
81 ASN1_NULL* all_applications;
82 ASN1_OCTET_STRING* application_id;
83 ASN1_INTEGER* creation_date_time;
84 ASN1_INTEGER* origin;
85 ASN1_NULL* rollback_resistance;
86 KM_ROOT_OF_TRUST* root_of_trust;
87 ASN1_INTEGER* os_version;
88 ASN1_INTEGER* os_patchlevel;
89 ASN1_OCTET_STRING* attestation_application_id;
90 ASN1_NULL* trusted_user_presence_required;
91 ASN1_NULL* trusted_confirmation_required;
92 ASN1_NULL* unlocked_device_required;
93 ASN1_INTEGER* vendor_patchlevel;
94 ASN1_INTEGER* boot_patchlevel;
95 } KM_AUTH_LIST;
96
97 ASN1_SEQUENCE(KM_AUTH_LIST) = {
98 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.maskedTag()),
99 ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.maskedTag()),
100 ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.maskedTag()),
101 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.maskedTag()),
102 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.maskedTag()),
103 ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),
104 ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
105 TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
106 ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()),
107 ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
108 ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
109 TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
110 ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER,
111 TAG_USAGE_EXPIRE_DATETIME.maskedTag()),
112 ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),
113 ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),
114 ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),
115 ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()),
116 ASN1_EXP_OPT(KM_AUTH_LIST, trusted_user_presence_required, ASN1_NULL,
117 TAG_TRUSTED_USER_PRESENCE_REQUIRED.maskedTag()),
118 ASN1_EXP_OPT(KM_AUTH_LIST, trusted_confirmation_required, ASN1_NULL,
119 TAG_TRUSTED_CONFIRMATION_REQUIRED.maskedTag()),
120 ASN1_EXP_OPT(KM_AUTH_LIST, unlocked_device_required, ASN1_NULL,
121 TAG_UNLOCKED_DEVICE_REQUIRED.maskedTag()),
122 ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()),
123 ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),
124 ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
125 ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
126 ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
127 ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER, TAG_VENDOR_PATCHLEVEL.maskedTag()),
128 ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),
129 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
130 TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
131 } ASN1_SEQUENCE_END(KM_AUTH_LIST);
132 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
133
134 typedef struct km_key_description {
135 ASN1_INTEGER* attestation_version;
136 ASN1_ENUMERATED* attestation_security_level;
137 ASN1_INTEGER* keymaster_version;
138 ASN1_ENUMERATED* keymaster_security_level;
139 ASN1_OCTET_STRING* attestation_challenge;
140 KM_AUTH_LIST* software_enforced;
141 KM_AUTH_LIST* tee_enforced;
142 ASN1_INTEGER* unique_id;
143 } KM_KEY_DESCRIPTION;
144
145 ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
146 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER),
147 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED),
148 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER),
149 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED),
150 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING),
151 ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING),
152 ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST),
153 ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST),
154 } ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION);
155 IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
156
157 template <Tag tag>
copyAuthTag(const stack_st_ASN1_INTEGER * stack,TypedTag<TagType::ENUM_REP,tag> ttag,AuthorizationSet * auth_list)158 void copyAuthTag(const stack_st_ASN1_INTEGER* stack, TypedTag<TagType::ENUM_REP, tag> ttag,
159 AuthorizationSet* auth_list) {
160 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
161 for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) {
162 auth_list->push_back(
163 ttag, static_cast<ValueT>(ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i))));
164 }
165 }
166
167 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::ENUM,tag> ttag,AuthorizationSet * auth_list)168 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ENUM, tag> ttag,
169 AuthorizationSet* auth_list) {
170 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
171 if (!asn1_int) return;
172 auth_list->push_back(ttag, static_cast<ValueT>(ASN1_INTEGER_get(asn1_int)));
173 }
174
175 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::UINT,tag> ttag,AuthorizationSet * auth_list)176 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::UINT, tag> ttag,
177 AuthorizationSet* auth_list) {
178 if (!asn1_int) return;
179 auth_list->push_back(ttag, ASN1_INTEGER_get(asn1_int));
180 }
181
construct_uint_max()182 BIGNUM* construct_uint_max() {
183 BIGNUM* value = BN_new();
184 BIGNUM_Ptr one(BN_new());
185 BN_one(one.get());
186 BN_lshift(value, one.get(), 32);
187 return value;
188 }
189
BignumToUint64(BIGNUM * num)190 uint64_t BignumToUint64(BIGNUM* num) {
191 static_assert((sizeof(BN_ULONG) == sizeof(uint32_t)) || (sizeof(BN_ULONG) == sizeof(uint64_t)),
192 "This implementation only supports 32 and 64-bit BN_ULONG");
193 if (sizeof(BN_ULONG) == sizeof(uint32_t)) {
194 BIGNUM_Ptr uint_max(construct_uint_max());
195 BIGNUM_Ptr hi(BN_new()), lo(BN_new());
196 BN_CTX_Ptr ctx(BN_CTX_new());
197 BN_div(hi.get(), lo.get(), num, uint_max.get(), ctx.get());
198 return static_cast<uint64_t>(BN_get_word(hi.get())) << 32 | BN_get_word(lo.get());
199 } else if (sizeof(BN_ULONG) == sizeof(uint64_t)) {
200 return BN_get_word(num);
201 } else {
202 return 0;
203 }
204 }
205
206 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::ULONG,tag> ttag,AuthorizationSet * auth_list)207 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ULONG, tag> ttag,
208 AuthorizationSet* auth_list) {
209 if (!asn1_int) return;
210 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
211 auth_list->push_back(ttag, BignumToUint64(num.get()));
212 }
213
214 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::DATE,tag> ttag,AuthorizationSet * auth_list)215 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::DATE, tag> ttag,
216 AuthorizationSet* auth_list) {
217 if (!asn1_int) return;
218 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
219 auth_list->push_back(ttag, BignumToUint64(num.get()));
220 }
221
222 template <Tag tag>
copyAuthTag(const ASN1_NULL * asn1_null,TypedTag<TagType::BOOL,tag> ttag,AuthorizationSet * auth_list)223 void copyAuthTag(const ASN1_NULL* asn1_null, TypedTag<TagType::BOOL, tag> ttag,
224 AuthorizationSet* auth_list) {
225 if (!asn1_null) return;
226 auth_list->push_back(ttag);
227 }
228
229 template <Tag tag>
copyAuthTag(const ASN1_OCTET_STRING * asn1_string,TypedTag<TagType::BYTES,tag> ttag,AuthorizationSet * auth_list)230 void copyAuthTag(const ASN1_OCTET_STRING* asn1_string, TypedTag<TagType::BYTES, tag> ttag,
231 AuthorizationSet* auth_list) {
232 if (!asn1_string) return;
233 hidl_vec<uint8_t> buf;
234 buf.setToExternal(asn1_string->data, asn1_string->length);
235 auth_list->push_back(ttag, buf);
236 }
237
238 // Extract the values from the specified ASN.1 record and place them in auth_list.
extract_auth_list(const KM_AUTH_LIST * record,AuthorizationSet * auth_list)239 static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* auth_list) {
240 if (!record) return ErrorCode::OK;
241
242 copyAuthTag(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list);
243 copyAuthTag(record->algorithm, TAG_ALGORITHM, auth_list);
244 copyAuthTag(record->application_id, TAG_APPLICATION_ID, auth_list);
245 copyAuthTag(record->auth_timeout, TAG_AUTH_TIMEOUT, auth_list);
246 copyAuthTag(record->creation_date_time, TAG_CREATION_DATETIME, auth_list);
247 copyAuthTag(record->digest, TAG_DIGEST, auth_list);
248 copyAuthTag(record->ec_curve, TAG_EC_CURVE, auth_list);
249 copyAuthTag(record->key_size, TAG_KEY_SIZE, auth_list);
250 copyAuthTag(record->no_auth_required, TAG_NO_AUTH_REQUIRED, auth_list);
251 copyAuthTag(record->origin, TAG_ORIGIN, auth_list);
252 copyAuthTag(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, auth_list);
253 copyAuthTag(record->os_patchlevel, TAG_OS_PATCHLEVEL, auth_list);
254 copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list);
255 copyAuthTag(record->padding, TAG_PADDING, auth_list);
256 copyAuthTag(record->purpose, TAG_PURPOSE, auth_list);
257 copyAuthTag(record->rollback_resistance, TAG_ROLLBACK_RESISTANCE, auth_list);
258 copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list);
259 copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
260 copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
261 copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);
262 copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);
263 copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);
264 copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,
265 auth_list);
266 copyAuthTag(record->trusted_confirmation_required, TAG_TRUSTED_CONFIRMATION_REQUIRED,
267 auth_list);
268 copyAuthTag(record->unlocked_device_required, TAG_UNLOCKED_DEVICE_REQUIRED, auth_list);
269
270 return ErrorCode::OK;
271 }
272
MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION)273 MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION)
274
275 // Parse the DER-encoded attestation record, placing the results in keymaster_version,
276 // attestation_challenge, software_enforced, tee_enforced and unique_id.
277 ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
278 uint32_t* attestation_version, //
279 SecurityLevel* attestation_security_level,
280 uint32_t* keymaster_version,
281 SecurityLevel* keymaster_security_level,
282 hidl_vec<uint8_t>* attestation_challenge,
283 AuthorizationSet* software_enforced,
284 AuthorizationSet* tee_enforced, //
285 hidl_vec<uint8_t>* unique_id) {
286 const uint8_t* p = asn1_key_desc;
287 KM_KEY_DESCRIPTION_Ptr record(d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
288 if (!record.get()) return ErrorCode::UNKNOWN_ERROR;
289
290 *attestation_version = ASN1_INTEGER_get(record->attestation_version);
291 *attestation_security_level =
292 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->attestation_security_level));
293 *keymaster_version = ASN1_INTEGER_get(record->keymaster_version);
294 *keymaster_security_level =
295 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->keymaster_security_level));
296
297 auto& chall = record->attestation_challenge;
298 attestation_challenge->resize(chall->length);
299 memcpy(attestation_challenge->data(), chall->data, chall->length);
300 auto& uid = record->unique_id;
301 unique_id->resize(uid->length);
302 memcpy(unique_id->data(), uid->data, uid->length);
303
304 ErrorCode error = extract_auth_list(record->software_enforced, software_enforced);
305 if (error != ErrorCode::OK) return error;
306
307 return extract_auth_list(record->tee_enforced, tee_enforced);
308 }
309
parse_root_of_trust(const uint8_t * asn1_key_desc,size_t asn1_key_desc_len,hidl_vec<uint8_t> * verified_boot_key,keymaster_verified_boot_t * verified_boot_state,bool * device_locked,hidl_vec<uint8_t> * verified_boot_hash)310 ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
311 hidl_vec<uint8_t>* verified_boot_key,
312 keymaster_verified_boot_t* verified_boot_state, bool* device_locked,
313 hidl_vec<uint8_t>* verified_boot_hash) {
314 if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) {
315 LOG(ERROR) << AT << "null pointer input(s)";
316 return ErrorCode::INVALID_ARGUMENT;
317 }
318 const uint8_t* p = asn1_key_desc;
319 KM_KEY_DESCRIPTION_Ptr record(d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
320 if (!record.get()) {
321 LOG(ERROR) << AT << "Failed record parsing";
322 return ErrorCode::UNKNOWN_ERROR;
323 }
324 if (!record->tee_enforced) {
325 LOG(ERROR) << AT << "Failed hardware characteristic parsing";
326 return ErrorCode::INVALID_ARGUMENT;
327 }
328 if (!record->tee_enforced->root_of_trust) {
329 LOG(ERROR) << AT << "Failed root of trust parsing";
330 return ErrorCode::INVALID_ARGUMENT;
331 }
332 if (!record->tee_enforced->root_of_trust->verified_boot_key) {
333 LOG(ERROR) << AT << "Failed verified boot key parsing";
334 return ErrorCode::INVALID_ARGUMENT;
335 }
336 KM_ROOT_OF_TRUST* root_of_trust = record->tee_enforced->root_of_trust;
337
338 auto& vb_key = root_of_trust->verified_boot_key;
339 verified_boot_key->resize(vb_key->length);
340 memcpy(verified_boot_key->data(), vb_key->data, vb_key->length);
341
342 *verified_boot_state = static_cast<keymaster_verified_boot_t>(
343 ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));
344 if (!verified_boot_state) {
345 LOG(ERROR) << AT << "Failed verified boot state parsing";
346 return ErrorCode::INVALID_ARGUMENT;
347 }
348
349 *device_locked = root_of_trust->device_locked;
350 if (!device_locked) {
351 LOG(ERROR) << AT << "Failed device locked parsing";
352 return ErrorCode::INVALID_ARGUMENT;
353 }
354
355 auto& vb_hash = root_of_trust->verified_boot_hash;
356 if (!vb_hash) {
357 LOG(ERROR) << AT << "Failed verified boot hash parsing";
358 return ErrorCode::INVALID_ARGUMENT;
359 }
360 verified_boot_hash->resize(vb_hash->length);
361 memcpy(verified_boot_hash->data(), vb_hash->data, vb_hash->length);
362 return ErrorCode::OK; // KM_ERROR_OK;
363 }
364
365 } // namespace V4_0
366 } // namespace keymaster
367 } // namespace hardware
368 } // namespace android
369