1 /*
2 * Copyright 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "keymaster/cppcose/cppcose.h"
18 #include <keymaster/logger.h>
19 #include <keymaster/remote_provisioning_utils.h>
20 #include <string_view>
21
22 namespace keymaster {
23
24 using cppcose::ALGORITHM;
25 using cppcose::COSE_KEY;
26 using cppcose::CoseKey;
27 using cppcose::CoseKeyCurve;
28 using cppcose::EC2;
29 using cppcose::ECDH_ES_HKDF_256;
30 using cppcose::ES256;
31 using cppcose::generateCoseMac0Mac;
32 using cppcose::HMAC_256;
33 using cppcose::kCoseMac0EntryCount;
34 using cppcose::kCoseMac0Payload;
35 using cppcose::kCoseMac0ProtectedParams;
36 using cppcose::kCoseMac0Tag;
37 using cppcose::kCoseMac0UnprotectedParams;
38 using cppcose::KEY_ID;
39 using cppcose::OCTET_KEY_PAIR;
40 using cppcose::P256;
41 using cppcose::verifyAndParseCoseSign1;
42
43 using byte_view = std::basic_string_view<uint8_t>;
44
45 struct KeyInfo {
46 CoseKeyCurve curve;
47 byte_view pubkey;
48 // Note: There's no need to include algorithm here, since it is assumed
49 // that all root keys are EDDSA.
50
operator ==keymaster::KeyInfo51 bool operator==(const KeyInfo& other) const {
52 return curve == other.curve && pubkey == other.pubkey;
53 }
54 };
55
56 // The production root signing key for Google Endpoint Encryption Key cert chains.
57 inline constexpr uint8_t kGeekRoot[] = {
58 0x99, 0xB9, 0xEE, 0xDD, 0x5E, 0xE4, 0x52, 0xF6, 0x85, 0xC6, 0x4C, 0x62, 0xDC, 0x3E, 0x61, 0xAB,
59 0x57, 0x48, 0x7D, 0x75, 0x37, 0x29, 0xAD, 0x76, 0x80, 0x32, 0xD2, 0xB3, 0xCB, 0x63, 0x58, 0xD9};
60
61 // Hard-coded set of acceptable public COSE_Keys that can act as roots of EEK chains.
62 inline constexpr KeyInfo kAuthorizedEekRoots[] = {
63 {CoseKeyCurve::ED25519, byte_view(kGeekRoot, sizeof(kGeekRoot))},
64 };
65
66 StatusOr<std::pair<std::vector<uint8_t> /* EEK pub */, std::vector<uint8_t> /* EEK ID */>>
validateAndExtractEekPubAndId(bool testMode,const KeymasterBlob & endpointEncryptionCertChain)67 validateAndExtractEekPubAndId(bool testMode, const KeymasterBlob& endpointEncryptionCertChain) {
68 auto [item, newPos, errMsg] =
69 cppbor::parse(endpointEncryptionCertChain.begin(), endpointEncryptionCertChain.end());
70
71 if (!item || !item->asArray()) {
72 LOG_E("Error parsing EEK chain: %s", errMsg.c_str());
73 return kStatusFailed;
74 }
75
76 const cppbor::Array* certArr = item->asArray();
77 std::vector<uint8_t> lastPubKey;
78 for (size_t i = 0; i < certArr->size(); ++i) {
79 auto cosePubKey =
80 verifyAndParseCoseSign1(certArr->get(i)->asArray(), lastPubKey, {} /* AAD */);
81 if (!cosePubKey) {
82 LOG_E("Failed to validate EEK chain: %s", cosePubKey.moveMessage().c_str());
83 return kStatusInvalidEek;
84 }
85 lastPubKey = *std::move(cosePubKey);
86
87 // In prod mode the first pubkey should match a well-known Google public key.
88 if (!testMode && i == 0) {
89 auto parsedPubKey = CoseKey::parse(lastPubKey);
90 if (!parsedPubKey) {
91 LOG_E("%s", parsedPubKey.moveMessage().c_str());
92 return kStatusFailed;
93 }
94
95 auto curve = parsedPubKey->getIntValue(CoseKey::CURVE);
96 if (!curve) {
97 LOG_E("Key is missing required label 'CURVE'", 0);
98 return kStatusInvalidEek;
99 }
100
101 auto rawPubKey = parsedPubKey->getBstrValue(CoseKey::PUBKEY_X);
102 if (!rawPubKey) {
103 LOG_E("Key is missing required label 'PUBKEY_X'", 0);
104 return kStatusInvalidEek;
105 }
106
107 KeyInfo matcher = {static_cast<CoseKeyCurve>(*curve),
108 byte_view(rawPubKey->data(), rawPubKey->size())};
109 if (std::find(std::begin(kAuthorizedEekRoots), std::end(kAuthorizedEekRoots),
110 matcher) == std::end(kAuthorizedEekRoots)) {
111 LOG_E("Unrecognized root of EEK chain", 0);
112 return kStatusInvalidEek;
113 }
114 }
115 }
116
117 auto eek = CoseKey::parseX25519(lastPubKey, true /* requireKid */);
118 if (!eek) {
119 LOG_E("Failed to get EEK: %s", eek.moveMessage().c_str());
120 return kStatusInvalidEek;
121 }
122
123 return std::make_pair(eek->getBstrValue(CoseKey::PUBKEY_X).value(),
124 eek->getBstrValue(CoseKey::KEY_ID).value());
125 }
126
127 StatusOr<std::vector<uint8_t> /* pubkeys */>
validateAndExtractPubkeys(bool testMode,uint32_t numKeys,KeymasterBlob * keysToSign,cppcose::HmacSha256Function macFunction)128 validateAndExtractPubkeys(bool testMode, uint32_t numKeys, KeymasterBlob* keysToSign,
129 cppcose::HmacSha256Function macFunction) {
130 auto pubKeysToMac = cppbor::Array();
131 for (size_t i = 0; i < numKeys; i++) {
132 auto [macedKeyItem, _, coseMacErrMsg] =
133 cppbor::parse(keysToSign[i].begin(), keysToSign[i].end());
134 if (!macedKeyItem || !macedKeyItem->asArray() ||
135 macedKeyItem->asArray()->size() != kCoseMac0EntryCount) {
136 LOG_E("Invalid COSE_Mac0 structure", 0);
137 return kStatusFailed;
138 }
139
140 auto protectedParms = macedKeyItem->asArray()->get(kCoseMac0ProtectedParams)->asBstr();
141 auto unprotectedParms = macedKeyItem->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
142 auto payload = macedKeyItem->asArray()->get(kCoseMac0Payload)->asBstr();
143 auto tag = macedKeyItem->asArray()->get(kCoseMac0Tag)->asBstr();
144 if (!protectedParms || !unprotectedParms || !payload || !tag) {
145 LOG_E("Invalid COSE_Mac0 contents", 0);
146 return kStatusFailed;
147 }
148
149 auto [protectedMap, __, errMsg] = cppbor::parse(protectedParms);
150 if (!protectedMap || !protectedMap->asMap()) {
151 LOG_E("Invalid Mac0 protected: %s", errMsg.c_str());
152 return kStatusFailed;
153 }
154 auto& algo = protectedMap->asMap()->get(ALGORITHM);
155 if (!algo || !algo->asInt() || algo->asInt()->value() != HMAC_256) {
156 LOG_E("Unsupported Mac0 algorithm", 0);
157 return kStatusFailed;
158 }
159
160 auto pubKey = CoseKey::parse(payload->value(), EC2, ES256, P256);
161 if (!pubKey) {
162 LOG_E("%s", pubKey.moveMessage().c_str());
163 return kStatusFailed;
164 }
165
166 bool testKey = static_cast<bool>(pubKey->getMap().get(CoseKey::TEST_KEY));
167 if (testMode && !testKey) {
168 LOG_E("Production key in test request", 0);
169 return kStatusProductionKeyInTestRequest;
170 } else if (!testMode && testKey) {
171 LOG_E("Test key in production request", 0);
172 return kStatusTestKeyInProductionRequest;
173 }
174
175 auto macTag = generateCoseMac0Mac(macFunction, {} /* external_aad */, payload->value());
176 if (!macTag) {
177 LOG_E("%s", macTag.moveMessage().c_str());
178 return kStatusInvalidMac;
179 }
180 if (macTag->size() != tag->value().size() ||
181 CRYPTO_memcmp(macTag->data(), tag->value().data(), macTag->size()) != 0) {
182 LOG_E("MAC tag mismatch", 0);
183 return kStatusInvalidMac;
184 }
185
186 pubKeysToMac.add(pubKey->moveMap());
187 }
188
189 return pubKeysToMac.encode();
190 }
191
buildCertReqRecipients(const std::vector<uint8_t> & pubkey,const std::vector<uint8_t> & kid)192 cppbor::Array buildCertReqRecipients(const std::vector<uint8_t>& pubkey,
193 const std::vector<uint8_t>& kid) {
194 return cppbor::Array() // Array of recipients
195 .add(cppbor::Array() // Recipient
196 .add(cppbor::Map() // Protected
197 .add(ALGORITHM, ECDH_ES_HKDF_256)
198 .canonicalize()
199 .encode())
200 .add(cppbor::Map() // Unprotected
201 .add(COSE_KEY, cppbor::Map()
202 .add(CoseKey::KEY_TYPE, OCTET_KEY_PAIR)
203 .add(CoseKey::CURVE, cppcose::X25519)
204 .add(CoseKey::PUBKEY_X, pubkey)
205 .canonicalize())
206 .add(KEY_ID, kid)
207 .canonicalize())
208 .add(cppbor::Null())); // No ciphertext
209 }
210
211 } // namespace keymaster
212