1 /*
2 * Copyright 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "cppbor.h"
18 #include "keymaster/cppcose/cppcose.h"
19 #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>
20 #include <android-base/properties.h>
21 #include <cppbor_parse.h>
22 #include <cstdint>
23 #include <gmock/gmock.h>
24 #include <gtest/gtest.h>
25 #include <keymaster/android_keymaster_utils.h>
26 #include <keymaster/logger.h>
27 #include <keymaster/remote_provisioning_utils.h>
28 #include <openssl/curve25519.h>
29 #include <remote_prov/remote_prov_utils.h>
30
31 namespace aidl::android::hardware::security::keymint::remote_prov {
32 namespace {
33
34 using ::keymaster::KeymasterBlob;
35 using ::keymaster::kStatusFailed;
36 using ::keymaster::kStatusInvalidEek;
37 using ::keymaster::StatusOr;
38 using ::testing::ElementsAreArray;
39 using byte_view = std::basic_string_view<uint8_t>;
40
41 struct KeyInfoEcdsa {
42 CoseKeyCurve curve;
43 byte_view pubKeyX;
44 byte_view pubKeyY;
45
operator ==aidl::android::hardware::security::keymint::remote_prov::__anon13cb8b900111::KeyInfoEcdsa46 bool operator==(const KeyInfoEcdsa& other) const {
47 return curve == other.curve && pubKeyX == other.pubKeyX && pubKeyY == other.pubKeyY;
48 }
49 };
50
51 // The production root signing key for Google ECDSA P256 Endpoint Encryption Key cert chains.
52 inline constexpr uint8_t kEcdsa256GeekRootX[] = {
53 0xf7, 0x14, 0x8a, 0xdb, 0x97, 0xf4, 0xcc, 0x53, 0xef, 0xd2, 0x64, 0x11, 0xc4, 0xe3, 0x75, 0x1f,
54 0x66, 0x1f, 0xa4, 0x71, 0x0c, 0x6c, 0xcf, 0xfa, 0x09, 0x46, 0x80, 0x74, 0x87, 0x54, 0xf2, 0xad};
55
56 inline constexpr uint8_t kEcdsa256GeekRootY[] = {
57 0x5e, 0x7f, 0x5b, 0xf6, 0xec, 0xe4, 0xf6, 0x19, 0xcc, 0xff, 0x13, 0x37, 0xfd, 0x0f, 0xa1, 0xc8,
58 0x93, 0xdb, 0x18, 0x06, 0x76, 0xc4, 0x5d, 0xe6, 0xd7, 0x6a, 0x77, 0x86, 0xc3, 0x2d, 0xaf, 0x8f};
59
60 // Hard-coded set of acceptable public COSE_Keys that can act as roots of EEK chains.
61 inline constexpr KeyInfoEcdsa kAuthorizedEcdsa256EekRoots[] = {
62 {CoseKeyCurve::P256, byte_view(kEcdsa256GeekRootX, sizeof(kEcdsa256GeekRootX)),
63 byte_view(kEcdsa256GeekRootY, sizeof(kEcdsa256GeekRootY))},
64 };
65
parseEcdh256(const bytevec & coseKey)66 static ErrMsgOr<CoseKey> parseEcdh256(const bytevec& coseKey) {
67 auto key = CoseKey::parse(coseKey, EC2, ECDH_ES_HKDF_256, P256);
68 if (!key) return key;
69
70 auto& pubkey_x = key->getMap().get(cppcose::CoseKey::PUBKEY_X);
71 auto& pubkey_y = key->getMap().get(cppcose::CoseKey::PUBKEY_Y);
72 if (!pubkey_x || !pubkey_y || !pubkey_x->asBstr() || !pubkey_y->asBstr() ||
73 pubkey_x->asBstr()->value().size() != 32 || pubkey_y->asBstr()->value().size() != 32) {
74 return "Invalid P256 public key";
75 }
76
77 return key;
78 }
79
80 StatusOr<std::tuple<std::vector<uint8_t> /* EEK pubX */, std::vector<uint8_t> /* EEK pubY */,
81 std::vector<uint8_t> /* EEK ID */>>
validateAndExtractEcdsa256EekPubAndId(bool testMode,const KeymasterBlob & endpointEncryptionCertChain)82 validateAndExtractEcdsa256EekPubAndId(bool testMode,
83 const KeymasterBlob& endpointEncryptionCertChain) {
84 auto [item, newPos, errMsg] =
85 cppbor::parse(endpointEncryptionCertChain.begin(), endpointEncryptionCertChain.end());
86 if (!item || !item->asArray()) {
87 return kStatusFailed;
88 }
89 const cppbor::Array* certArr = item->asArray();
90 std::vector<uint8_t> lastPubKey;
91 for (size_t i = 0; i < certArr->size(); ++i) {
92 auto cosePubKey =
93 verifyAndParseCoseSign1(certArr->get(i)->asArray(), lastPubKey, {} /* AAD */);
94 if (!cosePubKey) {
95 return kStatusInvalidEek;
96 }
97 lastPubKey = *std::move(cosePubKey);
98
99 // In prod mode the first pubkey should match a well-known Google public key.
100 if (!testMode && i == 0) {
101 auto parsedPubKey = CoseKey::parse(lastPubKey);
102 if (!parsedPubKey) {
103 return kStatusFailed;
104 }
105 auto curve = parsedPubKey->getIntValue(CoseKey::CURVE);
106 if (!curve) {
107 return kStatusInvalidEek;
108 }
109 auto rawPubX = parsedPubKey->getBstrValue(CoseKey::PUBKEY_X);
110 if (!rawPubX) {
111 return kStatusInvalidEek;
112 }
113 auto rawPubY = parsedPubKey->getBstrValue(CoseKey::PUBKEY_Y);
114 if (!rawPubY) {
115 return kStatusInvalidEek;
116 }
117 KeyInfoEcdsa matcher = {static_cast<CoseKeyCurve>(*curve),
118 byte_view(rawPubX->data(), rawPubX->size()),
119 byte_view(rawPubY->data(), rawPubY->size())};
120 if (std::find(std::begin(kAuthorizedEcdsa256EekRoots),
121 std::end(kAuthorizedEcdsa256EekRoots),
122 matcher) == std::end(kAuthorizedEcdsa256EekRoots)) {
123 return kStatusInvalidEek;
124 }
125 }
126 }
127 auto eek = parseEcdh256(lastPubKey);
128 if (!eek) {
129 return kStatusInvalidEek;
130 }
131 return std::make_tuple(eek->getBstrValue(CoseKey::PUBKEY_X).value(),
132 eek->getBstrValue(CoseKey::PUBKEY_Y).value(),
133 eek->getBstrValue(CoseKey::KEY_ID).value());
134 }
135
TEST(RemoteProvUtilsTest,GenerateEekChainInvalidLength)136 TEST(RemoteProvUtilsTest, GenerateEekChainInvalidLength) {
137 ASSERT_FALSE(generateEekChain(RpcHardwareInfo::CURVE_25519, 1, /*eekId=*/{}));
138 }
139
TEST(RemoteProvUtilsTest,GenerateEekChain)140 TEST(RemoteProvUtilsTest, GenerateEekChain) {
141 bytevec kTestEekId = {'t', 'e', 's', 't', 'I', 'd', 0};
142 for (size_t length : {2, 3, 31}) {
143 auto get_eek_result = generateEekChain(RpcHardwareInfo::CURVE_25519, length, kTestEekId);
144 ASSERT_TRUE(get_eek_result) << get_eek_result.message();
145
146 auto& [chain, pubkey, privkey] = *get_eek_result;
147
148 auto validation_result = validateAndExtractEekPubAndId(
149 /*testMode=*/true, KeymasterBlob(chain.data(), chain.size()));
150 ASSERT_TRUE(validation_result.isOk());
151
152 auto& [eekPub, eekId] = *validation_result;
153 EXPECT_THAT(eekId, ElementsAreArray(kTestEekId));
154 EXPECT_THAT(eekPub, ElementsAreArray(pubkey));
155 }
156 }
157
TEST(RemoteProvUtilsTest,GetProdEekChain)158 TEST(RemoteProvUtilsTest, GetProdEekChain) {
159 auto chain = getProdEekChain(RpcHardwareInfo::CURVE_25519);
160
161 auto validation_result = validateAndExtractEekPubAndId(
162 /*testMode=*/false, KeymasterBlob(chain.data(), chain.size()));
163 ASSERT_TRUE(validation_result.isOk()) << "Error: " << validation_result.moveError();
164
165 auto& [eekPub, eekId] = *validation_result;
166
167 auto [geekCert, ignoredNewPos, error] =
168 cppbor::parse(kCoseEncodedGeekCert, sizeof(kCoseEncodedGeekCert));
169 ASSERT_NE(geekCert, nullptr) << "Error: " << error;
170 ASSERT_NE(geekCert->asArray(), nullptr);
171
172 auto& encodedGeekCoseKey = geekCert->asArray()->get(kCoseSign1Payload);
173 ASSERT_NE(encodedGeekCoseKey, nullptr);
174 ASSERT_NE(encodedGeekCoseKey->asBstr(), nullptr);
175
176 auto geek = CoseKey::parse(encodedGeekCoseKey->asBstr()->value());
177 ASSERT_TRUE(geek) << "Error: " << geek.message();
178
179 const std::vector<uint8_t> empty;
180 EXPECT_THAT(eekId, ElementsAreArray(geek->getBstrValue(CoseKey::KEY_ID).value_or(empty)));
181 EXPECT_THAT(eekPub, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_X).value_or(empty)));
182 }
183
TEST(RemoteProvUtilsTest,JsonEncodeCsr)184 TEST(RemoteProvUtilsTest, JsonEncodeCsr) {
185 cppbor::Array array;
186 array.add(1);
187
188 auto [json, error] = jsonEncodeCsrWithBuild(std::string("test"), array);
189
190 ASSERT_TRUE(error.empty()) << error;
191
192 std::string expected = R"({"build_fingerprint":")" +
193 ::android::base::GetProperty("ro.build.fingerprint", /*default=*/"") +
194 R"(","csr":"gQE=","name":"test"})";
195
196 ASSERT_EQ(json, expected);
197 }
198
TEST(RemoteProvUtilsTest,GenerateEcdsaEekChainInvalidLength)199 TEST(RemoteProvUtilsTest, GenerateEcdsaEekChainInvalidLength) {
200 ASSERT_FALSE(generateEekChain(RpcHardwareInfo::CURVE_P256, 1, /*eekId=*/{}));
201 }
202
TEST(RemoteProvUtilsTest,GenerateEcdsaEekChain)203 TEST(RemoteProvUtilsTest, GenerateEcdsaEekChain) {
204 bytevec kTestEekId = {'t', 'e', 's', 't', 'I', 'd', 0};
205 for (size_t length : {2, 3, 31}) {
206 auto get_eek_result = generateEekChain(RpcHardwareInfo::CURVE_P256, length, kTestEekId);
207 ASSERT_TRUE(get_eek_result) << get_eek_result.message();
208
209 auto& [chain, pubkey, privkey] = *get_eek_result;
210
211 auto validation_result = validateAndExtractEcdsa256EekPubAndId(
212 /*testMode=*/true, KeymasterBlob(chain.data(), chain.size()));
213 ASSERT_TRUE(validation_result.isOk());
214
215 auto& [eekPubX, eekPubY, eekId] = *validation_result;
216 bytevec eekPub;
217 eekPub.insert(eekPub.begin(), eekPubX.begin(), eekPubX.end());
218 eekPub.insert(eekPub.end(), eekPubY.begin(), eekPubY.end());
219 EXPECT_THAT(eekId, ElementsAreArray(kTestEekId));
220 EXPECT_THAT(eekPub, ElementsAreArray(pubkey));
221 }
222 }
223
TEST(RemoteProvUtilsTest,GetProdEcdsaEekChain)224 TEST(RemoteProvUtilsTest, GetProdEcdsaEekChain) {
225 auto chain = getProdEekChain(RpcHardwareInfo::CURVE_P256);
226
227 auto validation_result = validateAndExtractEcdsa256EekPubAndId(
228 /*testMode=*/false, KeymasterBlob(chain.data(), chain.size()));
229 ASSERT_TRUE(validation_result.isOk()) << "Error: " << validation_result.moveError();
230
231 auto& [eekPubX, eekPubY, eekId] = *validation_result;
232
233 auto [geekCert, ignoredNewPos, error] =
234 cppbor::parse(kCoseEncodedEcdsa256GeekCert, sizeof(kCoseEncodedEcdsa256GeekCert));
235 ASSERT_NE(geekCert, nullptr) << "Error: " << error;
236 ASSERT_NE(geekCert->asArray(), nullptr);
237
238 auto& encodedGeekCoseKey = geekCert->asArray()->get(kCoseSign1Payload);
239 ASSERT_NE(encodedGeekCoseKey, nullptr);
240 ASSERT_NE(encodedGeekCoseKey->asBstr(), nullptr);
241
242 auto geek = CoseKey::parse(encodedGeekCoseKey->asBstr()->value());
243 ASSERT_TRUE(geek) << "Error: " << geek.message();
244
245 const std::vector<uint8_t> empty;
246 EXPECT_THAT(eekId, ElementsAreArray(geek->getBstrValue(CoseKey::KEY_ID).value_or(empty)));
247 EXPECT_THAT(eekPubX, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_X).value_or(empty)));
248 EXPECT_THAT(eekPubY, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_Y).value_or(empty)));
249 }
250
251 } // namespace
252 } // namespace aidl::android::hardware::security::keymint::remote_prov
253