1 /*
2 * Copyright 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>
18 #include <android-base/properties.h>
19 #include <cppbor.h>
20 #include <cppbor_parse.h>
21 #include <gmock/gmock.h>
22 #include <gtest/gtest.h>
23 #include <keymaster/android_keymaster_utils.h>
24 #include <keymaster/cppcose/cppcose.h>
25 #include <keymaster/logger.h>
26 #include <keymaster/remote_provisioning_utils.h>
27 #include <openssl/curve25519.h>
28 #include <remote_prov/remote_prov_utils.h>
29
30 #include <algorithm>
31 #include <cstdint>
32 #include <span>
33
34 namespace aidl::android::hardware::security::keymint::remote_prov {
35 namespace {
36
37 using ::keymaster::KeymasterBlob;
38 using ::keymaster::kStatusFailed;
39 using ::keymaster::kStatusInvalidEek;
40 using ::keymaster::StatusOr;
41 using ::testing::ElementsAreArray;
42 using byte_view = std::span<const uint8_t>;
43
equal_byte_views(const byte_view & view1,const byte_view & view2)44 inline bool equal_byte_views(const byte_view& view1, const byte_view& view2) {
45 return std::equal(view1.begin(), view1.end(), view2.begin(), view2.end());
46 }
47
48 struct KeyInfoEcdsa {
49 CoseKeyCurve curve;
50 byte_view pubKeyX;
51 byte_view pubKeyY;
52
operator ==aidl::android::hardware::security::keymint::remote_prov::__anona9d5cff80111::KeyInfoEcdsa53 bool operator==(const KeyInfoEcdsa& other) const {
54 return curve == other.curve && equal_byte_views(pubKeyX, other.pubKeyX) &&
55 equal_byte_views(pubKeyY, other.pubKeyY);
56 }
57 };
58
59 // The production root signing key for Google ECDSA P256 Endpoint Encryption Key cert chains.
60 inline constexpr uint8_t kEcdsa256GeekRootX[] = {
61 0xf7, 0x14, 0x8a, 0xdb, 0x97, 0xf4, 0xcc, 0x53, 0xef, 0xd2, 0x64, 0x11, 0xc4, 0xe3, 0x75, 0x1f,
62 0x66, 0x1f, 0xa4, 0x71, 0x0c, 0x6c, 0xcf, 0xfa, 0x09, 0x46, 0x80, 0x74, 0x87, 0x54, 0xf2, 0xad};
63
64 inline constexpr uint8_t kEcdsa256GeekRootY[] = {
65 0x5e, 0x7f, 0x5b, 0xf6, 0xec, 0xe4, 0xf6, 0x19, 0xcc, 0xff, 0x13, 0x37, 0xfd, 0x0f, 0xa1, 0xc8,
66 0x93, 0xdb, 0x18, 0x06, 0x76, 0xc4, 0x5d, 0xe6, 0xd7, 0x6a, 0x77, 0x86, 0xc3, 0x2d, 0xaf, 0x8f};
67
68 // Hard-coded set of acceptable public COSE_Keys that can act as roots of EEK chains.
69 inline constexpr KeyInfoEcdsa kAuthorizedEcdsa256EekRoots[] = {
70 {CoseKeyCurve::P256, byte_view(kEcdsa256GeekRootX, sizeof(kEcdsa256GeekRootX)),
71 byte_view(kEcdsa256GeekRootY, sizeof(kEcdsa256GeekRootY))},
72 };
73
parseEcdh256(const bytevec & coseKey)74 static ErrMsgOr<CoseKey> parseEcdh256(const bytevec& coseKey) {
75 auto key = CoseKey::parse(coseKey, EC2, ECDH_ES_HKDF_256, P256);
76 if (!key) return key;
77
78 auto& pubkey_x = key->getMap().get(cppcose::CoseKey::PUBKEY_X);
79 auto& pubkey_y = key->getMap().get(cppcose::CoseKey::PUBKEY_Y);
80 if (!pubkey_x || !pubkey_y || !pubkey_x->asBstr() || !pubkey_y->asBstr() ||
81 pubkey_x->asBstr()->value().size() != 32 || pubkey_y->asBstr()->value().size() != 32) {
82 return "Invalid P256 public key";
83 }
84
85 return key;
86 }
87
88 StatusOr<std::tuple<std::vector<uint8_t> /* EEK pubX */, std::vector<uint8_t> /* EEK pubY */,
89 std::vector<uint8_t> /* EEK ID */>>
validateAndExtractEcdsa256EekPubAndId(bool testMode,const KeymasterBlob & endpointEncryptionCertChain)90 validateAndExtractEcdsa256EekPubAndId(bool testMode,
91 const KeymasterBlob& endpointEncryptionCertChain) {
92 auto [item, newPos, errMsg] =
93 cppbor::parse(endpointEncryptionCertChain.begin(), endpointEncryptionCertChain.end());
94 if (!item || !item->asArray()) {
95 return kStatusFailed;
96 }
97 const cppbor::Array* certArr = item->asArray();
98 std::vector<uint8_t> lastPubKey;
99 for (size_t i = 0; i < certArr->size(); ++i) {
100 auto cosePubKey =
101 verifyAndParseCoseSign1(certArr->get(i)->asArray(), lastPubKey, {} /* AAD */);
102 if (!cosePubKey) {
103 return kStatusInvalidEek;
104 }
105 lastPubKey = *std::move(cosePubKey);
106
107 // In prod mode the first pubkey should match a well-known Google public key.
108 if (!testMode && i == 0) {
109 auto parsedPubKey = CoseKey::parse(lastPubKey);
110 if (!parsedPubKey) {
111 return kStatusFailed;
112 }
113 auto curve = parsedPubKey->getIntValue(CoseKey::CURVE);
114 if (!curve) {
115 return kStatusInvalidEek;
116 }
117 auto rawPubX = parsedPubKey->getBstrValue(CoseKey::PUBKEY_X);
118 if (!rawPubX) {
119 return kStatusInvalidEek;
120 }
121 auto rawPubY = parsedPubKey->getBstrValue(CoseKey::PUBKEY_Y);
122 if (!rawPubY) {
123 return kStatusInvalidEek;
124 }
125 KeyInfoEcdsa matcher = {static_cast<CoseKeyCurve>(*curve),
126 byte_view(rawPubX->data(), rawPubX->size()),
127 byte_view(rawPubY->data(), rawPubY->size())};
128 if (std::find(std::begin(kAuthorizedEcdsa256EekRoots),
129 std::end(kAuthorizedEcdsa256EekRoots),
130 matcher) == std::end(kAuthorizedEcdsa256EekRoots)) {
131 return kStatusInvalidEek;
132 }
133 }
134 }
135 auto eek = parseEcdh256(lastPubKey);
136 if (!eek) {
137 return kStatusInvalidEek;
138 }
139 return std::make_tuple(eek->getBstrValue(CoseKey::PUBKEY_X).value(),
140 eek->getBstrValue(CoseKey::PUBKEY_Y).value(),
141 eek->getBstrValue(CoseKey::KEY_ID).value());
142 }
143
TEST(RemoteProvUtilsTest,GenerateEekChainInvalidLength)144 TEST(RemoteProvUtilsTest, GenerateEekChainInvalidLength) {
145 ASSERT_FALSE(generateEekChain(RpcHardwareInfo::CURVE_25519, 1, /*eekId=*/{}));
146 }
147
TEST(RemoteProvUtilsTest,GenerateEekChain)148 TEST(RemoteProvUtilsTest, GenerateEekChain) {
149 bytevec kTestEekId = {'t', 'e', 's', 't', 'I', 'd', 0};
150 for (size_t length : {2, 3, 31}) {
151 auto get_eek_result = generateEekChain(RpcHardwareInfo::CURVE_25519, length, kTestEekId);
152 ASSERT_TRUE(get_eek_result) << get_eek_result.message();
153
154 auto& [chain, pubkey, privkey] = *get_eek_result;
155
156 auto validation_result = validateAndExtractEekPubAndId(
157 /*testMode=*/true, KeymasterBlob(chain.data(), chain.size()));
158 ASSERT_TRUE(validation_result.isOk());
159
160 auto& [eekPub, eekId] = *validation_result;
161 EXPECT_THAT(eekId, ElementsAreArray(kTestEekId));
162 EXPECT_THAT(eekPub, ElementsAreArray(pubkey));
163 }
164 }
165
TEST(RemoteProvUtilsTest,GetProdEekChain)166 TEST(RemoteProvUtilsTest, GetProdEekChain) {
167 auto chain = getProdEekChain(RpcHardwareInfo::CURVE_25519);
168
169 auto validation_result = validateAndExtractEekPubAndId(
170 /*testMode=*/false, KeymasterBlob(chain.data(), chain.size()));
171 ASSERT_TRUE(validation_result.isOk()) << "Error: " << validation_result.moveError();
172
173 auto& [eekPub, eekId] = *validation_result;
174
175 auto [geekCert, ignoredNewPos, error] =
176 cppbor::parse(kCoseEncodedGeekCert, sizeof(kCoseEncodedGeekCert));
177 ASSERT_NE(geekCert, nullptr) << "Error: " << error;
178 ASSERT_NE(geekCert->asArray(), nullptr);
179
180 auto& encodedGeekCoseKey = geekCert->asArray()->get(kCoseSign1Payload);
181 ASSERT_NE(encodedGeekCoseKey, nullptr);
182 ASSERT_NE(encodedGeekCoseKey->asBstr(), nullptr);
183
184 auto geek = CoseKey::parse(encodedGeekCoseKey->asBstr()->value());
185 ASSERT_TRUE(geek) << "Error: " << geek.message();
186
187 const std::vector<uint8_t> empty;
188 EXPECT_THAT(eekId, ElementsAreArray(geek->getBstrValue(CoseKey::KEY_ID).value_or(empty)));
189 EXPECT_THAT(eekPub, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_X).value_or(empty)));
190 }
191
TEST(RemoteProvUtilsTest,JsonEncodeCsr)192 TEST(RemoteProvUtilsTest, JsonEncodeCsr) {
193 const std::string kSerialNoProp = "ro.serialno";
194 cppbor::Array array;
195 array.add(1);
196
197 auto [json, error] = jsonEncodeCsrWithBuild(std::string("test"), array, kSerialNoProp);
198
199 ASSERT_TRUE(error.empty()) << error;
200
201 std::string expected = R"({"build_fingerprint":")" +
202 ::android::base::GetProperty("ro.build.fingerprint", /*default=*/"") +
203 R"(","csr":"gQE=","name":"test","serialno":")" +
204 ::android::base::GetProperty("ro.serialno", /*default=*/"") + R"("})";
205
206 ASSERT_EQ(json, expected);
207 }
208
TEST(RemoteProvUtilsTest,GenerateEcdsaEekChainInvalidLength)209 TEST(RemoteProvUtilsTest, GenerateEcdsaEekChainInvalidLength) {
210 ASSERT_FALSE(generateEekChain(RpcHardwareInfo::CURVE_P256, 1, /*eekId=*/{}));
211 }
212
TEST(RemoteProvUtilsTest,GenerateEcdsaEekChain)213 TEST(RemoteProvUtilsTest, GenerateEcdsaEekChain) {
214 bytevec kTestEekId = {'t', 'e', 's', 't', 'I', 'd', 0};
215 for (size_t length : {2, 3, 31}) {
216 auto get_eek_result = generateEekChain(RpcHardwareInfo::CURVE_P256, length, kTestEekId);
217 ASSERT_TRUE(get_eek_result) << get_eek_result.message();
218
219 auto& [chain, pubkey, privkey] = *get_eek_result;
220
221 auto validation_result = validateAndExtractEcdsa256EekPubAndId(
222 /*testMode=*/true, KeymasterBlob(chain.data(), chain.size()));
223 ASSERT_TRUE(validation_result.isOk());
224
225 auto& [eekPubX, eekPubY, eekId] = *validation_result;
226 bytevec eekPub;
227 eekPub.insert(eekPub.begin(), eekPubX.begin(), eekPubX.end());
228 eekPub.insert(eekPub.end(), eekPubY.begin(), eekPubY.end());
229 EXPECT_THAT(eekId, ElementsAreArray(kTestEekId));
230 EXPECT_THAT(eekPub, ElementsAreArray(pubkey));
231 }
232 }
233
TEST(RemoteProvUtilsTest,GetProdEcdsaEekChain)234 TEST(RemoteProvUtilsTest, GetProdEcdsaEekChain) {
235 auto chain = getProdEekChain(RpcHardwareInfo::CURVE_P256);
236
237 auto validation_result = validateAndExtractEcdsa256EekPubAndId(
238 /*testMode=*/false, KeymasterBlob(chain.data(), chain.size()));
239 ASSERT_TRUE(validation_result.isOk()) << "Error: " << validation_result.moveError();
240
241 auto& [eekPubX, eekPubY, eekId] = *validation_result;
242
243 auto [geekCert, ignoredNewPos, error] =
244 cppbor::parse(kCoseEncodedEcdsa256GeekCert, sizeof(kCoseEncodedEcdsa256GeekCert));
245 ASSERT_NE(geekCert, nullptr) << "Error: " << error;
246 ASSERT_NE(geekCert->asArray(), nullptr);
247
248 auto& encodedGeekCoseKey = geekCert->asArray()->get(kCoseSign1Payload);
249 ASSERT_NE(encodedGeekCoseKey, nullptr);
250 ASSERT_NE(encodedGeekCoseKey->asBstr(), nullptr);
251
252 auto geek = CoseKey::parse(encodedGeekCoseKey->asBstr()->value());
253 ASSERT_TRUE(geek) << "Error: " << geek.message();
254
255 const std::vector<uint8_t> empty;
256 EXPECT_THAT(eekId, ElementsAreArray(geek->getBstrValue(CoseKey::KEY_ID).value_or(empty)));
257 EXPECT_THAT(eekPubX, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_X).value_or(empty)));
258 EXPECT_THAT(eekPubY, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_Y).value_or(empty)));
259 }
260
261 } // namespace
262 } // namespace aidl::android::hardware::security::keymint::remote_prov
263