1 /*
2 * Copyright 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymasterV4_0/attestation_record.h>
18
19 #include <assert.h>
20
21 #include <openssl/asn1t.h>
22 #include <openssl/bn.h>
23 #include <openssl/evp.h>
24 #include <openssl/x509.h>
25
26 #include <keymasterV4_0/authorization_set.h>
27 #include <keymasterV4_0/openssl_utils.h>
28
29 namespace android {
30 namespace hardware {
31 namespace keymaster {
32 namespace V4_0 {
33
34 struct stack_st_ASN1_TYPE_Delete {
operator ()android::hardware::keymaster::V4_0::stack_st_ASN1_TYPE_Delete35 void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
36 };
37
38 struct ASN1_STRING_Delete {
operator ()android::hardware::keymaster::V4_0::ASN1_STRING_Delete39 void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); }
40 };
41
42 struct ASN1_TYPE_Delete {
operator ()android::hardware::keymaster::V4_0::ASN1_TYPE_Delete43 void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); }
44 };
45
46 #define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER)
47
48 typedef struct km_root_of_trust {
49 ASN1_OCTET_STRING* verified_boot_key;
50 ASN1_BOOLEAN* device_locked;
51 ASN1_ENUMERATED* verified_boot_state;
52 } KM_ROOT_OF_TRUST;
53
54 ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = {
55 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING),
56 ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN),
57 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED),
58 } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
59 IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
60
61 typedef struct km_auth_list {
62 ASN1_INTEGER_SET* purpose;
63 ASN1_INTEGER* algorithm;
64 ASN1_INTEGER* key_size;
65 ASN1_INTEGER_SET* digest;
66 ASN1_INTEGER_SET* padding;
67 ASN1_INTEGER* ec_curve;
68 ASN1_INTEGER* rsa_public_exponent;
69 ASN1_INTEGER* active_date_time;
70 ASN1_INTEGER* origination_expire_date_time;
71 ASN1_INTEGER* usage_expire_date_time;
72 ASN1_NULL* no_auth_required;
73 ASN1_INTEGER* user_auth_type;
74 ASN1_INTEGER* auth_timeout;
75 ASN1_NULL* allow_while_on_body;
76 ASN1_NULL* all_applications;
77 ASN1_OCTET_STRING* application_id;
78 ASN1_INTEGER* creation_date_time;
79 ASN1_INTEGER* origin;
80 ASN1_NULL* rollback_resistant;
81 KM_ROOT_OF_TRUST* root_of_trust;
82 ASN1_INTEGER* os_version;
83 ASN1_INTEGER* os_patchlevel;
84 ASN1_OCTET_STRING* attestation_application_id;
85 } KM_AUTH_LIST;
86
87 ASN1_SEQUENCE(KM_AUTH_LIST) = {
88 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.maskedTag()),
89 ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.maskedTag()),
90 ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.maskedTag()),
91 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.maskedTag()),
92 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.maskedTag()),
93 ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),
94 ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
95 TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
96 ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
97 ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
98 TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
99 ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER,
100 TAG_USAGE_EXPIRE_DATETIME.maskedTag()),
101 ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),
102 ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),
103 ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),
104 ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()),
105 ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.maskedTag()),
106 ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()),
107 ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),
108 ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()),
109 ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
110 ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
111 ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
112 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
113 TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
114 } ASN1_SEQUENCE_END(KM_AUTH_LIST);
115 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
116
117 typedef struct km_key_description {
118 ASN1_INTEGER* attestation_version;
119 ASN1_ENUMERATED* attestation_security_level;
120 ASN1_INTEGER* keymaster_version;
121 ASN1_ENUMERATED* keymaster_security_level;
122 ASN1_OCTET_STRING* attestation_challenge;
123 KM_AUTH_LIST* software_enforced;
124 KM_AUTH_LIST* tee_enforced;
125 ASN1_INTEGER* unique_id;
126 } KM_KEY_DESCRIPTION;
127
128 ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
129 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER),
130 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED),
131 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER),
132 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED),
133 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING),
134 ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING),
135 ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST),
136 ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST),
137 } ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION);
138 IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
139
140 template <Tag tag>
copyAuthTag(const stack_st_ASN1_INTEGER * stack,TypedTag<TagType::ENUM_REP,tag> ttag,AuthorizationSet * auth_list)141 void copyAuthTag(const stack_st_ASN1_INTEGER* stack, TypedTag<TagType::ENUM_REP, tag> ttag,
142 AuthorizationSet* auth_list) {
143 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
144 for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) {
145 auth_list->push_back(
146 ttag, static_cast<ValueT>(ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i))));
147 }
148 }
149
150 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::ENUM,tag> ttag,AuthorizationSet * auth_list)151 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ENUM, tag> ttag,
152 AuthorizationSet* auth_list) {
153 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
154 if (!asn1_int) return;
155 auth_list->push_back(ttag, static_cast<ValueT>(ASN1_INTEGER_get(asn1_int)));
156 }
157
158 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::UINT,tag> ttag,AuthorizationSet * auth_list)159 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::UINT, tag> ttag,
160 AuthorizationSet* auth_list) {
161 if (!asn1_int) return;
162 auth_list->push_back(ttag, ASN1_INTEGER_get(asn1_int));
163 }
164
construct_uint_max()165 BIGNUM* construct_uint_max() {
166 BIGNUM* value = BN_new();
167 BIGNUM_Ptr one(BN_new());
168 BN_one(one.get());
169 BN_lshift(value, one.get(), 32);
170 return value;
171 }
172
BignumToUint64(BIGNUM * num)173 uint64_t BignumToUint64(BIGNUM* num) {
174 static_assert((sizeof(BN_ULONG) == sizeof(uint32_t)) || (sizeof(BN_ULONG) == sizeof(uint64_t)),
175 "This implementation only supports 32 and 64-bit BN_ULONG");
176 if (sizeof(BN_ULONG) == sizeof(uint32_t)) {
177 BIGNUM_Ptr uint_max(construct_uint_max());
178 BIGNUM_Ptr hi(BN_new()), lo(BN_new());
179 BN_CTX_Ptr ctx(BN_CTX_new());
180 BN_div(hi.get(), lo.get(), num, uint_max.get(), ctx.get());
181 return static_cast<uint64_t>(BN_get_word(hi.get())) << 32 | BN_get_word(lo.get());
182 } else if (sizeof(BN_ULONG) == sizeof(uint64_t)) {
183 return BN_get_word(num);
184 } else {
185 return 0;
186 }
187 }
188
189 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::ULONG,tag> ttag,AuthorizationSet * auth_list)190 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ULONG, tag> ttag,
191 AuthorizationSet* auth_list) {
192 if (!asn1_int) return;
193 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
194 auth_list->push_back(ttag, BignumToUint64(num.get()));
195 }
196
197 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::DATE,tag> ttag,AuthorizationSet * auth_list)198 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::DATE, tag> ttag,
199 AuthorizationSet* auth_list) {
200 if (!asn1_int) return;
201 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
202 auth_list->push_back(ttag, BignumToUint64(num.get()));
203 }
204
205 template <Tag tag>
copyAuthTag(const ASN1_NULL * asn1_null,TypedTag<TagType::BOOL,tag> ttag,AuthorizationSet * auth_list)206 void copyAuthTag(const ASN1_NULL* asn1_null, TypedTag<TagType::BOOL, tag> ttag,
207 AuthorizationSet* auth_list) {
208 if (!asn1_null) return;
209 auth_list->push_back(ttag);
210 }
211
212 template <Tag tag>
copyAuthTag(const ASN1_OCTET_STRING * asn1_string,TypedTag<TagType::BYTES,tag> ttag,AuthorizationSet * auth_list)213 void copyAuthTag(const ASN1_OCTET_STRING* asn1_string, TypedTag<TagType::BYTES, tag> ttag,
214 AuthorizationSet* auth_list) {
215 if (!asn1_string) return;
216 hidl_vec<uint8_t> buf;
217 buf.setToExternal(asn1_string->data, asn1_string->length);
218 auth_list->push_back(ttag, buf);
219 }
220
221 // Extract the values from the specified ASN.1 record and place them in auth_list.
extract_auth_list(const KM_AUTH_LIST * record,AuthorizationSet * auth_list)222 static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* auth_list) {
223 if (!record) return ErrorCode::OK;
224
225 copyAuthTag(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list);
226 copyAuthTag(record->algorithm, TAG_ALGORITHM, auth_list);
227 copyAuthTag(record->application_id, TAG_APPLICATION_ID, auth_list);
228 copyAuthTag(record->auth_timeout, TAG_AUTH_TIMEOUT, auth_list);
229 copyAuthTag(record->creation_date_time, TAG_CREATION_DATETIME, auth_list);
230 copyAuthTag(record->digest, TAG_DIGEST, auth_list);
231 copyAuthTag(record->ec_curve, TAG_EC_CURVE, auth_list);
232 copyAuthTag(record->key_size, TAG_KEY_SIZE, auth_list);
233 copyAuthTag(record->no_auth_required, TAG_NO_AUTH_REQUIRED, auth_list);
234 copyAuthTag(record->origin, TAG_ORIGIN, auth_list);
235 copyAuthTag(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, auth_list);
236 copyAuthTag(record->os_patchlevel, TAG_OS_PATCHLEVEL, auth_list);
237 copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list);
238 copyAuthTag(record->padding, TAG_PADDING, auth_list);
239 copyAuthTag(record->purpose, TAG_PURPOSE, auth_list);
240 copyAuthTag(record->rollback_resistant, TAG_ROLLBACK_RESISTANCE, auth_list);
241 copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list);
242 copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
243 copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
244 copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);
245
246 return ErrorCode::OK;
247 }
248
MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION)249 MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION)
250
251 // Parse the DER-encoded attestation record, placing the results in keymaster_version,
252 // attestation_challenge, software_enforced, tee_enforced and unique_id.
253 ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
254 uint32_t* attestation_version, //
255 SecurityLevel* attestation_security_level,
256 uint32_t* keymaster_version,
257 SecurityLevel* keymaster_security_level,
258 hidl_vec<uint8_t>* attestation_challenge,
259 AuthorizationSet* software_enforced,
260 AuthorizationSet* tee_enforced, //
261 hidl_vec<uint8_t>* unique_id) {
262 const uint8_t* p = asn1_key_desc;
263 KM_KEY_DESCRIPTION_Ptr record(d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
264 if (!record.get()) return ErrorCode::UNKNOWN_ERROR;
265
266 *attestation_version = ASN1_INTEGER_get(record->attestation_version);
267 *attestation_security_level =
268 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->attestation_security_level));
269 *keymaster_version = ASN1_INTEGER_get(record->keymaster_version);
270 *keymaster_security_level =
271 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->keymaster_security_level));
272
273 auto& chall = record->attestation_challenge;
274 attestation_challenge->resize(chall->length);
275 memcpy(attestation_challenge->data(), chall->data, chall->length);
276 auto& uid = record->unique_id;
277 unique_id->resize(uid->length);
278 memcpy(unique_id->data(), uid->data, uid->length);
279
280 ErrorCode error = extract_auth_list(record->software_enforced, software_enforced);
281 if (error != ErrorCode::OK) return error;
282
283 return extract_auth_list(record->tee_enforced, tee_enforced);
284 }
285
286 } // namespace V4_0
287 } // namespace keymaster
288 } // namespace hardware
289 } // namespace android
290