1 /* 2 * Copyright 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "attestation_record.h" 18 19 #include <assert.h> 20 21 #include <openssl/asn1t.h> 22 #include <openssl/bn.h> 23 #include <openssl/evp.h> 24 #include <openssl/x509.h> 25 26 #include "openssl_utils.h" 27 28 namespace android { 29 namespace hardware { 30 namespace keymaster { 31 namespace V3_0 { 32 33 struct stack_st_ASN1_TYPE_Delete { 34 void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); } 35 }; 36 37 struct ASN1_STRING_Delete { 38 void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); } 39 }; 40 41 struct ASN1_TYPE_Delete { 42 void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); } 43 }; 44 45 #define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER) 46 47 typedef struct km_root_of_trust { 48 ASN1_OCTET_STRING* verified_boot_key; 49 ASN1_BOOLEAN* device_locked; 50 ASN1_ENUMERATED* verified_boot_state; 51 } KM_ROOT_OF_TRUST; 52 53 ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = { 54 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING), 55 ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN), 56 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED), 57 } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST); 58 IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST); 59 60 typedef struct km_auth_list { 61 ASN1_INTEGER_SET* purpose; 62 ASN1_INTEGER* algorithm; 63 ASN1_INTEGER* key_size; 64 ASN1_INTEGER_SET* digest; 65 ASN1_INTEGER_SET* padding; 66 ASN1_INTEGER_SET* kdf; 67 ASN1_INTEGER* ec_curve; 68 ASN1_INTEGER* rsa_public_exponent; 69 ASN1_INTEGER* active_date_time; 70 ASN1_INTEGER* origination_expire_date_time; 71 ASN1_INTEGER* usage_expire_date_time; 72 ASN1_NULL* no_auth_required; 73 ASN1_INTEGER* user_auth_type; 74 ASN1_INTEGER* auth_timeout; 75 ASN1_NULL* allow_while_on_body; 76 ASN1_NULL* all_applications; 77 ASN1_OCTET_STRING* application_id; 78 ASN1_INTEGER* creation_date_time; 79 ASN1_INTEGER* origin; 80 ASN1_NULL* rollback_resistant; 81 KM_ROOT_OF_TRUST* root_of_trust; 82 ASN1_INTEGER* os_version; 83 ASN1_INTEGER* os_patchlevel; 84 ASN1_OCTET_STRING* attestation_application_id; 85 } KM_AUTH_LIST; 86 87 ASN1_SEQUENCE(KM_AUTH_LIST) = { 88 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.maskedTag()), 89 ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.maskedTag()), 90 ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.maskedTag()), 91 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.maskedTag()), 92 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.maskedTag()), 93 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, kdf, ASN1_INTEGER, TAG_KDF.maskedTag()), 94 ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()), 95 ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER, 96 TAG_RSA_PUBLIC_EXPONENT.maskedTag()), 97 ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()), 98 ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER, 99 TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()), 100 ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER, 101 TAG_USAGE_EXPIRE_DATETIME.maskedTag()), 102 ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()), 103 ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()), 104 ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()), 105 ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()), 106 ASN1_EXP_OPT(KM_AUTH_LIST, all_applications, ASN1_NULL, TAG_ALL_APPLICATIONS.maskedTag()), 107 ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.maskedTag()), 108 ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()), 109 ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()), 110 ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANT.maskedTag()), 111 ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()), 112 ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()), 113 ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()), 114 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING, 115 TAG_ATTESTATION_APPLICATION_ID.maskedTag()), 116 } ASN1_SEQUENCE_END(KM_AUTH_LIST); 117 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST); 118 119 typedef struct km_key_description { 120 ASN1_INTEGER* attestation_version; 121 ASN1_ENUMERATED* attestation_security_level; 122 ASN1_INTEGER* keymaster_version; 123 ASN1_ENUMERATED* keymaster_security_level; 124 ASN1_OCTET_STRING* attestation_challenge; 125 KM_AUTH_LIST* software_enforced; 126 KM_AUTH_LIST* tee_enforced; 127 ASN1_INTEGER* unique_id; 128 } KM_KEY_DESCRIPTION; 129 130 ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = { 131 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER), 132 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED), 133 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER), 134 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED), 135 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING), 136 ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING), 137 ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST), 138 ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST), 139 } ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION); 140 IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION); 141 142 template <Tag tag> 143 void copyAuthTag(const stack_st_ASN1_INTEGER* stack, TypedTag<TagType::ENUM_REP, tag> ttag, 144 AuthorizationSet* auth_list) { 145 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT; 146 for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) { 147 auth_list->push_back( 148 ttag, static_cast<ValueT>(ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i)))); 149 } 150 } 151 152 template <Tag tag> 153 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ENUM, tag> ttag, 154 AuthorizationSet* auth_list) { 155 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT; 156 if (!asn1_int) return; 157 auth_list->push_back(ttag, static_cast<ValueT>(ASN1_INTEGER_get(asn1_int))); 158 } 159 160 template <Tag tag> 161 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::UINT, tag> ttag, 162 AuthorizationSet* auth_list) { 163 if (!asn1_int) return; 164 auth_list->push_back(ttag, ASN1_INTEGER_get(asn1_int)); 165 } 166 167 BIGNUM* construct_uint_max() { 168 BIGNUM* value = BN_new(); 169 BIGNUM_Ptr one(BN_new()); 170 BN_one(one.get()); 171 BN_lshift(value, one.get(), 32); 172 return value; 173 } 174 175 uint64_t BignumToUint64(BIGNUM* num) { 176 static_assert((sizeof(BN_ULONG) == sizeof(uint32_t)) || (sizeof(BN_ULONG) == sizeof(uint64_t)), 177 "This implementation only supports 32 and 64-bit BN_ULONG"); 178 if (sizeof(BN_ULONG) == sizeof(uint32_t)) { 179 BIGNUM_Ptr uint_max(construct_uint_max()); 180 BIGNUM_Ptr hi(BN_new()), lo(BN_new()); 181 BN_CTX_Ptr ctx(BN_CTX_new()); 182 BN_div(hi.get(), lo.get(), num, uint_max.get(), ctx.get()); 183 return static_cast<uint64_t>(BN_get_word(hi.get())) << 32 | BN_get_word(lo.get()); 184 } else if (sizeof(BN_ULONG) == sizeof(uint64_t)) { 185 return BN_get_word(num); 186 } else { 187 return 0; 188 } 189 } 190 191 template <Tag tag> 192 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ULONG, tag> ttag, 193 AuthorizationSet* auth_list) { 194 if (!asn1_int) return; 195 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr)); 196 auth_list->push_back(ttag, BignumToUint64(num.get())); 197 } 198 199 template <Tag tag> 200 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::DATE, tag> ttag, 201 AuthorizationSet* auth_list) { 202 if (!asn1_int) return; 203 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr)); 204 auth_list->push_back(ttag, BignumToUint64(num.get())); 205 } 206 207 template <Tag tag> 208 void copyAuthTag(const ASN1_NULL* asn1_null, TypedTag<TagType::BOOL, tag> ttag, 209 AuthorizationSet* auth_list) { 210 if (!asn1_null) return; 211 auth_list->push_back(ttag); 212 } 213 214 template <Tag tag> 215 void copyAuthTag(const ASN1_OCTET_STRING* asn1_string, TypedTag<TagType::BYTES, tag> ttag, 216 AuthorizationSet* auth_list) { 217 if (!asn1_string) return; 218 hidl_vec<uint8_t> buf; 219 buf.setToExternal(asn1_string->data, asn1_string->length); 220 auth_list->push_back(ttag, buf); 221 } 222 223 // Extract the values from the specified ASN.1 record and place them in auth_list. 224 static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* auth_list) { 225 if (!record) return ErrorCode::OK; 226 227 copyAuthTag(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list); 228 copyAuthTag(record->algorithm, TAG_ALGORITHM, auth_list); 229 copyAuthTag(record->all_applications, TAG_ALL_APPLICATIONS, auth_list); 230 copyAuthTag(record->application_id, TAG_APPLICATION_ID, auth_list); 231 copyAuthTag(record->auth_timeout, TAG_AUTH_TIMEOUT, auth_list); 232 copyAuthTag(record->creation_date_time, TAG_CREATION_DATETIME, auth_list); 233 copyAuthTag(record->digest, TAG_DIGEST, auth_list); 234 copyAuthTag(record->ec_curve, TAG_EC_CURVE, auth_list); 235 copyAuthTag(record->key_size, TAG_KEY_SIZE, auth_list); 236 copyAuthTag(record->no_auth_required, TAG_NO_AUTH_REQUIRED, auth_list); 237 copyAuthTag(record->origin, TAG_ORIGIN, auth_list); 238 copyAuthTag(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, auth_list); 239 copyAuthTag(record->os_patchlevel, TAG_OS_PATCHLEVEL, auth_list); 240 copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list); 241 copyAuthTag(record->padding, TAG_PADDING, auth_list); 242 copyAuthTag(record->purpose, TAG_PURPOSE, auth_list); 243 copyAuthTag(record->rollback_resistant, TAG_ROLLBACK_RESISTANT, auth_list); 244 copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list); 245 copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list); 246 copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list); 247 copyAuthTag(record->attestation_application_id, 248 TAG_ATTESTATION_APPLICATION_ID, auth_list); 249 250 return ErrorCode::OK; 251 } 252 253 MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION) 254 255 // Parse the DER-encoded attestation record, placing the results in keymaster_version, 256 // attestation_challenge, software_enforced, tee_enforced and unique_id. 257 ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, 258 uint32_t* attestation_version, // 259 SecurityLevel* attestation_security_level, 260 uint32_t* keymaster_version, 261 SecurityLevel* keymaster_security_level, 262 hidl_vec<uint8_t>* attestation_challenge, 263 AuthorizationSet* software_enforced, 264 AuthorizationSet* tee_enforced, // 265 hidl_vec<uint8_t>* unique_id) { 266 const uint8_t* p = asn1_key_desc; 267 KM_KEY_DESCRIPTION_Ptr record(d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len)); 268 if (!record.get()) return ErrorCode::UNKNOWN_ERROR; 269 270 *attestation_version = ASN1_INTEGER_get(record->attestation_version); 271 *attestation_security_level = 272 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->attestation_security_level)); 273 *keymaster_version = ASN1_INTEGER_get(record->keymaster_version); 274 *keymaster_security_level = 275 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->keymaster_security_level)); 276 277 attestation_challenge->setToExternal(record->attestation_challenge->data, 278 record->attestation_challenge->length); 279 280 unique_id->setToExternal(record->unique_id->data, record->unique_id->length); 281 282 ErrorCode error = extract_auth_list(record->software_enforced, software_enforced); 283 if (error != ErrorCode::OK) return error; 284 285 return extract_auth_list(record->tee_enforced, tee_enforced); 286 } 287 288 } // namespace V3_0 289 } // namespace keymaster 290 } // namespace hardware 291 } // namespace android 292
