Home | History | Annotate | Download | only in functional
      1 /*
      2  * Copyright 2016 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #include "attestation_record.h"
     18 
     19 #include <assert.h>
     20 
     21 #include <openssl/asn1t.h>
     22 #include <openssl/bn.h>
     23 #include <openssl/evp.h>
     24 #include <openssl/x509.h>
     25 
     26 #include "openssl_utils.h"
     27 
     28 namespace android {
     29 namespace hardware {
     30 namespace keymaster {
     31 namespace V3_0 {
     32 
     33 struct stack_st_ASN1_TYPE_Delete {
     34     void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
     35 };
     36 
     37 struct ASN1_STRING_Delete {
     38     void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); }
     39 };
     40 
     41 struct ASN1_TYPE_Delete {
     42     void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); }
     43 };
     44 
     45 #define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER)
     46 
     47 typedef struct km_root_of_trust {
     48     ASN1_OCTET_STRING* verified_boot_key;
     49     ASN1_BOOLEAN* device_locked;
     50     ASN1_ENUMERATED* verified_boot_state;
     51 } KM_ROOT_OF_TRUST;
     52 
     53 ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = {
     54     ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING),
     55     ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN),
     56     ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED),
     57 } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
     58 IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
     59 
     60 typedef struct km_auth_list {
     61     ASN1_INTEGER_SET* purpose;
     62     ASN1_INTEGER* algorithm;
     63     ASN1_INTEGER* key_size;
     64     ASN1_INTEGER_SET* digest;
     65     ASN1_INTEGER_SET* padding;
     66     ASN1_INTEGER_SET* kdf;
     67     ASN1_INTEGER* ec_curve;
     68     ASN1_INTEGER* rsa_public_exponent;
     69     ASN1_INTEGER* active_date_time;
     70     ASN1_INTEGER* origination_expire_date_time;
     71     ASN1_INTEGER* usage_expire_date_time;
     72     ASN1_NULL* no_auth_required;
     73     ASN1_INTEGER* user_auth_type;
     74     ASN1_INTEGER* auth_timeout;
     75     ASN1_NULL* allow_while_on_body;
     76     ASN1_NULL* all_applications;
     77     ASN1_OCTET_STRING* application_id;
     78     ASN1_INTEGER* creation_date_time;
     79     ASN1_INTEGER* origin;
     80     ASN1_NULL* rollback_resistant;
     81     KM_ROOT_OF_TRUST* root_of_trust;
     82     ASN1_INTEGER* os_version;
     83     ASN1_INTEGER* os_patchlevel;
     84     ASN1_OCTET_STRING* attestation_application_id;
     85 } KM_AUTH_LIST;
     86 
     87 ASN1_SEQUENCE(KM_AUTH_LIST) = {
     88     ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.maskedTag()),
     89     ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.maskedTag()),
     90     ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.maskedTag()),
     91     ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.maskedTag()),
     92     ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.maskedTag()),
     93     ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, kdf, ASN1_INTEGER, TAG_KDF.maskedTag()),
     94     ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),
     95     ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
     96                  TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
     97     ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
     98     ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
     99                  TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
    100     ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER,
    101                  TAG_USAGE_EXPIRE_DATETIME.maskedTag()),
    102     ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),
    103     ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),
    104     ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),
    105     ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()),
    106     ASN1_EXP_OPT(KM_AUTH_LIST, all_applications, ASN1_NULL, TAG_ALL_APPLICATIONS.maskedTag()),
    107     ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.maskedTag()),
    108     ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()),
    109     ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),
    110     ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANT.maskedTag()),
    111     ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
    112     ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
    113     ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
    114     ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
    115                  TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
    116 } ASN1_SEQUENCE_END(KM_AUTH_LIST);
    117 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
    118 
    119 typedef struct km_key_description {
    120     ASN1_INTEGER* attestation_version;
    121     ASN1_ENUMERATED* attestation_security_level;
    122     ASN1_INTEGER* keymaster_version;
    123     ASN1_ENUMERATED* keymaster_security_level;
    124     ASN1_OCTET_STRING* attestation_challenge;
    125     KM_AUTH_LIST* software_enforced;
    126     KM_AUTH_LIST* tee_enforced;
    127     ASN1_INTEGER* unique_id;
    128 } KM_KEY_DESCRIPTION;
    129 
    130 ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
    131     ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER),
    132     ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED),
    133     ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER),
    134     ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED),
    135     ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING),
    136     ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING),
    137     ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST),
    138     ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST),
    139 } ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION);
    140 IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
    141 
    142 template <Tag tag>
    143 void copyAuthTag(const stack_st_ASN1_INTEGER* stack, TypedTag<TagType::ENUM_REP, tag> ttag,
    144                  AuthorizationSet* auth_list) {
    145     typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
    146     for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) {
    147         auth_list->push_back(
    148             ttag, static_cast<ValueT>(ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i))));
    149     }
    150 }
    151 
    152 template <Tag tag>
    153 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ENUM, tag> ttag,
    154                  AuthorizationSet* auth_list) {
    155     typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
    156     if (!asn1_int) return;
    157     auth_list->push_back(ttag, static_cast<ValueT>(ASN1_INTEGER_get(asn1_int)));
    158 }
    159 
    160 template <Tag tag>
    161 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::UINT, tag> ttag,
    162                  AuthorizationSet* auth_list) {
    163     if (!asn1_int) return;
    164     auth_list->push_back(ttag, ASN1_INTEGER_get(asn1_int));
    165 }
    166 
    167 BIGNUM* construct_uint_max() {
    168     BIGNUM* value = BN_new();
    169     BIGNUM_Ptr one(BN_new());
    170     BN_one(one.get());
    171     BN_lshift(value, one.get(), 32);
    172     return value;
    173 }
    174 
    175 uint64_t BignumToUint64(BIGNUM* num) {
    176     static_assert((sizeof(BN_ULONG) == sizeof(uint32_t)) || (sizeof(BN_ULONG) == sizeof(uint64_t)),
    177                   "This implementation only supports 32 and 64-bit BN_ULONG");
    178     if (sizeof(BN_ULONG) == sizeof(uint32_t)) {
    179         BIGNUM_Ptr uint_max(construct_uint_max());
    180         BIGNUM_Ptr hi(BN_new()), lo(BN_new());
    181         BN_CTX_Ptr ctx(BN_CTX_new());
    182         BN_div(hi.get(), lo.get(), num, uint_max.get(), ctx.get());
    183         return static_cast<uint64_t>(BN_get_word(hi.get())) << 32 | BN_get_word(lo.get());
    184     } else if (sizeof(BN_ULONG) == sizeof(uint64_t)) {
    185         return BN_get_word(num);
    186     } else {
    187         return 0;
    188     }
    189 }
    190 
    191 template <Tag tag>
    192 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ULONG, tag> ttag,
    193                  AuthorizationSet* auth_list) {
    194     if (!asn1_int) return;
    195     BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
    196     auth_list->push_back(ttag, BignumToUint64(num.get()));
    197 }
    198 
    199 template <Tag tag>
    200 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::DATE, tag> ttag,
    201                  AuthorizationSet* auth_list) {
    202     if (!asn1_int) return;
    203     BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
    204     auth_list->push_back(ttag, BignumToUint64(num.get()));
    205 }
    206 
    207 template <Tag tag>
    208 void copyAuthTag(const ASN1_NULL* asn1_null, TypedTag<TagType::BOOL, tag> ttag,
    209                  AuthorizationSet* auth_list) {
    210     if (!asn1_null) return;
    211     auth_list->push_back(ttag);
    212 }
    213 
    214 template <Tag tag>
    215 void copyAuthTag(const ASN1_OCTET_STRING* asn1_string, TypedTag<TagType::BYTES, tag> ttag,
    216                  AuthorizationSet* auth_list) {
    217     if (!asn1_string) return;
    218     hidl_vec<uint8_t> buf;
    219     buf.setToExternal(asn1_string->data, asn1_string->length);
    220     auth_list->push_back(ttag, buf);
    221 }
    222 
    223 // Extract the values from the specified ASN.1 record and place them in auth_list.
    224 static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* auth_list) {
    225     if (!record) return ErrorCode::OK;
    226 
    227     copyAuthTag(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list);
    228     copyAuthTag(record->algorithm, TAG_ALGORITHM, auth_list);
    229     copyAuthTag(record->all_applications, TAG_ALL_APPLICATIONS, auth_list);
    230     copyAuthTag(record->application_id, TAG_APPLICATION_ID, auth_list);
    231     copyAuthTag(record->auth_timeout, TAG_AUTH_TIMEOUT, auth_list);
    232     copyAuthTag(record->creation_date_time, TAG_CREATION_DATETIME, auth_list);
    233     copyAuthTag(record->digest, TAG_DIGEST, auth_list);
    234     copyAuthTag(record->ec_curve, TAG_EC_CURVE, auth_list);
    235     copyAuthTag(record->key_size, TAG_KEY_SIZE, auth_list);
    236     copyAuthTag(record->no_auth_required, TAG_NO_AUTH_REQUIRED, auth_list);
    237     copyAuthTag(record->origin, TAG_ORIGIN, auth_list);
    238     copyAuthTag(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, auth_list);
    239     copyAuthTag(record->os_patchlevel, TAG_OS_PATCHLEVEL, auth_list);
    240     copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list);
    241     copyAuthTag(record->padding, TAG_PADDING, auth_list);
    242     copyAuthTag(record->purpose, TAG_PURPOSE, auth_list);
    243     copyAuthTag(record->rollback_resistant, TAG_ROLLBACK_RESISTANT, auth_list);
    244     copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list);
    245     copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
    246     copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
    247     copyAuthTag(record->attestation_application_id,
    248                 TAG_ATTESTATION_APPLICATION_ID, auth_list);
    249 
    250     return ErrorCode::OK;
    251 }
    252 
    253 MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION)
    254 
    255 // Parse the DER-encoded attestation record, placing the results in keymaster_version,
    256 // attestation_challenge, software_enforced, tee_enforced and unique_id.
    257 ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
    258                                    uint32_t* attestation_version,  //
    259                                    SecurityLevel* attestation_security_level,
    260                                    uint32_t* keymaster_version,
    261                                    SecurityLevel* keymaster_security_level,
    262                                    hidl_vec<uint8_t>* attestation_challenge,
    263                                    AuthorizationSet* software_enforced,
    264                                    AuthorizationSet* tee_enforced,  //
    265                                    hidl_vec<uint8_t>* unique_id) {
    266     const uint8_t* p = asn1_key_desc;
    267     KM_KEY_DESCRIPTION_Ptr record(d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
    268     if (!record.get()) return ErrorCode::UNKNOWN_ERROR;
    269 
    270     *attestation_version = ASN1_INTEGER_get(record->attestation_version);
    271     *attestation_security_level =
    272         static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->attestation_security_level));
    273     *keymaster_version = ASN1_INTEGER_get(record->keymaster_version);
    274     *keymaster_security_level =
    275         static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->keymaster_security_level));
    276 
    277     attestation_challenge->setToExternal(record->attestation_challenge->data,
    278                                          record->attestation_challenge->length);
    279 
    280     unique_id->setToExternal(record->unique_id->data, record->unique_id->length);
    281 
    282     ErrorCode error = extract_auth_list(record->software_enforced, software_enforced);
    283     if (error != ErrorCode::OK) return error;
    284 
    285     return extract_auth_list(record->tee_enforced, tee_enforced);
    286 }
    287 
    288 }  // namespace V3_0
    289 }  // namespace keymaster
    290 }  // namespace hardware
    291 }  // namespace android
    292