1 //
2 // cOpyright (C) 2020 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15
16 #include "hmac_serializable.h"
17
18 #include <android-base/logging.h>
19 #include <optional>
20 #include <vector>
21
22 #include "host/commands/secure_env/tpm_auth.h"
23 #include "host/commands/secure_env/tpm_hmac.h"
24
25 namespace cuttlefish {
26
HmacSerializable(TpmResourceManager & resource_manager,std::function<TpmObjectSlot (TpmResourceManager &)> signing_key_fn,uint32_t digest_size,Serializable * wrapped,const Serializable * aad)27 HmacSerializable::HmacSerializable(
28 TpmResourceManager& resource_manager,
29 std::function<TpmObjectSlot(TpmResourceManager&)> signing_key_fn,
30 uint32_t digest_size, Serializable* wrapped, const Serializable* aad)
31 : resource_manager_(resource_manager),
32 signing_key_fn_(signing_key_fn),
33 digest_size_(digest_size),
34 wrapped_(wrapped),
35 aad_(aad) {}
36
SerializedSize() const37 size_t HmacSerializable::SerializedSize() const {
38 auto digest_size = sizeof(uint32_t) + digest_size_;
39 auto data_size = sizeof(uint32_t) + wrapped_->SerializedSize();
40 return digest_size + data_size;
41 }
42
Serialize(uint8_t * buf,const uint8_t * end) const43 uint8_t* HmacSerializable::Serialize(uint8_t* buf, const uint8_t* end) const {
44 auto wrapped_size = wrapped_->SerializedSize();
45 buf = keymaster::append_uint32_to_buf(buf, end, wrapped_size);
46 auto signed_data = buf;
47 buf = wrapped_->Serialize(buf, end);
48 if (buf - signed_data != wrapped_size) {
49 LOG(ERROR) << "Serialized wrapped data did not match expected size.";
50 return buf;
51 }
52 auto key = signing_key_fn_(resource_manager_);
53 if (!key) {
54 LOG(ERROR) << "Could not retrieve key";
55 return buf;
56 }
57 auto maced_data = AppendAad(signed_data, wrapped_size);
58 if (!maced_data) {
59 return buf;
60 }
61 auto hmac_data =
62 TpmHmac(resource_manager_, key->get(), TpmAuth(ESYS_TR_PASSWORD),
63 maced_data->data(), maced_data->size());
64 if (!hmac_data) {
65 LOG(ERROR) << "Failed to produce hmac";
66 return buf;
67 }
68 if (hmac_data->size != digest_size_) {
69 LOG(ERROR) << "Unexpected digest size. Wanted " << digest_size_
70 << ", TPM produced " << hmac_data->size;
71 return buf;
72 }
73 return keymaster::append_size_and_data_to_buf(
74 buf, end, hmac_data->buffer, digest_size_);
75 }
76
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)77 bool HmacSerializable::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
78 size_t signed_data_size;
79 keymaster::UniquePtr<uint8_t[]> signed_data;
80 bool success =
81 keymaster::copy_size_and_data_from_buf(
82 buf_ptr, end, &signed_data_size, &signed_data);
83 if (!success) {
84 LOG(ERROR) << "Failed to retrieve signed data";
85 return false;
86 }
87 size_t signature_size;
88 keymaster::UniquePtr<uint8_t[]> signature;
89 success =
90 keymaster::copy_size_and_data_from_buf(
91 buf_ptr, end, &signature_size, &signature);
92 if (!success) {
93 LOG(ERROR) << "Failed to retrieve signature";
94 return false;
95 }
96 if (signature_size != digest_size_) {
97 LOG(ERROR) << "Digest size did not match expected size.";
98 return false;
99 }
100 auto key = signing_key_fn_(resource_manager_);
101 if (!key) {
102 LOG(ERROR) << "Could not retrieve key";
103 return false;
104 }
105 auto maced_data = AppendAad(signed_data.get(), signed_data_size);
106 if (!maced_data) {
107 return false;
108 }
109 auto hmac_check =
110 TpmHmac(resource_manager_, key->get(), TpmAuth(ESYS_TR_PASSWORD),
111 maced_data->data(), maced_data->size());
112 if (!hmac_check) {
113 LOG(ERROR) << "Unable to calculate signature check";
114 return false;
115 }
116 if (hmac_check->size != digest_size_) {
117 LOG(ERROR) << "Unexpected signature check size. Wanted " << digest_size_
118 << ", TPM produced " << hmac_check->size;
119 return false;
120 }
121 if (memcmp(signature.get(), hmac_check->buffer, digest_size_) != 0) {
122 LOG(ERROR) << "Signature check did not match original signature.";
123 return false;
124 }
125 // Now that we've validated integrity on the data, do the inner deserialization
126 auto inner_buf = signed_data.get();
127 auto inner_buf_end = inner_buf + signed_data_size;
128 return wrapped_->Deserialize(
129 const_cast<const uint8_t**>(&inner_buf), inner_buf_end);
130 }
131
AppendAad(const uint8_t * sensitive,size_t sensitive_size) const132 std::optional<std::vector<uint8_t>> HmacSerializable::AppendAad(
133 const uint8_t* sensitive, size_t sensitive_size) const {
134 if (!aad_) {
135 return std::vector<uint8_t>(sensitive, sensitive + sensitive_size);
136 }
137 std::vector<uint8_t> output(sensitive_size + aad_->SerializedSize());
138 std::copy(sensitive, sensitive + sensitive_size, output.begin());
139
140 const uint8_t* actual_output_end =
141 aad_->Serialize(&output[sensitive_size], output.data() + output.size());
142 const ptrdiff_t actual_aad_size = actual_output_end - output.data();
143 if (actual_aad_size != output.size()) {
144 LOG(ERROR) << "Serialized aad did not match expected size. Expected: "
145 << output.size() << ", actual: " << actual_aad_size;
146 return std::nullopt;
147 }
148 return output;
149 }
150
151 } // namespace cuttlefish
152