1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TLOG_TAG "apploader-package"
18
19 #include <apploader/cbor.h>
20 #include <apploader/cose.h>
21 #include <apploader/package.h>
22 #include <assert.h>
23 #include <dice/cbor_reader.h>
24 #include <dice/cbor_writer.h>
25 #include <interface/apploader/apploader_package.h>
26 #include <interface/hwkey/hwkey.h>
27 #include <inttypes.h>
28 #include <lib/apploader_policy_engine/apploader_policy_engine.h>
29 #include <lib/hwaes/hwaes.h>
30 #include <lib/hwkey/hwkey.h>
31 #include <lk/compiler.h>
32 #include <stdbool.h>
33 #include <stddef.h>
34 #include <sys/mman.h>
35 #include <trusty/memref.h>
36 #include <trusty_log.h>
37 #include <uapi/err.h>
38 #include <optional>
39
40 /*
41 * Maximum size of any key we could possibly get from hwkey.
42 * If the latter returns a key larger than this, validation fails.
43 * For now, 128 bytes should be enough since the apploader only
44 * supports 256-bit (P-256) ECDSA signatures which only need
45 * about 90 bytes for their public keys. If other curves or algorithms
46 * e.g., P-521 or RSS, are supported by the apploader at a later time,
47 * this value will need to increase.
48 */
49 constexpr uint32_t kMaximumKeySize =
50 std::max(128, HWKEY_OPAQUE_HANDLE_MAX_SIZE);
51
52 static std::tuple<std::unique_ptr<uint8_t[]>, size_t>
get_key(hwkey_session_t hwkey_session,std::string_view op,uint8_t key_id)53 get_key(hwkey_session_t hwkey_session, std::string_view op, uint8_t key_id) {
54 std::string key_slot{"com.android.trusty.apploader."};
55 key_slot += op;
56 key_slot += ".key.";
57 key_slot += std::to_string(static_cast<unsigned>(key_id));
58
59 uint32_t key_size = kMaximumKeySize;
60 std::unique_ptr<uint8_t[]> result(new (std::nothrow) uint8_t[key_size]());
61 if (!result) {
62 TLOGE("Failed to allocate memory for key\n");
63 return {};
64 }
65
66 long rc = hwkey_get_keyslot_data(hwkey_session, key_slot.c_str(),
67 result.get(), &key_size);
68 if (rc < 0) {
69 TLOGE("Failed to get key %" PRIu8 " from hwkey (%ld)\n", key_id, rc);
70 return {};
71 }
72
73 return {std::move(result), static_cast<size_t>(key_size)};
74 }
75
76 /*
77 * strictCheckEcDsaSignature requires a function pointer that returns a
78 * unique_ptr, so we wrap app_policy_engine_get_key().
79 * This will store the key into two places: in *publicKeyPtr, and as a
80 * unique_ptr (which wraps a second copy of the key). The caller must free
81 * *publicKeyPtr.
82 */
get_sign_key(uint8_t key_id,const uint8_t ** public_key_ptr,unsigned int * public_key_size_ptr)83 static std::tuple<std::unique_ptr<uint8_t[]>, size_t> get_sign_key(
84 uint8_t key_id,
85 const uint8_t** public_key_ptr,
86 unsigned int* public_key_size_ptr) {
87 int rc = apploader_policy_engine_get_key(key_id, public_key_ptr,
88 public_key_size_ptr);
89 if (rc < 0) {
90 TLOGE("Failed to get key %" PRIu8 " from policy engine (%d)\n", key_id,
91 rc);
92 return {};
93 }
94
95 std::unique_ptr<uint8_t[]> result(new (std::nothrow)
96 uint8_t[*public_key_size_ptr]());
97 if (!result) {
98 TLOGE("Failed to allocate memory for key\n");
99 return {};
100 }
101
102 memcpy(result.get(), *public_key_ptr, *public_key_size_ptr);
103
104 return {std::move(result), static_cast<size_t>(*public_key_size_ptr)};
105 }
106
hwaesDecryptAesGcmInPlace(std::span<const uint8_t> key,std::span<const uint8_t> nonce,uint8_t * encryptedData,size_t encryptedDataSize,std::span<const uint8_t> additionalAuthenticatedData,size_t * outPlaintextSize)107 static bool hwaesDecryptAesGcmInPlace(
108 std::span<const uint8_t> key,
109 std::span<const uint8_t> nonce,
110 uint8_t* encryptedData,
111 size_t encryptedDataSize,
112 std::span<const uint8_t> additionalAuthenticatedData,
113 size_t* outPlaintextSize) {
114 assert(outPlaintextSize != nullptr);
115 if (encryptedDataSize <= kAesGcmTagSize) {
116 TLOGE("encryptedData too small\n");
117 return false;
118 }
119
120 if (nonce.size() != kAesGcmIvSize) {
121 TLOGE("nonce is not kAesGcmIvSize bytes, got %zu\n", nonce.size());
122 return false;
123 }
124
125 size_t ciphertextSize = encryptedDataSize - kAesGcmTagSize;
126 unsigned char* tag = encryptedData + ciphertextSize;
127
128 struct hwcrypt_args cryptArgs = {};
129 cryptArgs.key.data_ptr = key.data();
130 cryptArgs.key.len = key.size();
131 cryptArgs.iv.data_ptr = nonce.data();
132 cryptArgs.iv.len = nonce.size();
133 cryptArgs.aad.data_ptr = additionalAuthenticatedData.data();
134 cryptArgs.aad.len = additionalAuthenticatedData.size();
135 cryptArgs.tag_in.data_ptr = tag;
136 cryptArgs.tag_in.len = kAesGcmTagSize;
137 cryptArgs.text_in.data_ptr = encryptedData;
138 cryptArgs.text_in.len = ciphertextSize;
139 cryptArgs.text_out.data_ptr = encryptedData;
140 cryptArgs.text_out.len = ciphertextSize;
141 cryptArgs.key_type = HWAES_OPAQUE_HANDLE;
142 cryptArgs.padding = HWAES_NO_PADDING;
143 cryptArgs.mode = HWAES_GCM_MODE;
144
145 hwaes_session_t sess;
146 auto ret = hwaes_open(&sess);
147 if (ret != NO_ERROR) {
148 return false;
149 }
150
151 ret = hwaes_decrypt(sess, &cryptArgs);
152 if (ret == NO_ERROR) {
153 *outPlaintextSize = ciphertextSize;
154 }
155 hwaes_close(sess);
156
157 return ret == NO_ERROR;
158 }
159
160 /**
161 * apploader_parse_package_metadata - Parse an apploader package into a
162 * metadata structure
163 * @package: Pointer to the start of the package
164 * @package_size: Size of the package in bytes
165 * @metadata: Pointer to output &struct apploader_package_metadata
166 * structure
167 *
168 * This function parses an apploader package and fills the contents of a given
169 * &struct apploader_package_metadata.
170 *
171 * The function expects an application package encoded using CBOR. The concrete
172 * format of the package is as follows: each package is encoded as a CBOR array
173 * with tag %APPLOADER_PACKAGE_CBOR_TAG_APP and the following elements:
174 * * ```version:int```:
175 * Version number of the package format.
176 * Equal to %APPLOADER_PACKAGE_FORMAT_VERSION_CURRENT.
177 * * ```headers:map```:
178 * Map containing a series of optional values and flags.
179 * The keys are labels from &enum apploader_package_header_label.
180 * * ```contents```:
181 * The contents of the ELF file. This element is a CBOR ```bstr```
182 * if the ELF file is not encrypted, or a ```COSE_Encrypt``` structure
183 * if it is encrypted.
184 * * ```manifest:bstr```:
185 * The contents of the manifest file.
186 *
187 * Return: %false is an error is detected, %true otherwise.
188 */
apploader_parse_package_metadata(uint8_t * package_start,size_t package_size,struct apploader_package_metadata * metadata)189 bool apploader_parse_package_metadata(
190 uint8_t* package_start,
191 size_t package_size,
192 struct apploader_package_metadata* metadata) {
193 /*
194 * This lambda will store the signing key into metadata->publicKey, and
195 * also return a separate copy (wrapped in a unique_ptr) that is consumed
196 * by strictCheckEcDsaSignature.
197 */
198 auto local_get_sign_key = [metadata](int key_id) {
199 return get_sign_key(key_id, &(metadata->public_key),
200 &(metadata->public_key_size));
201 };
202
203 const uint8_t* unsigned_package_start;
204 size_t unsigned_package_size;
205 if (!strictCheckEcDsaSignature(package_start, package_size,
206 local_get_sign_key, &unsigned_package_start,
207 &unsigned_package_size)) {
208 TLOGE("Package signature verification failed\n");
209 return false;
210 }
211
212 struct CborIn in;
213 CborInInit(unsigned_package_start, unsigned_package_size, &in);
214
215 uint64_t tag;
216 if (CborReadTag(&in, &tag) != CBOR_READ_RESULT_OK) {
217 TLOGE("Invalid package, failed to read semantic tag\n");
218 return false;
219 }
220
221 if (tag != APPLOADER_PACKAGE_CBOR_TAG_APP) {
222 TLOGE("Invalid package semantic tag: %" PRIu64 "\n", tag);
223 return false;
224 }
225
226 size_t num_elements;
227 if (CborReadArray(&in, &num_elements) != CBOR_READ_RESULT_OK) {
228 TLOGE("Expected CBOR array\n");
229 return false;
230 }
231
232 if (num_elements == 0) {
233 TLOGE("Application package array is empty\n");
234 return false;
235 }
236
237 uint64_t version;
238 if (CborReadUint(&in, &version) != CBOR_READ_RESULT_OK) {
239 TLOGE("Invalid version field CBOR type\n");
240 return false;
241 }
242
243 if (version != APPLOADER_PACKAGE_FORMAT_VERSION_CURRENT) {
244 TLOGE("Invalid package version, expected %" PRIu64 " got %" PRIu64 "\n",
245 APPLOADER_PACKAGE_FORMAT_VERSION_CURRENT, version);
246 return false;
247 }
248
249 if (num_elements != APPLOADER_PACKAGE_CBOR_ARRAY_SZ) {
250 TLOGE("Invalid number of CBOR array elements: %zd\n", num_elements);
251 return false;
252 }
253
254 /* Read headers and reject packages with invalid header labels */
255 metadata->elf_is_cose_encrypt = false;
256
257 size_t num_pairs;
258 if (CborReadMap(&in, &num_pairs) != CBOR_READ_RESULT_OK) {
259 TLOGE("Invalid headers CBOR type, expected map\n");
260 return false;
261 }
262
263 uint64_t label;
264 for (size_t i = 0; i < num_pairs; i++) {
265 /* Read key */
266 if (CborReadUint(&in, &label) != CBOR_READ_RESULT_OK) {
267 fprintf(stderr, "Invalid headers CBOR type, expected uint\n");
268 exit(EXIT_FAILURE);
269 }
270
271 /* Read value */
272 switch (label) {
273 case APPLOADER_PACKAGE_HEADER_LABEL_CONTENT_IS_COSE_ENCRYPT: {
274 auto val = cbor::readCborBoolean(in);
275 if (!val.has_value()) {
276 fprintf(stderr,
277 "Invalid headers CBOR type, expected boolean\n");
278 exit(EXIT_FAILURE);
279 }
280 metadata->elf_is_cose_encrypt = *val;
281 break;
282 }
283
284 default:
285 TLOGE("Package headers contain invalid label: %" PRIu64 "\n",
286 label);
287 return false;
288 }
289 }
290
291 const uint8_t* elf_start;
292 size_t elf_size;
293 if (metadata->elf_is_cose_encrypt) {
294 long rc = hwkey_open();
295 if (rc < 0) {
296 TLOGE("Failed to connect to hwkey (%ld)\n", rc);
297 return false;
298 }
299
300 hwkey_session_t hwkey_session = static_cast<hwkey_session_t>(rc);
301
302 /*
303 * get the encryption key handle but keep the hwkey connection open
304 * until we've finished decrypting with it
305 */
306 auto get_encrypt_key_handle = [hwkey_session](uint8_t key_id) {
307 return get_key(hwkey_session, "encrypt", key_id);
308 };
309
310 const size_t cose_encrypt_offset = CborInOffset(&in);
311 const uint8_t* cose_encrypt_start =
312 unsigned_package_start + cose_encrypt_offset;
313
314 /*
315 * The COSE_Encrypt structure can be encoded as either tagged or
316 * untagged depending on the context it will be used in.
317 */
318 if (CborReadTag(&in, &tag) != CBOR_READ_RESULT_OK) {
319 TLOGD("COSE_Encrypt content did not contain a semantic tag\n");
320 }
321
322 if (CborReadArray(&in, &num_elements) != CBOR_READ_RESULT_OK) {
323 TLOGE("Invalid COSE_Encrypt, expected an array\n");
324 return false;
325 }
326
327 if (num_elements != kCoseEncryptArrayElements) {
328 TLOGE("Invalid COSE_Encrypt, number of CBOR array elements: %zd\n",
329 num_elements);
330 return false;
331 }
332
333 /* Skip to the end of the four element array */
334 for (size_t i = 0; i < num_elements; i++) {
335 if (CborReadSkip(&in) != CBOR_READ_RESULT_OK) {
336 TLOGE("Failed to skip to the end of COSE_Encrypt structure\n");
337 return false;
338 }
339 }
340
341 auto cose_encrypt_size = CborInOffset(&in) - cose_encrypt_offset;
342
343 const CoseByteView cose_encrypt(cose_encrypt_start, cose_encrypt_size);
344 bool success = coseDecryptAesGcmKeyWrapInPlace(
345 cose_encrypt, get_encrypt_key_handle, {}, false, &elf_start,
346 &elf_size, hwaesDecryptAesGcmInPlace);
347
348 hwkey_close(hwkey_session);
349
350 if (!success) {
351 TLOGE("Failed to decrypt ELF file\n");
352 return false;
353 }
354 } else {
355 if (CborReadBstr(&in, &elf_size, &elf_start) != CBOR_READ_RESULT_OK) {
356 TLOGE("Invalid ELF CBOR type\n");
357 return false;
358 }
359 }
360
361 if (CborReadBstr(&in, &metadata->manifest_size,
362 &metadata->manifest_start) != CBOR_READ_RESULT_OK) {
363 TLOGE("Invalid manifest CBOR type\n");
364 return false;
365 }
366
367 metadata->elf_start = elf_start;
368 metadata->elf_size = elf_size;
369
370 return true;
371 }
372