1 /*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "attestation_record.h"
18
19 #include <assert.h>
20
21 #include <openssl/asn1t.h>
22 #include <openssl/bn.h>
23 #include <openssl/evp.h>
24 #include <openssl/x509.h>
25
26 #include "openssl_utils.h"
27
28 namespace android {
29 namespace hardware {
30 namespace keymaster {
31 namespace V3_0 {
32
33 struct stack_st_ASN1_TYPE_Delete {
operator ()android::hardware::keymaster::V3_0::stack_st_ASN1_TYPE_Delete34 void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
35 };
36
37 struct ASN1_STRING_Delete {
operator ()android::hardware::keymaster::V3_0::ASN1_STRING_Delete38 void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); }
39 };
40
41 struct ASN1_TYPE_Delete {
operator ()android::hardware::keymaster::V3_0::ASN1_TYPE_Delete42 void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); }
43 };
44
45 #define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER)
46
47 typedef struct km_root_of_trust {
48 ASN1_OCTET_STRING* verified_boot_key;
49 ASN1_BOOLEAN* device_locked;
50 ASN1_ENUMERATED* verified_boot_state;
51 } KM_ROOT_OF_TRUST;
52
53 ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = {
54 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING),
55 ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN),
56 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED),
57 } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
58 IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
59
60 typedef struct km_auth_list {
61 ASN1_INTEGER_SET* purpose;
62 ASN1_INTEGER* algorithm;
63 ASN1_INTEGER* key_size;
64 ASN1_INTEGER_SET* digest;
65 ASN1_INTEGER_SET* padding;
66 ASN1_INTEGER_SET* kdf;
67 ASN1_INTEGER* ec_curve;
68 ASN1_INTEGER* rsa_public_exponent;
69 ASN1_INTEGER* active_date_time;
70 ASN1_INTEGER* origination_expire_date_time;
71 ASN1_INTEGER* usage_expire_date_time;
72 ASN1_NULL* no_auth_required;
73 ASN1_INTEGER* user_auth_type;
74 ASN1_INTEGER* auth_timeout;
75 ASN1_NULL* allow_while_on_body;
76 ASN1_NULL* all_applications;
77 ASN1_OCTET_STRING* application_id;
78 ASN1_INTEGER* creation_date_time;
79 ASN1_INTEGER* origin;
80 ASN1_NULL* rollback_resistant;
81 KM_ROOT_OF_TRUST* root_of_trust;
82 ASN1_INTEGER* os_version;
83 ASN1_INTEGER* os_patchlevel;
84 ASN1_OCTET_STRING* attestation_application_id;
85 } KM_AUTH_LIST;
86
87 ASN1_SEQUENCE(KM_AUTH_LIST) = {
88 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.maskedTag()),
89 ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.maskedTag()),
90 ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.maskedTag()),
91 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.maskedTag()),
92 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.maskedTag()),
93 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, kdf, ASN1_INTEGER, TAG_KDF.maskedTag()),
94 ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),
95 ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
96 TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
97 ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
98 ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
99 TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
100 ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER,
101 TAG_USAGE_EXPIRE_DATETIME.maskedTag()),
102 ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),
103 ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),
104 ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),
105 ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()),
106 ASN1_EXP_OPT(KM_AUTH_LIST, all_applications, ASN1_NULL, TAG_ALL_APPLICATIONS.maskedTag()),
107 ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.maskedTag()),
108 ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()),
109 ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),
110 ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANT.maskedTag()),
111 ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
112 ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
113 ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
114 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
115 TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
116 } ASN1_SEQUENCE_END(KM_AUTH_LIST);
117 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
118
119 typedef struct km_key_description {
120 ASN1_INTEGER* attestation_version;
121 ASN1_ENUMERATED* attestation_security_level;
122 ASN1_INTEGER* keymaster_version;
123 ASN1_ENUMERATED* keymaster_security_level;
124 ASN1_OCTET_STRING* attestation_challenge;
125 KM_AUTH_LIST* software_enforced;
126 KM_AUTH_LIST* tee_enforced;
127 ASN1_INTEGER* unique_id;
128 } KM_KEY_DESCRIPTION;
129
130 ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
131 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER),
132 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED),
133 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER),
134 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED),
135 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING),
136 ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING),
137 ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST),
138 ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST),
139 } ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION);
140 IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
141
142 template <Tag tag>
copyAuthTag(const stack_st_ASN1_INTEGER * stack,TypedTag<TagType::ENUM_REP,tag> ttag,AuthorizationSet * auth_list)143 void copyAuthTag(const stack_st_ASN1_INTEGER* stack, TypedTag<TagType::ENUM_REP, tag> ttag,
144 AuthorizationSet* auth_list) {
145 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
146 for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) {
147 auth_list->push_back(
148 ttag, static_cast<ValueT>(ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i))));
149 }
150 }
151
152 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::ENUM,tag> ttag,AuthorizationSet * auth_list)153 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ENUM, tag> ttag,
154 AuthorizationSet* auth_list) {
155 typedef typename TypedTag2ValueType<decltype(ttag)>::type ValueT;
156 if (!asn1_int) return;
157 auth_list->push_back(ttag, static_cast<ValueT>(ASN1_INTEGER_get(asn1_int)));
158 }
159
160 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::UINT,tag> ttag,AuthorizationSet * auth_list)161 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::UINT, tag> ttag,
162 AuthorizationSet* auth_list) {
163 if (!asn1_int) return;
164 auth_list->push_back(ttag, ASN1_INTEGER_get(asn1_int));
165 }
166
construct_uint_max()167 BIGNUM* construct_uint_max() {
168 BIGNUM* value = BN_new();
169 BIGNUM_Ptr one(BN_new());
170 BN_one(one.get());
171 BN_lshift(value, one.get(), 32);
172 return value;
173 }
174
BignumToUint64(BIGNUM * num)175 uint64_t BignumToUint64(BIGNUM* num) {
176 static_assert((sizeof(BN_ULONG) == sizeof(uint32_t)) || (sizeof(BN_ULONG) == sizeof(uint64_t)),
177 "This implementation only supports 32 and 64-bit BN_ULONG");
178 if (sizeof(BN_ULONG) == sizeof(uint32_t)) {
179 BIGNUM_Ptr uint_max(construct_uint_max());
180 BIGNUM_Ptr hi(BN_new()), lo(BN_new());
181 BN_CTX_Ptr ctx(BN_CTX_new());
182 BN_div(hi.get(), lo.get(), num, uint_max.get(), ctx.get());
183 return static_cast<uint64_t>(BN_get_word(hi.get())) << 32 | BN_get_word(lo.get());
184 } else if (sizeof(BN_ULONG) == sizeof(uint64_t)) {
185 return BN_get_word(num);
186 } else {
187 return 0;
188 }
189 }
190
191 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::ULONG,tag> ttag,AuthorizationSet * auth_list)192 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::ULONG, tag> ttag,
193 AuthorizationSet* auth_list) {
194 if (!asn1_int) return;
195 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
196 auth_list->push_back(ttag, BignumToUint64(num.get()));
197 }
198
199 template <Tag tag>
copyAuthTag(const ASN1_INTEGER * asn1_int,TypedTag<TagType::DATE,tag> ttag,AuthorizationSet * auth_list)200 void copyAuthTag(const ASN1_INTEGER* asn1_int, TypedTag<TagType::DATE, tag> ttag,
201 AuthorizationSet* auth_list) {
202 if (!asn1_int) return;
203 BIGNUM_Ptr num(ASN1_INTEGER_to_BN(asn1_int, nullptr));
204 auth_list->push_back(ttag, BignumToUint64(num.get()));
205 }
206
207 template <Tag tag>
copyAuthTag(const ASN1_NULL * asn1_null,TypedTag<TagType::BOOL,tag> ttag,AuthorizationSet * auth_list)208 void copyAuthTag(const ASN1_NULL* asn1_null, TypedTag<TagType::BOOL, tag> ttag,
209 AuthorizationSet* auth_list) {
210 if (!asn1_null) return;
211 auth_list->push_back(ttag);
212 }
213
214 template <Tag tag>
copyAuthTag(const ASN1_OCTET_STRING * asn1_string,TypedTag<TagType::BYTES,tag> ttag,AuthorizationSet * auth_list)215 void copyAuthTag(const ASN1_OCTET_STRING* asn1_string, TypedTag<TagType::BYTES, tag> ttag,
216 AuthorizationSet* auth_list) {
217 if (!asn1_string) return;
218 hidl_vec<uint8_t> buf;
219 buf.setToExternal(asn1_string->data, asn1_string->length);
220 auth_list->push_back(ttag, buf);
221 }
222
223 // Extract the values from the specified ASN.1 record and place them in auth_list.
extract_auth_list(const KM_AUTH_LIST * record,AuthorizationSet * auth_list)224 static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* auth_list) {
225 if (!record) return ErrorCode::OK;
226
227 copyAuthTag(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list);
228 copyAuthTag(record->algorithm, TAG_ALGORITHM, auth_list);
229 copyAuthTag(record->all_applications, TAG_ALL_APPLICATIONS, auth_list);
230 copyAuthTag(record->application_id, TAG_APPLICATION_ID, auth_list);
231 copyAuthTag(record->auth_timeout, TAG_AUTH_TIMEOUT, auth_list);
232 copyAuthTag(record->creation_date_time, TAG_CREATION_DATETIME, auth_list);
233 copyAuthTag(record->digest, TAG_DIGEST, auth_list);
234 copyAuthTag(record->ec_curve, TAG_EC_CURVE, auth_list);
235 copyAuthTag(record->key_size, TAG_KEY_SIZE, auth_list);
236 copyAuthTag(record->no_auth_required, TAG_NO_AUTH_REQUIRED, auth_list);
237 copyAuthTag(record->origin, TAG_ORIGIN, auth_list);
238 copyAuthTag(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, auth_list);
239 copyAuthTag(record->os_patchlevel, TAG_OS_PATCHLEVEL, auth_list);
240 copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list);
241 copyAuthTag(record->padding, TAG_PADDING, auth_list);
242 copyAuthTag(record->purpose, TAG_PURPOSE, auth_list);
243 copyAuthTag(record->rollback_resistant, TAG_ROLLBACK_RESISTANT, auth_list);
244 copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list);
245 copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
246 copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
247 copyAuthTag(record->attestation_application_id,
248 TAG_ATTESTATION_APPLICATION_ID, auth_list);
249
250 return ErrorCode::OK;
251 }
252
MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION)253 MAKE_OPENSSL_PTR_TYPE(KM_KEY_DESCRIPTION)
254
255 // Parse the DER-encoded attestation record, placing the results in keymaster_version,
256 // attestation_challenge, software_enforced, tee_enforced and unique_id.
257 ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
258 uint32_t* attestation_version, //
259 SecurityLevel* attestation_security_level,
260 uint32_t* keymaster_version,
261 SecurityLevel* keymaster_security_level,
262 hidl_vec<uint8_t>* attestation_challenge,
263 AuthorizationSet* software_enforced,
264 AuthorizationSet* tee_enforced, //
265 hidl_vec<uint8_t>* unique_id) {
266 const uint8_t* p = asn1_key_desc;
267 KM_KEY_DESCRIPTION_Ptr record(d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
268 if (!record.get()) return ErrorCode::UNKNOWN_ERROR;
269
270 *attestation_version = ASN1_INTEGER_get(record->attestation_version);
271 *attestation_security_level =
272 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->attestation_security_level));
273 *keymaster_version = ASN1_INTEGER_get(record->keymaster_version);
274 *keymaster_security_level =
275 static_cast<SecurityLevel>(ASN1_ENUMERATED_get(record->keymaster_security_level));
276
277 attestation_challenge->setToExternal(record->attestation_challenge->data,
278 record->attestation_challenge->length);
279
280 unique_id->setToExternal(record->unique_id->data, record->unique_id->length);
281
282 ErrorCode error = extract_auth_list(record->software_enforced, software_enforced);
283 if (error != ErrorCode::OK) return error;
284
285 return extract_auth_list(record->tee_enforced, tee_enforced);
286 }
287
288 } // namespace V3_0
289 } // namespace keymaster
290 } // namespace hardware
291 } // namespace android
292