1 /*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "attestation_record.h"
18
19 #include <assert.h>
20
21 #include <openssl/asn1t.h>
22
23 #include "openssl_err.h"
24 #include "openssl_utils.h"
25
26 #include <keymaster/android_keymaster_utils.h>
27 #include <keymaster/keymaster_context.h>
28
29 namespace keymaster {
30
31 constexpr uint kCurrentKeymasterVersion = 3;
32 constexpr uint kCurrentAttestationVersion = 2;
33
34 struct stack_st_ASN1_TYPE_Delete {
operator ()keymaster::stack_st_ASN1_TYPE_Delete35 void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
36 };
37
38 struct ASN1_STRING_Delete {
operator ()keymaster::ASN1_STRING_Delete39 void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); }
40 };
41
42 struct ASN1_TYPE_Delete {
operator ()keymaster::ASN1_TYPE_Delete43 void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); }
44 };
45
46 #define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER)
47
48 typedef struct km_root_of_trust {
49 ASN1_OCTET_STRING* verified_boot_key;
50 ASN1_BOOLEAN* device_locked;
51 ASN1_ENUMERATED* verified_boot_state;
52 } KM_ROOT_OF_TRUST;
53
54 ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = {
55 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING),
56 ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN),
57 ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED),
58 } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
59 IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
60
61 typedef struct km_auth_list {
62 ASN1_INTEGER_SET* purpose;
63 ASN1_INTEGER* algorithm;
64 ASN1_INTEGER* key_size;
65 ASN1_INTEGER_SET* digest;
66 ASN1_INTEGER_SET* padding;
67 ASN1_INTEGER_SET* kdf;
68 ASN1_INTEGER* ec_curve;
69 ASN1_INTEGER* rsa_public_exponent;
70 ASN1_INTEGER* active_date_time;
71 ASN1_INTEGER* origination_expire_date_time;
72 ASN1_INTEGER* usage_expire_date_time;
73 ASN1_NULL* no_auth_required;
74 ASN1_INTEGER* user_auth_type;
75 ASN1_INTEGER* auth_timeout;
76 ASN1_NULL* allow_while_on_body;
77 ASN1_NULL* all_applications;
78 ASN1_OCTET_STRING* application_id;
79 ASN1_INTEGER* creation_date_time;
80 ASN1_INTEGER* origin;
81 ASN1_NULL* rollback_resistant;
82 KM_ROOT_OF_TRUST* root_of_trust;
83 ASN1_INTEGER* os_version;
84 ASN1_INTEGER* os_patchlevel;
85 ASN1_OCTET_STRING* attestation_application_id;
86 ASN1_OCTET_STRING* attestation_id_brand;
87 ASN1_OCTET_STRING* attestation_id_device;
88 ASN1_OCTET_STRING* attestation_id_product;
89 ASN1_OCTET_STRING* attestation_id_serial;
90 ASN1_OCTET_STRING* attestation_id_imei;
91 ASN1_OCTET_STRING* attestation_id_meid;
92 ASN1_OCTET_STRING* attestation_id_manufacturer;
93 ASN1_OCTET_STRING* attestation_id_model;
94 } KM_AUTH_LIST;
95
96 ASN1_SEQUENCE(KM_AUTH_LIST) = {
97 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.masked_tag()),
98 ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.masked_tag()),
99 ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.masked_tag()),
100 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.masked_tag()),
101 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.masked_tag()),
102 ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, kdf, ASN1_INTEGER, TAG_KDF.masked_tag()),
103 ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.masked_tag()),
104 ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
105 TAG_RSA_PUBLIC_EXPONENT.masked_tag()),
106 ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.masked_tag()),
107 ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
108 TAG_ORIGINATION_EXPIRE_DATETIME.masked_tag()),
109 ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER,
110 TAG_USAGE_EXPIRE_DATETIME.masked_tag()),
111 ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.masked_tag()),
112 ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.masked_tag()),
113 ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.masked_tag()),
114 ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL,
115 TAG_ALLOW_WHILE_ON_BODY.masked_tag()),
116 ASN1_EXP_OPT(KM_AUTH_LIST, all_applications, ASN1_NULL, TAG_ALL_APPLICATIONS.masked_tag()),
117 ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.masked_tag()),
118 ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER,
119 TAG_CREATION_DATETIME.masked_tag()),
120 ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.masked_tag()),
121 ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANT.masked_tag()),
122 ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.masked_tag()),
123 ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.masked_tag()),
124 ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.masked_tag()),
125 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
126 TAG_ATTESTATION_APPLICATION_ID.masked_tag()),
127 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_brand, ASN1_OCTET_STRING,
128 TAG_ATTESTATION_ID_BRAND.masked_tag()),
129 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_device, ASN1_OCTET_STRING,
130 TAG_ATTESTATION_ID_DEVICE.masked_tag()),
131 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_product, ASN1_OCTET_STRING,
132 TAG_ATTESTATION_ID_PRODUCT.masked_tag()),
133 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_serial, ASN1_OCTET_STRING,
134 TAG_ATTESTATION_ID_SERIAL.masked_tag()),
135 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_imei, ASN1_OCTET_STRING,
136 TAG_ATTESTATION_ID_IMEI.masked_tag()),
137 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_meid, ASN1_OCTET_STRING,
138 TAG_ATTESTATION_ID_MEID.masked_tag()),
139 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_manufacturer, ASN1_OCTET_STRING,
140 TAG_ATTESTATION_ID_MANUFACTURER.masked_tag()),
141 ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_model, ASN1_OCTET_STRING,
142 TAG_ATTESTATION_ID_MODEL.masked_tag()),
143 } ASN1_SEQUENCE_END(KM_AUTH_LIST);
144 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
145
146 typedef struct km_key_description {
147 ASN1_INTEGER* attestation_version;
148 ASN1_ENUMERATED* attestation_security_level;
149 ASN1_INTEGER* keymaster_version;
150 ASN1_ENUMERATED* keymaster_security_level;
151 ASN1_OCTET_STRING* attestation_challenge;
152 KM_AUTH_LIST* software_enforced;
153 KM_AUTH_LIST* tee_enforced;
154 ASN1_INTEGER* unique_id;
155 } KM_KEY_DESCRIPTION;
156
157 ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
158 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER),
159 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED),
160 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER),
161 ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED),
162 ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING),
163 ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING),
164 ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST),
165 ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST),
166 } ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION);
167 IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
168
169 static const keymaster_tag_t kDeviceAttestationTags[] = {
170 KM_TAG_ATTESTATION_ID_BRAND,
171 KM_TAG_ATTESTATION_ID_DEVICE,
172 KM_TAG_ATTESTATION_ID_PRODUCT,
173 KM_TAG_ATTESTATION_ID_SERIAL,
174 KM_TAG_ATTESTATION_ID_IMEI,
175 KM_TAG_ATTESTATION_ID_MEID,
176 KM_TAG_ATTESTATION_ID_MANUFACTURER,
177 KM_TAG_ATTESTATION_ID_MODEL,
178 };
179
180 struct KM_AUTH_LIST_Delete {
operator ()keymaster::KM_AUTH_LIST_Delete181 void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); }
182 };
183
184 struct KM_KEY_DESCRIPTION_Delete {
operator ()keymaster::KM_KEY_DESCRIPTION_Delete185 void operator()(KM_KEY_DESCRIPTION* p) { KM_KEY_DESCRIPTION_free(p); }
186 };
187
get_uint32_value(const keymaster_key_param_t & param)188 static uint32_t get_uint32_value(const keymaster_key_param_t& param) {
189 switch (keymaster_tag_get_type(param.tag)) {
190 case KM_ENUM:
191 case KM_ENUM_REP:
192 return param.enumerated;
193 case KM_UINT:
194 case KM_UINT_REP:
195 return param.integer;
196 default:
197 assert(false);
198 return 0xFFFFFFFF;
199 }
200 }
201
202 // Insert value in either the dest_integer or the dest_integer_set, whichever is provided.
insert_integer(ASN1_INTEGER * value,ASN1_INTEGER ** dest_integer,ASN1_INTEGER_SET ** dest_integer_set)203 static keymaster_error_t insert_integer(ASN1_INTEGER* value, ASN1_INTEGER** dest_integer,
204 ASN1_INTEGER_SET** dest_integer_set) {
205 assert((dest_integer == nullptr) ^ (dest_integer_set == nullptr));
206 assert(value);
207
208 if (dest_integer_set) {
209 if (!*dest_integer_set)
210 *dest_integer_set = sk_ASN1_INTEGER_new_null();
211 if (!*dest_integer_set)
212 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
213 if (!sk_ASN1_INTEGER_push(*dest_integer_set, value))
214 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
215 return KM_ERROR_OK;
216
217 } else if (dest_integer) {
218 if (*dest_integer)
219 ASN1_INTEGER_free(*dest_integer);
220 *dest_integer = value;
221 return KM_ERROR_OK;
222 }
223
224 assert(false); // Should never get here.
225 return KM_ERROR_OK;
226 }
227
228 // Put the contents of the keymaster AuthorizationSet auth_list in to the ASN.1 record structure,
229 // record.
build_auth_list(const AuthorizationSet & auth_list,KM_AUTH_LIST * record)230 static keymaster_error_t build_auth_list(const AuthorizationSet& auth_list, KM_AUTH_LIST* record) {
231 assert(record);
232
233 if (auth_list.empty())
234 return KM_ERROR_OK;
235
236 for (auto entry : auth_list) {
237
238 ASN1_INTEGER_SET** integer_set = nullptr;
239 ASN1_INTEGER** integer_ptr = nullptr;
240 ASN1_OCTET_STRING** string_ptr = nullptr;
241 ASN1_NULL** bool_ptr = nullptr;
242
243 switch (entry.tag) {
244
245 /* Ignored tags */
246 case KM_TAG_INVALID:
247 case KM_TAG_ASSOCIATED_DATA:
248 case KM_TAG_NONCE:
249 case KM_TAG_AUTH_TOKEN:
250 case KM_TAG_MAC_LENGTH:
251 case KM_TAG_ALL_USERS:
252 case KM_TAG_USER_ID:
253 case KM_TAG_USER_SECURE_ID:
254 case KM_TAG_EXPORTABLE:
255 case KM_TAG_RESET_SINCE_ID_ROTATION:
256 case KM_TAG_ATTESTATION_CHALLENGE:
257 case KM_TAG_BLOCK_MODE:
258 case KM_TAG_CALLER_NONCE:
259 case KM_TAG_MIN_MAC_LENGTH:
260 case KM_TAG_ECIES_SINGLE_HASH_MODE:
261 case KM_TAG_INCLUDE_UNIQUE_ID:
262 case KM_TAG_BLOB_USAGE_REQUIREMENTS:
263 case KM_TAG_BOOTLOADER_ONLY:
264 case KM_TAG_MIN_SECONDS_BETWEEN_OPS:
265 case KM_TAG_MAX_USES_PER_BOOT:
266 case KM_TAG_APPLICATION_DATA:
267 case KM_TAG_UNIQUE_ID:
268 case KM_TAG_ROOT_OF_TRUST:
269 continue;
270
271 /* Non-repeating enumerations */
272 case KM_TAG_ALGORITHM:
273 integer_ptr = &record->algorithm;
274 break;
275 case KM_TAG_EC_CURVE:
276 integer_ptr = &record->ec_curve;
277 break;
278 case KM_TAG_USER_AUTH_TYPE:
279 integer_ptr = &record->user_auth_type;
280 break;
281 case KM_TAG_ORIGIN:
282 integer_ptr = &record->origin;
283 break;
284
285 /* Repeating enumerations */
286 case KM_TAG_PURPOSE:
287 integer_set = &record->purpose;
288 break;
289 case KM_TAG_PADDING:
290 integer_set = &record->padding;
291 break;
292 case KM_TAG_DIGEST:
293 integer_set = &record->digest;
294 break;
295 case KM_TAG_KDF:
296 integer_set = &record->kdf;
297 break;
298
299 /* Non-repeating unsigned integers */
300 case KM_TAG_KEY_SIZE:
301 integer_ptr = &record->key_size;
302 break;
303 case KM_TAG_AUTH_TIMEOUT:
304 integer_ptr = &record->auth_timeout;
305 break;
306 case KM_TAG_OS_VERSION:
307 integer_ptr = &record->os_version;
308 break;
309 case KM_TAG_OS_PATCHLEVEL:
310 integer_ptr = &record->os_patchlevel;
311 break;
312
313 /* Non-repeating long unsigned integers */
314 case KM_TAG_RSA_PUBLIC_EXPONENT:
315 integer_ptr = &record->rsa_public_exponent;
316 break;
317
318 /* Dates */
319 case KM_TAG_ACTIVE_DATETIME:
320 integer_ptr = &record->active_date_time;
321 break;
322 case KM_TAG_ORIGINATION_EXPIRE_DATETIME:
323 integer_ptr = &record->origination_expire_date_time;
324 break;
325 case KM_TAG_USAGE_EXPIRE_DATETIME:
326 integer_ptr = &record->usage_expire_date_time;
327 break;
328 case KM_TAG_CREATION_DATETIME:
329 integer_ptr = &record->creation_date_time;
330 break;
331
332 /* Booleans */
333 case KM_TAG_NO_AUTH_REQUIRED:
334 bool_ptr = &record->no_auth_required;
335 break;
336 case KM_TAG_ALL_APPLICATIONS:
337 bool_ptr = &record->all_applications;
338 break;
339 case KM_TAG_ROLLBACK_RESISTANT:
340 bool_ptr = &record->rollback_resistant;
341 break;
342 case KM_TAG_ALLOW_WHILE_ON_BODY:
343 bool_ptr = &record->allow_while_on_body;
344 break;
345
346 /* Byte arrays*/
347 case KM_TAG_APPLICATION_ID:
348 string_ptr = &record->application_id;
349 break;
350 case KM_TAG_ATTESTATION_APPLICATION_ID:
351 string_ptr = &record->attestation_application_id;
352 break;
353 case KM_TAG_ATTESTATION_ID_BRAND:
354 string_ptr = &record->attestation_id_brand;
355 break;
356 case KM_TAG_ATTESTATION_ID_DEVICE:
357 string_ptr = &record->attestation_id_device;
358 break;
359 case KM_TAG_ATTESTATION_ID_PRODUCT:
360 string_ptr = &record->attestation_id_product;
361 break;
362 case KM_TAG_ATTESTATION_ID_SERIAL:
363 string_ptr = &record->attestation_id_serial;
364 break;
365 case KM_TAG_ATTESTATION_ID_IMEI:
366 string_ptr = &record->attestation_id_imei;
367 break;
368 case KM_TAG_ATTESTATION_ID_MEID:
369 string_ptr = &record->attestation_id_meid;
370 break;
371 case KM_TAG_ATTESTATION_ID_MANUFACTURER:
372 string_ptr = &record->attestation_id_manufacturer;
373 break;
374 case KM_TAG_ATTESTATION_ID_MODEL:
375 string_ptr = &record->attestation_id_model;
376 break;
377 }
378
379 keymaster_tag_type_t type = keymaster_tag_get_type(entry.tag);
380 switch (type) {
381 case KM_ENUM:
382 case KM_ENUM_REP:
383 case KM_UINT:
384 case KM_UINT_REP: {
385 assert((keymaster_tag_repeatable(entry.tag) && integer_set) ||
386 (!keymaster_tag_repeatable(entry.tag) && integer_ptr));
387
388 UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new());
389 if (!value.get())
390 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
391 if (!ASN1_INTEGER_set(value.get(), get_uint32_value(entry)))
392 return TranslateLastOpenSslError();
393
394 insert_integer(value.release(), integer_ptr, integer_set);
395 break;
396 }
397
398 case KM_ULONG:
399 case KM_ULONG_REP:
400 case KM_DATE: {
401 assert((keymaster_tag_repeatable(entry.tag) && integer_set) ||
402 (!keymaster_tag_repeatable(entry.tag) && integer_ptr));
403
404 UniquePtr<BIGNUM, BIGNUM_Delete> bn_value(BN_new());
405 if (!bn_value.get())
406 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
407
408 if (type == KM_DATE) {
409 if (!BN_set_u64(bn_value.get(), entry.date_time)) {
410 return TranslateLastOpenSslError();
411 }
412 } else {
413 if (!BN_set_u64(bn_value.get(), entry.long_integer)) {
414 return TranslateLastOpenSslError();
415 }
416 }
417
418 UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(
419 BN_to_ASN1_INTEGER(bn_value.get(), nullptr));
420 if (!value.get())
421 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
422
423 insert_integer(value.release(), integer_ptr, integer_set);
424 break;
425 }
426
427 case KM_BOOL:
428 assert(bool_ptr);
429 if (!*bool_ptr)
430 *bool_ptr = ASN1_NULL_new();
431 if (!*bool_ptr)
432 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
433 break;
434
435 /* Byte arrays*/
436 case KM_BYTES:
437 assert(string_ptr);
438 if (!*string_ptr)
439 *string_ptr = ASN1_OCTET_STRING_new();
440 if (!*string_ptr)
441 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
442 if (!ASN1_OCTET_STRING_set(*string_ptr, entry.blob.data, entry.blob.data_length))
443 return TranslateLastOpenSslError();
444 break;
445
446 default:
447 return KM_ERROR_UNIMPLEMENTED;
448 }
449 }
450
451 keymaster_ec_curve_t ec_curve;
452 uint32_t key_size;
453 if (auth_list.Contains(TAG_ALGORITHM, KM_ALGORITHM_EC) && //
454 !auth_list.Contains(TAG_EC_CURVE) && //
455 auth_list.GetTagValue(TAG_KEY_SIZE, &key_size)) {
456 // This must be a keymaster1 key. It's an EC key with no curve. Insert the curve.
457
458 keymaster_error_t error = EcKeySizeToCurve(key_size, &ec_curve);
459 if (error != KM_ERROR_OK)
460 return error;
461
462 UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new());
463 if (!value.get())
464 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
465
466 if (!ASN1_INTEGER_set(value.get(), ec_curve))
467 return TranslateLastOpenSslError();
468
469 insert_integer(value.release(), &record->ec_curve, nullptr);
470 }
471
472 return KM_ERROR_OK;
473 }
474
475 // Construct an ASN1.1 DER-encoded attestation record containing the values from sw_enforced and
476 // tee_enforced.
build_attestation_record(const AuthorizationSet & attestation_params,AuthorizationSet sw_enforced,AuthorizationSet tee_enforced,const KeymasterContext & context,UniquePtr<uint8_t[]> * asn1_key_desc,size_t * asn1_key_desc_len)477 keymaster_error_t build_attestation_record(const AuthorizationSet& attestation_params,
478 AuthorizationSet sw_enforced,
479 AuthorizationSet tee_enforced,
480 const KeymasterContext& context,
481 UniquePtr<uint8_t[]>* asn1_key_desc,
482 size_t* asn1_key_desc_len) {
483 assert(asn1_key_desc && asn1_key_desc_len);
484
485 UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> key_desc(KM_KEY_DESCRIPTION_new());
486 if (!key_desc.get())
487 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
488
489 keymaster_security_level_t keymaster_security_level;
490 uint32_t keymaster_version = UINT32_MAX;
491 if (tee_enforced.empty()) {
492 // Software key.
493 keymaster_security_level = KM_SECURITY_LEVEL_SOFTWARE;
494 keymaster_version = kCurrentKeymasterVersion;
495 } else {
496 keymaster_security_level = KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
497 switch (context.GetSecurityLevel()) {
498 case KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT:
499 keymaster_version = kCurrentKeymasterVersion;
500 break;
501
502 case KM_SECURITY_LEVEL_SOFTWARE:
503 // We're running in software, wrapping some KM hardware. Is it KM0 or KM1? KM1 keys
504 // have the purpose in the tee_enforced list. It's possible that a key could be created
505 // without a purpose, which would fool this test into reporting it's a KM0 key. That
506 // corner case doesn't matter much, because purpose-less keys are not usable anyway.
507 // Also, KM1 TEEs should disappear rapidly.
508 keymaster_version = tee_enforced.Contains(TAG_PURPOSE) ? 1 : 0;
509 break;
510 }
511
512 if (keymaster_version == UINT32_MAX)
513 return KM_ERROR_UNKNOWN_ERROR;
514 }
515
516 if (!ASN1_INTEGER_set(key_desc->attestation_version, kCurrentAttestationVersion) ||
517 !ASN1_ENUMERATED_set(key_desc->attestation_security_level, context.GetSecurityLevel()) ||
518 !ASN1_INTEGER_set(key_desc->keymaster_version, keymaster_version) ||
519 !ASN1_ENUMERATED_set(key_desc->keymaster_security_level, keymaster_security_level))
520 return TranslateLastOpenSslError();
521
522 keymaster_blob_t attestation_challenge = {nullptr, 0};
523 if (!attestation_params.GetTagValue(TAG_ATTESTATION_CHALLENGE, &attestation_challenge))
524 return KM_ERROR_ATTESTATION_CHALLENGE_MISSING;
525 if (!ASN1_OCTET_STRING_set(key_desc->attestation_challenge, attestation_challenge.data,
526 attestation_challenge.data_length))
527 return TranslateLastOpenSslError();
528
529 keymaster_blob_t attestation_app_id;
530 if (!attestation_params.GetTagValue(TAG_ATTESTATION_APPLICATION_ID, &attestation_app_id))
531 return KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING;
532 sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, attestation_app_id);
533
534 keymaster_error_t error = context.VerifyAndCopyDeviceIds(attestation_params,
535 keymaster_security_level == KM_SECURITY_LEVEL_SOFTWARE ? &sw_enforced : &tee_enforced);
536 if (error == KM_ERROR_UNIMPLEMENTED) {
537 // The KeymasterContext implementation does not support device ID attestation. Bail out if
538 // device ID attestation is being attempted.
539 for (const auto& tag : kDeviceAttestationTags) {
540 if (attestation_params.find(tag) != -1) {
541 return KM_ERROR_CANNOT_ATTEST_IDS;
542 }
543 }
544 } else if (error != KM_ERROR_OK) {
545 return error;
546 }
547
548 error = build_auth_list(sw_enforced, key_desc->software_enforced);
549 if (error != KM_ERROR_OK)
550 return error;
551
552 error = build_auth_list(tee_enforced, key_desc->tee_enforced);
553 if (error != KM_ERROR_OK)
554 return error;
555
556 // Only check tee_enforced for TAG_INCLUDE_UNIQUE_ID. If we don't have hardware we can't
557 // generate unique IDs.
558 if (tee_enforced.GetTagValue(TAG_INCLUDE_UNIQUE_ID)) {
559 uint64_t creation_datetime;
560 // Only check sw_enforced for TAG_CREATION_DATETIME, since it shouldn't be in tee_enforced,
561 // since this implementation has no secure wall clock.
562 if (!sw_enforced.GetTagValue(TAG_CREATION_DATETIME, &creation_datetime)) {
563 LOG_E("Unique ID cannot be created without creation datetime", 0);
564 return KM_ERROR_INVALID_KEY_BLOB;
565 }
566
567 keymaster_blob_t application_id = {nullptr, 0};
568 sw_enforced.GetTagValue(TAG_APPLICATION_ID, &application_id);
569
570 Buffer unique_id;
571 error = context.GenerateUniqueId(
572 creation_datetime, application_id,
573 attestation_params.GetTagValue(TAG_RESET_SINCE_ID_ROTATION), &unique_id);
574 if (error != KM_ERROR_OK)
575 return error;
576
577 key_desc->unique_id = ASN1_OCTET_STRING_new();
578 if (!key_desc->unique_id ||
579 !ASN1_OCTET_STRING_set(key_desc->unique_id, unique_id.peek_read(),
580 unique_id.available_read()))
581 return TranslateLastOpenSslError();
582 }
583
584 int len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), nullptr);
585 if (len < 0)
586 return TranslateLastOpenSslError();
587 *asn1_key_desc_len = len;
588 asn1_key_desc->reset(new uint8_t[*asn1_key_desc_len]);
589 if (!asn1_key_desc->get())
590 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
591 uint8_t* p = asn1_key_desc->get();
592 len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), &p);
593 if (len < 0)
594 return TranslateLastOpenSslError();
595
596 return KM_ERROR_OK;
597 }
598
599 // Copy all enumerated values with the specified tag from stack to auth_list.
get_repeated_enums(const stack_st_ASN1_INTEGER * stack,keymaster_tag_t tag,AuthorizationSet * auth_list)600 static bool get_repeated_enums(const stack_st_ASN1_INTEGER* stack, keymaster_tag_t tag,
601 AuthorizationSet* auth_list) {
602 assert(keymaster_tag_get_type(tag) == KM_ENUM_REP);
603 for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) {
604 if (!auth_list->push_back(
605 keymaster_param_enum(tag, ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i)))))
606 return false;
607 }
608 return true;
609 }
610
611 // Add the specified integer tag/value pair to auth_list.
612 template <keymaster_tag_type_t Type, keymaster_tag_t Tag, typename KeymasterEnum>
get_enum(const ASN1_INTEGER * asn1_int,TypedEnumTag<Type,Tag,KeymasterEnum> tag,AuthorizationSet * auth_list)613 static bool get_enum(const ASN1_INTEGER* asn1_int, TypedEnumTag<Type, Tag, KeymasterEnum> tag,
614 AuthorizationSet* auth_list) {
615 if (!asn1_int)
616 return true;
617 return auth_list->push_back(tag, static_cast<KeymasterEnum>(ASN1_INTEGER_get(asn1_int)));
618 }
619
620 // Add the specified ulong tag/value pair to auth_list.
get_ulong(const ASN1_INTEGER * asn1_int,keymaster_tag_t tag,AuthorizationSet * auth_list)621 static bool get_ulong(const ASN1_INTEGER* asn1_int, keymaster_tag_t tag,
622 AuthorizationSet* auth_list) {
623 if (!asn1_int)
624 return true;
625 UniquePtr<BIGNUM, BIGNUM_Delete> bn(ASN1_INTEGER_to_BN(asn1_int, nullptr));
626 if (!bn.get())
627 return false;
628 uint64_t ulong = BN_get_word(bn.get());
629 return auth_list->push_back(keymaster_param_long(tag, ulong));
630 }
631
632 // Extract the values from the specified ASN.1 record and place them in auth_list.
extract_auth_list(const KM_AUTH_LIST * record,AuthorizationSet * auth_list)633 static keymaster_error_t extract_auth_list(const KM_AUTH_LIST* record,
634 AuthorizationSet* auth_list) {
635 if (!record)
636 return KM_ERROR_OK;
637
638 // Purpose
639 if (!get_repeated_enums(record->purpose, TAG_PURPOSE, auth_list))
640 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
641
642 // Algorithm
643 if (!get_enum(record->algorithm, TAG_ALGORITHM, auth_list))
644 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
645
646 // Key size
647 if (record->key_size && !auth_list->push_back(TAG_KEY_SIZE, ASN1_INTEGER_get(record->key_size)))
648 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
649
650 // Digest
651 if (!get_repeated_enums(record->digest, TAG_DIGEST, auth_list))
652 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
653
654 // Padding
655 if (!get_repeated_enums(record->padding, TAG_PADDING, auth_list))
656 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
657
658 // EC curve
659 if (!get_enum(record->ec_curve, TAG_EC_CURVE, auth_list))
660 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
661
662 // RSA public exponent
663 if (!get_ulong(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list))
664 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
665
666 // Active date time
667 if (!get_ulong(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list))
668 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
669
670 // Origination expire date time
671 if (!get_ulong(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME,
672 auth_list))
673 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
674
675 // Usage Expire date time
676 if (!get_ulong(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list))
677 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
678
679 // No auth required
680 if (record->no_auth_required && !auth_list->push_back(TAG_NO_AUTH_REQUIRED))
681 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
682
683 // User auth type
684 if (!get_enum(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list))
685 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
686
687 // Auth timeout
688 if (record->auth_timeout &&
689 !auth_list->push_back(TAG_AUTH_TIMEOUT, ASN1_INTEGER_get(record->auth_timeout)))
690 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
691
692 // All applications
693 if (record->all_applications && !auth_list->push_back(TAG_ALL_APPLICATIONS))
694 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
695
696 // Application ID
697 if (record->application_id &&
698 !auth_list->push_back(TAG_APPLICATION_ID, record->application_id->data,
699 record->application_id->length))
700 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
701
702 // Creation date time
703 if (!get_ulong(record->creation_date_time, TAG_CREATION_DATETIME, auth_list))
704 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
705
706 // Origin
707 if (!get_enum(record->origin, TAG_ORIGIN, auth_list))
708 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
709
710 // Rollback resistant
711 if (record->rollback_resistant && !auth_list->push_back(TAG_ROLLBACK_RESISTANT))
712 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
713
714 // Root of trust
715 if (record->root_of_trust) {
716 KM_ROOT_OF_TRUST* rot = record->root_of_trust;
717 if (!rot->verified_boot_key)
718 return KM_ERROR_INVALID_KEY_BLOB;
719
720 // Other root of trust fields are not mapped to auth set entries.
721 }
722
723 // OS Version
724 if (record->os_version &&
725 !auth_list->push_back(TAG_OS_VERSION, ASN1_INTEGER_get(record->os_version)))
726 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
727
728 // OS Patch level
729 if (record->os_patchlevel &&
730 !auth_list->push_back(TAG_OS_PATCHLEVEL, ASN1_INTEGER_get(record->os_patchlevel)))
731 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
732
733 // Brand name
734 if (record->attestation_id_brand &&
735 !auth_list->push_back(TAG_ATTESTATION_ID_BRAND, record->attestation_id_brand->data,
736 record->attestation_id_brand->length))
737 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
738
739 // Device name
740 if (record->attestation_id_device &&
741 !auth_list->push_back(TAG_ATTESTATION_ID_DEVICE, record->attestation_id_device->data,
742 record->attestation_id_device->length))
743 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
744
745 // Product name
746 if (record->attestation_id_product &&
747 !auth_list->push_back(TAG_ATTESTATION_ID_PRODUCT, record->attestation_id_product->data,
748 record->attestation_id_product->length))
749 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
750
751 // Serial number
752 if (record->attestation_id_serial &&
753 !auth_list->push_back(TAG_ATTESTATION_ID_SERIAL, record->attestation_id_serial->data,
754 record->attestation_id_serial->length))
755 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
756
757 // IMEI
758 if (record->attestation_id_imei &&
759 !auth_list->push_back(TAG_ATTESTATION_ID_IMEI, record->attestation_id_imei->data,
760 record->attestation_id_imei->length))
761 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
762
763 // MEID
764 if (record->attestation_id_meid &&
765 !auth_list->push_back(TAG_ATTESTATION_ID_MEID, record->attestation_id_meid->data,
766 record->attestation_id_meid->length))
767 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
768
769 // Manufacturer name
770 if (record->attestation_id_manufacturer &&
771 !auth_list->push_back(TAG_ATTESTATION_ID_MANUFACTURER,
772 record->attestation_id_manufacturer->data,
773 record->attestation_id_manufacturer->length))
774 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
775
776 // Model name
777 if (record->attestation_id_model &&
778 !auth_list->push_back(TAG_ATTESTATION_ID_MODEL, record->attestation_id_model->data,
779 record->attestation_id_model->length))
780 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
781
782 return KM_ERROR_OK;
783 }
784
785 // Parse the DER-encoded attestation record, placing the results in keymaster_version,
786 // attestation_challenge, software_enforced, tee_enforced and unique_id.
parse_attestation_record(const uint8_t * asn1_key_desc,size_t asn1_key_desc_len,uint32_t * attestation_version,keymaster_security_level_t * attestation_security_level,uint32_t * keymaster_version,keymaster_security_level_t * keymaster_security_level,keymaster_blob_t * attestation_challenge,AuthorizationSet * software_enforced,AuthorizationSet * tee_enforced,keymaster_blob_t * unique_id)787 keymaster_error_t parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
788 uint32_t* attestation_version, //
789 keymaster_security_level_t* attestation_security_level,
790 uint32_t* keymaster_version,
791 keymaster_security_level_t* keymaster_security_level,
792 keymaster_blob_t* attestation_challenge,
793 AuthorizationSet* software_enforced,
794 AuthorizationSet* tee_enforced,
795 keymaster_blob_t* unique_id) {
796 const uint8_t* p = asn1_key_desc;
797 UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> record(
798 d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
799 if (!record.get())
800 return TranslateLastOpenSslError();
801
802 *attestation_version = ASN1_INTEGER_get(record->attestation_version);
803 *attestation_security_level = static_cast<keymaster_security_level_t>(
804 ASN1_ENUMERATED_get(record->attestation_security_level));
805 *keymaster_version = ASN1_INTEGER_get(record->keymaster_version);
806 *keymaster_security_level = static_cast<keymaster_security_level_t>(
807 ASN1_ENUMERATED_get(record->keymaster_security_level));
808
809 attestation_challenge->data =
810 dup_buffer(record->attestation_challenge->data, record->attestation_challenge->length);
811 attestation_challenge->data_length = record->attestation_challenge->length;
812
813 unique_id->data = dup_buffer(record->unique_id->data, record->unique_id->length);
814 unique_id->data_length = record->unique_id->length;
815
816 keymaster_error_t error = extract_auth_list(record->software_enforced, software_enforced);
817 if (error != KM_ERROR_OK)
818 return error;
819
820 return extract_auth_list(record->tee_enforced, tee_enforced);
821 }
822
823 } // namespace keymaster
824