1 /*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/attestation_record.h>
18
19 #include <assert.h>
20
21 #include <openssl/asn1t.h>
22
23 #include <keymaster/android_keymaster_utils.h>
24 #include <keymaster/km_openssl/openssl_err.h>
25 #include <keymaster/km_openssl/openssl_utils.h>
26
27 namespace keymaster {
28
29 constexpr uint kCurrentAttestationVersion = 4;
30 constexpr size_t kMaximumAttestationChallengeLength = 128;
31
32 IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
33 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
34 IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
35
36 static const keymaster_tag_t kDeviceAttestationTags[] = {
37 KM_TAG_ATTESTATION_ID_BRAND,
38 KM_TAG_ATTESTATION_ID_DEVICE,
39 KM_TAG_ATTESTATION_ID_PRODUCT,
40 KM_TAG_ATTESTATION_ID_SERIAL,
41 KM_TAG_ATTESTATION_ID_IMEI,
42 KM_TAG_ATTESTATION_ID_MEID,
43 KM_TAG_ATTESTATION_ID_MANUFACTURER,
44 KM_TAG_ATTESTATION_ID_MODEL,
45 };
46
47 struct KM_AUTH_LIST_Delete {
operator ()keymaster::KM_AUTH_LIST_Delete48 void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); }
49 };
50
51 struct KM_KEY_DESCRIPTION_Delete {
operator ()keymaster::KM_KEY_DESCRIPTION_Delete52 void operator()(KM_KEY_DESCRIPTION* p) { KM_KEY_DESCRIPTION_free(p); }
53 };
54
55 struct KM_ROOT_OF_TRUST_Delete {
operator ()keymaster::KM_ROOT_OF_TRUST_Delete56 void operator()(KM_ROOT_OF_TRUST* p) { KM_ROOT_OF_TRUST_free(p); }
57 };
58
get_uint32_value(const keymaster_key_param_t & param)59 static uint32_t get_uint32_value(const keymaster_key_param_t& param) {
60 switch (keymaster_tag_get_type(param.tag)) {
61 case KM_ENUM:
62 case KM_ENUM_REP:
63 return param.enumerated;
64 case KM_UINT:
65 case KM_UINT_REP:
66 return param.integer;
67 default:
68 assert(false);
69 return 0xFFFFFFFF;
70 }
71 }
72
73 // Insert value in either the dest_integer or the dest_integer_set, whichever is provided.
insert_integer(ASN1_INTEGER * value,ASN1_INTEGER ** dest_integer,ASN1_INTEGER_SET ** dest_integer_set)74 static keymaster_error_t insert_integer(ASN1_INTEGER* value, ASN1_INTEGER** dest_integer,
75 ASN1_INTEGER_SET** dest_integer_set) {
76 assert((dest_integer == nullptr) ^ (dest_integer_set == nullptr));
77 assert(value);
78
79 if (dest_integer_set) {
80 if (!*dest_integer_set)
81 *dest_integer_set = sk_ASN1_INTEGER_new_null();
82 if (!*dest_integer_set)
83 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
84 if (!sk_ASN1_INTEGER_push(*dest_integer_set, value))
85 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
86 return KM_ERROR_OK;
87
88 } else if (dest_integer) {
89 if (*dest_integer)
90 ASN1_INTEGER_free(*dest_integer);
91 *dest_integer = value;
92 return KM_ERROR_OK;
93 }
94
95 assert(false); // Should never get here.
96 return KM_ERROR_OK;
97 }
98
99 // Put the contents of the keymaster AuthorizationSet auth_list in to the ASN.1 record structure,
100 // record.
build_auth_list(const AuthorizationSet & auth_list,KM_AUTH_LIST * record)101 keymaster_error_t build_auth_list(const AuthorizationSet& auth_list, KM_AUTH_LIST* record) {
102 assert(record);
103
104 if (auth_list.empty())
105 return KM_ERROR_OK;
106
107 for (auto entry : auth_list) {
108
109 ASN1_INTEGER_SET** integer_set = nullptr;
110 ASN1_INTEGER** integer_ptr = nullptr;
111 ASN1_OCTET_STRING** string_ptr = nullptr;
112 ASN1_NULL** bool_ptr = nullptr;
113
114 switch (entry.tag) {
115
116 /* Tags ignored because they should never exist */
117 case KM_TAG_INVALID:
118
119 /* Tags ignored because they're not used. */
120 case KM_TAG_ALL_USERS:
121 case KM_TAG_EXPORTABLE:
122 case KM_TAG_ECIES_SINGLE_HASH_MODE:
123
124 /* Tags ignored because they're used only to provide information to operations */
125 case KM_TAG_ASSOCIATED_DATA:
126 case KM_TAG_NONCE:
127 case KM_TAG_AUTH_TOKEN:
128 case KM_TAG_MAC_LENGTH:
129 case KM_TAG_ATTESTATION_CHALLENGE:
130 case KM_TAG_RESET_SINCE_ID_ROTATION:
131
132 /* Tags ignored because they have no meaning off-device */
133 case KM_TAG_USER_ID:
134 case KM_TAG_USER_SECURE_ID:
135 case KM_TAG_BLOB_USAGE_REQUIREMENTS:
136
137 /* Tags ignored because they're not usable by app keys */
138 case KM_TAG_BOOTLOADER_ONLY:
139 case KM_TAG_INCLUDE_UNIQUE_ID:
140 case KM_TAG_MAX_USES_PER_BOOT:
141 case KM_TAG_MIN_SECONDS_BETWEEN_OPS:
142 case KM_TAG_UNIQUE_ID:
143
144 /* Tags ignored because they contain data that should not be exported */
145 case KM_TAG_APPLICATION_DATA:
146 case KM_TAG_ROOT_OF_TRUST:
147 continue;
148
149 /* Non-repeating enumerations */
150 case KM_TAG_ALGORITHM:
151 integer_ptr = &record->algorithm;
152 break;
153 case KM_TAG_EC_CURVE:
154 integer_ptr = &record->ec_curve;
155 break;
156 case KM_TAG_USER_AUTH_TYPE:
157 integer_ptr = &record->user_auth_type;
158 break;
159 case KM_TAG_ORIGIN:
160 integer_ptr = &record->origin;
161 break;
162
163 /* Repeating enumerations */
164 case KM_TAG_PURPOSE:
165 integer_set = &record->purpose;
166 break;
167 case KM_TAG_PADDING:
168 integer_set = &record->padding;
169 break;
170 case KM_TAG_DIGEST:
171 integer_set = &record->digest;
172 break;
173 case KM_TAG_KDF:
174 integer_set = &record->kdf;
175 break;
176 case KM_TAG_BLOCK_MODE:
177 integer_set = &record->block_mode;
178 break;
179
180 /* Non-repeating unsigned integers */
181 case KM_TAG_KEY_SIZE:
182 integer_ptr = &record->key_size;
183 break;
184 case KM_TAG_AUTH_TIMEOUT:
185 integer_ptr = &record->auth_timeout;
186 break;
187 case KM_TAG_OS_VERSION:
188 integer_ptr = &record->os_version;
189 break;
190 case KM_TAG_OS_PATCHLEVEL:
191 integer_ptr = &record->os_patchlevel;
192 break;
193 case KM_TAG_MIN_MAC_LENGTH:
194 integer_ptr = &record->min_mac_length;
195 break;
196
197 /* Non-repeating long unsigned integers */
198 case KM_TAG_RSA_PUBLIC_EXPONENT:
199 integer_ptr = &record->rsa_public_exponent;
200 break;
201
202 /* Dates */
203 case KM_TAG_ACTIVE_DATETIME:
204 integer_ptr = &record->active_date_time;
205 break;
206 case KM_TAG_ORIGINATION_EXPIRE_DATETIME:
207 integer_ptr = &record->origination_expire_date_time;
208 break;
209 case KM_TAG_USAGE_EXPIRE_DATETIME:
210 integer_ptr = &record->usage_expire_date_time;
211 break;
212 case KM_TAG_CREATION_DATETIME:
213 integer_ptr = &record->creation_date_time;
214 break;
215
216 /* Booleans */
217 case KM_TAG_NO_AUTH_REQUIRED:
218 bool_ptr = &record->no_auth_required;
219 break;
220 case KM_TAG_ALL_APPLICATIONS:
221 bool_ptr = &record->all_applications;
222 break;
223 case KM_TAG_ROLLBACK_RESISTANT:
224 bool_ptr = &record->rollback_resistant;
225 break;
226 case KM_TAG_ROLLBACK_RESISTANCE:
227 bool_ptr = &record->rollback_resistance;
228 break;
229 case KM_TAG_ALLOW_WHILE_ON_BODY:
230 bool_ptr = &record->allow_while_on_body;
231 break;
232 case KM_TAG_UNLOCKED_DEVICE_REQUIRED:
233 bool_ptr = &record->unlocked_device_required;
234 break;
235 case KM_TAG_CALLER_NONCE:
236 bool_ptr = &record->caller_nonce;
237 break;
238 case KM_TAG_TRUSTED_CONFIRMATION_REQUIRED:
239 bool_ptr = &record->trusted_confirmation_required;
240 break;
241 case KM_TAG_EARLY_BOOT_ONLY:
242 bool_ptr = &record->early_boot_only;
243 break;
244 case KM_TAG_DEVICE_UNIQUE_ATTESTATION:
245 bool_ptr = &record->device_unique_attestation;
246 break;
247 case KM_TAG_IDENTITY_CREDENTIAL_KEY:
248 bool_ptr = &record->identity_credential_key;
249 break;
250
251 /* Byte arrays*/
252 case KM_TAG_APPLICATION_ID:
253 string_ptr = &record->application_id;
254 break;
255 case KM_TAG_ATTESTATION_APPLICATION_ID:
256 string_ptr = &record->attestation_application_id;
257 break;
258 case KM_TAG_ATTESTATION_ID_BRAND:
259 string_ptr = &record->attestation_id_brand;
260 break;
261 case KM_TAG_ATTESTATION_ID_DEVICE:
262 string_ptr = &record->attestation_id_device;
263 break;
264 case KM_TAG_ATTESTATION_ID_PRODUCT:
265 string_ptr = &record->attestation_id_product;
266 break;
267 case KM_TAG_ATTESTATION_ID_SERIAL:
268 string_ptr = &record->attestation_id_serial;
269 break;
270 case KM_TAG_ATTESTATION_ID_IMEI:
271 string_ptr = &record->attestation_id_imei;
272 break;
273 case KM_TAG_ATTESTATION_ID_MEID:
274 string_ptr = &record->attestation_id_meid;
275 break;
276 case KM_TAG_ATTESTATION_ID_MANUFACTURER:
277 string_ptr = &record->attestation_id_manufacturer;
278 break;
279 case KM_TAG_ATTESTATION_ID_MODEL:
280 string_ptr = &record->attestation_id_model;
281 break;
282 }
283
284 keymaster_tag_type_t type = keymaster_tag_get_type(entry.tag);
285 switch (type) {
286 case KM_ENUM:
287 case KM_ENUM_REP:
288 case KM_UINT:
289 case KM_UINT_REP: {
290 assert((keymaster_tag_repeatable(entry.tag) && integer_set) ||
291 (!keymaster_tag_repeatable(entry.tag) && integer_ptr));
292
293 UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new());
294 if (!value.get())
295 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
296 if (!ASN1_INTEGER_set(value.get(), get_uint32_value(entry)))
297 return TranslateLastOpenSslError();
298
299 insert_integer(value.release(), integer_ptr, integer_set);
300 break;
301 }
302
303 case KM_ULONG:
304 case KM_ULONG_REP:
305 case KM_DATE: {
306 assert((keymaster_tag_repeatable(entry.tag) && integer_set) ||
307 (!keymaster_tag_repeatable(entry.tag) && integer_ptr));
308
309 UniquePtr<BIGNUM, BIGNUM_Delete> bn_value(BN_new());
310 if (!bn_value.get())
311 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
312
313 if (type == KM_DATE) {
314 if (!BN_set_u64(bn_value.get(), entry.date_time)) {
315 return TranslateLastOpenSslError();
316 }
317 } else {
318 if (!BN_set_u64(bn_value.get(), entry.long_integer)) {
319 return TranslateLastOpenSslError();
320 }
321 }
322
323 UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(
324 BN_to_ASN1_INTEGER(bn_value.get(), nullptr));
325 if (!value.get())
326 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
327
328 insert_integer(value.release(), integer_ptr, integer_set);
329 break;
330 }
331
332 case KM_BOOL:
333 assert(bool_ptr);
334 if (!*bool_ptr)
335 *bool_ptr = ASN1_NULL_new();
336 if (!*bool_ptr)
337 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
338 break;
339
340 /* Byte arrays*/
341 case KM_BYTES:
342 assert(string_ptr);
343 if (!*string_ptr)
344 *string_ptr = ASN1_OCTET_STRING_new();
345 if (!*string_ptr)
346 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
347 if (!ASN1_OCTET_STRING_set(*string_ptr, entry.blob.data, entry.blob.data_length))
348 return TranslateLastOpenSslError();
349 break;
350
351 default:
352 return KM_ERROR_UNIMPLEMENTED;
353 }
354 }
355
356 keymaster_ec_curve_t ec_curve;
357 uint32_t key_size;
358 if (auth_list.Contains(TAG_ALGORITHM, KM_ALGORITHM_EC) && //
359 !auth_list.Contains(TAG_EC_CURVE) && //
360 auth_list.GetTagValue(TAG_KEY_SIZE, &key_size)) {
361 // This must be a keymaster1 key. It's an EC key with no curve. Insert the curve.
362
363 keymaster_error_t error = EcKeySizeToCurve(key_size, &ec_curve);
364 if (error != KM_ERROR_OK)
365 return error;
366
367 UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new());
368 if (!value.get())
369 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
370
371 if (!ASN1_INTEGER_set(value.get(), ec_curve))
372 return TranslateLastOpenSslError();
373
374 insert_integer(value.release(), &record->ec_curve, nullptr);
375 }
376
377 return KM_ERROR_OK;
378 }
379
380 // Construct an ASN1.1 DER-encoded attestation record containing the values from sw_enforced and
381 // tee_enforced.
382 keymaster_error_t
build_attestation_record(const AuthorizationSet & attestation_params,AuthorizationSet sw_enforced,AuthorizationSet tee_enforced,const AttestationRecordContext & context,const uint keymaster_version,UniquePtr<uint8_t[]> * asn1_key_desc,size_t * asn1_key_desc_len)383 build_attestation_record(const AuthorizationSet& attestation_params, AuthorizationSet sw_enforced,
384 AuthorizationSet tee_enforced, const AttestationRecordContext& context,
385 const uint keymaster_version, UniquePtr<uint8_t[]>* asn1_key_desc,
386 size_t* asn1_key_desc_len) {
387 assert(asn1_key_desc && asn1_key_desc_len);
388
389 UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> key_desc(KM_KEY_DESCRIPTION_new());
390 if (!key_desc.get())
391 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
392
393 KM_ROOT_OF_TRUST* root_of_trust = nullptr;
394 if (context.GetSecurityLevel() == KM_SECURITY_LEVEL_SOFTWARE) {
395 key_desc->software_enforced->root_of_trust = KM_ROOT_OF_TRUST_new();
396 root_of_trust = key_desc->software_enforced->root_of_trust;
397 } else {
398 key_desc->tee_enforced->root_of_trust = KM_ROOT_OF_TRUST_new();
399 root_of_trust = key_desc->tee_enforced->root_of_trust;
400 }
401
402 keymaster_blob_t verified_boot_key;
403 keymaster_blob_t verified_boot_hash;
404 keymaster_verified_boot_t verified_boot_state;
405 bool device_locked;
406 keymaster_error_t error = context.GetVerifiedBootParams(&verified_boot_key, &verified_boot_hash,
407 &verified_boot_state, &device_locked);
408 if (error != KM_ERROR_OK) return error;
409 if (verified_boot_key.data_length &&
410 !ASN1_OCTET_STRING_set(root_of_trust->verified_boot_key, verified_boot_key.data,
411 verified_boot_key.data_length)) {
412 return TranslateLastOpenSslError();
413 }
414 if (verified_boot_hash.data_length &&
415 !ASN1_OCTET_STRING_set(root_of_trust->verified_boot_hash, verified_boot_hash.data,
416 verified_boot_hash.data_length)) {
417 return TranslateLastOpenSslError();
418 }
419
420 root_of_trust->device_locked = device_locked ? 0xFF : 0x00;
421 if (!ASN1_ENUMERATED_set(root_of_trust->verified_boot_state, verified_boot_state)) {
422 return TranslateLastOpenSslError();
423 }
424
425 if (!ASN1_INTEGER_set(key_desc->attestation_version, kCurrentAttestationVersion) ||
426 !ASN1_ENUMERATED_set(key_desc->attestation_security_level, context.GetSecurityLevel()) ||
427 !ASN1_INTEGER_set(key_desc->keymaster_version, keymaster_version) ||
428 !ASN1_ENUMERATED_set(key_desc->keymaster_security_level, context.GetSecurityLevel())) {
429 return TranslateLastOpenSslError();
430 }
431
432 keymaster_blob_t attestation_challenge = {nullptr, 0};
433 if (!attestation_params.GetTagValue(TAG_ATTESTATION_CHALLENGE, &attestation_challenge))
434 return KM_ERROR_ATTESTATION_CHALLENGE_MISSING;
435
436 if (attestation_challenge.data_length > kMaximumAttestationChallengeLength)
437 return KM_ERROR_INVALID_INPUT_LENGTH;
438
439 if (!ASN1_OCTET_STRING_set(key_desc->attestation_challenge, attestation_challenge.data,
440 attestation_challenge.data_length))
441 return TranslateLastOpenSslError();
442
443 keymaster_blob_t attestation_app_id;
444 if (!attestation_params.GetTagValue(TAG_ATTESTATION_APPLICATION_ID, &attestation_app_id))
445 return KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING;
446 sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, attestation_app_id);
447
448 error = context.VerifyAndCopyDeviceIds(
449 attestation_params,
450 context.GetSecurityLevel() == KM_SECURITY_LEVEL_SOFTWARE ? &sw_enforced : &tee_enforced);
451 if (error == KM_ERROR_UNIMPLEMENTED) {
452 // The KeymasterContext implementation does not support device ID attestation. Bail out if
453 // device ID attestation is being attempted.
454 for (const auto& tag : kDeviceAttestationTags) {
455 if (attestation_params.find(tag) != -1) {
456 return KM_ERROR_CANNOT_ATTEST_IDS;
457 }
458 }
459 } else if (error != KM_ERROR_OK) {
460 return error;
461 }
462
463 if (attestation_params.Contains(TAG_DEVICE_UNIQUE_ATTESTATION) &&
464 context.GetSecurityLevel() == KM_SECURITY_LEVEL_STRONGBOX) {
465 tee_enforced.push_back(TAG_DEVICE_UNIQUE_ATTESTATION);
466 };
467
468 error = build_auth_list(sw_enforced, key_desc->software_enforced);
469 if (error != KM_ERROR_OK)
470 return error;
471
472 error = build_auth_list(tee_enforced, key_desc->tee_enforced);
473 if (error != KM_ERROR_OK)
474 return error;
475
476 // Only check tee_enforced for TAG_INCLUDE_UNIQUE_ID. If we don't have hardware we can't
477 // generate unique IDs.
478 if (tee_enforced.GetTagValue(TAG_INCLUDE_UNIQUE_ID)) {
479 uint64_t creation_datetime;
480 // Only check sw_enforced for TAG_CREATION_DATETIME, since it shouldn't be in tee_enforced,
481 // since this implementation has no secure wall clock.
482 if (!sw_enforced.GetTagValue(TAG_CREATION_DATETIME, &creation_datetime)) {
483 LOG_E("Unique ID cannot be created without creation datetime", 0);
484 return KM_ERROR_INVALID_KEY_BLOB;
485 }
486
487 keymaster_blob_t application_id = {nullptr, 0};
488 sw_enforced.GetTagValue(TAG_APPLICATION_ID, &application_id);
489
490 Buffer unique_id;
491 error = context.GenerateUniqueId(
492 creation_datetime, application_id,
493 attestation_params.GetTagValue(TAG_RESET_SINCE_ID_ROTATION), &unique_id);
494 if (error != KM_ERROR_OK)
495 return error;
496
497 key_desc->unique_id = ASN1_OCTET_STRING_new();
498 if (!key_desc->unique_id ||
499 !ASN1_OCTET_STRING_set(key_desc->unique_id, unique_id.peek_read(),
500 unique_id.available_read()))
501 return TranslateLastOpenSslError();
502 }
503
504 int len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), nullptr);
505 if (len < 0)
506 return TranslateLastOpenSslError();
507 *asn1_key_desc_len = len;
508 asn1_key_desc->reset(new(std::nothrow) uint8_t[*asn1_key_desc_len]);
509 if (!asn1_key_desc->get())
510 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
511 uint8_t* p = asn1_key_desc->get();
512 len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), &p);
513 if (len < 0)
514 return TranslateLastOpenSslError();
515
516 return KM_ERROR_OK;
517 }
518
519 keymaster_error_t
build_attestation_record(const AuthorizationSet & attestation_params,AuthorizationSet sw_enforced,AuthorizationSet tee_enforced,const AttestationRecordContext & context,UniquePtr<uint8_t[]> * asn1_key_desc,size_t * asn1_key_desc_len)520 build_attestation_record(const AuthorizationSet& attestation_params, AuthorizationSet sw_enforced,
521 AuthorizationSet tee_enforced, const AttestationRecordContext& context,
522 UniquePtr<uint8_t[]>* asn1_key_desc, size_t* asn1_key_desc_len) {
523 return build_attestation_record(attestation_params, sw_enforced, tee_enforced, context,
524 kCurrentKeymasterVersion, asn1_key_desc, asn1_key_desc_len);
525 }
526
527 // Copy all enumerated values with the specified tag from stack to auth_list.
get_repeated_enums(const ASN1_INTEGER_SET * stack,keymaster_tag_t tag,AuthorizationSet * auth_list)528 static bool get_repeated_enums(const ASN1_INTEGER_SET* stack, keymaster_tag_t tag,
529 AuthorizationSet* auth_list) {
530 assert(keymaster_tag_get_type(tag) == KM_ENUM_REP);
531 for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) {
532 if (!auth_list->push_back(
533 keymaster_param_enum(tag, ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i)))))
534 return false;
535 }
536 return true;
537 }
538
539 // Add the specified integer tag/value pair to auth_list.
540 template <keymaster_tag_type_t Type, keymaster_tag_t Tag, typename KeymasterEnum>
get_enum(const ASN1_INTEGER * asn1_int,TypedEnumTag<Type,Tag,KeymasterEnum> tag,AuthorizationSet * auth_list)541 static bool get_enum(const ASN1_INTEGER* asn1_int, TypedEnumTag<Type, Tag, KeymasterEnum> tag,
542 AuthorizationSet* auth_list) {
543 if (!asn1_int)
544 return true;
545 return auth_list->push_back(tag, static_cast<KeymasterEnum>(ASN1_INTEGER_get(asn1_int)));
546 }
547
548 // Add the specified ulong tag/value pair to auth_list.
get_ulong(const ASN1_INTEGER * asn1_int,keymaster_tag_t tag,AuthorizationSet * auth_list)549 static bool get_ulong(const ASN1_INTEGER* asn1_int, keymaster_tag_t tag,
550 AuthorizationSet* auth_list) {
551 if (!asn1_int)
552 return true;
553 UniquePtr<BIGNUM, BIGNUM_Delete> bn(ASN1_INTEGER_to_BN(asn1_int, nullptr));
554 if (!bn.get())
555 return false;
556 uint64_t ulong = BN_get_word(bn.get());
557 return auth_list->push_back(keymaster_param_long(tag, ulong));
558 }
559
560 // Extract the values from the specified ASN.1 record and place them in auth_list.
extract_auth_list(const KM_AUTH_LIST * record,AuthorizationSet * auth_list)561 keymaster_error_t extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* auth_list) {
562 if (!record)
563 return KM_ERROR_OK;
564
565 // Purpose
566 if (!get_repeated_enums(record->purpose, TAG_PURPOSE, auth_list))
567 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
568
569 // Algorithm
570 if (!get_enum(record->algorithm, TAG_ALGORITHM, auth_list))
571 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
572
573 // Key size
574 if (record->key_size && !auth_list->push_back(TAG_KEY_SIZE, ASN1_INTEGER_get(record->key_size)))
575 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
576
577 // Block mode
578 if (!get_repeated_enums(record->block_mode, TAG_BLOCK_MODE, auth_list))
579 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
580
581 // Digest
582 if (!get_repeated_enums(record->digest, TAG_DIGEST, auth_list))
583 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
584
585 // Padding
586 if (!get_repeated_enums(record->padding, TAG_PADDING, auth_list))
587 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
588
589 // Caller nonce
590 if (record->caller_nonce && !auth_list->push_back(TAG_CALLER_NONCE))
591 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
592
593 // Min mac length
594 if (!get_ulong(record->min_mac_length, TAG_MIN_MAC_LENGTH, auth_list))
595 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
596
597 // EC curve
598 if (!get_enum(record->ec_curve, TAG_EC_CURVE, auth_list))
599 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
600
601 // RSA public exponent
602 if (!get_ulong(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list))
603 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
604
605 // Active date time
606 if (!get_ulong(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list))
607 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
608
609 // Origination expire date time
610 if (!get_ulong(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME,
611 auth_list))
612 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
613
614 // Usage Expire date time
615 if (!get_ulong(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list))
616 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
617
618 // No auth required
619 if (record->no_auth_required && !auth_list->push_back(TAG_NO_AUTH_REQUIRED))
620 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
621
622 // User auth type
623 if (!get_enum(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list))
624 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
625
626 // Auth timeout
627 if (record->auth_timeout &&
628 !auth_list->push_back(TAG_AUTH_TIMEOUT, ASN1_INTEGER_get(record->auth_timeout)))
629 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
630
631 // All applications
632 if (record->all_applications && !auth_list->push_back(TAG_ALL_APPLICATIONS))
633 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
634
635 // Application ID
636 if (record->application_id &&
637 !auth_list->push_back(TAG_APPLICATION_ID, record->application_id->data,
638 record->application_id->length))
639 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
640
641 // Attestation application ID
642 if (record->attestation_application_id &&
643 !auth_list->push_back(TAG_ATTESTATION_APPLICATION_ID,
644 record->attestation_application_id->data,
645 record->attestation_application_id->length))
646 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
647
648 // identity credential key
649 if (record->identity_credential_key && !auth_list->push_back(TAG_IDENTITY_CREDENTIAL_KEY))
650 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
651
652 // Creation date time
653 if (!get_ulong(record->creation_date_time, TAG_CREATION_DATETIME, auth_list))
654 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
655
656 // Origin
657 if (!get_enum(record->origin, TAG_ORIGIN, auth_list))
658 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
659
660 // Rollback resistant
661 if (record->rollback_resistant && !auth_list->push_back(TAG_ROLLBACK_RESISTANT))
662 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
663
664 // Root of trust
665 if (record->root_of_trust) {
666 KM_ROOT_OF_TRUST* rot = record->root_of_trust;
667 if (!rot->verified_boot_key)
668 return KM_ERROR_INVALID_KEY_BLOB;
669
670 // Other root of trust fields are not mapped to auth set entries.
671 }
672
673 // OS Version
674 if (record->os_version &&
675 !auth_list->push_back(TAG_OS_VERSION, ASN1_INTEGER_get(record->os_version)))
676 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
677
678 // OS Patch level
679 if (record->os_patchlevel &&
680 !auth_list->push_back(TAG_OS_PATCHLEVEL, ASN1_INTEGER_get(record->os_patchlevel)))
681 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
682
683 // Brand name
684 if (record->attestation_id_brand &&
685 !auth_list->push_back(TAG_ATTESTATION_ID_BRAND, record->attestation_id_brand->data,
686 record->attestation_id_brand->length))
687 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
688
689 // Device name
690 if (record->attestation_id_device &&
691 !auth_list->push_back(TAG_ATTESTATION_ID_DEVICE, record->attestation_id_device->data,
692 record->attestation_id_device->length))
693 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
694
695 // Product name
696 if (record->attestation_id_product &&
697 !auth_list->push_back(TAG_ATTESTATION_ID_PRODUCT, record->attestation_id_product->data,
698 record->attestation_id_product->length))
699 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
700
701 // Serial number
702 if (record->attestation_id_serial &&
703 !auth_list->push_back(TAG_ATTESTATION_ID_SERIAL, record->attestation_id_serial->data,
704 record->attestation_id_serial->length))
705 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
706
707 // IMEI
708 if (record->attestation_id_imei &&
709 !auth_list->push_back(TAG_ATTESTATION_ID_IMEI, record->attestation_id_imei->data,
710 record->attestation_id_imei->length))
711 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
712
713 // MEID
714 if (record->attestation_id_meid &&
715 !auth_list->push_back(TAG_ATTESTATION_ID_MEID, record->attestation_id_meid->data,
716 record->attestation_id_meid->length))
717 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
718
719 // Manufacturer name
720 if (record->attestation_id_manufacturer &&
721 !auth_list->push_back(TAG_ATTESTATION_ID_MANUFACTURER,
722 record->attestation_id_manufacturer->data,
723 record->attestation_id_manufacturer->length))
724 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
725
726 // Model name
727 if (record->attestation_id_model &&
728 !auth_list->push_back(TAG_ATTESTATION_ID_MODEL, record->attestation_id_model->data,
729 record->attestation_id_model->length))
730 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
731
732 // Trusted confirmation required
733 if (record->trusted_confirmation_required) {
734 if (!auth_list->push_back(TAG_NO_AUTH_REQUIRED)) {
735 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
736 }
737 }
738
739 // Early boot only
740 if (record->early_boot_only) {
741 if (!auth_list->push_back(TAG_EARLY_BOOT_ONLY)) {
742 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
743 }
744 }
745
746 return KM_ERROR_OK;
747 }
748
749 // Parse the DER-encoded attestation record, placing the results in keymaster_version,
750 // attestation_challenge, software_enforced, tee_enforced and unique_id.
parse_attestation_record(const uint8_t * asn1_key_desc,size_t asn1_key_desc_len,uint32_t * attestation_version,keymaster_security_level_t * attestation_security_level,uint32_t * keymaster_version,keymaster_security_level_t * keymaster_security_level,keymaster_blob_t * attestation_challenge,AuthorizationSet * software_enforced,AuthorizationSet * tee_enforced,keymaster_blob_t * unique_id)751 keymaster_error_t parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
752 uint32_t* attestation_version, //
753 keymaster_security_level_t* attestation_security_level,
754 uint32_t* keymaster_version,
755 keymaster_security_level_t* keymaster_security_level,
756 keymaster_blob_t* attestation_challenge,
757 AuthorizationSet* software_enforced,
758 AuthorizationSet* tee_enforced,
759 keymaster_blob_t* unique_id) {
760 const uint8_t* p = asn1_key_desc;
761 UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> record(
762 d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
763 if (!record.get())
764 return TranslateLastOpenSslError();
765
766 *attestation_version = ASN1_INTEGER_get(record->attestation_version);
767 *attestation_security_level = static_cast<keymaster_security_level_t>(
768 ASN1_ENUMERATED_get(record->attestation_security_level));
769 *keymaster_version = ASN1_INTEGER_get(record->keymaster_version);
770 *keymaster_security_level = static_cast<keymaster_security_level_t>(
771 ASN1_ENUMERATED_get(record->keymaster_security_level));
772
773 attestation_challenge->data =
774 dup_buffer(record->attestation_challenge->data, record->attestation_challenge->length);
775 attestation_challenge->data_length = record->attestation_challenge->length;
776
777 unique_id->data = dup_buffer(record->unique_id->data, record->unique_id->length);
778 unique_id->data_length = record->unique_id->length;
779
780 keymaster_error_t error = extract_auth_list(record->software_enforced, software_enforced);
781 if (error != KM_ERROR_OK)
782 return error;
783
784 return extract_auth_list(record->tee_enforced, tee_enforced);
785 }
786
parse_root_of_trust(const uint8_t * asn1_key_desc,size_t asn1_key_desc_len,keymaster_blob_t * verified_boot_key,keymaster_verified_boot_t * verified_boot_state,bool * device_locked)787 keymaster_error_t parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
788 keymaster_blob_t* verified_boot_key,
789 keymaster_verified_boot_t* verified_boot_state,
790 bool* device_locked) {
791 const uint8_t* p = asn1_key_desc;
792 UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> record(
793 d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
794 if (!record.get()) {
795 return TranslateLastOpenSslError();
796 }
797 if (!record->tee_enforced) {
798 return KM_ERROR_INVALID_ARGUMENT;
799 }
800 if (!record->tee_enforced->root_of_trust) {
801 return KM_ERROR_INVALID_ARGUMENT;
802 }
803 if (!record->tee_enforced->root_of_trust->verified_boot_key) {
804 return KM_ERROR_INVALID_ARGUMENT;
805 }
806 KM_ROOT_OF_TRUST* root_of_trust = record->tee_enforced->root_of_trust;
807 verified_boot_key->data = dup_buffer(root_of_trust->verified_boot_key->data,
808 root_of_trust->verified_boot_key->length);
809 verified_boot_key->data_length = root_of_trust->verified_boot_key->length;
810 *verified_boot_state = static_cast<keymaster_verified_boot_t>(
811 ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));
812 *device_locked = root_of_trust->device_locked;
813 return KM_ERROR_OK;
814 }
815
816 } // namespace keymaster
817