1 2 /* 3 * Copyright 2019, The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 #ifndef VTS_ATTESTATION_PARSER_SUPPORT_H 19 #define VTS_ATTESTATION_PARSER_SUPPORT_H 20 21 //#include <aidl/Gtest.h> 22 #include <android/hardware/identity/IIdentityCredentialStore.h> 23 #include <android/hardware/identity/support/IdentityCredentialSupport.h> 24 #include <android/hardware/keymaster/4.0/types.h> 25 #include <hardware/keymaster_defs.h> 26 #include <keymaster/android_keymaster_utils.h> 27 #include <keymaster/authorization_set.h> 28 #include <keymaster/contexts/pure_soft_keymaster_context.h> 29 #include <keymaster/contexts/soft_attestation_cert.h> 30 #include <keymaster/keymaster_tags.h> 31 #include <keymaster/km_openssl/attestation_utils.h> 32 #include <vector> 33 34 namespace android::hardware::identity::test_utils { 35 36 using ::std::optional; 37 using ::std::string; 38 using ::std::vector; 39 40 using ::keymaster::AuthorizationSet; 41 using ::keymaster::TypedTag; 42 43 class AttestationCertificateParser { 44 public: AttestationCertificateParser(const vector<Certificate> & certChain)45 AttestationCertificateParser(const vector<Certificate>& certChain) 46 : origCertChain_(certChain) {} 47 48 bool parse(); 49 50 uint32_t getKeymasterVersion(); 51 uint32_t getAttestationVersion(); 52 vector<uint8_t> getAttestationChallenge(); 53 keymaster_security_level_t getKeymasterSecurityLevel(); 54 keymaster_security_level_t getAttestationSecurityLevel(); 55 56 template <keymaster_tag_t Tag> getSwEnforcedBool(TypedTag<KM_BOOL,Tag> tag)57 bool getSwEnforcedBool(TypedTag<KM_BOOL, Tag> tag) { 58 if (att_sw_enforced_.GetTagValue(tag)) { 59 return true; 60 } 61 62 return false; 63 } 64 65 template <keymaster_tag_t Tag> getHwEnforcedBool(TypedTag<KM_BOOL,Tag> tag)66 bool getHwEnforcedBool(TypedTag<KM_BOOL, Tag> tag) { 67 if (att_hw_enforced_.GetTagValue(tag)) { 68 return true; 69 } 70 71 return false; 72 } 73 74 template <keymaster_tag_t Tag> getHwEnforcedBlob(TypedTag<KM_BYTES,Tag> tag)75 optional<vector<uint8_t>> getHwEnforcedBlob(TypedTag<KM_BYTES, Tag> tag) { 76 keymaster_blob_t blob; 77 if (att_hw_enforced_.GetTagValue(tag, &blob)) { 78 return {}; 79 } 80 81 vector<uint8_t> ret(blob.data, blob.data + blob.data_length); 82 return ret; 83 } 84 85 template <keymaster_tag_t Tag> getSwEnforcedBlob(TypedTag<KM_BYTES,Tag> tag)86 optional<vector<uint8_t>> getSwEnforcedBlob(TypedTag<KM_BYTES, Tag> tag) { 87 keymaster_blob_t blob; 88 if (!att_sw_enforced_.GetTagValue(tag, &blob)) { 89 return {}; 90 } 91 92 vector<uint8_t> ret(blob.data, blob.data + blob.data_length); 93 return ret; 94 } 95 96 private: 97 // Helper functions. 98 bool verifyChain(const keymaster_cert_chain_t& chain); 99 100 ASN1_OCTET_STRING* getAttestationRecord(X509* certificate); 101 102 X509* parseCertBlob(const keymaster_blob_t& blob); 103 104 bool verifyAttestationRecord(const keymaster_blob_t& attestation_cert); 105 106 optional<keymaster_cert_chain_t> certificateChainToKeymasterChain( 107 const vector<Certificate>& certificates); 108 109 // Private variables. 110 vector<Certificate> origCertChain_; 111 AuthorizationSet att_sw_enforced_; 112 AuthorizationSet att_hw_enforced_; 113 uint32_t att_attestation_version_; 114 uint32_t att_keymaster_version_; 115 keymaster_security_level_t att_attestation_security_level_; 116 keymaster_security_level_t att_keymaster_security_level_; 117 vector<uint8_t> att_challenge_; 118 }; 119 120 } // namespace android::hardware::identity::test_utils 121 122 #endif // VTS_ATTESTATION_PARSER_SUPPORT_H 123