path: root/unit_test/attestation_record.cpp (plain)
blob: 8ba5a8a9a5bb6ba0850344eb030398dce62dc5b9

1	/*
2	* Copyright 2016 The Android Open Source Project
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*/
16
17	#include "attestation_record.h"
18
19	#include <assert.h>
20
21	#include <openssl/asn1t.h>
22
23	#include "openssl_err.h"
24	#include "openssl_utils.h"
25
26	#include <keymaster/android_keymaster_utils.h>
27	#include <keymaster/keymaster_context.h>
28
29	namespace keymaster {
30
31	struct stack_st_ASN1_TYPE_Delete {
32	void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
33	};
34
35	struct ASN1_STRING_Delete {
36	void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); }
37	};
38
39	struct ASN1_TYPE_Delete {
40	void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); }
41	};
42
43	#define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER)
44
45	typedef struct km_root_of_trust {
46	ASN1_OCTET_STRING* verified_boot_key;
47	ASN1_BOOLEAN* device_locked;
48	ASN1_ENUMERATED* verified_boot_state;
49	} KM_ROOT_OF_TRUST;
50
51	ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = {
52	ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING),
53	ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN),
54	ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED),
55	} ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
56	IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
57
58	typedef struct km_auth_list {
59	ASN1_INTEGER_SET* purpose;
60	ASN1_INTEGER* algorithm;
61	ASN1_INTEGER* key_size;
62	ASN1_INTEGER_SET* digest;
63	ASN1_INTEGER_SET* padding;
64	ASN1_INTEGER_SET* kdf;
65	ASN1_INTEGER* ec_curve;
66	ASN1_INTEGER* rsa_public_exponent;
67	ASN1_INTEGER* active_date_time;
68	ASN1_INTEGER* origination_expire_date_time;
69	ASN1_INTEGER* usage_expire_date_time;
70	ASN1_NULL* no_auth_required;
71	ASN1_INTEGER* user_auth_type;
72	ASN1_INTEGER* auth_timeout;
73	ASN1_NULL* allow_while_on_body;
74	ASN1_NULL* all_applications;
75	ASN1_OCTET_STRING* application_id;
76	ASN1_INTEGER* creation_date_time;
77	ASN1_INTEGER* origin;
78	ASN1_NULL* rollback_resistant;
79	KM_ROOT_OF_TRUST* root_of_trust;
80	ASN1_INTEGER* os_version;
81	ASN1_INTEGER* os_patchlevel;
82	} KM_AUTH_LIST;
83
84	ASN1_SEQUENCE(KM_AUTH_LIST) = {
85	ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.masked_tag()),
86	ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.masked_tag()),
87	ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.masked_tag()),
88	ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.masked_tag()),
89	ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.masked_tag()),
90	ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, kdf, ASN1_INTEGER, TAG_KDF.masked_tag()),
91	ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.masked_tag()),
92	ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
93	TAG_RSA_PUBLIC_EXPONENT.masked_tag()),
94	ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.masked_tag()),
95	ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
96	TAG_ORIGINATION_EXPIRE_DATETIME.masked_tag()),
97	ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER,
98	TAG_USAGE_EXPIRE_DATETIME.masked_tag()),
99	ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.masked_tag()),
100	ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.masked_tag()),
101	ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.masked_tag()),
102	ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL,
103	TAG_ALLOW_WHILE_ON_BODY.masked_tag()),
104	ASN1_EXP_OPT(KM_AUTH_LIST, all_applications, ASN1_NULL, TAG_ALL_APPLICATIONS.masked_tag()),
105	ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.masked_tag()),
106	ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER,
107	TAG_CREATION_DATETIME.masked_tag()),
108	ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.masked_tag()),
109	ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANT.masked_tag()),
110	ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.masked_tag()),
111	ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.masked_tag()),
112	ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.masked_tag()),
113	} ASN1_SEQUENCE_END(KM_AUTH_LIST);
114	IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
115
116	typedef struct km_key_description {
117	ASN1_INTEGER* attestation_version;
118	ASN1_ENUMERATED* attestation_security_level;
119	ASN1_INTEGER* keymaster_version;
120	ASN1_ENUMERATED* keymaster_security_level;
121	ASN1_OCTET_STRING* attestation_challenge;
122	KM_AUTH_LIST* software_enforced;
123	KM_AUTH_LIST* tee_enforced;
124	ASN1_INTEGER* unique_id;
125	} KM_KEY_DESCRIPTION;
126
127	ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
128	ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER),
129	ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED),
130	ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER),
131	ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED),
132	ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING),
133	ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING),
134	ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST),
135	ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST),
136	} ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION);
137	IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION);
138
139	struct KM_AUTH_LIST_Delete {
140	void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); }
141	};
142
143	struct KM_KEY_DESCRIPTION_Delete {
144	void operator()(KM_KEY_DESCRIPTION* p) { KM_KEY_DESCRIPTION_free(p); }
145	};
146
147	static uint32_t get_uint32_value(const keymaster_key_param_t& param) {
148	switch (keymaster_tag_get_type(param.tag)) {
149	case KM_ENUM:
150	case KM_ENUM_REP:
151	return param.enumerated;
152	case KM_UINT:
153	case KM_UINT_REP:
154	return param.integer;
155	default:
156	assert(false);
157	return 0xFFFFFFFF;
158	}
159	}
160
161	// Insert value in either the dest_integer or the dest_integer_set, whichever is provided.
162	static keymaster_error_t insert_integer(ASN1_INTEGER* value, ASN1_INTEGER** dest_integer,
163	ASN1_INTEGER_SET** dest_integer_set) {
164	assert((dest_integer == nullptr) ^ (dest_integer_set == nullptr));
165	assert(value);
166
167	if (dest_integer_set) {
168	if (!*dest_integer_set)
169	*dest_integer_set = sk_ASN1_INTEGER_new_null();
170	if (!*dest_integer_set)
171	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
172	if (!sk_ASN1_INTEGER_push(*dest_integer_set, value))
173	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
174	return KM_ERROR_OK;
175
176	} else if (dest_integer) {
177	if (*dest_integer)
178	ASN1_INTEGER_free(*dest_integer);
179	*dest_integer = value;
180	return KM_ERROR_OK;
181	}
182
183	assert(false); // Should never get here.
184	return KM_ERROR_OK;
185	}
186
187	// Put the contents of the keymaster AuthorizationSet auth_list in to the ASN.1 record structure,
188	// record.
189	static keymaster_error_t build_auth_list(const AuthorizationSet& auth_list, KM_AUTH_LIST* record) {
190	assert(record);
191
192	if (auth_list.empty())
193	return KM_ERROR_OK;
194
195	for (auto entry : auth_list) {
196
197	ASN1_INTEGER_SET** integer_set = nullptr;
198	ASN1_INTEGER** integer_ptr = nullptr;
199	ASN1_OCTET_STRING** string_ptr = nullptr;
200	ASN1_NULL** bool_ptr = nullptr;
201
202	switch (entry.tag) {
203
204	/* Ignored tags */
205	case KM_TAG_INVALID:
206	case KM_TAG_ASSOCIATED_DATA:
207	case KM_TAG_NONCE:
208	case KM_TAG_AUTH_TOKEN:
209	case KM_TAG_MAC_LENGTH:
210	case KM_TAG_ALL_USERS:
211	case KM_TAG_USER_ID:
212	case KM_TAG_USER_SECURE_ID:
213	case KM_TAG_EXPORTABLE:
214	case KM_TAG_RESET_SINCE_ID_ROTATION:
215	case KM_TAG_ATTESTATION_CHALLENGE:
216	case KM_TAG_BLOCK_MODE:
217	case KM_TAG_CALLER_NONCE:
218	case KM_TAG_MIN_MAC_LENGTH:
219	case KM_TAG_ECIES_SINGLE_HASH_MODE:
220	case KM_TAG_INCLUDE_UNIQUE_ID:
221	case KM_TAG_BLOB_USAGE_REQUIREMENTS:
222	case KM_TAG_BOOTLOADER_ONLY:
223	case KM_TAG_MIN_SECONDS_BETWEEN_OPS:
224	case KM_TAG_MAX_USES_PER_BOOT:
225	case KM_TAG_APPLICATION_DATA:
226	case KM_TAG_UNIQUE_ID:
227	case KM_TAG_ROOT_OF_TRUST:
228	continue;
229
230	/* Non-repeating enumerations */
231	case KM_TAG_ALGORITHM:
232	integer_ptr = &record->algorithm;
233	break;
234	case KM_TAG_EC_CURVE:
235	integer_ptr = &record->ec_curve;
236	break;
237	case KM_TAG_USER_AUTH_TYPE:
238	integer_ptr = &record->user_auth_type;
239	break;
240	case KM_TAG_ORIGIN:
241	integer_ptr = &record->origin;
242	break;
243
244	/* Repeating enumerations */
245	case KM_TAG_PURPOSE:
246	integer_set = &record->purpose;
247	break;
248	case KM_TAG_PADDING:
249	integer_set = &record->padding;
250	break;
251	case KM_TAG_DIGEST:
252	integer_set = &record->digest;
253	break;
254	case KM_TAG_KDF:
255	integer_set = &record->kdf;
256	break;
257
258	/* Non-repeating unsigned integers */
259	case KM_TAG_KEY_SIZE:
260	integer_ptr = &record->key_size;
261	break;
262	case KM_TAG_AUTH_TIMEOUT:
263	integer_ptr = &record->auth_timeout;
264	break;
265	case KM_TAG_OS_VERSION:
266	integer_ptr = &record->os_version;
267	break;
268	case KM_TAG_OS_PATCHLEVEL:
269	integer_ptr = &record->os_patchlevel;
270	break;
271
272	/* Non-repeating long unsigned integers */
273	case KM_TAG_RSA_PUBLIC_EXPONENT:
274	integer_ptr = &record->rsa_public_exponent;
275	break;
276
277	/* Dates */
278	case KM_TAG_ACTIVE_DATETIME:
279	integer_ptr = &record->active_date_time;
280	break;
281	case KM_TAG_ORIGINATION_EXPIRE_DATETIME:
282	integer_ptr = &record->origination_expire_date_time;
283	break;
284	case KM_TAG_USAGE_EXPIRE_DATETIME:
285	integer_ptr = &record->usage_expire_date_time;
286	break;
287	case KM_TAG_CREATION_DATETIME:
288	integer_ptr = &record->creation_date_time;
289	break;
290
291	/* Booleans */
292	case KM_TAG_NO_AUTH_REQUIRED:
293	bool_ptr = &record->no_auth_required;
294	break;
295	case KM_TAG_ALL_APPLICATIONS:
296	bool_ptr = &record->all_applications;
297	break;
298	case KM_TAG_ROLLBACK_RESISTANT:
299	bool_ptr = &record->rollback_resistant;
300	break;
301	case KM_TAG_ALLOW_WHILE_ON_BODY:
302	bool_ptr = &record->allow_while_on_body;
303	break;
304
305	/* Byte arrays*/
306	case KM_TAG_APPLICATION_ID:
307	string_ptr = &record->application_id;
308	break;
309	default:
310	break;
311	}
312
313	keymaster_tag_type_t type = keymaster_tag_get_type(entry.tag);
314	switch (type) {
315	case KM_ENUM:
316	case KM_ENUM_REP:
317	case KM_UINT:
318	case KM_UINT_REP: {
319	assert((keymaster_tag_repeatable(entry.tag) && integer_set) ||
320	(!keymaster_tag_repeatable(entry.tag) && integer_ptr));
321
322	UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new());
323	if (!value.get())
324	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
325	if (!ASN1_INTEGER_set(value.get(), get_uint32_value(entry)))
326	return TranslateLastOpenSslError();
327
328	insert_integer(value.release(), integer_ptr, integer_set);
329	break;
330	}
331
332	case KM_ULONG:
333	case KM_ULONG_REP:
334	case KM_DATE: {
335	assert((keymaster_tag_repeatable(entry.tag) && integer_set) ||
336	(!keymaster_tag_repeatable(entry.tag) && integer_ptr));
337
338	UniquePtr<BIGNUM, BIGNUM_Delete> bn_value(BN_new());
339	if (!bn_value.get())
340	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
341
342	if (type == KM_DATE) {
343	if (!BN_set_u64(bn_value.get(), entry.date_time)) {
344	return TranslateLastOpenSslError();
345	}
346	} else {
347	if (!BN_set_u64(bn_value.get(), entry.long_integer)) {
348	return TranslateLastOpenSslError();
349	}
350	}
351
352	UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(
353	BN_to_ASN1_INTEGER(bn_value.get(), nullptr));
354	if (!value.get())
355	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
356
357	insert_integer(value.release(), integer_ptr, integer_set);
358	break;
359	}
360
361	case KM_BOOL:
362	assert(bool_ptr);
363	if (!*bool_ptr)
364	*bool_ptr = ASN1_NULL_new();
365	if (!*bool_ptr)
366	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
367	break;
368
369	/* Byte arrays*/
370	case KM_BYTES:
371	assert(string_ptr);
372	if (!*string_ptr)
373	*string_ptr = ASN1_OCTET_STRING_new();
374	if (!*string_ptr)
375	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
376	if (!ASN1_OCTET_STRING_set(*string_ptr, entry.blob.data, entry.blob.data_length))
377	return TranslateLastOpenSslError();
378	break;
379
380	default:
381	return KM_ERROR_UNIMPLEMENTED;
382	}
383	}
384
385	keymaster_ec_curve_t ec_curve;
386	uint32_t key_size;
387	if (auth_list.Contains(TAG_ALGORITHM, KM_ALGORITHM_EC) && //
388	!auth_list.Contains(TAG_EC_CURVE) && //
389	auth_list.GetTagValue(TAG_KEY_SIZE, &key_size)) {
390	// This must be a keymaster1 key. It's an EC key with no curve. Insert the curve.
391
392	keymaster_error_t error = EcKeySizeToCurve(key_size, &ec_curve);
393	if (error != KM_ERROR_OK)
394	return error;
395
396	UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new());
397	if (!value.get())
398	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
399
400	if (!ASN1_INTEGER_set(value.get(), ec_curve))
401	return TranslateLastOpenSslError();
402
403	insert_integer(value.release(), &record->ec_curve, nullptr);
404	}
405
406	return KM_ERROR_OK;
407	}
408
409	// Construct an ASN1.1 DER-encoded attestation record containing the values from sw_enforced and
410	// tee_enforced.
411	keymaster_error_t build_attestation_record(const AuthorizationSet& attestation_params,
412	const AuthorizationSet& sw_enforced,
413	const AuthorizationSet& tee_enforced,
414	const KeymasterContext& context,
415	UniquePtr<uint8_t[]>* asn1_key_desc,
416	size_t* asn1_key_desc_len) {
417	assert(asn1_key_desc && asn1_key_desc_len);
418
419	UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> key_desc(KM_KEY_DESCRIPTION_new());
420	if (!key_desc.get())
421	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
422
423	keymaster_security_level_t keymaster_security_level;
424	uint32_t keymaster_version = UINT32_MAX;
425	if (tee_enforced.empty()) {
426	// Software key.
427	keymaster_security_level = KM_SECURITY_LEVEL_SOFTWARE;
428	keymaster_version = 2;
429	} else {
430	keymaster_security_level = KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
431	switch (context.GetSecurityLevel()) {
432	case KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT:
433	// We're running in a TEE, so the key is KM2.
434	keymaster_version = 2;
435	break;
436
437	case KM_SECURITY_LEVEL_SOFTWARE:
438	// We're running in software, wrapping some KM hardware. Is it KM0 or KM1? KM1 keys
439	// have the purpose in the tee_enforced list. It's possible that a key could be created
440	// without a purpose, which would fool this test into reporting it's a KM0 key. That
441	// corner case doesn't matter much, because purpose-less keys are not usable anyway.
442	// Also, KM1 TEEs should disappear rapidly.
443	keymaster_version = tee_enforced.Contains(TAG_PURPOSE) ? 1 : 0;
444	break;
445	}
446
447	if (keymaster_version == UINT32_MAX)
448	return KM_ERROR_UNKNOWN_ERROR;
449	}
450
451	if (!ASN1_INTEGER_set(key_desc->attestation_version, 1) ||
452	!ASN1_ENUMERATED_set(key_desc->attestation_security_level, context.GetSecurityLevel()) ||
453	!ASN1_INTEGER_set(key_desc->keymaster_version, keymaster_version) ||
454	!ASN1_ENUMERATED_set(key_desc->keymaster_security_level, keymaster_security_level))
455	return TranslateLastOpenSslError();
456
457	keymaster_blob_t attestation_challenge = {nullptr, 0};
458	if (!attestation_params.GetTagValue(TAG_ATTESTATION_CHALLENGE, &attestation_challenge))
459	return KM_ERROR_ATTESTATION_CHALLENGE_MISSING;
460	if (!ASN1_OCTET_STRING_set(key_desc->attestation_challenge, attestation_challenge.data,
461	attestation_challenge.data_length))
462	return TranslateLastOpenSslError();
463
464	keymaster_error_t error = build_auth_list(sw_enforced, key_desc->software_enforced);
465	if (error != KM_ERROR_OK)
466	return error;
467
468	error = build_auth_list(tee_enforced, key_desc->tee_enforced);
469	if (error != KM_ERROR_OK)
470	return error;
471
472	// Only check tee_enforced for TAG_INCLUDE_UNIQUE_ID. If we don't have hardware we can't
473	// generate unique IDs.
474	if (tee_enforced.GetTagValue(TAG_INCLUDE_UNIQUE_ID)) {
475	uint64_t creation_datetime;
476	// Only check sw_enforced for TAG_CREATION_DATETIME, since it shouldn't be in tee_enforced,
477	// since this implementation has no secure wall clock.
478	if (!sw_enforced.GetTagValue(TAG_CREATION_DATETIME, &creation_datetime)) {
479	LOG_E("Unique ID cannot be created without creation datetime", 0);
480	return KM_ERROR_INVALID_KEY_BLOB;
481	}
482
483	keymaster_blob_t application_id = {nullptr, 0};
484	sw_enforced.GetTagValue(TAG_APPLICATION_ID, &application_id);
485
486	Buffer unique_id;
487	error = context.GenerateUniqueId(
488	creation_datetime, application_id,
489	attestation_params.GetTagValue(TAG_RESET_SINCE_ID_ROTATION), &unique_id);
490	if (error != KM_ERROR_OK)
491	return error;
492
493	key_desc->unique_id = ASN1_OCTET_STRING_new();
494	if (!key_desc->unique_id ||
495	!ASN1_OCTET_STRING_set(key_desc->unique_id, unique_id.peek_read(),
496	unique_id.available_read()))
497	return TranslateLastOpenSslError();
498	}
499
500	int len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), nullptr);
501	if (len < 0)
502	return TranslateLastOpenSslError();
503	*asn1_key_desc_len = len;
504	asn1_key_desc->reset(new uint8_t[*asn1_key_desc_len]);
505	if (!asn1_key_desc->get())
506	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
507	uint8_t* p = asn1_key_desc->get();
508	len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), &p);
509	if (len < 0)
510	return TranslateLastOpenSslError();
511
512	return KM_ERROR_OK;
513	}
514
515	// Copy all enumerated values with the specified tag from stack to auth_list.
516	static bool get_repeated_enums(const stack_st_ASN1_INTEGER* stack, keymaster_tag_t tag,
517	AuthorizationSet* auth_list) {
518	assert(keymaster_tag_get_type(tag) == KM_ENUM_REP);
519	for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) {
520	if (!auth_list->push_back(
521	keymaster_param_enum(tag, ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i)))))
522	return false;
523	}
524	return true;
525	}
526
527	// Add the specified integer tag/value pair to auth_list.
528	template <keymaster_tag_type_t Type, keymaster_tag_t Tag, typename KeymasterEnum>
529	static bool get_enum(const ASN1_INTEGER* asn1_int, TypedEnumTag<Type, Tag, KeymasterEnum> tag,
530	AuthorizationSet* auth_list) {
531	if (!asn1_int)
532	return true;
533	return auth_list->push_back(tag, static_cast<KeymasterEnum>(ASN1_INTEGER_get(asn1_int)));
534	}
535
536	// Add the specified ulong tag/value pair to auth_list.
537	static bool get_ulong(const ASN1_INTEGER* asn1_int, keymaster_tag_t tag,
538	AuthorizationSet* auth_list) {
539	if (!asn1_int)
540	return true;
541	UniquePtr<BIGNUM, BIGNUM_Delete> bn(ASN1_INTEGER_to_BN(asn1_int, nullptr));
542	if (!bn.get())
543	return false;
544	uint64_t ulong = BN_get_word(bn.get());
545	return auth_list->push_back(keymaster_param_long(tag, ulong));
546	}
547
548	// Extract the values from the specified ASN.1 record and place them in auth_list.
549	static keymaster_error_t extract_auth_list(const KM_AUTH_LIST* record,
550	AuthorizationSet* auth_list) {
551	if (!record)
552	return KM_ERROR_OK;
553
554	// Purpose
555	if (!get_repeated_enums(record->purpose, TAG_PURPOSE, auth_list))
556	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
557
558	// Algorithm
559	if (!get_enum(record->algorithm, TAG_ALGORITHM, auth_list))
560	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
561
562	// Key size
563	if (record->key_size && !auth_list->push_back(TAG_KEY_SIZE, ASN1_INTEGER_get(record->key_size)))
564	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
565
566	// Digest
567	if (!get_repeated_enums(record->digest, TAG_DIGEST, auth_list))
568	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
569
570	// Padding
571	if (!get_repeated_enums(record->padding, TAG_PADDING, auth_list))
572	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
573
574	// EC curve
575	if (!get_enum(record->ec_curve, TAG_EC_CURVE, auth_list))
576	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
577
578	// RSA public exponent
579	if (!get_ulong(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list))
580	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
581
582	// Active date time
583	if (!get_ulong(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list))
584	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
585
586	// Origination expire date time
587	if (!get_ulong(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME,
588	auth_list))
589	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
590
591	// Usage Expire date time
592	if (!get_ulong(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list))
593	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
594
595	// No auth required
596	if (record->no_auth_required && !auth_list->push_back(TAG_NO_AUTH_REQUIRED))
597	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
598
599	// User auth type
600	if (!get_enum(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list))
601	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
602
603	// Auth timeout
604	if (record->auth_timeout &&
605	!auth_list->push_back(TAG_AUTH_TIMEOUT, ASN1_INTEGER_get(record->auth_timeout)))
606	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
607
608	// All applications
609	if (record->all_applications && !auth_list->push_back(TAG_ALL_APPLICATIONS))
610	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
611
612	// Application ID
613	if (record->application_id &&
614	!auth_list->push_back(TAG_APPLICATION_ID, record->application_id->data,
615	record->application_id->length))
616	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
617
618	// Creation date time
619	if (!get_ulong(record->creation_date_time, TAG_CREATION_DATETIME, auth_list))
620	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
621
622	// Origin
623	if (!get_enum(record->origin, TAG_ORIGIN, auth_list))
624	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
625
626	// Rollback resistant
627	if (record->rollback_resistant && !auth_list->push_back(TAG_ROLLBACK_RESISTANT))
628	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
629
630	// Root of trust
631	if (record->root_of_trust) {
632	KM_ROOT_OF_TRUST* rot = record->root_of_trust;
633	if (!rot->verified_boot_key)
634	return KM_ERROR_INVALID_KEY_BLOB;
635
636	// Other root of trust fields are not mapped to auth set entries.
637	}
638
639	// OS Version
640	if (record->os_version &&
641	!auth_list->push_back(TAG_OS_VERSION, ASN1_INTEGER_get(record->os_version)))
642	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
643
644	// OS Patch level
645	if (record->os_patchlevel &&
646	!auth_list->push_back(TAG_OS_PATCHLEVEL, ASN1_INTEGER_get(record->os_patchlevel)))
647	return KM_ERROR_MEMORY_ALLOCATION_FAILED;
648
649	return KM_ERROR_OK;
650	}
651
652	// Parse the DER-encoded attestation record, placing the results in keymaster_version,
653	// attestation_challenge, software_enforced, tee_enforced and unique_id.
654	keymaster_error_t parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
655	uint32_t* attestation_version, //
656	keymaster_security_level_t* attestation_security_level,
657	uint32_t* keymaster_version,
658	keymaster_security_level_t* keymaster_security_level,
659	keymaster_blob_t* attestation_challenge,
660	AuthorizationSet* software_enforced,
661	AuthorizationSet* tee_enforced,
662	keymaster_blob_t* unique_id) {
663	const uint8_t* p = asn1_key_desc;
664	UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> record(
665	d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
666	if (!record.get())
667	return TranslateLastOpenSslError();
668
669	*attestation_version = ASN1_INTEGER_get(record->attestation_version);
670	*attestation_security_level = static_cast<keymaster_security_level_t>(
671	ASN1_ENUMERATED_get(record->attestation_security_level));
672	*keymaster_version = ASN1_INTEGER_get(record->keymaster_version);
673	*keymaster_security_level = static_cast<keymaster_security_level_t>(
674	ASN1_ENUMERATED_get(record->keymaster_security_level));
675
676	attestation_challenge->data =
677	dup_buffer(record->attestation_challenge->data, record->attestation_challenge->length);
678	attestation_challenge->data_length = record->attestation_challenge->length;
679
680	unique_id->data = dup_buffer(record->unique_id->data, record->unique_id->length);
681	unique_id->data_length = record->unique_id->length;
682
683	keymaster_error_t error = extract_auth_list(record->software_enforced, software_enforced);
684	if (error != KM_ERROR_OK)
685	return error;
686
687	return extract_auth_list(record->tee_enforced, tee_enforced);
688	}
689
690	} // namepace keymaster
691