blob: 8ba5a8a9a5bb6ba0850344eb030398dce62dc5b9
1 | /* |
2 | * Copyright 2016 The Android Open Source Project |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | */ |
16 | |
17 | #include "attestation_record.h" |
18 | |
19 | #include <assert.h> |
20 | |
21 | #include <openssl/asn1t.h> |
22 | |
23 | #include "openssl_err.h" |
24 | #include "openssl_utils.h" |
25 | |
26 | #include <keymaster/android_keymaster_utils.h> |
27 | #include <keymaster/keymaster_context.h> |
28 | |
29 | namespace keymaster { |
30 | |
31 | struct stack_st_ASN1_TYPE_Delete { |
32 | void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); } |
33 | }; |
34 | |
35 | struct ASN1_STRING_Delete { |
36 | void operator()(ASN1_STRING* p) { ASN1_STRING_free(p); } |
37 | }; |
38 | |
39 | struct ASN1_TYPE_Delete { |
40 | void operator()(ASN1_TYPE* p) { ASN1_TYPE_free(p); } |
41 | }; |
42 | |
43 | #define ASN1_INTEGER_SET STACK_OF(ASN1_INTEGER) |
44 | |
45 | typedef struct km_root_of_trust { |
46 | ASN1_OCTET_STRING* verified_boot_key; |
47 | ASN1_BOOLEAN* device_locked; |
48 | ASN1_ENUMERATED* verified_boot_state; |
49 | } KM_ROOT_OF_TRUST; |
50 | |
51 | ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = { |
52 | ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING), |
53 | ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN), |
54 | ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED), |
55 | } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST); |
56 | IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST); |
57 | |
58 | typedef struct km_auth_list { |
59 | ASN1_INTEGER_SET* purpose; |
60 | ASN1_INTEGER* algorithm; |
61 | ASN1_INTEGER* key_size; |
62 | ASN1_INTEGER_SET* digest; |
63 | ASN1_INTEGER_SET* padding; |
64 | ASN1_INTEGER_SET* kdf; |
65 | ASN1_INTEGER* ec_curve; |
66 | ASN1_INTEGER* rsa_public_exponent; |
67 | ASN1_INTEGER* active_date_time; |
68 | ASN1_INTEGER* origination_expire_date_time; |
69 | ASN1_INTEGER* usage_expire_date_time; |
70 | ASN1_NULL* no_auth_required; |
71 | ASN1_INTEGER* user_auth_type; |
72 | ASN1_INTEGER* auth_timeout; |
73 | ASN1_NULL* allow_while_on_body; |
74 | ASN1_NULL* all_applications; |
75 | ASN1_OCTET_STRING* application_id; |
76 | ASN1_INTEGER* creation_date_time; |
77 | ASN1_INTEGER* origin; |
78 | ASN1_NULL* rollback_resistant; |
79 | KM_ROOT_OF_TRUST* root_of_trust; |
80 | ASN1_INTEGER* os_version; |
81 | ASN1_INTEGER* os_patchlevel; |
82 | } KM_AUTH_LIST; |
83 | |
84 | ASN1_SEQUENCE(KM_AUTH_LIST) = { |
85 | ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, purpose, ASN1_INTEGER, TAG_PURPOSE.masked_tag()), |
86 | ASN1_EXP_OPT(KM_AUTH_LIST, algorithm, ASN1_INTEGER, TAG_ALGORITHM.masked_tag()), |
87 | ASN1_EXP_OPT(KM_AUTH_LIST, key_size, ASN1_INTEGER, TAG_KEY_SIZE.masked_tag()), |
88 | ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, digest, ASN1_INTEGER, TAG_DIGEST.masked_tag()), |
89 | ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, padding, ASN1_INTEGER, TAG_PADDING.masked_tag()), |
90 | ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, kdf, ASN1_INTEGER, TAG_KDF.masked_tag()), |
91 | ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.masked_tag()), |
92 | ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER, |
93 | TAG_RSA_PUBLIC_EXPONENT.masked_tag()), |
94 | ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.masked_tag()), |
95 | ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER, |
96 | TAG_ORIGINATION_EXPIRE_DATETIME.masked_tag()), |
97 | ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER, |
98 | TAG_USAGE_EXPIRE_DATETIME.masked_tag()), |
99 | ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.masked_tag()), |
100 | ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.masked_tag()), |
101 | ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.masked_tag()), |
102 | ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, |
103 | TAG_ALLOW_WHILE_ON_BODY.masked_tag()), |
104 | ASN1_EXP_OPT(KM_AUTH_LIST, all_applications, ASN1_NULL, TAG_ALL_APPLICATIONS.masked_tag()), |
105 | ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.masked_tag()), |
106 | ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, |
107 | TAG_CREATION_DATETIME.masked_tag()), |
108 | ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.masked_tag()), |
109 | ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANT.masked_tag()), |
110 | ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.masked_tag()), |
111 | ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.masked_tag()), |
112 | ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.masked_tag()), |
113 | } ASN1_SEQUENCE_END(KM_AUTH_LIST); |
114 | IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST); |
115 | |
116 | typedef struct km_key_description { |
117 | ASN1_INTEGER* attestation_version; |
118 | ASN1_ENUMERATED* attestation_security_level; |
119 | ASN1_INTEGER* keymaster_version; |
120 | ASN1_ENUMERATED* keymaster_security_level; |
121 | ASN1_OCTET_STRING* attestation_challenge; |
122 | KM_AUTH_LIST* software_enforced; |
123 | KM_AUTH_LIST* tee_enforced; |
124 | ASN1_INTEGER* unique_id; |
125 | } KM_KEY_DESCRIPTION; |
126 | |
127 | ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = { |
128 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_version, ASN1_INTEGER), |
129 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_security_level, ASN1_ENUMERATED), |
130 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_version, ASN1_INTEGER), |
131 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, keymaster_security_level, ASN1_ENUMERATED), |
132 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, attestation_challenge, ASN1_OCTET_STRING), |
133 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, unique_id, ASN1_OCTET_STRING), |
134 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, software_enforced, KM_AUTH_LIST), |
135 | ASN1_SIMPLE(KM_KEY_DESCRIPTION, tee_enforced, KM_AUTH_LIST), |
136 | } ASN1_SEQUENCE_END(KM_KEY_DESCRIPTION); |
137 | IMPLEMENT_ASN1_FUNCTIONS(KM_KEY_DESCRIPTION); |
138 | |
139 | struct KM_AUTH_LIST_Delete { |
140 | void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); } |
141 | }; |
142 | |
143 | struct KM_KEY_DESCRIPTION_Delete { |
144 | void operator()(KM_KEY_DESCRIPTION* p) { KM_KEY_DESCRIPTION_free(p); } |
145 | }; |
146 | |
147 | static uint32_t get_uint32_value(const keymaster_key_param_t& param) { |
148 | switch (keymaster_tag_get_type(param.tag)) { |
149 | case KM_ENUM: |
150 | case KM_ENUM_REP: |
151 | return param.enumerated; |
152 | case KM_UINT: |
153 | case KM_UINT_REP: |
154 | return param.integer; |
155 | default: |
156 | assert(false); |
157 | return 0xFFFFFFFF; |
158 | } |
159 | } |
160 | |
161 | // Insert value in either the dest_integer or the dest_integer_set, whichever is provided. |
162 | static keymaster_error_t insert_integer(ASN1_INTEGER* value, ASN1_INTEGER** dest_integer, |
163 | ASN1_INTEGER_SET** dest_integer_set) { |
164 | assert((dest_integer == nullptr) ^ (dest_integer_set == nullptr)); |
165 | assert(value); |
166 | |
167 | if (dest_integer_set) { |
168 | if (!*dest_integer_set) |
169 | *dest_integer_set = sk_ASN1_INTEGER_new_null(); |
170 | if (!*dest_integer_set) |
171 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
172 | if (!sk_ASN1_INTEGER_push(*dest_integer_set, value)) |
173 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
174 | return KM_ERROR_OK; |
175 | |
176 | } else if (dest_integer) { |
177 | if (*dest_integer) |
178 | ASN1_INTEGER_free(*dest_integer); |
179 | *dest_integer = value; |
180 | return KM_ERROR_OK; |
181 | } |
182 | |
183 | assert(false); // Should never get here. |
184 | return KM_ERROR_OK; |
185 | } |
186 | |
187 | // Put the contents of the keymaster AuthorizationSet auth_list in to the ASN.1 record structure, |
188 | // record. |
189 | static keymaster_error_t build_auth_list(const AuthorizationSet& auth_list, KM_AUTH_LIST* record) { |
190 | assert(record); |
191 | |
192 | if (auth_list.empty()) |
193 | return KM_ERROR_OK; |
194 | |
195 | for (auto entry : auth_list) { |
196 | |
197 | ASN1_INTEGER_SET** integer_set = nullptr; |
198 | ASN1_INTEGER** integer_ptr = nullptr; |
199 | ASN1_OCTET_STRING** string_ptr = nullptr; |
200 | ASN1_NULL** bool_ptr = nullptr; |
201 | |
202 | switch (entry.tag) { |
203 | |
204 | /* Ignored tags */ |
205 | case KM_TAG_INVALID: |
206 | case KM_TAG_ASSOCIATED_DATA: |
207 | case KM_TAG_NONCE: |
208 | case KM_TAG_AUTH_TOKEN: |
209 | case KM_TAG_MAC_LENGTH: |
210 | case KM_TAG_ALL_USERS: |
211 | case KM_TAG_USER_ID: |
212 | case KM_TAG_USER_SECURE_ID: |
213 | case KM_TAG_EXPORTABLE: |
214 | case KM_TAG_RESET_SINCE_ID_ROTATION: |
215 | case KM_TAG_ATTESTATION_CHALLENGE: |
216 | case KM_TAG_BLOCK_MODE: |
217 | case KM_TAG_CALLER_NONCE: |
218 | case KM_TAG_MIN_MAC_LENGTH: |
219 | case KM_TAG_ECIES_SINGLE_HASH_MODE: |
220 | case KM_TAG_INCLUDE_UNIQUE_ID: |
221 | case KM_TAG_BLOB_USAGE_REQUIREMENTS: |
222 | case KM_TAG_BOOTLOADER_ONLY: |
223 | case KM_TAG_MIN_SECONDS_BETWEEN_OPS: |
224 | case KM_TAG_MAX_USES_PER_BOOT: |
225 | case KM_TAG_APPLICATION_DATA: |
226 | case KM_TAG_UNIQUE_ID: |
227 | case KM_TAG_ROOT_OF_TRUST: |
228 | continue; |
229 | |
230 | /* Non-repeating enumerations */ |
231 | case KM_TAG_ALGORITHM: |
232 | integer_ptr = &record->algorithm; |
233 | break; |
234 | case KM_TAG_EC_CURVE: |
235 | integer_ptr = &record->ec_curve; |
236 | break; |
237 | case KM_TAG_USER_AUTH_TYPE: |
238 | integer_ptr = &record->user_auth_type; |
239 | break; |
240 | case KM_TAG_ORIGIN: |
241 | integer_ptr = &record->origin; |
242 | break; |
243 | |
244 | /* Repeating enumerations */ |
245 | case KM_TAG_PURPOSE: |
246 | integer_set = &record->purpose; |
247 | break; |
248 | case KM_TAG_PADDING: |
249 | integer_set = &record->padding; |
250 | break; |
251 | case KM_TAG_DIGEST: |
252 | integer_set = &record->digest; |
253 | break; |
254 | case KM_TAG_KDF: |
255 | integer_set = &record->kdf; |
256 | break; |
257 | |
258 | /* Non-repeating unsigned integers */ |
259 | case KM_TAG_KEY_SIZE: |
260 | integer_ptr = &record->key_size; |
261 | break; |
262 | case KM_TAG_AUTH_TIMEOUT: |
263 | integer_ptr = &record->auth_timeout; |
264 | break; |
265 | case KM_TAG_OS_VERSION: |
266 | integer_ptr = &record->os_version; |
267 | break; |
268 | case KM_TAG_OS_PATCHLEVEL: |
269 | integer_ptr = &record->os_patchlevel; |
270 | break; |
271 | |
272 | /* Non-repeating long unsigned integers */ |
273 | case KM_TAG_RSA_PUBLIC_EXPONENT: |
274 | integer_ptr = &record->rsa_public_exponent; |
275 | break; |
276 | |
277 | /* Dates */ |
278 | case KM_TAG_ACTIVE_DATETIME: |
279 | integer_ptr = &record->active_date_time; |
280 | break; |
281 | case KM_TAG_ORIGINATION_EXPIRE_DATETIME: |
282 | integer_ptr = &record->origination_expire_date_time; |
283 | break; |
284 | case KM_TAG_USAGE_EXPIRE_DATETIME: |
285 | integer_ptr = &record->usage_expire_date_time; |
286 | break; |
287 | case KM_TAG_CREATION_DATETIME: |
288 | integer_ptr = &record->creation_date_time; |
289 | break; |
290 | |
291 | /* Booleans */ |
292 | case KM_TAG_NO_AUTH_REQUIRED: |
293 | bool_ptr = &record->no_auth_required; |
294 | break; |
295 | case KM_TAG_ALL_APPLICATIONS: |
296 | bool_ptr = &record->all_applications; |
297 | break; |
298 | case KM_TAG_ROLLBACK_RESISTANT: |
299 | bool_ptr = &record->rollback_resistant; |
300 | break; |
301 | case KM_TAG_ALLOW_WHILE_ON_BODY: |
302 | bool_ptr = &record->allow_while_on_body; |
303 | break; |
304 | |
305 | /* Byte arrays*/ |
306 | case KM_TAG_APPLICATION_ID: |
307 | string_ptr = &record->application_id; |
308 | break; |
309 | default: |
310 | break; |
311 | } |
312 | |
313 | keymaster_tag_type_t type = keymaster_tag_get_type(entry.tag); |
314 | switch (type) { |
315 | case KM_ENUM: |
316 | case KM_ENUM_REP: |
317 | case KM_UINT: |
318 | case KM_UINT_REP: { |
319 | assert((keymaster_tag_repeatable(entry.tag) && integer_set) || |
320 | (!keymaster_tag_repeatable(entry.tag) && integer_ptr)); |
321 | |
322 | UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new()); |
323 | if (!value.get()) |
324 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
325 | if (!ASN1_INTEGER_set(value.get(), get_uint32_value(entry))) |
326 | return TranslateLastOpenSslError(); |
327 | |
328 | insert_integer(value.release(), integer_ptr, integer_set); |
329 | break; |
330 | } |
331 | |
332 | case KM_ULONG: |
333 | case KM_ULONG_REP: |
334 | case KM_DATE: { |
335 | assert((keymaster_tag_repeatable(entry.tag) && integer_set) || |
336 | (!keymaster_tag_repeatable(entry.tag) && integer_ptr)); |
337 | |
338 | UniquePtr<BIGNUM, BIGNUM_Delete> bn_value(BN_new()); |
339 | if (!bn_value.get()) |
340 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
341 | |
342 | if (type == KM_DATE) { |
343 | if (!BN_set_u64(bn_value.get(), entry.date_time)) { |
344 | return TranslateLastOpenSslError(); |
345 | } |
346 | } else { |
347 | if (!BN_set_u64(bn_value.get(), entry.long_integer)) { |
348 | return TranslateLastOpenSslError(); |
349 | } |
350 | } |
351 | |
352 | UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value( |
353 | BN_to_ASN1_INTEGER(bn_value.get(), nullptr)); |
354 | if (!value.get()) |
355 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
356 | |
357 | insert_integer(value.release(), integer_ptr, integer_set); |
358 | break; |
359 | } |
360 | |
361 | case KM_BOOL: |
362 | assert(bool_ptr); |
363 | if (!*bool_ptr) |
364 | *bool_ptr = ASN1_NULL_new(); |
365 | if (!*bool_ptr) |
366 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
367 | break; |
368 | |
369 | /* Byte arrays*/ |
370 | case KM_BYTES: |
371 | assert(string_ptr); |
372 | if (!*string_ptr) |
373 | *string_ptr = ASN1_OCTET_STRING_new(); |
374 | if (!*string_ptr) |
375 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
376 | if (!ASN1_OCTET_STRING_set(*string_ptr, entry.blob.data, entry.blob.data_length)) |
377 | return TranslateLastOpenSslError(); |
378 | break; |
379 | |
380 | default: |
381 | return KM_ERROR_UNIMPLEMENTED; |
382 | } |
383 | } |
384 | |
385 | keymaster_ec_curve_t ec_curve; |
386 | uint32_t key_size; |
387 | if (auth_list.Contains(TAG_ALGORITHM, KM_ALGORITHM_EC) && // |
388 | !auth_list.Contains(TAG_EC_CURVE) && // |
389 | auth_list.GetTagValue(TAG_KEY_SIZE, &key_size)) { |
390 | // This must be a keymaster1 key. It's an EC key with no curve. Insert the curve. |
391 | |
392 | keymaster_error_t error = EcKeySizeToCurve(key_size, &ec_curve); |
393 | if (error != KM_ERROR_OK) |
394 | return error; |
395 | |
396 | UniquePtr<ASN1_INTEGER, ASN1_INTEGER_Delete> value(ASN1_INTEGER_new()); |
397 | if (!value.get()) |
398 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
399 | |
400 | if (!ASN1_INTEGER_set(value.get(), ec_curve)) |
401 | return TranslateLastOpenSslError(); |
402 | |
403 | insert_integer(value.release(), &record->ec_curve, nullptr); |
404 | } |
405 | |
406 | return KM_ERROR_OK; |
407 | } |
408 | |
409 | // Construct an ASN1.1 DER-encoded attestation record containing the values from sw_enforced and |
410 | // tee_enforced. |
411 | keymaster_error_t build_attestation_record(const AuthorizationSet& attestation_params, |
412 | const AuthorizationSet& sw_enforced, |
413 | const AuthorizationSet& tee_enforced, |
414 | const KeymasterContext& context, |
415 | UniquePtr<uint8_t[]>* asn1_key_desc, |
416 | size_t* asn1_key_desc_len) { |
417 | assert(asn1_key_desc && asn1_key_desc_len); |
418 | |
419 | UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> key_desc(KM_KEY_DESCRIPTION_new()); |
420 | if (!key_desc.get()) |
421 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
422 | |
423 | keymaster_security_level_t keymaster_security_level; |
424 | uint32_t keymaster_version = UINT32_MAX; |
425 | if (tee_enforced.empty()) { |
426 | // Software key. |
427 | keymaster_security_level = KM_SECURITY_LEVEL_SOFTWARE; |
428 | keymaster_version = 2; |
429 | } else { |
430 | keymaster_security_level = KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT; |
431 | switch (context.GetSecurityLevel()) { |
432 | case KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT: |
433 | // We're running in a TEE, so the key is KM2. |
434 | keymaster_version = 2; |
435 | break; |
436 | |
437 | case KM_SECURITY_LEVEL_SOFTWARE: |
438 | // We're running in software, wrapping some KM hardware. Is it KM0 or KM1? KM1 keys |
439 | // have the purpose in the tee_enforced list. It's possible that a key could be created |
440 | // without a purpose, which would fool this test into reporting it's a KM0 key. That |
441 | // corner case doesn't matter much, because purpose-less keys are not usable anyway. |
442 | // Also, KM1 TEEs should disappear rapidly. |
443 | keymaster_version = tee_enforced.Contains(TAG_PURPOSE) ? 1 : 0; |
444 | break; |
445 | } |
446 | |
447 | if (keymaster_version == UINT32_MAX) |
448 | return KM_ERROR_UNKNOWN_ERROR; |
449 | } |
450 | |
451 | if (!ASN1_INTEGER_set(key_desc->attestation_version, 1) || |
452 | !ASN1_ENUMERATED_set(key_desc->attestation_security_level, context.GetSecurityLevel()) || |
453 | !ASN1_INTEGER_set(key_desc->keymaster_version, keymaster_version) || |
454 | !ASN1_ENUMERATED_set(key_desc->keymaster_security_level, keymaster_security_level)) |
455 | return TranslateLastOpenSslError(); |
456 | |
457 | keymaster_blob_t attestation_challenge = {nullptr, 0}; |
458 | if (!attestation_params.GetTagValue(TAG_ATTESTATION_CHALLENGE, &attestation_challenge)) |
459 | return KM_ERROR_ATTESTATION_CHALLENGE_MISSING; |
460 | if (!ASN1_OCTET_STRING_set(key_desc->attestation_challenge, attestation_challenge.data, |
461 | attestation_challenge.data_length)) |
462 | return TranslateLastOpenSslError(); |
463 | |
464 | keymaster_error_t error = build_auth_list(sw_enforced, key_desc->software_enforced); |
465 | if (error != KM_ERROR_OK) |
466 | return error; |
467 | |
468 | error = build_auth_list(tee_enforced, key_desc->tee_enforced); |
469 | if (error != KM_ERROR_OK) |
470 | return error; |
471 | |
472 | // Only check tee_enforced for TAG_INCLUDE_UNIQUE_ID. If we don't have hardware we can't |
473 | // generate unique IDs. |
474 | if (tee_enforced.GetTagValue(TAG_INCLUDE_UNIQUE_ID)) { |
475 | uint64_t creation_datetime; |
476 | // Only check sw_enforced for TAG_CREATION_DATETIME, since it shouldn't be in tee_enforced, |
477 | // since this implementation has no secure wall clock. |
478 | if (!sw_enforced.GetTagValue(TAG_CREATION_DATETIME, &creation_datetime)) { |
479 | LOG_E("Unique ID cannot be created without creation datetime", 0); |
480 | return KM_ERROR_INVALID_KEY_BLOB; |
481 | } |
482 | |
483 | keymaster_blob_t application_id = {nullptr, 0}; |
484 | sw_enforced.GetTagValue(TAG_APPLICATION_ID, &application_id); |
485 | |
486 | Buffer unique_id; |
487 | error = context.GenerateUniqueId( |
488 | creation_datetime, application_id, |
489 | attestation_params.GetTagValue(TAG_RESET_SINCE_ID_ROTATION), &unique_id); |
490 | if (error != KM_ERROR_OK) |
491 | return error; |
492 | |
493 | key_desc->unique_id = ASN1_OCTET_STRING_new(); |
494 | if (!key_desc->unique_id || |
495 | !ASN1_OCTET_STRING_set(key_desc->unique_id, unique_id.peek_read(), |
496 | unique_id.available_read())) |
497 | return TranslateLastOpenSslError(); |
498 | } |
499 | |
500 | int len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), nullptr); |
501 | if (len < 0) |
502 | return TranslateLastOpenSslError(); |
503 | *asn1_key_desc_len = len; |
504 | asn1_key_desc->reset(new uint8_t[*asn1_key_desc_len]); |
505 | if (!asn1_key_desc->get()) |
506 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
507 | uint8_t* p = asn1_key_desc->get(); |
508 | len = i2d_KM_KEY_DESCRIPTION(key_desc.get(), &p); |
509 | if (len < 0) |
510 | return TranslateLastOpenSslError(); |
511 | |
512 | return KM_ERROR_OK; |
513 | } |
514 | |
515 | // Copy all enumerated values with the specified tag from stack to auth_list. |
516 | static bool get_repeated_enums(const stack_st_ASN1_INTEGER* stack, keymaster_tag_t tag, |
517 | AuthorizationSet* auth_list) { |
518 | assert(keymaster_tag_get_type(tag) == KM_ENUM_REP); |
519 | for (size_t i = 0; i < sk_ASN1_INTEGER_num(stack); ++i) { |
520 | if (!auth_list->push_back( |
521 | keymaster_param_enum(tag, ASN1_INTEGER_get(sk_ASN1_INTEGER_value(stack, i))))) |
522 | return false; |
523 | } |
524 | return true; |
525 | } |
526 | |
527 | // Add the specified integer tag/value pair to auth_list. |
528 | template <keymaster_tag_type_t Type, keymaster_tag_t Tag, typename KeymasterEnum> |
529 | static bool get_enum(const ASN1_INTEGER* asn1_int, TypedEnumTag<Type, Tag, KeymasterEnum> tag, |
530 | AuthorizationSet* auth_list) { |
531 | if (!asn1_int) |
532 | return true; |
533 | return auth_list->push_back(tag, static_cast<KeymasterEnum>(ASN1_INTEGER_get(asn1_int))); |
534 | } |
535 | |
536 | // Add the specified ulong tag/value pair to auth_list. |
537 | static bool get_ulong(const ASN1_INTEGER* asn1_int, keymaster_tag_t tag, |
538 | AuthorizationSet* auth_list) { |
539 | if (!asn1_int) |
540 | return true; |
541 | UniquePtr<BIGNUM, BIGNUM_Delete> bn(ASN1_INTEGER_to_BN(asn1_int, nullptr)); |
542 | if (!bn.get()) |
543 | return false; |
544 | uint64_t ulong = BN_get_word(bn.get()); |
545 | return auth_list->push_back(keymaster_param_long(tag, ulong)); |
546 | } |
547 | |
548 | // Extract the values from the specified ASN.1 record and place them in auth_list. |
549 | static keymaster_error_t extract_auth_list(const KM_AUTH_LIST* record, |
550 | AuthorizationSet* auth_list) { |
551 | if (!record) |
552 | return KM_ERROR_OK; |
553 | |
554 | // Purpose |
555 | if (!get_repeated_enums(record->purpose, TAG_PURPOSE, auth_list)) |
556 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
557 | |
558 | // Algorithm |
559 | if (!get_enum(record->algorithm, TAG_ALGORITHM, auth_list)) |
560 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
561 | |
562 | // Key size |
563 | if (record->key_size && !auth_list->push_back(TAG_KEY_SIZE, ASN1_INTEGER_get(record->key_size))) |
564 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
565 | |
566 | // Digest |
567 | if (!get_repeated_enums(record->digest, TAG_DIGEST, auth_list)) |
568 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
569 | |
570 | // Padding |
571 | if (!get_repeated_enums(record->padding, TAG_PADDING, auth_list)) |
572 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
573 | |
574 | // EC curve |
575 | if (!get_enum(record->ec_curve, TAG_EC_CURVE, auth_list)) |
576 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
577 | |
578 | // RSA public exponent |
579 | if (!get_ulong(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list)) |
580 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
581 | |
582 | // Active date time |
583 | if (!get_ulong(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list)) |
584 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
585 | |
586 | // Origination expire date time |
587 | if (!get_ulong(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, |
588 | auth_list)) |
589 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
590 | |
591 | // Usage Expire date time |
592 | if (!get_ulong(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list)) |
593 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
594 | |
595 | // No auth required |
596 | if (record->no_auth_required && !auth_list->push_back(TAG_NO_AUTH_REQUIRED)) |
597 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
598 | |
599 | // User auth type |
600 | if (!get_enum(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list)) |
601 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
602 | |
603 | // Auth timeout |
604 | if (record->auth_timeout && |
605 | !auth_list->push_back(TAG_AUTH_TIMEOUT, ASN1_INTEGER_get(record->auth_timeout))) |
606 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
607 | |
608 | // All applications |
609 | if (record->all_applications && !auth_list->push_back(TAG_ALL_APPLICATIONS)) |
610 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
611 | |
612 | // Application ID |
613 | if (record->application_id && |
614 | !auth_list->push_back(TAG_APPLICATION_ID, record->application_id->data, |
615 | record->application_id->length)) |
616 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
617 | |
618 | // Creation date time |
619 | if (!get_ulong(record->creation_date_time, TAG_CREATION_DATETIME, auth_list)) |
620 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
621 | |
622 | // Origin |
623 | if (!get_enum(record->origin, TAG_ORIGIN, auth_list)) |
624 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
625 | |
626 | // Rollback resistant |
627 | if (record->rollback_resistant && !auth_list->push_back(TAG_ROLLBACK_RESISTANT)) |
628 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
629 | |
630 | // Root of trust |
631 | if (record->root_of_trust) { |
632 | KM_ROOT_OF_TRUST* rot = record->root_of_trust; |
633 | if (!rot->verified_boot_key) |
634 | return KM_ERROR_INVALID_KEY_BLOB; |
635 | |
636 | // Other root of trust fields are not mapped to auth set entries. |
637 | } |
638 | |
639 | // OS Version |
640 | if (record->os_version && |
641 | !auth_list->push_back(TAG_OS_VERSION, ASN1_INTEGER_get(record->os_version))) |
642 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
643 | |
644 | // OS Patch level |
645 | if (record->os_patchlevel && |
646 | !auth_list->push_back(TAG_OS_PATCHLEVEL, ASN1_INTEGER_get(record->os_patchlevel))) |
647 | return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
648 | |
649 | return KM_ERROR_OK; |
650 | } |
651 | |
652 | // Parse the DER-encoded attestation record, placing the results in keymaster_version, |
653 | // attestation_challenge, software_enforced, tee_enforced and unique_id. |
654 | keymaster_error_t parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, |
655 | uint32_t* attestation_version, // |
656 | keymaster_security_level_t* attestation_security_level, |
657 | uint32_t* keymaster_version, |
658 | keymaster_security_level_t* keymaster_security_level, |
659 | keymaster_blob_t* attestation_challenge, |
660 | AuthorizationSet* software_enforced, |
661 | AuthorizationSet* tee_enforced, |
662 | keymaster_blob_t* unique_id) { |
663 | const uint8_t* p = asn1_key_desc; |
664 | UniquePtr<KM_KEY_DESCRIPTION, KM_KEY_DESCRIPTION_Delete> record( |
665 | d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len)); |
666 | if (!record.get()) |
667 | return TranslateLastOpenSslError(); |
668 | |
669 | *attestation_version = ASN1_INTEGER_get(record->attestation_version); |
670 | *attestation_security_level = static_cast<keymaster_security_level_t>( |
671 | ASN1_ENUMERATED_get(record->attestation_security_level)); |
672 | *keymaster_version = ASN1_INTEGER_get(record->keymaster_version); |
673 | *keymaster_security_level = static_cast<keymaster_security_level_t>( |
674 | ASN1_ENUMERATED_get(record->keymaster_security_level)); |
675 | |
676 | attestation_challenge->data = |
677 | dup_buffer(record->attestation_challenge->data, record->attestation_challenge->length); |
678 | attestation_challenge->data_length = record->attestation_challenge->length; |
679 | |
680 | unique_id->data = dup_buffer(record->unique_id->data, record->unique_id->length); |
681 | unique_id->data_length = record->unique_id->length; |
682 | |
683 | keymaster_error_t error = extract_auth_list(record->software_enforced, software_enforced); |
684 | if (error != KM_ERROR_OK) |
685 | return error; |
686 | |
687 | return extract_auth_list(record->tee_enforced, tee_enforced); |
688 | } |
689 | |
690 | } // namepace keymaster |
691 |