1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 // For more information on the Android Profile for DICE, see docs/android.md.
16
17 #include "dice/android.h"
18
19 #include <string.h>
20
21 #include "dice/cbor_reader.h"
22 #include "dice/cbor_writer.h"
23 #include "dice/dice.h"
24 #include "dice/ops.h"
25 #include "dice/ops/trait/cose.h"
26
27 // Completely gratuitous bit twiddling.
PopulationCount(uint32_t n)28 static size_t PopulationCount(uint32_t n) {
29 n = n - ((n >> 1) & 0x55555555);
30 n = (n & 0x33333333) + ((n >> 2) & 0x33333333);
31 return (((n + (n >> 4)) & 0x0F0F0F0F) * 0x01010101) >> 24;
32 }
33
DiceAndroidFormatConfigDescriptor(const DiceAndroidConfigValues * config_values,size_t buffer_size,uint8_t * buffer,size_t * actual_size)34 DiceResult DiceAndroidFormatConfigDescriptor(
35 const DiceAndroidConfigValues* config_values, size_t buffer_size,
36 uint8_t* buffer, size_t* actual_size) {
37 static const int64_t kComponentNameLabel = -70002;
38 static const int64_t kComponentVersionLabel = -70003;
39 static const int64_t kResettableLabel = -70004;
40 static const int64_t kSecurityVersionLabel = -70005;
41 static const int64_t kRkpVmMarkerLabel = -70006;
42
43 // AndroidConfigDescriptor = {
44 // ? -70002 : tstr, ; Component name
45 // ? -70003 : int, ; Component version
46 // ? -70004 : null, ; Resettable
47 // }
48 struct CborOut out;
49 CborOutInit(buffer, buffer_size, &out);
50 CborWriteMap(PopulationCount(config_values->configs), &out);
51 if (config_values->configs & DICE_ANDROID_CONFIG_COMPONENT_NAME &&
52 config_values->component_name) {
53 CborWriteInt(kComponentNameLabel, &out);
54 CborWriteTstr(config_values->component_name, &out);
55 }
56 if (config_values->configs & DICE_ANDROID_CONFIG_COMPONENT_VERSION) {
57 CborWriteInt(kComponentVersionLabel, &out);
58 CborWriteUint(config_values->component_version, &out);
59 }
60 if (config_values->configs & DICE_ANDROID_CONFIG_RESETTABLE) {
61 CborWriteInt(kResettableLabel, &out);
62 CborWriteNull(&out);
63 }
64 if (config_values->configs & DICE_ANDROID_CONFIG_SECURITY_VERSION) {
65 CborWriteInt(kSecurityVersionLabel, &out);
66 CborWriteUint(config_values->security_version, &out);
67 }
68 if (config_values->configs & DICE_ANDROID_CONFIG_RKP_VM_MARKER) {
69 CborWriteInt(kRkpVmMarkerLabel, &out);
70 CborWriteNull(&out);
71 }
72 *actual_size = CborOutSize(&out);
73 if (CborOutOverflowed(&out)) {
74 return kDiceResultBufferTooSmall;
75 }
76 return kDiceResultOk;
77 }
78
DiceAndroidMainFlow(void * context,const uint8_t current_cdi_attest[DICE_CDI_SIZE],const uint8_t current_cdi_seal[DICE_CDI_SIZE],const uint8_t * chain,size_t chain_size,const DiceInputValues * input_values,size_t buffer_size,uint8_t * buffer,size_t * actual_size,uint8_t next_cdi_attest[DICE_CDI_SIZE],uint8_t next_cdi_seal[DICE_CDI_SIZE])79 DiceResult DiceAndroidMainFlow(void* context,
80 const uint8_t current_cdi_attest[DICE_CDI_SIZE],
81 const uint8_t current_cdi_seal[DICE_CDI_SIZE],
82 const uint8_t* chain, size_t chain_size,
83 const DiceInputValues* input_values,
84 size_t buffer_size, uint8_t* buffer,
85 size_t* actual_size,
86 uint8_t next_cdi_attest[DICE_CDI_SIZE],
87 uint8_t next_cdi_seal[DICE_CDI_SIZE]) {
88 DiceResult result;
89 enum CborReadResult res;
90 struct CborIn in;
91 size_t chain_item_count;
92
93 // The Android DICE chain has a more detailed internal structure, but those
94 // details aren't relevant to the work of this function.
95 //
96 // DiceCertChain = [
97 // COSE_Key, ; Root public key
98 // + COSE_Sign1, ; DICE chain entries
99 // ]
100 CborInInit(chain, chain_size, &in);
101 res = CborReadArray(&in, &chain_item_count);
102 if (res != CBOR_READ_RESULT_OK) {
103 return kDiceResultInvalidInput;
104 }
105
106 if (chain_item_count < 2 || chain_item_count == SIZE_MAX) {
107 // There should at least be the public key and one entry.
108 return kDiceResultInvalidInput;
109 }
110
111 // Measure the existing chain entries.
112 size_t chain_items_offset = CborInOffset(&in);
113 for (size_t chain_pos = 0; chain_pos < chain_item_count; ++chain_pos) {
114 res = CborReadSkip(&in);
115 if (res != CBOR_READ_RESULT_OK) {
116 return kDiceResultInvalidInput;
117 }
118 }
119 size_t chain_items_size = CborInOffset(&in) - chain_items_offset;
120
121 // Copy to the new buffer, with space in the chain for one more entry.
122 struct CborOut out;
123 CborOutInit(buffer, buffer_size, &out);
124 CborWriteArray(chain_item_count + 1, &out);
125 size_t new_chain_prefix_size = CborOutSize(&out);
126 if (CborOutOverflowed(&out) ||
127 chain_items_size > buffer_size - new_chain_prefix_size) {
128 // Continue with an empty buffer to measure the required size.
129 buffer_size = 0;
130 } else {
131 memcpy(buffer + new_chain_prefix_size, chain + chain_items_offset,
132 chain_items_size);
133 buffer += new_chain_prefix_size + chain_items_size;
134 buffer_size -= new_chain_prefix_size + chain_items_size;
135 }
136
137 size_t certificate_size;
138 result = DiceMainFlow(context, current_cdi_attest, current_cdi_seal,
139 input_values, buffer_size, buffer, &certificate_size,
140 next_cdi_attest, next_cdi_seal);
141 *actual_size = new_chain_prefix_size + chain_items_size + certificate_size;
142 return result;
143 }
144
DiceAndroidMainFlowWithNewDiceChain(void * context,const uint8_t current_cdi_attest[DICE_CDI_SIZE],const uint8_t current_cdi_seal[DICE_CDI_SIZE],const DiceInputValues * input_values,size_t buffer_size,uint8_t * buffer,size_t * chain_size,uint8_t next_cdi_attest[DICE_CDI_SIZE],uint8_t next_cdi_seal[DICE_CDI_SIZE])145 static DiceResult DiceAndroidMainFlowWithNewDiceChain(
146 void* context, const uint8_t current_cdi_attest[DICE_CDI_SIZE],
147 const uint8_t current_cdi_seal[DICE_CDI_SIZE],
148 const DiceInputValues* input_values, size_t buffer_size, uint8_t* buffer,
149 size_t* chain_size, uint8_t next_cdi_attest[DICE_CDI_SIZE],
150 uint8_t next_cdi_seal[DICE_CDI_SIZE]) {
151 uint8_t current_cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE];
152 uint8_t attestation_public_key[DICE_PUBLIC_KEY_BUFFER_SIZE];
153 uint8_t attestation_private_key[DICE_PRIVATE_KEY_BUFFER_SIZE];
154 // Derive an asymmetric private key seed from the current attestation CDI
155 // value.
156 DiceResult result = DiceDeriveCdiPrivateKeySeed(context, current_cdi_attest,
157 current_cdi_private_key_seed);
158 if (result != kDiceResultOk) {
159 goto out;
160 }
161 // Derive attestation key pair.
162 result = DiceKeypairFromSeed(context, kDicePrincipalAuthority,
163 current_cdi_private_key_seed,
164 attestation_public_key, attestation_private_key);
165 if (result != kDiceResultOk) {
166 goto out;
167 }
168
169 // Consruct the DICE chain from the attestation public key and the next CDI
170 // certificate.
171 struct CborOut out;
172 CborOutInit(buffer, buffer_size, &out);
173 CborWriteArray(2, &out);
174 size_t encoded_size_used = CborOutSize(&out);
175 if (CborOutOverflowed(&out)) {
176 // Continue with an empty buffer to measure the required size.
177 buffer_size = 0;
178 } else {
179 buffer += encoded_size_used;
180 buffer_size -= encoded_size_used;
181 }
182
183 size_t encoded_pub_key_size = 0;
184 result = DiceCoseEncodePublicKey(context, kDicePrincipalAuthority,
185 attestation_public_key, buffer_size, buffer,
186 &encoded_pub_key_size);
187 if (result == kDiceResultOk) {
188 buffer += encoded_pub_key_size;
189 buffer_size -= encoded_pub_key_size;
190 } else if (result == kDiceResultBufferTooSmall) {
191 // Continue with an empty buffer to measure the required size.
192 buffer_size = 0;
193 } else {
194 goto out;
195 }
196
197 result = DiceMainFlow(context, current_cdi_attest, current_cdi_seal,
198 input_values, buffer_size, buffer, chain_size,
199 next_cdi_attest, next_cdi_seal);
200 *chain_size += encoded_size_used + encoded_pub_key_size;
201 if (result != kDiceResultOk) {
202 return result;
203 }
204
205 out:
206 DiceClearMemory(context, sizeof(current_cdi_private_key_seed),
207 current_cdi_private_key_seed);
208 DiceClearMemory(context, sizeof(attestation_private_key),
209 attestation_private_key);
210
211 return result;
212 }
213
214 // AndroidDiceHandover = {
215 // 1 : bstr .size 32, ; CDI_Attest
216 // 2 : bstr .size 32, ; CDI_Seal
217 // ? 3 : DiceCertChain, ; Android DICE chain
218 // }
219 static const int64_t kCdiAttestLabel = 1;
220 static const int64_t kCdiSealLabel = 2;
221 static const int64_t kDiceChainLabel = 3;
222
DiceAndroidHandoverMainFlow(void * context,const uint8_t * handover,size_t handover_size,const DiceInputValues * input_values,size_t buffer_size,uint8_t * buffer,size_t * actual_size)223 DiceResult DiceAndroidHandoverMainFlow(void* context, const uint8_t* handover,
224 size_t handover_size,
225 const DiceInputValues* input_values,
226 size_t buffer_size, uint8_t* buffer,
227 size_t* actual_size) {
228 DiceResult result;
229 const uint8_t* current_cdi_attest;
230 const uint8_t* current_cdi_seal;
231 const uint8_t* chain;
232 size_t chain_size;
233
234 result =
235 DiceAndroidHandoverParse(handover, handover_size, ¤t_cdi_attest,
236 ¤t_cdi_seal, &chain, &chain_size);
237 if (result != kDiceResultOk) {
238 return kDiceResultInvalidInput;
239 }
240
241 // Write the new handover data.
242 struct CborOut out;
243 CborOutInit(buffer, buffer_size, &out);
244 CborWriteMap(/*num_pairs=*/3, &out);
245 CborWriteInt(kCdiAttestLabel, &out);
246 uint8_t* next_cdi_attest = CborAllocBstr(DICE_CDI_SIZE, &out);
247 CborWriteInt(kCdiSealLabel, &out);
248 uint8_t* next_cdi_seal = CborAllocBstr(DICE_CDI_SIZE, &out);
249 CborWriteInt(kDiceChainLabel, &out);
250
251 uint8_t ignored_cdi_attest[DICE_CDI_SIZE];
252 uint8_t ignored_cdi_seal[DICE_CDI_SIZE];
253 if (CborOutOverflowed(&out)) {
254 // Continue with an empty buffer and placeholders for the output CDIs to
255 // measure the required size.
256 buffer_size = 0;
257 next_cdi_attest = ignored_cdi_attest;
258 next_cdi_seal = ignored_cdi_seal;
259 } else {
260 buffer += CborOutSize(&out);
261 buffer_size -= CborOutSize(&out);
262 }
263
264 if (chain_size != 0) {
265 // If the DICE chain is present in the handover, append the next certificate
266 // to the existing DICE chain.
267 result = DiceAndroidMainFlow(context, current_cdi_attest, current_cdi_seal,
268 chain, chain_size, input_values, buffer_size,
269 buffer, &chain_size, next_cdi_attest,
270 next_cdi_seal);
271 } else {
272 // If DICE chain is not present in the handover, construct the DICE chain
273 // from the public key derived from the current CDI attest and the next CDI
274 // certificate.
275 result = DiceAndroidMainFlowWithNewDiceChain(
276 context, current_cdi_attest, current_cdi_seal, input_values,
277 buffer_size, buffer, &chain_size, next_cdi_attest, next_cdi_seal);
278 }
279 *actual_size = CborOutSize(&out) + chain_size;
280 return result;
281 }
282
DiceAndroidHandoverParse(const uint8_t * handover,size_t handover_size,const uint8_t ** cdi_attest,const uint8_t ** cdi_seal,const uint8_t ** chain,size_t * chain_size)283 DiceResult DiceAndroidHandoverParse(const uint8_t* handover,
284 size_t handover_size,
285 const uint8_t** cdi_attest,
286 const uint8_t** cdi_seal,
287 const uint8_t** chain, size_t* chain_size) {
288 // Extract details from the handover data.
289 struct CborIn in;
290 int64_t label;
291 size_t num_pairs;
292 size_t item_size;
293 CborInInit(handover, handover_size, &in);
294 if (CborReadMap(&in, &num_pairs) != CBOR_READ_RESULT_OK || num_pairs < 2 ||
295 // Read the attestation CDI.
296 CborReadInt(&in, &label) != CBOR_READ_RESULT_OK ||
297 label != kCdiAttestLabel ||
298 CborReadBstr(&in, &item_size, cdi_attest) != CBOR_READ_RESULT_OK ||
299 item_size != DICE_CDI_SIZE ||
300 // Read the sealing CDI.
301 CborReadInt(&in, &label) != CBOR_READ_RESULT_OK ||
302 label != kCdiSealLabel ||
303 CborReadBstr(&in, &item_size, cdi_seal) != CBOR_READ_RESULT_OK ||
304 item_size != DICE_CDI_SIZE) {
305 return kDiceResultInvalidInput;
306 }
307
308 *chain = NULL;
309 *chain_size = 0;
310 if (num_pairs >= 3 && CborReadInt(&in, &label) == CBOR_READ_RESULT_OK) {
311 if (label == kDiceChainLabel) {
312 // Calculate the DICE chain size, if it is present in the handover object.
313 size_t chain_start = CborInOffset(&in);
314 if (CborReadSkip(&in) != CBOR_READ_RESULT_OK) {
315 return kDiceResultInvalidInput;
316 }
317 *chain = handover + chain_start;
318 *chain_size = CborInOffset(&in) - chain_start;
319 }
320 }
321
322 return kDiceResultOk;
323 }
324