-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathattestation.go
367 lines (343 loc) · 16.8 KB
/
attestation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
package attestation
import (
"encoding/asn1"
)
// OIDKeyAttestationExtension is the key attestation extension.
var OIDKeyAttestationExtension = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 1, 17}
// keyDescription reflects the ASN.1 data structure for KeyDescription.
//
// keyDescription ::= SEQUENCE {
// attestationVersion INTEGER, # KM2 value is 1. KM3 value is 2. KM4 value is 3.
// attestationSecurityLevel SecurityLevel,
// keymasterVersion INTEGER,
// keymasterSecurityLevel SecurityLevel,
// attestationChallenge OCTET_STRING,
// uniqueId OCTET_STRING,
// softwareEnforced AuthorizationList,
// teeEnforced AuthorizationList,
// }
type keyDescription struct {
Raw asn1.RawContent
AttestationVersion int
AttestationSecurityLevel asn1.Enumerated
KeymasterVersion int
KeymasterSecurityLevel asn1.Enumerated
AttestationChallenge []byte
UniqueId []byte
SoftwareEnforced asn1.RawValue
TeeEnforced asn1.RawValue
}
// KeyDescription reflects the attestation extension content.
//
// This sequence of values presents general information about the key pair being verified through
// key attestation and provides easy access to additional details.
type KeyDescription struct {
Raw []byte
AttestationVersion AttestationVersion
AttestationSecurityLevel SecurityLevel
KeymasterVersion KeymasterVersion
KeymasterSecurityLevel SecurityLevel
AttestationChallenge []byte
UniqueId []byte
SoftwareEnforced AuthorizationList
TeeEnforced AuthorizationList
}
// AttestationVersion is the version of attestation schema.
type AttestationVersion uint
// String returns the string representation.
func (v AttestationVersion) String() string {
switch v {
case KAKeymasterVersion2:
return "Keymaster version 2.0"
case KAKeymasterVersion3:
return "Keymaster version 3.0"
case KAKeymasterVersion4:
return "Keymaster version 4.0"
case KAKeymasterVersion41:
return "Keymaster version 4.1"
case KAKeyMintVersion1:
return "KeyMint version 1.0"
case KAKeyMintVersion2:
return "KeyMint version 2.0"
case KAKeyMintVersion3:
return "KeyMint version 3.0"
default:
return ""
}
}
const (
KAKeymasterVersion2 AttestationVersion = iota + 1 // Keymaster version 2.0
KAKeymasterVersion3 // Keymaster version 3.0
KAKeymasterVersion4 // Keymaster version 4.0
KAKeymasterVersion41 // Keymaster version 4.1
KAKeyMintVersion1 = 100 // KeyMint version 1.0
KAKeyMintVersion2 = 200 // KeyMint version 2.0
KAKeyMintVersion3 = 300 // KeyMint version 3.0
)
// KeymasterVersion is the version of the Keymaster or KeyMint hardware abstraction layer.
type KeymasterVersion uint
// String returns the string representation.
func (v KeymasterVersion) String() string {
switch v {
case KeymasterVersion0:
return "Keymaster version 0"
case KeymasterVersion1:
return "Keymaster version 1"
case KeymasterVersion2:
return "Keymaster version 2"
case KeymasterVersion3:
return "Keymaster version 3"
case KeymasterVersion4:
return "Keymaster version 4"
case KeymasterVersion41:
return "Keymaster version 4.1"
case KeyMintVersion1:
return "KeyMint version 1.0"
case KeyMintVersion2:
return "KeyMint version 2.0"
case KeyMintVersion3:
return "KeyMint version 3.0"
default:
return ""
}
}
const (
KeymasterVersion0 KeymasterVersion = iota // Keymaster version 0.2 or 0.3
KeymasterVersion1 // Keymaster version 1.0
KeymasterVersion2 // Keymaster version 2.0
KeymasterVersion3 // Keymaster version 3.0
KeymasterVersion4 // Keymaster version 4.0
KeymasterVersion41 = 41 // Keymaster version 4.1
KeyMintVersion1 = 100 // KeyMint version 1.0
KeyMintVersion2 = 200 // KeyMint version 2.0
KeyMintVersion3 = 300 // KeyMint version 3.0
)
// SecurityLevel reflects the ASN.1 data structure for SecurityLevel.
//
// This data structure indicates the extent to which a software feature, such as a key pair, is
// protected based on its location within the device.
//
// SecurityLevel ::= ENUMERATED {
// Software (0),
// TrustedEnvironment (1),
// StrongBox (2),
// }
type SecurityLevel uint
// String returns the string representation.
func (l SecurityLevel) String() string {
return [...]string{
"Software",
"TrustedEnvironment",
"StrongBox",
}[l]
}
// The security level of the attestation.
const (
Software SecurityLevel = iota
TrustedEnvironment
StrongBox
)
// authorizationList reflects the ASN.1 data structure for AuthorizationList.
//
// AuthorizationList ::= SEQUENCE {
// purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
// algorithm [2] EXPLICIT INTEGER OPTIONAL,
// keySize [3] EXPLICIT INTEGER OPTIONAL.
// digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
// padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
// ecCurve [10] EXPLICIT INTEGER OPTIONAL,
// rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
// rollbackResistance [303] EXPLICIT NULL OPTIONAL, # KM4
// activeDateTime [400] EXPLICIT INTEGER OPTIONAL
// originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL
// usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL
// noAuthRequired [503] EXPLICIT NULL OPTIONAL,
// userAuthType [504] EXPLICIT INTEGER OPTIONAL,
// authTimeout [505] EXPLICIT INTEGER OPTIONAL,
// allowWhileOnBody [506] EXPLICIT NULL OPTIONAL,
// trustedUserPresenceRequired [507] EXPLICIT NULL OPTIONAL, # KM4
// trustedConfirmationRequired [508] EXPLICIT NULL OPTIONAL, # KM4
// unlockedDeviceRequired [509] EXPLICIT NULL OPTIONAL, # KM4
// allApplications [600] EXPLICIT NULL OPTIONAL,
// applicationId [601] EXPLICIT OCTET_STRING OPTIONAL,
// creationDateTime [701] EXPLICIT INTEGER OPTIONAL,
// origin [702] EXPLICIT INTEGER OPTIONAL,
// rollbackResistant [703] EXPLICIT NULL OPTIONAL, # KM2 and KM3 only.
// rootOfTrust [704] EXPLICIT RootOfTrust OPTIONAL,
// osVersion [705] EXPLICIT INTEGER OPTIONAL,
// osPatchLevel [706] EXPLICIT INTEGER OPTIONAL,
// attestationApplicationId [709] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdBrand [710] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdDevice [711] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdProduct [712] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdSerial [713] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdImei [714] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdMeid [715] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdManufacturer [716] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// attestationIdModel [717] EXPLICIT OCTET_STRING OPTIONAL, # KM3
// vendorPatchLevel [718] EXPLICIT INTEGER OPTIONAL, # KM4
// bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL, # KM4
// }
type authorizationList struct {
Raw asn1.RawContent
Purpose []int32 `asn1:"explicit,optional,omitempty,set,tag:1"` // [1] EXPLICIT SET OF INTEGER OPTIONAL,
Algorithm asn1.RawValue `asn1:"explicit,optional,tag:2"` // [2] EXPLICIT INTEGER OPTIONAL,
KeySize asn1.RawValue `asn1:"explicit,optional,tag:3"` // [3] EXPLICIT INTEGER OPTIONAL.
Digest []int `asn1:"explicit,optional,omitempty,set,tag:5"` // [5] EXPLICIT SET OF INTEGER OPTIONAL,
Padding []int `asn1:"explicit,optional,omitempty,set,tag:6"` // [6] EXPLICIT SET OF INTEGER OPTIONAL,
EcCurve asn1.RawValue `asn1:"explicit,optional,tag:10"` // [10] EXPLICIT INTEGER OPTIONAL,
RsaPublicExponent asn1.RawValue `asn1:"explicit,optional,tag:200"` // [200] EXPLICIT INTEGER OPTIONAL,
RollbackResistance asn1.RawValue `asn1:"explicit,optional,tag:303"` // [303] EXPLICIT NULL OPTIONAL, # KM4
ActiveDateTime asn1.RawValue `asn1:"explicit,optional,tag:400"` // [400] EXPLICIT INTEGER OPTIONAL
OriginationExpireDateTime asn1.RawValue `asn1:"explicit,optional,tag:401"` // [401] EXPLICIT INTEGER OPTIONAL
UsageExpireDateTime asn1.RawValue `asn1:"explicit,optional,tag:402"` // [402] EXPLICIT INTEGER OPTIONAL
NoAuthRequired asn1.RawValue `asn1:"explicit,optional,tag:503"` // [503] EXPLICIT NULL OPTIONAL,
UserAuthType asn1.RawValue `asn1:"explicit,optional,tag:504"` // [504] EXPLICIT INTEGER OPTIONAL,
AuthTimeout asn1.RawValue `asn1:"explicit,optional,tag:505"` // [505] EXPLICIT INTEGER OPTIONAL,
AllowWhileOnBody asn1.RawValue `asn1:"explicit,optional,tag:506"` // [506] EXPLICIT NULL OPTIONAL,
TrustedUserPresenceRequired asn1.RawValue `asn1:"explicit,optional,tag:507"` // [507] EXPLICIT NULL OPTIONAL, # KM4
TrustedConfirmationRequired asn1.RawValue `asn1:"explicit,optional,tag:508"` // [508] EXPLICIT NULL OPTIONAL, # KM4
UnlockedDeviceRequired asn1.RawValue `asn1:"explicit,optional,tag:509"` // [509] EXPLICIT NULL OPTIONAL, # KM4
AllApplications asn1.RawValue `asn1:"explicit,optional,tag:600"` // [600] EXPLICIT NULL OPTIONAL,
ApplicationId []byte `asn1:"explicit,optional,omitempty,tag:601"` // [601] EXPLICIT OCTET_STRING OPTIONAL,
CreationDateTime asn1.RawValue `asn1:"explicit,optional,tag:701"` // [701] EXPLICIT INTEGER OPTIONAL,
Origin asn1.RawValue `asn1:"explicit,optional,tag:702"` // [702] EXPLICIT INTEGER OPTIONAL,
RollbackResistant asn1.RawValue `asn1:"explicit,optional,tag:703"` // [703] EXPLICIT NULL OPTIONAL, # KM2 and KM3 only.
RootOfTrust asn1.RawValue `asn1:"explicit,optional,tag:704"` // [704] EXPLICIT RootOfTrust OPTIONAL,
OsVersion asn1.RawValue `asn1:"explicit,optional,tag:705"` // [705] EXPLICIT INTEGER OPTIONAL,
OsPatchLevel asn1.RawValue `asn1:"explicit,optional,tag:706"` // [706] EXPLICIT INTEGER OPTIONAL,
AttestationApplicationId asn1.RawContent `asn1:"explicit,optional,tag:709"` // [709] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdBrand []byte `asn1:"explicit,optional,omitempty,tag:710"` // [710] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdDevice []byte `asn1:"explicit,optional,omitempty,tag:711"` // [711] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdProduct []byte `asn1:"explicit,optional,omitempty,tag:712"` // [712] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdSerial []byte `asn1:"explicit,optional,omitempty,tag:713"` // [713] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdImei []byte `asn1:"explicit,optional,omitempty,tag:714"` // [714] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdMeid []byte `asn1:"explicit,optional,omitempty,tag:715"` // [715] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdManufacturer []byte `asn1:"explicit,optional,omitempty,tag:716"` // [716] EXPLICIT OCTET_STRING OPTIONAL, # KM3
AttestationIdModel []byte `asn1:"explicit,optional,omitempty,tag:717"` // [717] EXPLICIT OCTET_STRING OPTIONAL, # KM3
VendorPatchLevel asn1.RawValue `asn1:"explicit,optional,tag:718"` // [718] EXPLICIT INTEGER OPTIONAL, # KM4
BootPatchLevel asn1.RawValue `asn1:"explicit,optional,tag:719"` // [719] EXPLICIT INTEGER OPTIONAL, # KM4
}
// AuthorizationList reflects the key pair's properties as defined in the Keymaster or KeyMint
// hardware abstraction layer.
type AuthorizationList struct {
Raw []byte
Purpose []KeyPurpose
Algorithm *Algorithm
KeySize *int
Digest []Digest
Padding []PaddingMode
EcCurve *EcCurve
RsaPublicExponent *int64
RollbackResistance bool
ActiveDateTime *int64
OriginationExpireDateTime *int
UsageExpireDateTime *int64
NoAuthRequired bool
UserAuthType *HardwareAuthenticatorType
AuthTimeout *int32
AllowWhileOnBody bool
TrustedUserPresenceRequired bool
TrustedConfirmationRequired bool
UnlockedDeviceRequired bool
AllApplications bool
ApplicationId []byte
CreationDateTime *int
Origin *KeyOrigin
RollbackResistant bool
RootOfTrust *RootOfTrust
OsVersion *int
OsPatchLevel *int
AttestationApplicationId *AttestationApplicationId
AttestationIdBrand []byte
AttestationIdDevice []byte
AttestationIdProduct []byte
AttestationIdSerial []byte
AttestationIdImei []byte
AttestationIdMeid []byte
AttestationIdManufacturer []byte
AttestationIdModel []byte
VendorPatchLevel *int
BootPatchLevel *int
}
// RootOfTrust reflects the ASN.1 data structure for RootOfTrust.
//
// RootOfTrust ::= SEQUENCE {
// verifiedBootKey OCTET_STRING,
// deviceLocked BOOLEAN,
// verifiedBootState VerifiedBootState,
// verifiedBootHash OCTET_STRING, # KM4
// }
type rootOfTrust struct {
Raw asn1.RawContent
VerifiedBootKey []byte
DeviceLocked bool
VerifiedBootState asn1.Enumerated
VerifiedBootHash []byte `asn1:"optional,omitempty"`
}
// RootOfTrust reflects information on Android secure boot.
type RootOfTrust struct {
Raw []byte
VerifiedBootKey []byte
DeviceLocked bool
VerifiedBootState VerifiedBootState
VerifiedBootHash []byte
}
// VerifiedBootState reflects the ASN.1 data structure for VerifiedBootState.
//
// VerifiedBootState ::= ENUMERATED {
// Verified (0),
// SelfSigned (1),
// Unverified (2),
// Failed (3),
// }
type VerifiedBootState uint
// String returns the string representation.
func (s VerifiedBootState) String() string {
return [...]string{
"Verified",
"SelfSigned",
"Unverified",
"Failed",
}[s]
}
// VerifiedBootState is the state of verified boot.
const (
Verified = iota // Indicates a full chain of trust, which includes the bootloader, the boot partition, and all verified partitions.
SelfSigned // Indicates that the device-embedded certificate has verified the device's boot partition and that the signature is valid.
Unverified // Indicates that the user can modify the device freely. Therefore, the user is responsible for verifying the device's integrity.
Failed // Indicates that the device has failed verification. The attestation certificate should never use this value for VerifiedBootState.
)
// attestationApplicationId reflects the ASN.1 data structure for AttestationApplicationId.
//
// AttestationApplicationId ::= SEQUENCE {
// package_infos SET OF AttestationPackageInfo,
// signature_digests SET OF OCTET_STRING,
// }
type attestationApplicationId struct {
Raw asn1.RawContent
PackageInfos []attestationPackageInfo `asn1:"set"`
SignatureDigests [][]byte `asn1:"set"`
}
// attestationPackageInfo reflects the ASN.1 data structure for AttestationPackageInfo.
//
// AttestationPackageInfo ::= SEQUENCE {
// package_name OCTET_STRING,
// version INTEGER,
// }
type attestationPackageInfo struct {
PackageName []byte
Version int
}
// AttestationApplicationId reflects the Android platform's belief as to which apps are allowed to
// use the secret key material under attestation. The ID can comprise multiple packages if and only
// if multiple packages share the same UID.
type AttestationApplicationId struct {
PackageInfos []*AttestationPackageInfo
SignatureDigests [][]byte
}
// AttestationPackageInfo reflects a package's name and version number.
type AttestationPackageInfo struct {
PackageName string
Version int
}