1 /*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "EicCbor.h"
18
eicCborInit(EicCbor * cbor,uint8_t * buffer,size_t bufferSize)19 void eicCborInit(EicCbor* cbor, uint8_t* buffer, size_t bufferSize) {
20 eicMemSet(cbor, '\0', sizeof(EicCbor));
21 cbor->size = 0;
22 cbor->bufferSize = bufferSize;
23 cbor->buffer = buffer;
24 cbor->digestType = EIC_CBOR_DIGEST_TYPE_SHA256;
25 eicOpsSha256Init(&cbor->digester.sha256);
26 }
27
eicCborInitHmacSha256(EicCbor * cbor,uint8_t * buffer,size_t bufferSize,const uint8_t * hmacKey,size_t hmacKeySize)28 void eicCborInitHmacSha256(EicCbor* cbor, uint8_t* buffer, size_t bufferSize,
29 const uint8_t* hmacKey, size_t hmacKeySize) {
30 eicMemSet(cbor, '\0', sizeof(EicCbor));
31 cbor->size = 0;
32 cbor->bufferSize = bufferSize;
33 cbor->buffer = buffer;
34 cbor->digestType = EIC_CBOR_DIGEST_TYPE_HMAC_SHA256;
35 eicOpsHmacSha256Init(&cbor->digester.hmacSha256, hmacKey, hmacKeySize);
36 }
37
eicCborEnableSecondaryDigesterSha256(EicCbor * cbor,EicSha256Ctx * sha256)38 void eicCborEnableSecondaryDigesterSha256(EicCbor* cbor, EicSha256Ctx* sha256) {
39 cbor->secondaryDigesterSha256 = sha256;
40 }
41
eicCborFinal(EicCbor * cbor,uint8_t digest[EIC_SHA256_DIGEST_SIZE])42 void eicCborFinal(EicCbor* cbor, uint8_t digest[EIC_SHA256_DIGEST_SIZE]) {
43 switch (cbor->digestType) {
44 case EIC_CBOR_DIGEST_TYPE_SHA256:
45 eicOpsSha256Final(&cbor->digester.sha256, digest);
46 break;
47 case EIC_CBOR_DIGEST_TYPE_HMAC_SHA256:
48 eicOpsHmacSha256Final(&cbor->digester.hmacSha256, digest);
49 break;
50 }
51 }
52
eicCborAppend(EicCbor * cbor,const uint8_t * data,size_t size)53 void eicCborAppend(EicCbor* cbor, const uint8_t* data, size_t size) {
54 switch (cbor->digestType) {
55 case EIC_CBOR_DIGEST_TYPE_SHA256:
56 eicOpsSha256Update(&cbor->digester.sha256, data, size);
57 break;
58 case EIC_CBOR_DIGEST_TYPE_HMAC_SHA256:
59 eicOpsHmacSha256Update(&cbor->digester.hmacSha256, data, size);
60 break;
61 }
62 if (cbor->secondaryDigesterSha256 != NULL) {
63 eicOpsSha256Update(cbor->secondaryDigesterSha256, data, size);
64 }
65
66 if (cbor->size >= cbor->bufferSize) {
67 cbor->size += size;
68 return;
69 }
70
71 size_t numBytesLeft = cbor->bufferSize - cbor->size;
72 size_t numBytesToCopy = size;
73 if (numBytesToCopy > numBytesLeft) {
74 numBytesToCopy = numBytesLeft;
75 }
76 eicMemCpy(cbor->buffer + cbor->size, data, numBytesToCopy);
77
78 cbor->size += size;
79 }
80
eicCborAdditionalLengthBytesFor(size_t size)81 size_t eicCborAdditionalLengthBytesFor(size_t size) {
82 if (size < 24) {
83 return 0;
84 } else if (size <= 0xff) {
85 return 1;
86 } else if (size <= 0xffff) {
87 return 2;
88 } else if (size <= 0xffffffff) {
89 return 4;
90 }
91 return 8;
92 }
93
eicCborBegin(EicCbor * cbor,int majorType,uint64_t size)94 void eicCborBegin(EicCbor* cbor, int majorType, uint64_t size) {
95 uint8_t data[9];
96
97 if (size < 24) {
98 data[0] = (majorType << 5) | size;
99 eicCborAppend(cbor, data, 1);
100 } else if (size <= 0xff) {
101 data[0] = (majorType << 5) | 24;
102 data[1] = size;
103 eicCborAppend(cbor, data, 2);
104 } else if (size <= 0xffff) {
105 data[0] = (majorType << 5) | 25;
106 data[1] = size >> 8;
107 data[2] = size & 0xff;
108 eicCborAppend(cbor, data, 3);
109 } else if (size <= 0xffffffff) {
110 data[0] = (majorType << 5) | 26;
111 data[1] = (size >> 24) & 0xff;
112 data[2] = (size >> 16) & 0xff;
113 data[3] = (size >> 8) & 0xff;
114 data[4] = size & 0xff;
115 eicCborAppend(cbor, data, 5);
116 } else {
117 data[0] = (majorType << 5) | 27;
118 data[1] = (((uint64_t)size) >> 56) & 0xff;
119 data[2] = (((uint64_t)size) >> 48) & 0xff;
120 data[3] = (((uint64_t)size) >> 40) & 0xff;
121 data[4] = (((uint64_t)size) >> 32) & 0xff;
122 data[5] = (((uint64_t)size) >> 24) & 0xff;
123 data[6] = (((uint64_t)size) >> 16) & 0xff;
124 data[7] = (((uint64_t)size) >> 8) & 0xff;
125 data[8] = ((uint64_t)size) & 0xff;
126 eicCborAppend(cbor, data, 9);
127 }
128 }
129
eicCborAppendByteString(EicCbor * cbor,const uint8_t * data,size_t dataSize)130 void eicCborAppendByteString(EicCbor* cbor, const uint8_t* data,
131 size_t dataSize) {
132 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_BYTE_STRING, dataSize);
133 eicCborAppend(cbor, data, dataSize);
134 }
135
eicCborAppendString(EicCbor * cbor,const char * str,size_t strLength)136 void eicCborAppendString(EicCbor* cbor, const char* str, size_t strLength) {
137 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_STRING, strLength);
138 eicCborAppend(cbor, (const uint8_t*)str, strLength);
139 }
140
eicCborAppendStringZ(EicCbor * cbor,const char * str)141 void eicCborAppendStringZ(EicCbor* cbor, const char* str) {
142 eicCborAppendString(cbor, str, eicStrLen(str));
143 }
144
eicCborAppendSimple(EicCbor * cbor,uint8_t simpleValue)145 void eicCborAppendSimple(EicCbor* cbor, uint8_t simpleValue) {
146 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_SIMPLE, simpleValue);
147 }
148
eicCborAppendBool(EicCbor * cbor,bool value)149 void eicCborAppendBool(EicCbor* cbor, bool value) {
150 uint8_t simpleValue =
151 value ? EIC_CBOR_SIMPLE_VALUE_TRUE : EIC_CBOR_SIMPLE_VALUE_FALSE;
152 eicCborAppendSimple(cbor, simpleValue);
153 }
154
eicCborAppendSemantic(EicCbor * cbor,uint64_t value)155 void eicCborAppendSemantic(EicCbor* cbor, uint64_t value) {
156 size_t encoded = value;
157 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_SEMANTIC, encoded);
158 }
159
eicCborAppendUnsigned(EicCbor * cbor,uint64_t value)160 void eicCborAppendUnsigned(EicCbor* cbor, uint64_t value) {
161 uint64_t encoded = value;
162 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_UNSIGNED, encoded);
163 }
164
eicCborAppendNumber(EicCbor * cbor,int64_t value)165 void eicCborAppendNumber(EicCbor* cbor, int64_t value) {
166 if (value < 0) {
167 uint64_t encoded = -1 - value;
168 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_NEGATIVE, encoded);
169 } else {
170 eicCborAppendUnsigned(cbor, value);
171 }
172 }
173
eicCborAppendArray(EicCbor * cbor,size_t numElements)174 void eicCborAppendArray(EicCbor* cbor, size_t numElements) {
175 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_ARRAY, numElements);
176 }
177
eicCborAppendMap(EicCbor * cbor,size_t numPairs)178 void eicCborAppendMap(EicCbor* cbor, size_t numPairs) {
179 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_MAP, numPairs);
180 }
181
eicCborCalcAccessControl(EicCbor * cborBuilder,int id,const uint8_t * readerCertificate,size_t readerCertificateSize,bool userAuthenticationRequired,uint64_t timeoutMillis,uint64_t secureUserId)182 bool eicCborCalcAccessControl(EicCbor* cborBuilder, int id,
183 const uint8_t* readerCertificate,
184 size_t readerCertificateSize,
185 bool userAuthenticationRequired,
186 uint64_t timeoutMillis, uint64_t secureUserId) {
187 size_t numPairs = 1;
188 if (readerCertificateSize > 0) {
189 numPairs += 1;
190 }
191 if (userAuthenticationRequired) {
192 numPairs += 2;
193 if (secureUserId > 0) {
194 numPairs += 1;
195 }
196 }
197 eicCborAppendMap(cborBuilder, numPairs);
198 eicCborAppendStringZ(cborBuilder, "id");
199 eicCborAppendUnsigned(cborBuilder, id);
200 if (readerCertificateSize > 0) {
201 eicCborAppendStringZ(cborBuilder, "readerCertificate");
202 eicCborAppendByteString(cborBuilder, readerCertificate,
203 readerCertificateSize);
204 }
205 if (userAuthenticationRequired) {
206 eicCborAppendStringZ(cborBuilder, "userAuthenticationRequired");
207 eicCborAppendBool(cborBuilder, userAuthenticationRequired);
208 eicCborAppendStringZ(cborBuilder, "timeoutMillis");
209 eicCborAppendUnsigned(cborBuilder, timeoutMillis);
210 if (secureUserId > 0) {
211 eicCborAppendStringZ(cborBuilder, "secureUserId");
212 eicCborAppendUnsigned(cborBuilder, secureUserId);
213 }
214 }
215
216 if (cborBuilder->size > cborBuilder->bufferSize) {
217 eicDebug("Buffer for ACP CBOR is too small (%zd) - need %zd bytes",
218 cborBuilder->bufferSize, cborBuilder->size);
219 return false;
220 }
221
222 return true;
223 }
224
eicCborCalcEntryAdditionalData(const uint8_t * accessControlProfileIds,size_t numAccessControlProfileIds,const char * nameSpace,size_t nameSpaceLength,const char * name,size_t nameLength,uint8_t * cborBuffer,size_t cborBufferSize,size_t * outAdditionalDataCborSize,uint8_t additionalDataSha256[EIC_SHA256_DIGEST_SIZE])225 bool eicCborCalcEntryAdditionalData(
226 const uint8_t* accessControlProfileIds, size_t numAccessControlProfileIds,
227 const char* nameSpace, size_t nameSpaceLength, const char* name,
228 size_t nameLength, uint8_t* cborBuffer, size_t cborBufferSize,
229 size_t* outAdditionalDataCborSize,
230 uint8_t additionalDataSha256[EIC_SHA256_DIGEST_SIZE]) {
231 EicCbor cborBuilder;
232
233 eicCborInit(&cborBuilder, cborBuffer, cborBufferSize);
234 eicCborAppendMap(&cborBuilder, 3);
235 eicCborAppendStringZ(&cborBuilder, "Namespace");
236 eicCborAppendString(&cborBuilder, nameSpace, nameSpaceLength);
237 eicCborAppendStringZ(&cborBuilder, "Name");
238 eicCborAppendString(&cborBuilder, name, nameLength);
239 eicCborAppendStringZ(&cborBuilder, "AccessControlProfileIds");
240 eicCborAppendArray(&cborBuilder, numAccessControlProfileIds);
241 for (size_t n = 0; n < numAccessControlProfileIds; n++) {
242 eicCborAppendNumber(&cborBuilder, accessControlProfileIds[n]);
243 }
244 if (cborBuilder.size > cborBufferSize) {
245 eicDebug(
246 "Not enough space for additionalData - buffer is only %zd bytes, "
247 "content is %zd",
248 cborBufferSize, cborBuilder.size);
249 return false;
250 }
251 if (outAdditionalDataCborSize != NULL) {
252 *outAdditionalDataCborSize = cborBuilder.size;
253 }
254 eicCborFinal(&cborBuilder, additionalDataSha256);
255 return true;
256 }
257