Length validations

Author: subrahmanyaman

Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java

@@ -20,4 +20,5 @@ public class KMConfigurations {
   public static final byte LITTLE_ENDIAN = 0x00;
   public static final byte BIG_ENDIAN = 0x01;
   public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
+  public static  final byte MAX_ATTESTATION_IDS_SIZE = 48;
 }

…d/javacard/keymaster/KMPKCS8Decoder.java …oid/javacard/keymaster/KMAsn1Parser.javaApplet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java renamed to Applet/src/com/android/javacard/keymaster/KMAsn1Parser.java Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java renamed to Applet/src/com/android/javacard/keymaster/KMAsn1Parser.java

@@ -3,13 +3,16 @@
 import com.android.javacard.seprovider.KMException;
 import javacard.framework.Util;
 
-public class KMPKCS8Decoder {
+public class KMAsn1Parser {
   public static final byte ASN1_OCTET_STRING= 0x04;
   public static final byte ASN1_SEQUENCE= 0x30;
+  public static final byte ASN1_SET= 0x31;
   public static final byte ASN1_INTEGER= 0x02;
+  public static final byte OBJECT_IDENTIFIER = 0x06;
   public static final byte ASN1_A0_TAG = (byte) 0xA0;
   public static final byte ASN1_A1_TAG = (byte) 0xA1;
   public static final byte ASN1_BIT_STRING = 0x03;
+  public static final byte ASN1_UTF8_STRING = 0x0C;
   public static final byte[] EC_CURVE = {
       0x06,0x08,0x2a,(byte)0x86,0x48,(byte)0xce,0x3d,0x03,
       0x01,0x07
@@ -23,12 +26,15 @@ public class KMPKCS8Decoder {
       0x3d,0x02,0x01,0x06,0x08,0x2a,(byte)0x86,0x48,
       (byte)0xce,0x3d,0x03,0x01,0x07
   };
+  public static final byte[] COMMON_NAME_OID = {
+      0x55, 0x04, 0x03  
+  };
   private byte[] data;
   private short start;
   private short length;
   private short cur;
-  private static KMPKCS8Decoder inst;
-  private KMPKCS8Decoder(){
+  private static KMAsn1Parser inst;
+  private KMAsn1Parser(){
     start = 0;
     length =  0;
     cur = 0;
@@ -45,6 +51,15 @@ public short decodeEc(short blob){
     decodeCommon((short)0, EC_ALGORITHM);
     return decodeEcPrivateKey((short)1);
   }
+  
+  public short decodeSubject(short blob) {
+    init(blob);
+    header(ASN1_SEQUENCE);
+    header(ASN1_SET);
+    header(ASN1_SEQUENCE);
+    objectIdentifier(COMMON_NAME_OID);
+    return header(ASN1_UTF8_STRING);
+  }
 
   public short decodeEcSubjectPublicKeyInfo(short blob) {
     init(blob);
@@ -183,6 +198,17 @@ private void validateTag0IfPresent(){
     if(Util.arrayCompare(data, cur, EC_CURVE, (short)0, len) != 0) KMException.throwIt(KMError.UNKNOWN_ERROR);
     incrementCursor(len);
   }
+  
+  private short objectIdentifier(byte[] oid) {
+     short length = header(OBJECT_IDENTIFIER);
+     if (length != oid.length) {
+       KMException.throwIt(KMError.UNKNOWN_ERROR);
+     }
+     if(Util.arrayCompare(data, cur, oid, (short)0, length) != 0) KMException.throwIt(KMError.UNKNOWN_ERROR);
+     incrementCursor(length);
+     return length;
+  }
+
   private short header(short tag){
     short t = getByte();
     if(t != tag) KMException.throwIt(KMError.UNKNOWN_ERROR);
@@ -222,9 +248,9 @@ private short getLength(){
     else KMException.throwIt(KMError.UNKNOWN_ERROR);
     return KMType.INVALID_VALUE; //should not come here
   }
-  public static KMPKCS8Decoder instance() {
+  public static KMAsn1Parser instance() {
     if (inst == null) {
-      inst = new KMPKCS8Decoder();
+      inst = new KMAsn1Parser();
     }
     return inst;
   }

Applet/src/com/android/javacard/keymaster/KMByteTag.java

@@ -95,26 +95,23 @@ public short length() {
     return KMByteBlob.cast(blobPtr).length();
   }
 
+  // TODO Review this function
   private static boolean validateKey(short key, short byteBlob) {
     short valueLen = KMByteBlob.cast(byteBlob).length();
     switch (key) {
-      case ROOT_OF_TRUST:
-      case UNIQUE_ID:
       case ATTESTATION_APPLICATION_ID:
-      case ATTESTATION_ID_BRAND:
-      case ATTESTATION_ID_DEVICE:
-      case ATTESTATION_ID_PRODUCT:
-      case ATTESTATION_ID_SERIAL:
-      case ATTESTATION_ID_IMEI:
-      case ATTESTATION_ID_MEID:
-      case ATTESTATION_ID_MANUFACTURER:
-      case ATTESTATION_ID_MODEL:
-      case ASSOCIATED_DATA:
-      case NONCE:
-      case CONFIRMATION_TOKEN:
-      case VERIFIED_BOOT_KEY:
-      case VERIFIED_BOOT_HASH:
+        if (valueLen > MAX_ATTESTATION_APP_ID_SIZE) {
+          return false;
+        }
+        break;
       case CERTIFICATE_SUBJECT_NAME:
+      {
+        KMAsn1Parser asn1Decoder = KMAsn1Parser.instance();
+        short length = asn1Decoder.decodeSubject(byteBlob);
+        if (length > MAX_SUBJECT_CN_LEN) {
+          return false;
+        }
+      }
         break;
       case APPLICATION_ID:
       case APPLICATION_DATA:
@@ -127,6 +124,25 @@ private static boolean validateKey(short key, short byteBlob) {
           return false;
         }
         break;
+      case ATTESTATION_ID_BRAND:
+      case ATTESTATION_ID_DEVICE:
+      case ATTESTATION_ID_PRODUCT:
+      case ATTESTATION_ID_SERIAL:
+      case ATTESTATION_ID_IMEI:
+      case ATTESTATION_ID_MEID:
+      case ATTESTATION_ID_MANUFACTURER:
+      case ATTESTATION_ID_MODEL:
+        if (valueLen > KMConfigurations.MAX_ATTESTATION_IDS_SIZE) {
+          return false;
+        }
+        break;
+      case ROOT_OF_TRUST: // TODO : Not adding it as ByteTag in HiddenParamters.
+      //case UNIQUE_ID: This tag never used in keyParamters.
+      case NONCE: // Validation of nonce happends in begin operation.
+      // Below two tags are obsolete in keymint.
+      //case ASSOCIATED_DATA: 
+      //case CONFIRMATION_TOKEN:
+        break;
       default:
         return false;
     }

Applet/src/com/android/javacard/keymaster/KMKeyParameters.java

@@ -403,11 +403,17 @@ public static short makeHidden(short keyParamsPtr, short rootOfTrustBlob, byte[]
     short appId = KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_ID, keyParamsPtr);
     if (appId != KMTag.INVALID_VALUE) {
       appId = KMByteTag.cast(appId).getValue();
+      if (KMByteBlob.cast(appId).length() == 0) {
+        appId = KMTag.INVALID_VALUE;
+      }
     }
     short appData =
         KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_DATA, keyParamsPtr);
     if (appData != KMTag.INVALID_VALUE) {
       appData = KMByteTag.cast(appData).getValue();
+      if (KMByteBlob.cast(appData).length() == 0) {
+        appData = KMTag.INVALID_VALUE;
+      }
     }
     return makeHidden(appId, appData, rootOfTrustBlob, scratchPad);
   }

Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java

@@ -1381,6 +1381,11 @@ private KMAttestationCert makeAttestationCert(short attKeyBlob, short attKeyPara
     if (!KMEnumArrayTag.cast(attKeyPurpose).contains(KMType.ATTEST_KEY)) {
       KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE);
     }
+    KMAsn1Parser asn1Decoder = KMAsn1Parser.instance();
+    short length = asn1Decoder.decodeSubject(issuer);
+    if (length > KMType.MAX_SUBJECT_CN_LEN) {
+      KMException.throwIt(KMError.INVALID_ISSUER_SUBJECT_NAME);
+    }
     // If issuer is not present then it is an error
     if (KMByteBlob.cast(issuer).length() <= 0) {
       KMException.throwIt(KMError.MISSING_ISSUER_SUBJECT_NAME);
@@ -1719,7 +1724,7 @@ private void finishAesDesOperation(KMOperationState op){
 
   private void finishKeyAgreementOperation(KMOperationState op, byte[] scratchPad) {
     try {
-      KMPKCS8Decoder pkcs8 = KMPKCS8Decoder.instance();
+      KMAsn1Parser pkcs8 = KMAsn1Parser.instance();
       short blob = pkcs8.decodeEcSubjectPublicKeyInfo(data[INPUT_DATA]);
       short len = op.getOperation().finish(
           KMByteBlob.cast(blob).getBuffer(),
@@ -3061,7 +3066,7 @@ private void importKey(APDU apdu, short keyFmt, byte[] scratchPad) {
 
   private void importECKeys(byte[] scratchPad) {
     // Decode key material
-    KMPKCS8Decoder pkcs8 = KMPKCS8Decoder.instance();
+    KMAsn1Parser pkcs8 = KMAsn1Parser.instance();
     short keyBlob = pkcs8.decodeEc(data[IMPORTED_KEY_BLOB]);
     data[PUB_KEY] = KMArray.cast(keyBlob).get((short) 0);
     data[SECRET] = KMArray.cast(keyBlob).get((short) 1);
@@ -3253,7 +3258,7 @@ private void importAESKey(byte[] scratchPad) {
 
   private void importRSAKey(byte[] scratchPad) {
     // Decode key material
-    KMPKCS8Decoder pkcs8 = KMPKCS8Decoder.instance();
+    KMAsn1Parser pkcs8 = KMAsn1Parser.instance();
     short keyblob = pkcs8.decodeRsa(data[IMPORTED_KEY_BLOB]);
     data[PUB_KEY] = KMArray.cast(keyblob).get((short) 0);
     short pubKeyExp = KMArray.cast(keyblob).get((short)1);
@@ -4384,7 +4389,7 @@ public static short generateBcc(boolean testMode, byte[] scratchPad) {
             scratchPad,
             temp
         );
-    len = KMPKCS8Decoder.instance().
+    len = KMAsn1Parser.instance().
             decodeEcdsa256Signature(KMByteBlob.instance(scratchPad, temp, len), scratchPad, temp);
     coseSignStructure = KMByteBlob.instance(scratchPad, temp, len);
 

Applet/src/com/android/javacard/keymaster/KMType.java

@@ -145,12 +145,6 @@ public abstract class KMType {
   public static final byte UNVERIFIED_BOOT = 0x02;
   public static final byte FAILED_BOOT = 0x03;
 
-  // Verified Boot Key
-  public static final short VERIFIED_BOOT_KEY = (short) 0xF004;
-
-  // Verified Boot Hash
-  public static final short VERIFIED_BOOT_HASH = (short) 0xF005;
-
   // Device Locked
   public static final short DEVICE_LOCKED = (short) 0xF006;
   public static final byte DEVICE_LOCKED_TRUE = 0x01;
@@ -364,6 +358,10 @@ public abstract class KMType {
   public static final short MAX_ATTESTATION_CHALLENGE_SIZE = 128;
   // Max certificate serial size.
   public static final short MAX_CERTIFICATE_SERIAL_SIZE = 20;
+  // Attestation Application ID
+  public static final short MAX_ATTESTATION_APP_ID_SIZE = 1024;
+  // Maximum Certificate Subject Common name length.
+  public static final short MAX_SUBJECT_CN_LEN = 64;
 
 
   protected static KMRepository repository;

Applet/src/com/android/javacard/keymaster/RemotelyProvisionedComponentDevice.java

@@ -785,7 +785,7 @@ private short createSignedMac(KMDeviceUniqueKeyPair deviceUniqueKeyPair, byte[]
             scratchPad,
             signStructure
         );
-    len = KMPKCS8Decoder.instance().
+    len = KMAsn1Parser.instance().
             decodeEcdsa256Signature(KMByteBlob.instance(scratchPad, signStructure, len), scratchPad, signStructure);
     signStructure = KMByteBlob.instance(scratchPad, signStructure, len);