Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / abaf4d88d8ef3061de05da7034fc28b2ba880e71^! / .
commitabaf4d88d8ef3061de05da7034fc28b2ba880e71[log] [tgz]
authorEran Messeri <eranm@google.com>Thu Dec 28 21:19:50 2017 +0000
committerEran Messeri <eranm@google.com>Thu Dec 28 22:14:52 2017 +0000
tree2f63fb722e4499042119e75ad0eea642657368bf
parentcb9267dc53cb715c09ef276562dbe88b0d999a8d [diff]
Fix version code handling in attestation records

The version code is one of the fields included in the attestationApplicationId field
of the attestation record (tag 709).
It was converted to a 64-bit integer (returned by getLongVersionCode) in
Change-ID Ibfffe235bbfcf358b3741abd3f7197fdb063d3f3.

This broke the KeyAttestation test as the Signature array size (the 4 bytes
read after the 4 bytes that used to be the int32 indicating version code)
gets incorrectly read as zero, causing the omission of any signature info
in the attestation record produced.

This fixes the broken functionality by changing the field type in the native
code to int64_t, and the integer value in the attestation record to match.

Bug: 71021326
Test: runtest  --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Change-Id: I5fe53eb75b544f307c0f419029735ca22fe2b595

diff --git a/keystore/KeyAttestationPackageInfo.cpp b/keystore/KeyAttestationPackageInfo.cpp
index 8092828..75fbb7a 100644
--- a/keystore/KeyAttestationPackageInfo.cpp
+++ b/keystore/KeyAttestationPackageInfo.cpp

@@ -25,17 +25,15 @@
 
 KeyAttestationPackageInfo::KeyAttestationPackageInfo() = default;
 
-KeyAttestationPackageInfo::KeyAttestationPackageInfo(
-        const String16& packageName, int32_t versionCode,
-        SharedSignaturesVector signatures) :
-    packageName_(new String16(packageName)), versionCode_(versionCode),
-    signatures_(signatures) {
-}
+KeyAttestationPackageInfo::KeyAttestationPackageInfo(const String16& packageName,
+                                                     int64_t versionCode,
+                                                     SharedSignaturesVector signatures)
+    : packageName_(new String16(packageName)), versionCode_(versionCode), signatures_(signatures) {}
 
 status_t KeyAttestationPackageInfo::writeToParcel(Parcel* parcel) const {
     auto rc = parcel->writeString16(packageName_);
     if (rc != NO_ERROR) return rc;
-    rc = parcel->writeInt32(versionCode_);
+    rc = parcel->writeInt64(versionCode_);
     if (rc != NO_ERROR) return rc;
     return parcel->writeParcelableVector(signatures_);
 }
@@ -43,7 +41,7 @@
 status_t KeyAttestationPackageInfo::readFromParcel(const Parcel* parcel) {
     auto rc = parcel->readString16(&packageName_);
     if (rc != NO_ERROR) return rc;
-    rc = parcel->readInt32(&versionCode_);
+    rc = parcel->readInt64(&versionCode_);
     if (rc != NO_ERROR) return rc;
 
     std::unique_ptr<SignaturesVector> temp_vector;

diff --git a/keystore/include/keystore/KeyAttestationPackageInfo.h b/keystore/include/keystore/KeyAttestationPackageInfo.h
index efc33a6..92d4863 100644
--- a/keystore/include/keystore/KeyAttestationPackageInfo.h
+++ b/keystore/include/keystore/KeyAttestationPackageInfo.h

@@ -37,22 +37,22 @@
         SignaturesVector;
     typedef std::shared_ptr<SignaturesVector> SharedSignaturesVector;
 
-    KeyAttestationPackageInfo(
-        const String16& packageName, int32_t versionCode, SharedSignaturesVector signatures);
+    KeyAttestationPackageInfo(const String16& packageName, int64_t versionCode,
+                              SharedSignaturesVector signatures);
     KeyAttestationPackageInfo();
 
     status_t writeToParcel(Parcel*) const override;
     status_t readFromParcel(const Parcel* parcel) override;
 
     const std::unique_ptr<String16>& package_name() const { return packageName_; }
-    int32_t version_code() const { return versionCode_; }
+    int64_t version_code() const { return versionCode_; }
 
     ConstSignatureIterator sigs_begin() const { return ConstSignatureIterator(signatures_); }
     ConstSignatureIterator sigs_end() const { return ConstSignatureIterator(); }
 
   private:
     std::unique_ptr<String16> packageName_;
-    int32_t versionCode_;
+    int64_t versionCode_;
     SharedSignaturesVector signatures_;
 };
 

diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 7f9c38d..3d34ac5 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp

@@ -37,6 +37,7 @@
 #include <private/android_filesystem_config.h> /* for AID_SYSTEM */
 
 #include <openssl/asn1t.h>
+#include <openssl/bn.h>
 #include <openssl/sha.h>
 
 #include <utils/String8.h>
@@ -148,10 +149,20 @@
         return UNKNOWN_ERROR;
     }
 
-    if (!ASN1_INTEGER_set(attestation_package_info->version, pinfo.version_code())) {
+    BIGNUM* bn_version = BN_new();
+    if (bn_version == nullptr) {
+        return NO_MEMORY;
+    }
+    if (BN_set_u64(bn_version, static_cast<uint64_t>(pinfo.version_code())) != 1) {
+        BN_free(bn_version);
         return UNKNOWN_ERROR;
     }
-    return NO_ERROR;
+    status_t retval = NO_ERROR;
+    if (BN_to_ASN1_INTEGER(bn_version, attestation_package_info->version) == nullptr) {
+        retval = UNKNOWN_ERROR;
+    }
+    BN_free(bn_version);
+    return retval;
 }
 
 StatusOr<std::vector<uint8_t>>