diff options
author | Shawn Willden <swillden@google.com> | 2016-04-25 08:56:27 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2016-04-29 23:19:56 +0000 |
commit | df1adeba7fdff6ae1556f647efb155c71918fa76 (patch) | |
tree | aa061f2c11b1a84366958cac3334c24d41466066 | |
parent | 637dd8429285bfdc0b89622476ea94d782b1eb14 (diff) | |
download | android_system_keymaster-df1adeba7fdff6ae1556f647efb155c71918fa76.tar.gz android_system_keymaster-df1adeba7fdff6ae1556f647efb155c71918fa76.tar.bz2 android_system_keymaster-df1adeba7fdff6ae1556f647efb155c71918fa76.zip |
Reject too-large key attestation challenges.
Attestation certificates include an app-provided challenge value, which
is defined in the documentation as an arbitrary byte array between 0 and
128 bytes in length, inclusive. SoftKeymaster does not restrict the
length of challenge values during key attestation, and it should.
Bug: 28369352
Change-Id: Ibf16fb93f3bc82783bcc7736eb6de789be70d7a8
-rw-r--r-- | soft_keymaster_device.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/soft_keymaster_device.cpp b/soft_keymaster_device.cpp index d6c9e6b..eddbc5d 100644 --- a/soft_keymaster_device.cpp +++ b/soft_keymaster_device.cpp @@ -73,6 +73,7 @@ struct keystore_module soft_keymaster2_device_module = { namespace keymaster { +const size_t kMaximumAttestationChallengeLength = 128; const size_t kOperationTableSize = 16; template <typename T> std::vector<T> make_vector(const T* array, size_t len) { @@ -1060,6 +1061,14 @@ keymaster_error_t SoftKeymasterDevice::attest_key(const keymaster2_device_t* dev request.SetKeyMaterial(*key_to_attest); request.attest_params.Reinitialize(*attest_params); + keymaster_blob_t attestation_challenge = {}; + request.attest_params.GetTagValue(TAG_ATTESTATION_CHALLENGE, &attestation_challenge); + if (attestation_challenge.data_length > kMaximumAttestationChallengeLength) { + LOG_E("%d-byte attestation challenge; only %d bytes allowed", + attestation_challenge.data_length, kMaximumAttestationChallengeLength); + return KM_ERROR_INVALID_INPUT_LENGTH; + } + AttestKeyResponse response; convert_device(dev)->impl_->AttestKey(request, &response); if (response.error != KM_ERROR_OK) |