Device Attestation Verifier (#9405)

* Added 2 new helper methods for the Attestation Flow: One method to extract the Authority Key Identifier from an X509 Certificate One method to extract the Vendor ID from an X509 Attestation Certificate's Subject. Added new unit tests to support testing of new methods Added Generic Implementation of methods to Verify Attestation Information DAC/PAI/PAA Certificates Added Generic Implementation of methods to lookup a PAA certificate based on SKID Implemented ValidateCertificateChain method for mbedTLS. Added new test for testing DeviceAttestationVerifier's VerifyAttestationInformation method. Added missing test for validating functionality of the ValidateCertificateChain method. * added second PAA certificate added TODOs Added handling of optional Intermediate certificate when Validating Certificate Chain (ValidateCertificateChain method) Added test case for certificate chains that do not include an intermediate certificate. in Span.h, added common helper CopySpanToMutableSpan * adopt camelCase styling. added helper variable to mark that PAI certificate has Vendor ID. added more comments. fixed typos. added new AttestationVerificationResult error numbers. addressing Tennesse review/suggestions. fix includes coauthor - restyle.io * changed memcmp to strncmp as per suggestion from msandstedt
project-chip · Sep 23, 2021 · 8415780 · 8415780
1 parent 8705da2
commit 8415780
Show file tree

Hide file tree

Showing 14 changed files with 1,130 additions and 22 deletions.
diff --git a/src/credentials/BUILD.gn b/src/credentials/BUILD.gn
@@ -27,9 +27,13 @@ static_library("credentials") {
     "CHIPOperationalCredentials.h",
     "DeviceAttestationCredsProvider.cpp",
     "DeviceAttestationCredsProvider.h",
+    "DeviceAttestationVerifier.cpp",
+    "DeviceAttestationVerifier.h",
     "GenerateChipX509Cert.cpp",
     "examples/DeviceAttestationCredsExample.cpp",
     "examples/DeviceAttestationCredsExample.h",
+    "examples/DeviceAttestationVerifierExample.cpp",
+    "examples/DeviceAttestationVerifierExample.h",
   ]
 
   cflags = [ "-Wconversion" ]

diff --git a/src/credentials/DeviceAttestationVerifier.cpp b/src/credentials/DeviceAttestationVerifier.cpp
@@ -0,0 +1,92 @@
+/*
+ *
+ *    Copyright (c) 2021 Project CHIP Authors
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+#include "DeviceAttestationVerifier.h"
+
+#include <crypto/CHIPCryptoPAL.h>
+
+using namespace chip::Crypto;
+
+namespace chip {
+namespace Credentials {
+
+namespace {
+
+// Version to have a default placeholder so the getter never
+// returns `nullptr` by default.
+class UnimplementedDACVerifier : public DeviceAttestationVerifier
+{
+public:
+    AttestationVerificationResult VerifyAttestationInformation(const ByteSpan & attestationInfoBuffer,
+                                                               const ByteSpan & attestationChallengeBuffer,
+                                                               const ByteSpan & attestationSignatureBuffer,
+                                                               const ByteSpan & paiCertDerBuffer, const ByteSpan & dacCertDerBuffer,
+                                                               const ByteSpan & attestationNonce) override
+    {
+        (void) attestationInfoBuffer;
+        (void) attestationChallengeBuffer;
+        (void) attestationSignatureBuffer;
+        (void) paiCertDerBuffer;
+        (void) dacCertDerBuffer;
+        (void) attestationNonce;
+        return AttestationVerificationResult::kNotImplemented;
+    }
+};
+
+// Default to avoid nullptr on getter and cleanly handle new products/clients before
+// they provide their own.
+UnimplementedDACVerifier gDefaultDACVerifier;
+
+DeviceAttestationVerifier * gDacVerifier = &gDefaultDACVerifier;
+
+} // namespace
+
+CHIP_ERROR DeviceAttestationVerifier::ValidateAttestationSignature(const P256PublicKey & pubkey,
+                                                                   const ByteSpan & attestationElements,
+                                                                   const ByteSpan & attestationChallenge,
+                                                                   const P256ECDSASignature & signature)
+{
+    Hash_SHA256_stream hashStream;
+    uint8_t md[kSHA256_Hash_Length];
+    MutableByteSpan messageDigestSpan(md);
+
+    ReturnErrorOnFailure(hashStream.Begin());
+    ReturnErrorOnFailure(hashStream.AddData(attestationElements));
+    ReturnErrorOnFailure(hashStream.AddData(attestationChallenge));
+    ReturnErrorOnFailure(hashStream.Finish(messageDigestSpan));
+
+    ReturnErrorOnFailure(pubkey.ECDSA_validate_hash_signature(messageDigestSpan.data(), messageDigestSpan.size(), signature));
+
+    return CHIP_NO_ERROR;
+}
+
+DeviceAttestationVerifier * GetDeviceAttestationVerifier()
+{
+    return gDacVerifier;
+}
+
+void SetDeviceAttestationVerifier(DeviceAttestationVerifier * verifier)
+{
+    if (verifier == nullptr)
+    {
+        return;
+    }
+
+    gDacVerifier = verifier;
+}
+
+} // namespace Credentials
+} // namespace chip
diff --git a/src/credentials/DeviceAttestationVerifier.h b/src/credentials/DeviceAttestationVerifier.h
@@ -0,0 +1,129 @@
+/*
+ *
+ *    Copyright (c) 2021 Project CHIP Authors
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+#pragma once
+
+#include <crypto/CHIPCryptoPAL.h>
+#include <lib/core/CHIPError.h>
+#include <lib/support/Span.h>
+
+namespace chip {
+namespace Credentials {
+
+enum class AttestationVerificationResult : uint16_t
+{
+    kSuccess = 0,
+
+    kPaaUntrusted        = 100,
+    kPaaNotFound         = 101,
+    kPaaExpired          = 102,
+    kPaaSignatureInvalid = 103,
+    kPaaRevoked          = 104,
+    kPaaFormatInvalid    = 105,
+
+    kPaiExpired           = 200,
+    kPaiSignatureInvalid  = 201,
+    kPaiRevoked           = 202,
+    kPaiFormatInvalid     = 203,
+    kPaiVendorIdMismatch  = 204,
+    kPaiAuthorityNotFound = 205,
+
+    kDacExpired           = 300,
+    kDacSignatureInvalid  = 301,
+    kDacRevoked           = 302,
+    kDacFormatInvalid     = 303,
+    kDacVendorIdMismatch  = 304,
+    kDacProductIdMismatch = 305,
+    kDacAuthorityNotFound = 306,
+
+    kFirmwareInformationMismatch = 400,
+    kFirmwareInformationMissing  = 401,
+
+    kCertificationDeclarationMissing = 500,
+
+    kNonceMismatch = 600,
+
+    kInvalidSignatureFormat = 700,
+
+    kAttestationSignatureInvalid = 800,
+
+    kNoMemory = 900,
+
+    kNotImplemented = 0xFFFFU,
+
+    // TODO: Add more attestation verification errors
+};
+
+class DeviceAttestationVerifier
+{
+public:
+    DeviceAttestationVerifier()          = default;
+    virtual ~DeviceAttestationVerifier() = default;
+
+    // Not copyable
+    DeviceAttestationVerifier(const DeviceAttestationVerifier &) = delete;
+    DeviceAttestationVerifier & operator=(const DeviceAttestationVerifier &) = delete;
+
+    /**
+     * @brief Verify an attestation information payload against a DAC/PAI chain.
+     *
+     * @param[in] attestationInfoBuffer Buffer containing attestation information portion of Attestation Response (raw TLV)
+     * @param[in] attestationChallengeBuffer Buffer containing the attestation challenge from the secure session
+     * @param[in] attestationSignatureBuffer Buffer the signature portion of Attestation Response
+     * @param[in] paiCertDerBuffer Buffer containing the PAI certificate from device in DER format.
+     *                                If length zero, there was no PAI certificate.
+     * @param[in] dacCertDerBuffer Buffer containing the DAC certificate from device in DER format.
+     * @param[in] attestationNonce Buffer containing attestation nonce.
+     *
+     * @returns AttestationVerificationResult::kSuccess on success or another specific
+     *          value from AttestationVerificationResult enum on failure.
+     */
+    virtual AttestationVerificationResult
+    VerifyAttestationInformation(const ByteSpan & attestationInfoBuffer, const ByteSpan & attestationChallengeBuffer,
+                                 const ByteSpan & attestationSignatureBuffer, const ByteSpan & paiCertDerBuffer,
+                                 const ByteSpan & dacCertDerBuffer, const ByteSpan & attestationNonce) = 0;
+
+    // TODO: Validate Certification Declaration
+    // TODO: Validate Firmware Information
+
+protected:
+    CHIP_ERROR ValidateAttestationSignature(const chip::Crypto::P256PublicKey & pubkey, const ByteSpan & attestationElements,
+                                            const ByteSpan & attestationChallenge,
+                                            const chip::Crypto::P256ECDSASignature & signature);
+};
+
+/**
+ * Instance getter for the global DeviceAttestationVerifier.
+ *
+ * Callers have to externally synchronize usage of this function.
+ *
+ * @return The global device attestation verifier. Assume never null.
+ */
+DeviceAttestationVerifier * GetDeviceAttestationVerifier();
+
+/**
+ * Instance setter for the global DeviceAttestationVerifier.
+ *
+ * Callers have to externally synchronize usage of this function.
+ *
+ * If the `verifier` is nullptr, no change is done.
+ *
+ * @param[in] verifier the DeviceAttestationVerifier to start returning with the getter
+ */
+void SetDeviceAttestationVerifier(DeviceAttestationVerifier * verifier);
+
+} // namespace Credentials
+} // namespace chip
diff --git a/src/credentials/examples/DeviceAttestationCredsExample.cpp b/src/credentials/examples/DeviceAttestationCredsExample.cpp
@@ -27,18 +27,6 @@ namespace Examples {
 
 namespace {
 
-// Helper to do common logic to all providers
-CHIP_ERROR CopySpanToMutableSpan(ByteSpan span_to_copy, MutableByteSpan & out_buf)
-{
-    VerifyOrReturnError(IsSpanUsable(span_to_copy), CHIP_ERROR_INVALID_ARGUMENT);
-    VerifyOrReturnError(out_buf.size() >= span_to_copy.size(), CHIP_ERROR_BUFFER_TOO_SMALL);
-
-    memcpy(out_buf.data(), span_to_copy.data(), span_to_copy.size());
-    out_buf.reduce_size(span_to_copy.size());
-
-    return CHIP_NO_ERROR;
-}
-
 // TODO: This should be moved to a method of P256Keypair
 CHIP_ERROR LoadKeypairFromRaw(ByteSpan private_key, ByteSpan public_key, Crypto::P256Keypair & keypair)
 {