second_imei_attestation.cpp - trusty/app/keymaster - Git at Google

 /*
  * Copyright 2022 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include "second_imei_attestation.h"

 #include <inttypes.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

 namespace keymaster {

 // Calculates the checksum digit of a given number according to the
 // Luhn algorithm.
 // The algorithm:
 // * Starting from the rightmost digit, moving left: Double the value of every
 //   second digit.
 // * Sum the digits of the resulting value in each position (if the value
 //   was not multiplied, use it as-is) as s.
 // * Caclculate the sum digit to be (10 - (s % 10)) % 10.
 uint8_t calculate_luhn_checksum_digit(uint64_t val) {
     int iteration_counter = 0;
     uint32_t sum_digits = 0;
     while (val != 0) {
         int curr_digit = val % 10;
         int multiplier = (iteration_counter % 2) == 0 ? 2 : 1;
         int digit_multiplied = curr_digit * multiplier;
         sum_digits += (digit_multiplied % 10) + (digit_multiplied / 10);
         val = val / 10;
         iteration_counter++;
     }

     return (10 - (sum_digits % 10)) % 10;
 }

 // Validate that the second IMEI sent by the platform is the one following
 // the first IMEI, and that the checksum digit matches.
 // On most devices with two IMEIs, the IMEIs are sequential. This enables
 // providing attestation for the 2nd IMEI even if KeyMint was not provisioned
 // with it.
 bool validate_second_imei(const keymaster_blob_t& received_second_imei,
                           uint64_t first_imei) {
     // The first IMEI includes the checksum digit, so get rid of it and increase
     // by 1 to get the value of the 2nd IMEI.
     const uint64_t second_imei_no_checksum = (first_imei / 10) + 1;
     const uint8_t checksum_digit =
             calculate_luhn_checksum_digit(second_imei_no_checksum);
     const uint64_t second_imei = second_imei_no_checksum * 10 + checksum_digit;
     // Compare the second IMEI with the caller-provided value.
     char calculated_second_imei[64];
     const size_t calculated_second_imei_len =
             snprintf(calculated_second_imei, sizeof(calculated_second_imei),
                      "%" PRIu64, second_imei);
     bool result =
             (calculated_second_imei_len == received_second_imei.data_length) &&
             (memcmp(calculated_second_imei, received_second_imei.data,
                     calculated_second_imei_len) == 0);
     return result;
 }

 }  // namespace keymaster
	/*
	* Copyright 2022 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include "second_imei_attestation.h"

	#include <inttypes.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>

	namespace keymaster {

	// Calculates the checksum digit of a given number according to the
	// Luhn algorithm.
	// The algorithm:
	// * Starting from the rightmost digit, moving left: Double the value of every
	// second digit.
	// * Sum the digits of the resulting value in each position (if the value
	// was not multiplied, use it as-is) as s.
	// * Caclculate the sum digit to be (10 - (s % 10)) % 10.
	uint8_t calculate_luhn_checksum_digit(uint64_t val) {
	int iteration_counter = 0;
	uint32_t sum_digits = 0;
	while (val != 0) {
	int curr_digit = val % 10;
	int multiplier = (iteration_counter % 2) == 0 ? 2 : 1;
	int digit_multiplied = curr_digit * multiplier;
	sum_digits += (digit_multiplied % 10) + (digit_multiplied / 10);
	val = val / 10;
	iteration_counter++;
	}

	return (10 - (sum_digits % 10)) % 10;
	}

	// Validate that the second IMEI sent by the platform is the one following
	// the first IMEI, and that the checksum digit matches.
	// On most devices with two IMEIs, the IMEIs are sequential. This enables
	// providing attestation for the 2nd IMEI even if KeyMint was not provisioned
	// with it.
	bool validate_second_imei(const keymaster_blob_t& received_second_imei,
	uint64_t first_imei) {
	// The first IMEI includes the checksum digit, so get rid of it and increase
	// by 1 to get the value of the 2nd IMEI.
	const uint64_t second_imei_no_checksum = (first_imei / 10) + 1;
	const uint8_t checksum_digit =
	calculate_luhn_checksum_digit(second_imei_no_checksum);
	const uint64_t second_imei = second_imei_no_checksum * 10 + checksum_digit;
	// Compare the second IMEI with the caller-provided value.
	char calculated_second_imei[64];
	const size_t calculated_second_imei_len =
	snprintf(calculated_second_imei, sizeof(calculated_second_imei),
	"%" PRIu64, second_imei);
	bool result =
	(calculated_second_imei_len == received_second_imei.data_length) &&
	(memcmp(calculated_second_imei, received_second_imei.data,
	calculated_second_imei_len) == 0);
	return result;
	}

	} // namespace keymaster