Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 3a4a3a95b82df6e9c7449d7ea2676b7d13fbaf58 / . / security / keymint / aidl / vts / functional / AttestKeyTest.cpp
blob: 8027dce4d6f245aaeebb65d7d03e3a9d48a10504 [file] [log] [blame]
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymint_1_attest_key_test"
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +0000[diff] [blame]18#include <android-base/logging.h>
19#include <android-base/strings.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]20#include <cutils/log.h>
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]21#include <cutils/properties.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]22
23#include <keymint_support/key_param_output.h>
24#include <keymint_support/openssl_utils.h>
25
26#include "KeyMintAidlTestBase.h"
27
28namespace aidl::android::hardware::security::keymint::test {
29
30namespace {
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +0000[diff] [blame]31string TELEPHONY_CMD_GET_IMEI = "cmd phone get-imei ";
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]32
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]33bool IsSelfSigned(const vector<Certificate>& chain) {
34 if (chain.size() != 1) return false;
35 return ChainSignaturesAreValid(chain);
36}
37
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +0000[diff] [blame]38/*
39 * Run a shell command and collect the output of it. If any error, set an empty string as the
40 * output.
41 */
42string exec_command(string command) {
43 char buffer[128];
44 string result = "";
45
46 FILE* pipe = popen(command.c_str(), "r");
47 if (!pipe) {
48 LOG(ERROR) << "popen failed.";
49 return result;
50 }
51
52 // read till end of process:
53 while (!feof(pipe)) {
54 if (fgets(buffer, 128, pipe) != NULL) {
55 result += buffer;
56 }
57 }
58
59 pclose(pipe);
60 return result;
61}
62
63/*
64 * Get IMEI using Telephony service shell command. If any error while executing the command
65 * then empty string will be returned as output.
66 */
67string get_imei(int slot) {
68 string cmd = TELEPHONY_CMD_GET_IMEI + std::to_string(slot);
69 string output = exec_command(cmd);
70
71 if (output.empty()) {
72 LOG(ERROR) << "Command failed. Cmd: " << cmd;
73 return "";
74 }
75
76 vector<string> out = ::android::base::Tokenize(::android::base::Trim(output), "Device IMEI:");
77
78 if (out.size() != 1) {
79 LOG(ERROR) << "Error in parsing the command output. Cmd: " << cmd;
80 return "";
81 }
82
83 return ::android::base::Trim(out[0]);
84}
85
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]86} // namespace
87
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]88class AttestKeyTest : public KeyMintAidlTestBase {
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200[diff] [blame]89 public:
90 void SetUp() override {
91 check_skip_test();
92 KeyMintAidlTestBase::SetUp();
93 }
94
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]95 protected:
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200[diff] [blame]96 const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
97
98 const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
99
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]100 ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
101 const optional<AttestationKey>& attest_key,
102 vector<uint8_t>* key_blob,
103 vector<KeyCharacteristics>* key_characteristics,
104 vector<Certificate>* cert_chain) {
105 // The original specification for KeyMint v1 required ATTEST_KEY not be combined
106 // with any other key purpose, but the original VTS tests incorrectly did exactly that.
107 // This means that a device that launched prior to Android T (API level 33) may
108 // accept or even require KeyPurpose::SIGN too.
109 if (property_get_int32("ro.board.first_api_level", 0) < 33) {
110 AuthorizationSet key_desc_plus_sign = key_desc;
111 key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN);
112
113 auto result = GenerateKey(key_desc_plus_sign, attest_key, key_blob, key_characteristics,
114 cert_chain);
115 if (result == ErrorCode::OK) {
116 return result;
117 }
118 // If the key generation failed, it may be because the device is (correctly)
119 // rejecting the combination of ATTEST_KEY+SIGN. Fall through to try again with
120 // just ATTEST_KEY.
121 }
122 return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
123 }
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200[diff] [blame]124
125 // Check if ATTEST_KEY feature is disabled
126 bool is_attest_key_feature_disabled(void) const {
127 if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) {
128 GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled";
129 return true;
130 }
131
132 return false;
133 }
134
135 // Check if StrongBox KeyStore is enabled
136 bool is_strongbox_enabled(void) const {
137 if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) {
138 GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled";
139 return true;
140 }
141
142 return false;
143 }
144
Shawn Willden3a4a3a92023-02-22 14:15:34 -0700[diff] [blame^]145 // Check if chipset has received a waiver allowing it to be launched with Android S or T with
146 // Keymaster 4.0 in StrongBox.
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200[diff] [blame]147 bool is_chipset_allowed_km4_strongbox(void) const {
148 std::array<char, PROPERTY_VALUE_MAX> buffer;
149
Shawn Willden3a4a3a92023-02-22 14:15:34 -0700[diff] [blame^]150 const int32_t first_api_level = property_get_int32("ro.board.first_api_level", 0);
151 if (first_api_level <= 0 || first_api_level > __ANDROID_API_T__) return false;
152
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200[diff] [blame]153 auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr);
154 if (res <= 0) return false;
155
156 const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"};
157
158 for (const string model : allowed_soc_models) {
159 if (model.compare(buffer.data()) == 0) {
160 GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0";
161 return true;
162 }
163 }
164
165 return false;
166 }
167
168 // Skip the test if all the following conditions hold:
169 // 1. ATTEST_KEY feature is disabled
170 // 2. STRONGBOX is enabled
171 // 3. The device is running one of the chipsets that have received a waiver
172 // allowing it to be launched with Android S (or later) with Keymaster 4.0
173 // in StrongBox
174 void check_skip_test(void) const {
175 if (is_attest_key_feature_disabled() && is_strongbox_enabled() &&
176 is_chipset_allowed_km4_strongbox()) {
177 GTEST_SKIP() << "Test is not applicable";
178 }
179 }
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]180};
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]181
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]182/*
183 * AttestKeyTest.AllRsaSizes
184 *
185 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
186 * used to sign other RSA and EC keys.
187 */
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]188TEST_P(AttestKeyTest, AllRsaSizes) {
189 for (auto size : ValidKeySizes(Algorithm::RSA)) {
190 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]191 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]192 */
193 AttestationKey attest_key;
194 vector<KeyCharacteristics> attest_key_characteristics;
195 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]196 ASSERT_EQ(ErrorCode::OK,
197 GenerateAttestKey(AuthorizationSetBuilder()
198 .RsaKey(size, 65537)
199 .AttestKey()
200 .SetDefaultValidity(),
201 {} /* attestation signing key */, &attest_key.keyBlob,
202 &attest_key_characteristics, &attest_key_cert_chain));
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]203
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]204 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]205 EXPECT_EQ(attest_key_cert_chain.size(), 1);
206 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
207
208 /*
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]209 * Use attestation key to sign RSA signing key
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]210 */
211 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
212 vector<uint8_t> attested_key_blob;
213 vector<KeyCharacteristics> attested_key_characteristics;
214 vector<Certificate> attested_key_cert_chain;
215 EXPECT_EQ(ErrorCode::OK,
216 GenerateKey(AuthorizationSetBuilder()
217 .RsaSigningKey(2048, 65537)
218 .Authorization(TAG_NO_AUTH_REQUIRED)
219 .AttestationChallenge("foo")
220 .AttestationApplicationId("bar")
221 .SetDefaultValidity(),
222 attest_key, &attested_key_blob, &attested_key_characteristics,
223 &attested_key_cert_chain));
224
225 CheckedDeleteKey(&attested_key_blob);
226
227 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
228 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]229 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
230 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]231 attested_key_cert_chain[0].encodedCertificate));
232
233 // Attestation by itself is not valid (last entry is not self-signed).
234 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
235
236 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]237 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]238 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]239 EXPECT_EQ(attested_key_cert_chain.size(), 2);
240
241 /*
242 * Use attestation key to sign RSA decryption key
243 */
244 attested_key_characteristics.resize(0);
245 attested_key_cert_chain.resize(0);
246 EXPECT_EQ(ErrorCode::OK,
247 GenerateKey(AuthorizationSetBuilder()
248 .RsaEncryptionKey(2048, 65537)
249 .Digest(Digest::NONE)
250 .Padding(PaddingMode::NONE)
251 .Authorization(TAG_NO_AUTH_REQUIRED)
252 .AttestationChallenge("foo2")
253 .AttestationApplicationId("bar2")
254 .SetDefaultValidity(),
255 attest_key, &attested_key_blob, &attested_key_characteristics,
256 &attested_key_cert_chain));
257
258 CheckedDeleteKey(&attested_key_blob);
259
260 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
261 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]262 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
263 hw_enforced, SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]264 attested_key_cert_chain[0].encodedCertificate));
265
266 // Attestation by itself is not valid (last entry is not self-signed).
267 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
268
269 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
270 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
271 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
272 EXPECT_EQ(attested_key_cert_chain.size(), 2);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]273
274 /*
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]275 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]276 */
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]277 attested_key_characteristics.resize(0);
278 attested_key_cert_chain.resize(0);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]279 uint64_t timestamp = 1619621648000;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]280 EXPECT_EQ(ErrorCode::OK,
281 GenerateKey(AuthorizationSetBuilder()
282 .EcdsaSigningKey(EcCurve::P_256)
283 .Authorization(TAG_NO_AUTH_REQUIRED)
284 .AttestationChallenge("foo")
285 .AttestationApplicationId("bar")
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]286 .Authorization(TAG_CREATION_DATETIME, timestamp)
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]287 .SetDefaultValidity(),
288 attest_key, &attested_key_blob, &attested_key_characteristics,
289 &attested_key_cert_chain));
290
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]291 // The returned key characteristics will include CREATION_DATETIME (checked below)
292 // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
293 // call below, to match what getKeyCharacteristics() returns (which doesn't include
294 // any SecurityLevel::KEYSTORE characteristics).
295 CheckCharacteristics(attested_key_blob, attested_key_characteristics);
296
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]297 CheckedDeleteKey(&attested_key_blob);
298 CheckedDeleteKey(&attest_key.keyBlob);
299
300 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
301 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]302
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]303 // The client-specified CREATION_DATETIME should be in sw_enforced.
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]304 // Its presence will also trigger verify_attestation_record() to check that
305 // it is in the attestation extension with a matching value.
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]306 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
307 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
308 << " not in hw_enforced:" << hw_enforced;
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]309 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
310 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]311 attested_key_cert_chain[0].encodedCertificate));
312
313 // Attestation by itself is not valid (last entry is not self-signed).
314 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
315
316 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]317 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]318 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
319
320 // Bail early if anything failed.
321 if (HasFailure()) return;
322 }
323}
324
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]325/*
David Drysdalee60248c2021-10-04 12:54:13 +0100[diff] [blame]326 * AttestKeyTest.RsaAttestKeyMultiPurposeFail
327 *
328 * This test attempts to create an RSA attestation key that also allows signing.
329 */
330TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
David Drysdale50a66b82022-03-21 15:21:32 +0000[diff] [blame]331 if (AidlVersion() < 2) {
332 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
333 // with other key purposes. However, this was not checked at the time
334 // so we can only be strict about checking this for implementations of KeyMint
335 // version 2 and above.
336 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
337 }
338
David Drysdalee60248c2021-10-04 12:54:13 +0100[diff] [blame]339 vector<uint8_t> attest_key_blob;
340 vector<KeyCharacteristics> attest_key_characteristics;
341 vector<Certificate> attest_key_cert_chain;
342 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
343 GenerateKey(AuthorizationSetBuilder()
344 .RsaSigningKey(2048, 65537)
345 .AttestKey()
346 .SetDefaultValidity(),
347 {} /* attestation signing key */, &attest_key_blob,
348 &attest_key_characteristics, &attest_key_cert_chain));
349}
350
351/*
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]352 * AttestKeyTest.RsaAttestedAttestKeys
353 *
354 * This test creates an RSA attestation key signed by factory keys, and varifies it can be
355 * used to sign other RSA and EC keys.
356 */
357TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
358 auto challenge = "hello";
359 auto app_id = "foo";
360
361 auto subject = "cert subj 2";
362 vector<uint8_t> subject_der(make_name_from_str(subject));
363
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]364 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
365 // that a zero value doesn't cause problems.
366 uint64_t serial_int = 0;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]367 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
368
369 /*
370 * Create attestation key.
371 */
372 AttestationKey attest_key;
373 vector<KeyCharacteristics> attest_key_characteristics;
374 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]375 auto result = GenerateAttestKey(AuthorizationSetBuilder()
376 .RsaKey(2048, 65537)
377 .AttestKey()
378 .AttestationChallenge(challenge)
379 .AttestationApplicationId(app_id)
380 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
381 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
382 .Authorization(TAG_NO_AUTH_REQUIRED)
383 .SetDefaultValidity(),
384 {} /* attestation signing key */, &attest_key.keyBlob,
385 &attest_key_characteristics, &attest_key_cert_chain);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]386 // Strongbox may not support factory provisioned attestation key.
387 if (SecLevel() == SecurityLevel::STRONGBOX) {
388 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
389 }
390 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]391
392 EXPECT_GT(attest_key_cert_chain.size(), 1);
393 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
394 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
395
396 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
397 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]398 EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]399 sw_enforced, hw_enforced, SecLevel(),
400 attest_key_cert_chain[0].encodedCertificate));
401
402 /*
403 * Use attestation key to sign RSA key
404 */
405 attest_key.issuerSubjectName = subject_der;
406 vector<uint8_t> attested_key_blob;
407 vector<KeyCharacteristics> attested_key_characteristics;
408 vector<Certificate> attested_key_cert_chain;
409
410 auto subject2 = "cert subject";
411 vector<uint8_t> subject_der2(make_name_from_str(subject2));
412
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]413 uint64_t serial_int2 = 255;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]414 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
415
416 EXPECT_EQ(ErrorCode::OK,
417 GenerateKey(AuthorizationSetBuilder()
418 .RsaSigningKey(2048, 65537)
419 .Authorization(TAG_NO_AUTH_REQUIRED)
420 .AttestationChallenge("foo")
421 .AttestationApplicationId("bar")
422 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
423 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
424 .SetDefaultValidity(),
425 attest_key, &attested_key_blob, &attested_key_characteristics,
426 &attested_key_cert_chain));
427
428 CheckedDeleteKey(&attested_key_blob);
429 CheckedDeleteKey(&attest_key.keyBlob);
430
431 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
432 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]433 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
434 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]435 attested_key_cert_chain[0].encodedCertificate));
436
437 // Attestation by itself is not valid (last entry is not self-signed).
438 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
439
440 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
441 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
442 attest_key_cert_chain.end());
443
444 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
445 EXPECT_GT(attested_key_cert_chain.size(), 2);
446 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
447}
448
449/*
450 * AttestKeyTest.RsaAttestKeyChaining
451 *
452 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
453 * with the last attest key signed by the factory chain.
454 */
455TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
456 const int chain_size = 6;
457 vector<vector<uint8_t>> key_blob_list(chain_size);
458 vector<vector<Certificate>> cert_chain_list(chain_size);
459
460 for (int i = 0; i < chain_size; i++) {
461 string sub = "attest key chaining ";
462 char index = '1' + i;
463 string subject = sub + index;
464 vector<uint8_t> subject_der(make_name_from_str(subject));
465
466 uint64_t serial_int = 7000 + i;
467 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
468
469 vector<KeyCharacteristics> attested_key_characteristics;
470 AttestationKey attest_key;
471 optional<AttestationKey> attest_key_opt;
472
473 if (i > 0) {
474 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
475 attest_key.keyBlob = key_blob_list[i - 1];
476 attest_key_opt = attest_key;
477 }
478
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]479 auto result = GenerateAttestKey(AuthorizationSetBuilder()
480 .RsaKey(2048, 65537)
481 .AttestKey()
482 .AttestationChallenge("foo")
483 .AttestationApplicationId("bar")
484 .Authorization(TAG_NO_AUTH_REQUIRED)
485 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
486 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
487 .SetDefaultValidity(),
488 attest_key_opt, &key_blob_list[i],
489 &attested_key_characteristics, &cert_chain_list[i]);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]490 // Strongbox may not support factory provisioned attestation key.
491 if (SecLevel() == SecurityLevel::STRONGBOX) {
492 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
493 }
494 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]495
496 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
497 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100[diff] [blame]498 ASSERT_GT(cert_chain_list[i].size(), 0);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]499 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
500 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]501 cert_chain_list[i][0].encodedCertificate));
502
503 if (i > 0) {
504 /*
505 * The first key is attestated with factory chain, but all the rest of the keys are
506 * not supposed to be returned in attestation certificate chains.
507 */
508 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
509
510 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
511 cert_chain_list[i].insert(cert_chain_list[i].end(), //
512 cert_chain_list[i - 1].begin(), //
513 cert_chain_list[i - 1].end());
514 }
515
516 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
517 EXPECT_GT(cert_chain_list[i].size(), i + 1);
518 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
519 }
520
521 for (int i = 0; i < chain_size; i++) {
522 CheckedDeleteKey(&key_blob_list[i]);
523 }
524}
525
526/*
527 * AttestKeyTest.EcAttestKeyChaining
528 *
529 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
530 * with the last attest key signed by the factory chain.
531 */
532TEST_P(AttestKeyTest, EcAttestKeyChaining) {
533 const int chain_size = 6;
534 vector<vector<uint8_t>> key_blob_list(chain_size);
535 vector<vector<Certificate>> cert_chain_list(chain_size);
536
537 for (int i = 0; i < chain_size; i++) {
538 string sub = "Ec attest key chaining ";
539 char index = '1' + i;
540 string subject = sub + index;
541 vector<uint8_t> subject_der(make_name_from_str(subject));
542
543 uint64_t serial_int = 800000 + i;
544 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
545
546 vector<KeyCharacteristics> attested_key_characteristics;
547 AttestationKey attest_key;
548 optional<AttestationKey> attest_key_opt;
549
550 if (i > 0) {
551 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
552 attest_key.keyBlob = key_blob_list[i - 1];
553 attest_key_opt = attest_key;
554 }
555
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]556 auto result = GenerateAttestKey(AuthorizationSetBuilder()
557 .EcdsaKey(EcCurve::P_256)
558 .AttestKey()
559 .AttestationChallenge("foo")
560 .AttestationApplicationId("bar")
561 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
562 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
563 .Authorization(TAG_NO_AUTH_REQUIRED)
564 .SetDefaultValidity(),
565 attest_key_opt, &key_blob_list[i],
566 &attested_key_characteristics, &cert_chain_list[i]);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]567 // Strongbox may not support factory provisioned attestation key.
568 if (SecLevel() == SecurityLevel::STRONGBOX) {
569 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
570 }
571 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]572
573 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
574 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100[diff] [blame]575 ASSERT_GT(cert_chain_list[i].size(), 0);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]576 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
577 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]578 cert_chain_list[i][0].encodedCertificate));
579
580 if (i > 0) {
581 /*
582 * The first key is attestated with factory chain, but all the rest of the keys are
583 * not supposed to be returned in attestation certificate chains.
584 */
585 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
586
587 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
588 cert_chain_list[i].insert(cert_chain_list[i].end(), //
589 cert_chain_list[i - 1].begin(), //
590 cert_chain_list[i - 1].end());
591 }
592
593 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
594 EXPECT_GT(cert_chain_list[i].size(), i + 1);
595 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
596 }
597
598 for (int i = 0; i < chain_size; i++) {
599 CheckedDeleteKey(&key_blob_list[i]);
600 }
601}
602
603/*
David Drysdalee60248c2021-10-04 12:54:13 +0100[diff] [blame]604 * AttestKeyTest.EcAttestKeyMultiPurposeFail
605 *
606 * This test attempts to create an EC attestation key that also allows signing.
607 */
608TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
David Drysdale50a66b82022-03-21 15:21:32 +0000[diff] [blame]609 if (AidlVersion() < 2) {
610 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
611 // with other key purposes. However, this was not checked at the time
612 // so we can only be strict about checking this for implementations of KeyMint
613 // version 2 and above.
614 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
615 }
David Drysdalee60248c2021-10-04 12:54:13 +0100[diff] [blame]616 vector<uint8_t> attest_key_blob;
617 vector<KeyCharacteristics> attest_key_characteristics;
618 vector<Certificate> attest_key_cert_chain;
619 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
620 GenerateKey(AuthorizationSetBuilder()
621 .EcdsaSigningKey(EcCurve::P_256)
622 .AttestKey()
623 .SetDefaultValidity(),
624 {} /* attestation signing key */, &attest_key_blob,
625 &attest_key_characteristics, &attest_key_cert_chain));
626}
627
628/*
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]629 * AttestKeyTest.AlternateAttestKeyChaining
630 *
631 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
632 * Each attest key is used to sign the next attest key, with the last attest key signed by
633 * the factory chain. This is to verify different algorithms of attest keys can
634 * cross sign each other and be chained together.
635 */
636TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
637 const int chain_size = 6;
638 vector<vector<uint8_t>> key_blob_list(chain_size);
639 vector<vector<Certificate>> cert_chain_list(chain_size);
640
641 for (int i = 0; i < chain_size; i++) {
642 string sub = "Alt attest key chaining ";
643 char index = '1' + i;
644 string subject = sub + index;
645 vector<uint8_t> subject_der(make_name_from_str(subject));
646
647 uint64_t serial_int = 90000000 + i;
648 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
649
650 vector<KeyCharacteristics> attested_key_characteristics;
651 AttestationKey attest_key;
652 optional<AttestationKey> attest_key_opt;
653
654 if (i > 0) {
655 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
656 attest_key.keyBlob = key_blob_list[i - 1];
657 attest_key_opt = attest_key;
658 }
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]659 ErrorCode result;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]660 if ((i & 0x1) == 1) {
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]661 result = GenerateAttestKey(AuthorizationSetBuilder()
662 .EcdsaKey(EcCurve::P_256)
663 .AttestKey()
664 .AttestationChallenge("foo")
665 .AttestationApplicationId("bar")
666 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
667 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
668 .Authorization(TAG_NO_AUTH_REQUIRED)
669 .SetDefaultValidity(),
670 attest_key_opt, &key_blob_list[i],
671 &attested_key_characteristics, &cert_chain_list[i]);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]672 } else {
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]673 result = GenerateAttestKey(AuthorizationSetBuilder()
674 .RsaKey(2048, 65537)
675 .AttestKey()
676 .AttestationChallenge("foo")
677 .AttestationApplicationId("bar")
678 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
679 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
680 .Authorization(TAG_NO_AUTH_REQUIRED)
681 .SetDefaultValidity(),
682 attest_key_opt, &key_blob_list[i],
683 &attested_key_characteristics, &cert_chain_list[i]);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]684 }
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]685 // Strongbox may not support factory provisioned attestation key.
686 if (SecLevel() == SecurityLevel::STRONGBOX) {
687 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
688 }
689 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]690
691 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
692 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100[diff] [blame]693 ASSERT_GT(cert_chain_list[i].size(), 0);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]694 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
695 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]696 cert_chain_list[i][0].encodedCertificate));
697
698 if (i > 0) {
699 /*
700 * The first key is attestated with factory chain, but all the rest of the keys are
701 * not supposed to be returned in attestation certificate chains.
702 */
703 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
704
705 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
706 cert_chain_list[i].insert(cert_chain_list[i].end(), //
707 cert_chain_list[i - 1].begin(), //
708 cert_chain_list[i - 1].end());
709 }
710
711 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
712 EXPECT_GT(cert_chain_list[i].size(), i + 1);
713 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
714 }
715
716 for (int i = 0; i < chain_size; i++) {
717 CheckedDeleteKey(&key_blob_list[i]);
718 }
719}
720
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]721TEST_P(AttestKeyTest, MissingChallenge) {
722 for (auto size : ValidKeySizes(Algorithm::RSA)) {
723 /*
724 * Create attestation key.
725 */
726 AttestationKey attest_key;
727 vector<KeyCharacteristics> attest_key_characteristics;
728 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]729 ASSERT_EQ(ErrorCode::OK,
730 GenerateAttestKey(AuthorizationSetBuilder()
731 .RsaKey(size, 65537)
732 .AttestKey()
733 .SetDefaultValidity(),
734 {} /* attestation signing key */, &attest_key.keyBlob,
735 &attest_key_characteristics, &attest_key_cert_chain));
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]736
737 EXPECT_EQ(attest_key_cert_chain.size(), 1);
738 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
739
740 /*
741 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
742 */
743 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
744 vector<uint8_t> attested_key_blob;
745 vector<KeyCharacteristics> attested_key_characteristics;
746 vector<Certificate> attested_key_cert_chain;
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]747 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]748 GenerateKey(AuthorizationSetBuilder()
749 .RsaSigningKey(2048, 65537)
750 .Authorization(TAG_NO_AUTH_REQUIRED)
751 .AttestationApplicationId("bar")
752 .SetDefaultValidity(),
753 attest_key, &attested_key_blob, &attested_key_characteristics,
754 &attested_key_cert_chain));
755
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]756 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]757 GenerateKey(AuthorizationSetBuilder()
758 .EcdsaSigningKey(EcCurve::P_256)
759 .Authorization(TAG_NO_AUTH_REQUIRED)
760 .AttestationApplicationId("bar")
761 .SetDefaultValidity(),
762 attest_key, &attested_key_blob, &attested_key_characteristics,
763 &attested_key_cert_chain));
764
765 CheckedDeleteKey(&attest_key.keyBlob);
766 }
767}
768
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]769TEST_P(AttestKeyTest, AllEcCurves) {
770 for (auto curve : ValidCurves()) {
771 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]772 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]773 */
774 AttestationKey attest_key;
775 vector<KeyCharacteristics> attest_key_characteristics;
776 vector<Certificate> attest_key_cert_chain;
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]777 ASSERT_EQ(
778 ErrorCode::OK,
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]779 GenerateAttestKey(
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]780 AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(),
781 {} /* attestation signing key */, &attest_key.keyBlob,
782 &attest_key_characteristics, &attest_key_cert_chain));
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]783
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]784 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]785 EXPECT_EQ(attest_key_cert_chain.size(), 1);
786 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
787
788 /*
789 * Use attestation key to sign RSA key
790 */
791 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
792 vector<uint8_t> attested_key_blob;
793 vector<KeyCharacteristics> attested_key_characteristics;
794 vector<Certificate> attested_key_cert_chain;
795 EXPECT_EQ(ErrorCode::OK,
796 GenerateKey(AuthorizationSetBuilder()
797 .RsaSigningKey(2048, 65537)
798 .Authorization(TAG_NO_AUTH_REQUIRED)
799 .AttestationChallenge("foo")
800 .AttestationApplicationId("bar")
801 .SetDefaultValidity(),
802 attest_key, &attested_key_blob, &attested_key_characteristics,
803 &attested_key_cert_chain));
804
Brian J Murrayaa8a7582021-12-06 22:13:50 -0800[diff] [blame]805 ASSERT_GT(attested_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]806 CheckedDeleteKey(&attested_key_blob);
807
808 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
809 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]810 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
811 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]812 attested_key_cert_chain[0].encodedCertificate));
813
814 // Attestation by itself is not valid (last entry is not self-signed).
815 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
816
817 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
818 if (attest_key_cert_chain.size() > 0) {
819 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
820 }
821 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
822
823 /*
824 * Use attestation key to sign EC key
825 */
826 EXPECT_EQ(ErrorCode::OK,
827 GenerateKey(AuthorizationSetBuilder()
828 .EcdsaSigningKey(EcCurve::P_256)
829 .Authorization(TAG_NO_AUTH_REQUIRED)
830 .AttestationChallenge("foo")
831 .AttestationApplicationId("bar")
832 .SetDefaultValidity(),
833 attest_key, &attested_key_blob, &attested_key_characteristics,
834 &attested_key_cert_chain));
835
Brian J Murrayaa8a7582021-12-06 22:13:50 -0800[diff] [blame]836 ASSERT_GT(attested_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]837 CheckedDeleteKey(&attested_key_blob);
838 CheckedDeleteKey(&attest_key.keyBlob);
839
840 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
841 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]842 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
843 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]844 attested_key_cert_chain[0].encodedCertificate));
845
846 // Attestation by itself is not valid (last entry is not self-signed).
847 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
848
849 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
850 if (attest_key_cert_chain.size() > 0) {
851 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
852 }
853 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
854
855 // Bail early if anything failed.
856 if (HasFailure()) return;
857 }
858}
859
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]860TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]861 // Create non-attestation key.
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]862 AttestationKey non_attest_key;
863 vector<KeyCharacteristics> non_attest_key_characteristics;
864 vector<Certificate> non_attest_key_cert_chain;
865 ASSERT_EQ(
866 ErrorCode::OK,
867 GenerateKey(
868 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]869 {} /* attestation signing key */, &non_attest_key.keyBlob,
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]870 &non_attest_key_characteristics, &non_attest_key_cert_chain));
871
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]872 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]873 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
874 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
875
876 // Attempt to sign attestation with non-attest key.
877 vector<uint8_t> attested_key_blob;
878 vector<KeyCharacteristics> attested_key_characteristics;
879 vector<Certificate> attested_key_cert_chain;
880 EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
881 GenerateKey(AuthorizationSetBuilder()
882 .EcdsaSigningKey(EcCurve::P_256)
883 .Authorization(TAG_NO_AUTH_REQUIRED)
884 .AttestationChallenge("foo")
885 .AttestationApplicationId("bar")
886 .SetDefaultValidity(),
887 non_attest_key, &attested_key_blob, &attested_key_characteristics,
888 &attested_key_cert_chain));
889}
890
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]891TEST_P(AttestKeyTest, EcdsaAttestationID) {
David Drysdale555ba002022-05-03 18:48:57 +0100[diff] [blame]892 if (is_gsi_image()) {
893 // GSI sets up a standard set of device identifiers that may not match
894 // the device identifiers held by the device.
895 GTEST_SKIP() << "Test not applicable under GSI";
896 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]897 // Create attestation key.
898 AttestationKey attest_key;
899 vector<KeyCharacteristics> attest_key_characteristics;
900 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]901 ASSERT_EQ(ErrorCode::OK,
902 GenerateAttestKey(AuthorizationSetBuilder()
903 .EcdsaKey(EcCurve::P_256)
904 .AttestKey()
905 .SetDefaultValidity(),
906 {} /* attestation signing key */, &attest_key.keyBlob,
907 &attest_key_characteristics, &attest_key_cert_chain));
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]908 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
909 ASSERT_GT(attest_key_cert_chain.size(), 0);
910 EXPECT_EQ(attest_key_cert_chain.size(), 1);
911 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
912
913 // Collection of valid attestation ID tags.
914 auto attestation_id_tags = AuthorizationSetBuilder();
Prashant Patil8d779bf2022-09-28 16:09:29 +0100[diff] [blame]915 // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
916 // to ro.product.brand
917 std::string prop_value =
918 ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
919 if (!prop_value.empty()) {
920 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND,
921 "ro.product.brand_for_attestation");
922 } else {
923 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
924 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]925 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
Prashant Patil8d779bf2022-09-28 16:09:29 +0100[diff] [blame]926 // Use ro.product.name_for_attestation property for attestation if it is present else fallback
927 // to ro.product.name
928 prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
929 if (!prop_value.empty()) {
930 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT,
931 "ro.product.name_for_attestation");
932 } else {
933 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
934 }
Tri Vo799e4352022-11-07 17:23:50 -0800[diff] [blame]935 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]936 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
937 "ro.product.manufacturer");
Prashant Patil8d779bf2022-09-28 16:09:29 +0100[diff] [blame]938 // Use ro.product.model_for_attestation property for attestation if it is present else fallback
939 // to ro.product.model
940 prop_value =
941 ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
942 if (!prop_value.empty()) {
943 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL,
944 "ro.product.model_for_attestation");
945 } else {
946 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
947 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]948
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +0000[diff] [blame]949 string imei = get_imei(0);
950 if (!imei.empty()) {
951 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
952 }
953
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]954 for (const KeyParameter& tag : attestation_id_tags) {
955 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
956 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
957 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
958 .EcdsaSigningKey(EcCurve::P_256)
959 .Authorization(TAG_NO_AUTH_REQUIRED)
960 .AttestationChallenge("challenge")
961 .AttestationApplicationId("foo")
962 .SetDefaultValidity();
963 builder.push_back(tag);
964 vector<uint8_t> attested_key_blob;
965 vector<KeyCharacteristics> attested_key_characteristics;
966 vector<Certificate> attested_key_cert_chain;
967 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
968 &attested_key_characteristics, &attested_key_cert_chain);
Prashant Patil88ad1892022-03-15 16:31:02 +0000[diff] [blame]969 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]970 continue;
971 }
972
973 ASSERT_EQ(result, ErrorCode::OK);
974
975 CheckedDeleteKey(&attested_key_blob);
976
977 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
978 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
979
980 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
981 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
982 // attestation extension should contain them, so make sure the extra tag is added.
983 hw_enforced.push_back(tag);
984
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]985 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
986 hw_enforced, SecLevel(),
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]987 attested_key_cert_chain[0].encodedCertificate));
988 }
989 CheckedDeleteKey(&attest_key.keyBlob);
990}
991
992TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {
993 // Create attestation key.
994 AttestationKey attest_key;
995 vector<KeyCharacteristics> attest_key_characteristics;
996 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100[diff] [blame]997 ASSERT_EQ(ErrorCode::OK,
998 GenerateAttestKey(AuthorizationSetBuilder()
999 .EcdsaKey(EcCurve::P_256)
1000 .AttestKey()
1001 .SetDefaultValidity(),
1002 {} /* attestation signing key */, &attest_key.keyBlob,
1003 &attest_key_characteristics, &attest_key_cert_chain));
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]1004 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
1005 ASSERT_GT(attest_key_cert_chain.size(), 0);
1006 EXPECT_EQ(attest_key_cert_chain.size(), 1);
1007 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1008
1009 // Collection of invalid attestation ID tags.
1010 auto attestation_id_tags =
1011 AuthorizationSetBuilder()
1012 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
1013 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
1014 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
1015 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
1016 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
1017 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
1018 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
1019 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
Rajesh Nyamagoud5283f812023-01-06 00:27:56 +0000[diff] [blame]1020
1021 // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
1022 if (SecLevel() != SecurityLevel::STRONGBOX) {
1023 if (isSecondImeiIdAttestationRequired()) {
1024 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI,
1025 "invalid-second-imei");
1026 }
1027 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]1028 vector<uint8_t> key_blob;
1029 vector<KeyCharacteristics> key_characteristics;
1030
1031 for (const KeyParameter& invalid_tag : attestation_id_tags) {
1032 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
1033
1034 // Use attestation key to sign an ECDSA key, but include an invalid
1035 // attestation ID field.
1036 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1037 .EcdsaSigningKey(EcCurve::P_256)
1038 .Authorization(TAG_NO_AUTH_REQUIRED)
1039 .AttestationChallenge("challenge")
1040 .AttestationApplicationId("foo")
1041 .SetDefaultValidity();
1042 builder.push_back(invalid_tag);
1043 vector<uint8_t> attested_key_blob;
1044 vector<KeyCharacteristics> attested_key_characteristics;
1045 vector<Certificate> attested_key_cert_chain;
1046 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1047 &attested_key_characteristics, &attested_key_cert_chain);
1048
1049 ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG)
1050 << "result = " << result;
Max Biresa97ec692022-11-21 23:37:54 -0800[diff] [blame]1051 device_id_attestation_vsr_check(result);
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]1052 }
1053 CheckedDeleteKey(&attest_key.keyBlob);
1054}
1055
Rajesh Nyamagoud5283f812023-01-06 00:27:56 +0000[diff] [blame]1056TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
1057 if (is_gsi_image()) {
1058 // GSI sets up a standard set of device identifiers that may not match
1059 // the device identifiers held by the device.
1060 GTEST_SKIP() << "Test not applicable under GSI";
1061 }
1062
1063 // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
1064 if (SecLevel() == SecurityLevel::STRONGBOX) {
1065 GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";
1066 }
1067
1068 // Skip the test if there is no second IMEI exists.
1069 string second_imei = get_imei(1);
1070 if (second_imei.empty() || second_imei.compare("null") == 0) {
1071 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
1072 }
1073
1074 if (!isSecondImeiIdAttestationRequired()) {
1075 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
1076 }
1077
1078 // Create attestation key.
1079 AttestationKey attest_key;
1080 vector<KeyCharacteristics> attest_key_characteristics;
1081 vector<Certificate> attest_key_cert_chain;
1082 ASSERT_EQ(ErrorCode::OK,
1083 GenerateAttestKey(AuthorizationSetBuilder()
1084 .EcdsaKey(EcCurve::P_256)
1085 .AttestKey()
1086 .SetDefaultValidity(),
1087 {} /* attestation signing key */, &attest_key.keyBlob,
1088 &attest_key_characteristics, &attest_key_cert_chain));
1089 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
1090 EXPECT_EQ(attest_key_cert_chain.size(), 1);
1091 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1092
1093 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
1094 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1095 .EcdsaSigningKey(EcCurve::P_256)
1096 .Authorization(TAG_NO_AUTH_REQUIRED)
1097 .AttestationChallenge("challenge")
1098 .AttestationApplicationId("foo")
1099 .SetDefaultValidity();
1100 // b/264979486 - second imei doesn't depend on first imei.
1101 // Add second IMEI as attestation id without adding first IMEI as
1102 // attestation id.
1103 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
1104
1105 vector<uint8_t> attested_key_blob;
1106 vector<KeyCharacteristics> attested_key_characteristics;
1107 vector<Certificate> attested_key_cert_chain;
1108 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1109 &attested_key_characteristics, &attested_key_cert_chain);
1110
1111 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
1112 GTEST_SKIP()
1113 << "Test not applicable as device does not support SECOND-IMEI ID attestation.";
1114 }
1115
1116 ASSERT_EQ(result, ErrorCode::OK);
1117
1118 device_id_attestation_vsr_check(result);
1119
1120 CheckedDeleteKey(&attested_key_blob);
1121
1122 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
1123 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
1124
1125 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1126 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1127 // attestation extension should contain them, so make sure the extra tag is added.
1128 vector<uint8_t> imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1129 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob);
1130 hw_enforced.push_back(imei_tag);
1131
1132 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1133 hw_enforced, SecLevel(),
1134 attested_key_cert_chain[0].encodedCertificate));
1135
1136 CheckedDeleteKey(&attest_key.keyBlob);
1137}
1138
1139TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
1140 if (is_gsi_image()) {
1141 // GSI sets up a standard set of device identifiers that may not match
1142 // the device identifiers held by the device.
1143 GTEST_SKIP() << "Test not applicable under GSI";
1144 }
1145
1146 // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
1147 if (SecLevel() == SecurityLevel::STRONGBOX) {
1148 GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";
1149 }
1150
1151 // Skip the test if there is no first IMEI exists.
1152 string imei = get_imei(0);
1153 if (imei.empty() || imei.compare("null") == 0) {
1154 GTEST_SKIP() << "Test not applicable as there is no first IMEI";
1155 }
1156
1157 // Skip the test if there is no second IMEI exists.
1158 string second_imei = get_imei(1);
1159 if (second_imei.empty() || second_imei.compare("null") == 0) {
1160 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
1161 }
1162
1163 if (!isSecondImeiIdAttestationRequired()) {
1164 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
1165 }
1166
1167 // Create attestation key.
1168 AttestationKey attest_key;
1169 vector<KeyCharacteristics> attest_key_characteristics;
1170 vector<Certificate> attest_key_cert_chain;
1171 ASSERT_EQ(ErrorCode::OK,
1172 GenerateAttestKey(AuthorizationSetBuilder()
1173 .EcdsaKey(EcCurve::P_256)
1174 .AttestKey()
1175 .SetDefaultValidity(),
1176 {} /* attestation signing key */, &attest_key.keyBlob,
1177 &attest_key_characteristics, &attest_key_cert_chain));
1178 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
1179 EXPECT_EQ(attest_key_cert_chain.size(), 1);
1180 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1181
1182 // Use attestation key to sign an ECDSA key, but include both IMEI attestation ID fields.
1183 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1184 .EcdsaSigningKey(EcCurve::P_256)
1185 .Authorization(TAG_NO_AUTH_REQUIRED)
1186 .AttestationChallenge("challenge")
1187 .AttestationApplicationId("foo")
1188 .SetDefaultValidity();
1189 builder.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
1190 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
1191
1192 vector<uint8_t> attested_key_blob;
1193 vector<KeyCharacteristics> attested_key_characteristics;
1194 vector<Certificate> attested_key_cert_chain;
1195 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1196 &attested_key_characteristics, &attested_key_cert_chain);
1197
1198 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
1199 GTEST_SKIP() << "Test not applicable as device does not support IMEI ID attestation.";
1200 }
1201
1202 ASSERT_EQ(result, ErrorCode::OK);
1203
1204 device_id_attestation_vsr_check(result);
1205
1206 CheckedDeleteKey(&attested_key_blob);
1207
1208 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
1209 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
1210
1211 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1212 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1213 // attestation extension should contain them, so make sure the extra tag is added.
1214 vector<uint8_t> imei_blob(imei.data(), imei.data() + imei.size());
1215 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_IMEI, imei_blob);
1216 hw_enforced.push_back(imei_tag);
1217 vector<uint8_t> sec_imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1218 KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob);
1219 hw_enforced.push_back(sec_imei_tag);
1220
1221 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1222 hw_enforced, SecLevel(),
1223 attested_key_cert_chain[0].encodedCertificate));
1224
1225 CheckedDeleteKey(&attest_key.keyBlob);
1226}
1227
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]1228INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
1229
1230} // namespace aidl::android::hardware::security::keymint::test