Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 4477ee052ff3ebbb4521c829495105cca226246b / . / security / keymint / aidl / vts / functional / AttestKeyTest.cpp
blob: b8699e9d5072e585f70ae6c7f6b793365fc6cd51 [file] [log] [blame]
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymint_1_attest_key_test"
18#include <cutils/log.h>
19
20#include <keymint_support/key_param_output.h>
21#include <keymint_support/openssl_utils.h>
22
23#include "KeyMintAidlTestBase.h"
24
25namespace aidl::android::hardware::security::keymint::test {
26
27namespace {
28
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]29bool IsSelfSigned(const vector<Certificate>& chain) {
30 if (chain.size() != 1) return false;
31 return ChainSignaturesAreValid(chain);
32}
33
34} // namespace
35
36using AttestKeyTest = KeyMintAidlTestBase;
37
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]38/*
39 * AttestKeyTest.AllRsaSizes
40 *
41 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
42 * used to sign other RSA and EC keys.
43 */
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]44TEST_P(AttestKeyTest, AllRsaSizes) {
45 for (auto size : ValidKeySizes(Algorithm::RSA)) {
46 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]47 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]48 */
49 AttestationKey attest_key;
50 vector<KeyCharacteristics> attest_key_characteristics;
51 vector<Certificate> attest_key_cert_chain;
52 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
53 .RsaSigningKey(size, 65537)
54 .AttestKey()
55 .SetDefaultValidity(),
56 {} /* attestation signing key */, &attest_key.keyBlob,
57 &attest_key_characteristics, &attest_key_cert_chain));
58
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]59 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]60 EXPECT_EQ(attest_key_cert_chain.size(), 1);
61 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
62
63 /*
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]64 * Use attestation key to sign RSA signing key
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]65 */
66 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
67 vector<uint8_t> attested_key_blob;
68 vector<KeyCharacteristics> attested_key_characteristics;
69 vector<Certificate> attested_key_cert_chain;
70 EXPECT_EQ(ErrorCode::OK,
71 GenerateKey(AuthorizationSetBuilder()
72 .RsaSigningKey(2048, 65537)
73 .Authorization(TAG_NO_AUTH_REQUIRED)
74 .AttestationChallenge("foo")
75 .AttestationApplicationId("bar")
76 .SetDefaultValidity(),
77 attest_key, &attested_key_blob, &attested_key_characteristics,
78 &attested_key_cert_chain));
79
80 CheckedDeleteKey(&attested_key_blob);
81
82 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
83 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
84 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
85 attested_key_cert_chain[0].encodedCertificate));
86
87 // Attestation by itself is not valid (last entry is not self-signed).
88 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
89
90 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]91 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]92 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]93 EXPECT_EQ(attested_key_cert_chain.size(), 2);
94
95 /*
96 * Use attestation key to sign RSA decryption key
97 */
98 attested_key_characteristics.resize(0);
99 attested_key_cert_chain.resize(0);
100 EXPECT_EQ(ErrorCode::OK,
101 GenerateKey(AuthorizationSetBuilder()
102 .RsaEncryptionKey(2048, 65537)
103 .Digest(Digest::NONE)
104 .Padding(PaddingMode::NONE)
105 .Authorization(TAG_NO_AUTH_REQUIRED)
106 .AttestationChallenge("foo2")
107 .AttestationApplicationId("bar2")
108 .SetDefaultValidity(),
109 attest_key, &attested_key_blob, &attested_key_characteristics,
110 &attested_key_cert_chain));
111
112 CheckedDeleteKey(&attested_key_blob);
113
114 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
115 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
116 EXPECT_TRUE(verify_attestation_record("foo2", "bar2", sw_enforced, hw_enforced, SecLevel(),
117 attested_key_cert_chain[0].encodedCertificate));
118
119 // Attestation by itself is not valid (last entry is not self-signed).
120 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
121
122 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
123 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
124 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
125 EXPECT_EQ(attested_key_cert_chain.size(), 2);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]126
127 /*
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]128 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]129 */
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]130 attested_key_characteristics.resize(0);
131 attested_key_cert_chain.resize(0);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]132 uint64_t timestamp = 1619621648000;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]133 EXPECT_EQ(ErrorCode::OK,
134 GenerateKey(AuthorizationSetBuilder()
135 .EcdsaSigningKey(EcCurve::P_256)
136 .Authorization(TAG_NO_AUTH_REQUIRED)
137 .AttestationChallenge("foo")
138 .AttestationApplicationId("bar")
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]139 .Authorization(TAG_CREATION_DATETIME, timestamp)
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]140 .SetDefaultValidity(),
141 attest_key, &attested_key_blob, &attested_key_characteristics,
142 &attested_key_cert_chain));
143
144 CheckedDeleteKey(&attested_key_blob);
145 CheckedDeleteKey(&attest_key.keyBlob);
146
147 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
148 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]149 // The client-specified CREATION_DATETIME should be in sw_enforced.
150 // Its presence will also trigger verify_attestation_record() to check that it
151 // is in the attestation extension with a matching value.
152 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
153 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
154 << " not in hw_enforced:" << hw_enforced;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]155 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
156 attested_key_cert_chain[0].encodedCertificate));
157
158 // Attestation by itself is not valid (last entry is not self-signed).
159 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
160
161 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]162 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]163 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
164
165 // Bail early if anything failed.
166 if (HasFailure()) return;
167 }
168}
169
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]170/*
171 * AttestKeyTest.RsaAttestedAttestKeys
172 *
173 * This test creates an RSA attestation key signed by factory keys, and varifies it can be
174 * used to sign other RSA and EC keys.
175 */
176TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
177 auto challenge = "hello";
178 auto app_id = "foo";
179
180 auto subject = "cert subj 2";
181 vector<uint8_t> subject_der(make_name_from_str(subject));
182
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]183 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
184 // that a zero value doesn't cause problems.
185 uint64_t serial_int = 0;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]186 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
187
188 /*
189 * Create attestation key.
190 */
191 AttestationKey attest_key;
192 vector<KeyCharacteristics> attest_key_characteristics;
193 vector<Certificate> attest_key_cert_chain;
194 ASSERT_EQ(ErrorCode::OK,
195 GenerateKey(AuthorizationSetBuilder()
196 .RsaSigningKey(2048, 65537)
197 .AttestKey()
198 .AttestationChallenge(challenge)
199 .AttestationApplicationId(app_id)
200 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
201 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
202 .Authorization(TAG_NO_AUTH_REQUIRED)
203 .SetDefaultValidity(),
204 {} /* attestation signing key */, &attest_key.keyBlob,
205 &attest_key_characteristics, &attest_key_cert_chain));
206
207 EXPECT_GT(attest_key_cert_chain.size(), 1);
208 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
209 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
210
211 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
212 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
213 EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
214 sw_enforced, hw_enforced, SecLevel(),
215 attest_key_cert_chain[0].encodedCertificate));
216
217 /*
218 * Use attestation key to sign RSA key
219 */
220 attest_key.issuerSubjectName = subject_der;
221 vector<uint8_t> attested_key_blob;
222 vector<KeyCharacteristics> attested_key_characteristics;
223 vector<Certificate> attested_key_cert_chain;
224
225 auto subject2 = "cert subject";
226 vector<uint8_t> subject_der2(make_name_from_str(subject2));
227
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]228 uint64_t serial_int2 = 255;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]229 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
230
231 EXPECT_EQ(ErrorCode::OK,
232 GenerateKey(AuthorizationSetBuilder()
233 .RsaSigningKey(2048, 65537)
234 .Authorization(TAG_NO_AUTH_REQUIRED)
235 .AttestationChallenge("foo")
236 .AttestationApplicationId("bar")
237 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
238 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
239 .SetDefaultValidity(),
240 attest_key, &attested_key_blob, &attested_key_characteristics,
241 &attested_key_cert_chain));
242
243 CheckedDeleteKey(&attested_key_blob);
244 CheckedDeleteKey(&attest_key.keyBlob);
245
246 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
247 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
248 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced2, hw_enforced2, SecLevel(),
249 attested_key_cert_chain[0].encodedCertificate));
250
251 // Attestation by itself is not valid (last entry is not self-signed).
252 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
253
254 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
255 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
256 attest_key_cert_chain.end());
257
258 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
259 EXPECT_GT(attested_key_cert_chain.size(), 2);
260 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
261}
262
263/*
264 * AttestKeyTest.RsaAttestKeyChaining
265 *
266 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
267 * with the last attest key signed by the factory chain.
268 */
269TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
270 const int chain_size = 6;
271 vector<vector<uint8_t>> key_blob_list(chain_size);
272 vector<vector<Certificate>> cert_chain_list(chain_size);
273
274 for (int i = 0; i < chain_size; i++) {
275 string sub = "attest key chaining ";
276 char index = '1' + i;
277 string subject = sub + index;
278 vector<uint8_t> subject_der(make_name_from_str(subject));
279
280 uint64_t serial_int = 7000 + i;
281 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
282
283 vector<KeyCharacteristics> attested_key_characteristics;
284 AttestationKey attest_key;
285 optional<AttestationKey> attest_key_opt;
286
287 if (i > 0) {
288 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
289 attest_key.keyBlob = key_blob_list[i - 1];
290 attest_key_opt = attest_key;
291 }
292
293 EXPECT_EQ(ErrorCode::OK,
294 GenerateKey(AuthorizationSetBuilder()
295 .RsaSigningKey(2048, 65537)
296 .AttestKey()
297 .AttestationChallenge("foo")
298 .AttestationApplicationId("bar")
299 .Authorization(TAG_NO_AUTH_REQUIRED)
300 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
301 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
302 .SetDefaultValidity(),
303 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
304 &cert_chain_list[i]));
305
306 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
307 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
308 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
309 cert_chain_list[i][0].encodedCertificate));
310
311 if (i > 0) {
312 /*
313 * The first key is attestated with factory chain, but all the rest of the keys are
314 * not supposed to be returned in attestation certificate chains.
315 */
316 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
317
318 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
319 cert_chain_list[i].insert(cert_chain_list[i].end(), //
320 cert_chain_list[i - 1].begin(), //
321 cert_chain_list[i - 1].end());
322 }
323
324 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
325 EXPECT_GT(cert_chain_list[i].size(), i + 1);
326 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
327 }
328
329 for (int i = 0; i < chain_size; i++) {
330 CheckedDeleteKey(&key_blob_list[i]);
331 }
332}
333
334/*
335 * AttestKeyTest.EcAttestKeyChaining
336 *
337 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
338 * with the last attest key signed by the factory chain.
339 */
340TEST_P(AttestKeyTest, EcAttestKeyChaining) {
341 const int chain_size = 6;
342 vector<vector<uint8_t>> key_blob_list(chain_size);
343 vector<vector<Certificate>> cert_chain_list(chain_size);
344
345 for (int i = 0; i < chain_size; i++) {
346 string sub = "Ec attest key chaining ";
347 char index = '1' + i;
348 string subject = sub + index;
349 vector<uint8_t> subject_der(make_name_from_str(subject));
350
351 uint64_t serial_int = 800000 + i;
352 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
353
354 vector<KeyCharacteristics> attested_key_characteristics;
355 AttestationKey attest_key;
356 optional<AttestationKey> attest_key_opt;
357
358 if (i > 0) {
359 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
360 attest_key.keyBlob = key_blob_list[i - 1];
361 attest_key_opt = attest_key;
362 }
363
364 EXPECT_EQ(ErrorCode::OK,
365 GenerateKey(AuthorizationSetBuilder()
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]366 .EcdsaSigningKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]367 .AttestKey()
368 .AttestationChallenge("foo")
369 .AttestationApplicationId("bar")
370 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
371 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
372 .Authorization(TAG_NO_AUTH_REQUIRED)
373 .SetDefaultValidity(),
374 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
375 &cert_chain_list[i]));
376
377 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
378 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
379 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
380 cert_chain_list[i][0].encodedCertificate));
381
382 if (i > 0) {
383 /*
384 * The first key is attestated with factory chain, but all the rest of the keys are
385 * not supposed to be returned in attestation certificate chains.
386 */
387 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
388
389 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
390 cert_chain_list[i].insert(cert_chain_list[i].end(), //
391 cert_chain_list[i - 1].begin(), //
392 cert_chain_list[i - 1].end());
393 }
394
395 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
396 EXPECT_GT(cert_chain_list[i].size(), i + 1);
397 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
398 }
399
400 for (int i = 0; i < chain_size; i++) {
401 CheckedDeleteKey(&key_blob_list[i]);
402 }
403}
404
405/*
406 * AttestKeyTest.AlternateAttestKeyChaining
407 *
408 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
409 * Each attest key is used to sign the next attest key, with the last attest key signed by
410 * the factory chain. This is to verify different algorithms of attest keys can
411 * cross sign each other and be chained together.
412 */
413TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
414 const int chain_size = 6;
415 vector<vector<uint8_t>> key_blob_list(chain_size);
416 vector<vector<Certificate>> cert_chain_list(chain_size);
417
418 for (int i = 0; i < chain_size; i++) {
419 string sub = "Alt attest key chaining ";
420 char index = '1' + i;
421 string subject = sub + index;
422 vector<uint8_t> subject_der(make_name_from_str(subject));
423
424 uint64_t serial_int = 90000000 + i;
425 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
426
427 vector<KeyCharacteristics> attested_key_characteristics;
428 AttestationKey attest_key;
429 optional<AttestationKey> attest_key_opt;
430
431 if (i > 0) {
432 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
433 attest_key.keyBlob = key_blob_list[i - 1];
434 attest_key_opt = attest_key;
435 }
436
437 if ((i & 0x1) == 1) {
438 EXPECT_EQ(ErrorCode::OK,
439 GenerateKey(AuthorizationSetBuilder()
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]440 .EcdsaSigningKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]441 .AttestKey()
442 .AttestationChallenge("foo")
443 .AttestationApplicationId("bar")
444 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
445 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
446 .Authorization(TAG_NO_AUTH_REQUIRED)
447 .SetDefaultValidity(),
448 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
449 &cert_chain_list[i]));
450 } else {
451 EXPECT_EQ(ErrorCode::OK,
452 GenerateKey(AuthorizationSetBuilder()
453 .RsaSigningKey(2048, 65537)
454 .AttestKey()
455 .AttestationChallenge("foo")
456 .AttestationApplicationId("bar")
457 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
458 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
459 .Authorization(TAG_NO_AUTH_REQUIRED)
460 .SetDefaultValidity(),
461 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
462 &cert_chain_list[i]));
463 }
464
465 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
466 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
467 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
468 cert_chain_list[i][0].encodedCertificate));
469
470 if (i > 0) {
471 /*
472 * The first key is attestated with factory chain, but all the rest of the keys are
473 * not supposed to be returned in attestation certificate chains.
474 */
475 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
476
477 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
478 cert_chain_list[i].insert(cert_chain_list[i].end(), //
479 cert_chain_list[i - 1].begin(), //
480 cert_chain_list[i - 1].end());
481 }
482
483 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
484 EXPECT_GT(cert_chain_list[i].size(), i + 1);
485 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
486 }
487
488 for (int i = 0; i < chain_size; i++) {
489 CheckedDeleteKey(&key_blob_list[i]);
490 }
491}
492
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]493TEST_P(AttestKeyTest, MissingChallenge) {
494 for (auto size : ValidKeySizes(Algorithm::RSA)) {
495 /*
496 * Create attestation key.
497 */
498 AttestationKey attest_key;
499 vector<KeyCharacteristics> attest_key_characteristics;
500 vector<Certificate> attest_key_cert_chain;
501 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
502 .RsaSigningKey(size, 65537)
503 .AttestKey()
504 .SetDefaultValidity(),
505 {} /* attestation signing key */, &attest_key.keyBlob,
506 &attest_key_characteristics, &attest_key_cert_chain));
507
508 EXPECT_EQ(attest_key_cert_chain.size(), 1);
509 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
510
511 /*
512 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
513 */
514 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
515 vector<uint8_t> attested_key_blob;
516 vector<KeyCharacteristics> attested_key_characteristics;
517 vector<Certificate> attested_key_cert_chain;
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]518 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]519 GenerateKey(AuthorizationSetBuilder()
520 .RsaSigningKey(2048, 65537)
521 .Authorization(TAG_NO_AUTH_REQUIRED)
522 .AttestationApplicationId("bar")
523 .SetDefaultValidity(),
524 attest_key, &attested_key_blob, &attested_key_characteristics,
525 &attested_key_cert_chain));
526
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]527 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]528 GenerateKey(AuthorizationSetBuilder()
529 .EcdsaSigningKey(EcCurve::P_256)
530 .Authorization(TAG_NO_AUTH_REQUIRED)
531 .AttestationApplicationId("bar")
532 .SetDefaultValidity(),
533 attest_key, &attested_key_blob, &attested_key_characteristics,
534 &attested_key_cert_chain));
535
536 CheckedDeleteKey(&attest_key.keyBlob);
537 }
538}
539
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]540TEST_P(AttestKeyTest, AllEcCurves) {
541 for (auto curve : ValidCurves()) {
542 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]543 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]544 */
545 AttestationKey attest_key;
546 vector<KeyCharacteristics> attest_key_characteristics;
547 vector<Certificate> attest_key_cert_chain;
548 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
549 .EcdsaSigningKey(curve)
550 .AttestKey()
551 .SetDefaultValidity(),
552 {} /* attestation siging key */, &attest_key.keyBlob,
553 &attest_key_characteristics, &attest_key_cert_chain));
554
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]555 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]556 EXPECT_EQ(attest_key_cert_chain.size(), 1);
557 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
558
559 /*
560 * Use attestation key to sign RSA key
561 */
562 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
563 vector<uint8_t> attested_key_blob;
564 vector<KeyCharacteristics> attested_key_characteristics;
565 vector<Certificate> attested_key_cert_chain;
566 EXPECT_EQ(ErrorCode::OK,
567 GenerateKey(AuthorizationSetBuilder()
568 .RsaSigningKey(2048, 65537)
569 .Authorization(TAG_NO_AUTH_REQUIRED)
570 .AttestationChallenge("foo")
571 .AttestationApplicationId("bar")
572 .SetDefaultValidity(),
573 attest_key, &attested_key_blob, &attested_key_characteristics,
574 &attested_key_cert_chain));
575
576 CheckedDeleteKey(&attested_key_blob);
577
578 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
579 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
580 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
581 attested_key_cert_chain[0].encodedCertificate));
582
583 // Attestation by itself is not valid (last entry is not self-signed).
584 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
585
586 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
587 if (attest_key_cert_chain.size() > 0) {
588 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
589 }
590 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
591
592 /*
593 * Use attestation key to sign EC key
594 */
595 EXPECT_EQ(ErrorCode::OK,
596 GenerateKey(AuthorizationSetBuilder()
597 .EcdsaSigningKey(EcCurve::P_256)
598 .Authorization(TAG_NO_AUTH_REQUIRED)
599 .AttestationChallenge("foo")
600 .AttestationApplicationId("bar")
601 .SetDefaultValidity(),
602 attest_key, &attested_key_blob, &attested_key_characteristics,
603 &attested_key_cert_chain));
604
605 CheckedDeleteKey(&attested_key_blob);
606 CheckedDeleteKey(&attest_key.keyBlob);
607
608 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
609 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
610 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
611 attested_key_cert_chain[0].encodedCertificate));
612
613 // Attestation by itself is not valid (last entry is not self-signed).
614 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
615
616 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
617 if (attest_key_cert_chain.size() > 0) {
618 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
619 }
620 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
621
622 // Bail early if anything failed.
623 if (HasFailure()) return;
624 }
625}
626
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]627TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]628 // Create non-attestation key.
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]629 AttestationKey non_attest_key;
630 vector<KeyCharacteristics> non_attest_key_characteristics;
631 vector<Certificate> non_attest_key_cert_chain;
632 ASSERT_EQ(
633 ErrorCode::OK,
634 GenerateKey(
635 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
636 {} /* attestation siging key */, &non_attest_key.keyBlob,
637 &non_attest_key_characteristics, &non_attest_key_cert_chain));
638
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]639 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]640 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
641 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
642
643 // Attempt to sign attestation with non-attest key.
644 vector<uint8_t> attested_key_blob;
645 vector<KeyCharacteristics> attested_key_characteristics;
646 vector<Certificate> attested_key_cert_chain;
647 EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
648 GenerateKey(AuthorizationSetBuilder()
649 .EcdsaSigningKey(EcCurve::P_256)
650 .Authorization(TAG_NO_AUTH_REQUIRED)
651 .AttestationChallenge("foo")
652 .AttestationApplicationId("bar")
653 .SetDefaultValidity(),
654 non_attest_key, &attested_key_blob, &attested_key_characteristics,
655 &attested_key_cert_chain));
656}
657
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]658INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
659
660} // namespace aidl::android::hardware::security::keymint::test