Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / b16c246ddc19cc3814f5faeb28f3372ac12a00f3 / . / security / keymint / aidl / vts / functional / AttestKeyTest.cpp
blob: 73c382092eb377a8cbe89bcf6bcb5488c1c8b9c5 [file] [log] [blame]
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymint_1_attest_key_test"
18#include <cutils/log.h>
19
20#include <keymint_support/key_param_output.h>
21#include <keymint_support/openssl_utils.h>
22
23#include "KeyMintAidlTestBase.h"
24
25namespace aidl::android::hardware::security::keymint::test {
26
27namespace {
28
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]29bool IsSelfSigned(const vector<Certificate>& chain) {
30 if (chain.size() != 1) return false;
31 return ChainSignaturesAreValid(chain);
32}
33
34} // namespace
35
36using AttestKeyTest = KeyMintAidlTestBase;
37
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]38/*
39 * AttestKeyTest.AllRsaSizes
40 *
41 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
42 * used to sign other RSA and EC keys.
43 */
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]44TEST_P(AttestKeyTest, AllRsaSizes) {
45 for (auto size : ValidKeySizes(Algorithm::RSA)) {
46 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]47 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]48 */
49 AttestationKey attest_key;
50 vector<KeyCharacteristics> attest_key_characteristics;
51 vector<Certificate> attest_key_cert_chain;
52 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]53 .RsaKey(size, 65537)
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]54 .AttestKey()
55 .SetDefaultValidity(),
56 {} /* attestation signing key */, &attest_key.keyBlob,
57 &attest_key_characteristics, &attest_key_cert_chain));
58
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]59 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]60 EXPECT_EQ(attest_key_cert_chain.size(), 1);
61 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
62
63 /*
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]64 * Use attestation key to sign RSA signing key
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]65 */
66 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
67 vector<uint8_t> attested_key_blob;
68 vector<KeyCharacteristics> attested_key_characteristics;
69 vector<Certificate> attested_key_cert_chain;
70 EXPECT_EQ(ErrorCode::OK,
71 GenerateKey(AuthorizationSetBuilder()
72 .RsaSigningKey(2048, 65537)
73 .Authorization(TAG_NO_AUTH_REQUIRED)
74 .AttestationChallenge("foo")
75 .AttestationApplicationId("bar")
76 .SetDefaultValidity(),
77 attest_key, &attested_key_blob, &attested_key_characteristics,
78 &attested_key_cert_chain));
79
80 CheckedDeleteKey(&attested_key_blob);
81
82 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
83 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
84 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
85 attested_key_cert_chain[0].encodedCertificate));
86
87 // Attestation by itself is not valid (last entry is not self-signed).
88 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
89
90 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]91 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]92 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]93 EXPECT_EQ(attested_key_cert_chain.size(), 2);
94
95 /*
96 * Use attestation key to sign RSA decryption key
97 */
98 attested_key_characteristics.resize(0);
99 attested_key_cert_chain.resize(0);
100 EXPECT_EQ(ErrorCode::OK,
101 GenerateKey(AuthorizationSetBuilder()
102 .RsaEncryptionKey(2048, 65537)
103 .Digest(Digest::NONE)
104 .Padding(PaddingMode::NONE)
105 .Authorization(TAG_NO_AUTH_REQUIRED)
106 .AttestationChallenge("foo2")
107 .AttestationApplicationId("bar2")
108 .SetDefaultValidity(),
109 attest_key, &attested_key_blob, &attested_key_characteristics,
110 &attested_key_cert_chain));
111
112 CheckedDeleteKey(&attested_key_blob);
113
114 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
115 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
116 EXPECT_TRUE(verify_attestation_record("foo2", "bar2", sw_enforced, hw_enforced, SecLevel(),
117 attested_key_cert_chain[0].encodedCertificate));
118
119 // Attestation by itself is not valid (last entry is not self-signed).
120 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
121
122 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
123 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
124 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
125 EXPECT_EQ(attested_key_cert_chain.size(), 2);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]126
127 /*
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]128 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]129 */
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]130 attested_key_characteristics.resize(0);
131 attested_key_cert_chain.resize(0);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]132 uint64_t timestamp = 1619621648000;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]133 EXPECT_EQ(ErrorCode::OK,
134 GenerateKey(AuthorizationSetBuilder()
135 .EcdsaSigningKey(EcCurve::P_256)
136 .Authorization(TAG_NO_AUTH_REQUIRED)
137 .AttestationChallenge("foo")
138 .AttestationApplicationId("bar")
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]139 .Authorization(TAG_CREATION_DATETIME, timestamp)
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]140 .SetDefaultValidity(),
141 attest_key, &attested_key_blob, &attested_key_characteristics,
142 &attested_key_cert_chain));
143
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]144 // The returned key characteristics will include CREATION_DATETIME (checked below)
145 // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
146 // call below, to match what getKeyCharacteristics() returns (which doesn't include
147 // any SecurityLevel::KEYSTORE characteristics).
148 CheckCharacteristics(attested_key_blob, attested_key_characteristics);
149
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]150 CheckedDeleteKey(&attested_key_blob);
151 CheckedDeleteKey(&attest_key.keyBlob);
152
153 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
154 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]155
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]156 // The client-specified CREATION_DATETIME should be in sw_enforced.
157 // Its presence will also trigger verify_attestation_record() to check that it
158 // is in the attestation extension with a matching value.
159 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
160 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
161 << " not in hw_enforced:" << hw_enforced;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]162 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
163 attested_key_cert_chain[0].encodedCertificate));
164
165 // Attestation by itself is not valid (last entry is not self-signed).
166 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
167
168 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]169 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]170 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
171
172 // Bail early if anything failed.
173 if (HasFailure()) return;
174 }
175}
176
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]177/*
178 * AttestKeyTest.RsaAttestedAttestKeys
179 *
180 * This test creates an RSA attestation key signed by factory keys, and varifies it can be
181 * used to sign other RSA and EC keys.
182 */
183TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
184 auto challenge = "hello";
185 auto app_id = "foo";
186
187 auto subject = "cert subj 2";
188 vector<uint8_t> subject_der(make_name_from_str(subject));
189
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]190 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
191 // that a zero value doesn't cause problems.
192 uint64_t serial_int = 0;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]193 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
194
195 /*
196 * Create attestation key.
197 */
198 AttestationKey attest_key;
199 vector<KeyCharacteristics> attest_key_characteristics;
200 vector<Certificate> attest_key_cert_chain;
201 ASSERT_EQ(ErrorCode::OK,
202 GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]203 .RsaKey(2048, 65537)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]204 .AttestKey()
205 .AttestationChallenge(challenge)
206 .AttestationApplicationId(app_id)
207 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
208 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
209 .Authorization(TAG_NO_AUTH_REQUIRED)
210 .SetDefaultValidity(),
211 {} /* attestation signing key */, &attest_key.keyBlob,
212 &attest_key_characteristics, &attest_key_cert_chain));
213
214 EXPECT_GT(attest_key_cert_chain.size(), 1);
215 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
216 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
217
218 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
219 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
220 EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
221 sw_enforced, hw_enforced, SecLevel(),
222 attest_key_cert_chain[0].encodedCertificate));
223
224 /*
225 * Use attestation key to sign RSA key
226 */
227 attest_key.issuerSubjectName = subject_der;
228 vector<uint8_t> attested_key_blob;
229 vector<KeyCharacteristics> attested_key_characteristics;
230 vector<Certificate> attested_key_cert_chain;
231
232 auto subject2 = "cert subject";
233 vector<uint8_t> subject_der2(make_name_from_str(subject2));
234
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]235 uint64_t serial_int2 = 255;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]236 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
237
238 EXPECT_EQ(ErrorCode::OK,
239 GenerateKey(AuthorizationSetBuilder()
240 .RsaSigningKey(2048, 65537)
241 .Authorization(TAG_NO_AUTH_REQUIRED)
242 .AttestationChallenge("foo")
243 .AttestationApplicationId("bar")
244 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
245 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
246 .SetDefaultValidity(),
247 attest_key, &attested_key_blob, &attested_key_characteristics,
248 &attested_key_cert_chain));
249
250 CheckedDeleteKey(&attested_key_blob);
251 CheckedDeleteKey(&attest_key.keyBlob);
252
253 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
254 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
255 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced2, hw_enforced2, SecLevel(),
256 attested_key_cert_chain[0].encodedCertificate));
257
258 // Attestation by itself is not valid (last entry is not self-signed).
259 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
260
261 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
262 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
263 attest_key_cert_chain.end());
264
265 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
266 EXPECT_GT(attested_key_cert_chain.size(), 2);
267 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
268}
269
270/*
271 * AttestKeyTest.RsaAttestKeyChaining
272 *
273 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
274 * with the last attest key signed by the factory chain.
275 */
276TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
277 const int chain_size = 6;
278 vector<vector<uint8_t>> key_blob_list(chain_size);
279 vector<vector<Certificate>> cert_chain_list(chain_size);
280
281 for (int i = 0; i < chain_size; i++) {
282 string sub = "attest key chaining ";
283 char index = '1' + i;
284 string subject = sub + index;
285 vector<uint8_t> subject_der(make_name_from_str(subject));
286
287 uint64_t serial_int = 7000 + i;
288 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
289
290 vector<KeyCharacteristics> attested_key_characteristics;
291 AttestationKey attest_key;
292 optional<AttestationKey> attest_key_opt;
293
294 if (i > 0) {
295 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
296 attest_key.keyBlob = key_blob_list[i - 1];
297 attest_key_opt = attest_key;
298 }
299
300 EXPECT_EQ(ErrorCode::OK,
301 GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]302 .RsaKey(2048, 65537)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]303 .AttestKey()
304 .AttestationChallenge("foo")
305 .AttestationApplicationId("bar")
306 .Authorization(TAG_NO_AUTH_REQUIRED)
307 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
308 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
309 .SetDefaultValidity(),
310 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
311 &cert_chain_list[i]));
312
313 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
314 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100[diff] [blame]315 ASSERT_GT(cert_chain_list[i].size(), 0);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]316 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
317 cert_chain_list[i][0].encodedCertificate));
318
319 if (i > 0) {
320 /*
321 * The first key is attestated with factory chain, but all the rest of the keys are
322 * not supposed to be returned in attestation certificate chains.
323 */
324 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
325
326 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
327 cert_chain_list[i].insert(cert_chain_list[i].end(), //
328 cert_chain_list[i - 1].begin(), //
329 cert_chain_list[i - 1].end());
330 }
331
332 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
333 EXPECT_GT(cert_chain_list[i].size(), i + 1);
334 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
335 }
336
337 for (int i = 0; i < chain_size; i++) {
338 CheckedDeleteKey(&key_blob_list[i]);
339 }
340}
341
342/*
343 * AttestKeyTest.EcAttestKeyChaining
344 *
345 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
346 * with the last attest key signed by the factory chain.
347 */
348TEST_P(AttestKeyTest, EcAttestKeyChaining) {
349 const int chain_size = 6;
350 vector<vector<uint8_t>> key_blob_list(chain_size);
351 vector<vector<Certificate>> cert_chain_list(chain_size);
352
353 for (int i = 0; i < chain_size; i++) {
354 string sub = "Ec attest key chaining ";
355 char index = '1' + i;
356 string subject = sub + index;
357 vector<uint8_t> subject_der(make_name_from_str(subject));
358
359 uint64_t serial_int = 800000 + i;
360 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
361
362 vector<KeyCharacteristics> attested_key_characteristics;
363 AttestationKey attest_key;
364 optional<AttestationKey> attest_key_opt;
365
366 if (i > 0) {
367 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
368 attest_key.keyBlob = key_blob_list[i - 1];
369 attest_key_opt = attest_key;
370 }
371
372 EXPECT_EQ(ErrorCode::OK,
373 GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]374 .EcdsaKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]375 .AttestKey()
376 .AttestationChallenge("foo")
377 .AttestationApplicationId("bar")
378 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
379 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
380 .Authorization(TAG_NO_AUTH_REQUIRED)
381 .SetDefaultValidity(),
382 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
383 &cert_chain_list[i]));
384
385 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
386 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100[diff] [blame]387 ASSERT_GT(cert_chain_list[i].size(), 0);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]388 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
389 cert_chain_list[i][0].encodedCertificate));
390
391 if (i > 0) {
392 /*
393 * The first key is attestated with factory chain, but all the rest of the keys are
394 * not supposed to be returned in attestation certificate chains.
395 */
396 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
397
398 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
399 cert_chain_list[i].insert(cert_chain_list[i].end(), //
400 cert_chain_list[i - 1].begin(), //
401 cert_chain_list[i - 1].end());
402 }
403
404 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
405 EXPECT_GT(cert_chain_list[i].size(), i + 1);
406 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
407 }
408
409 for (int i = 0; i < chain_size; i++) {
410 CheckedDeleteKey(&key_blob_list[i]);
411 }
412}
413
414/*
415 * AttestKeyTest.AlternateAttestKeyChaining
416 *
417 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
418 * Each attest key is used to sign the next attest key, with the last attest key signed by
419 * the factory chain. This is to verify different algorithms of attest keys can
420 * cross sign each other and be chained together.
421 */
422TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
423 const int chain_size = 6;
424 vector<vector<uint8_t>> key_blob_list(chain_size);
425 vector<vector<Certificate>> cert_chain_list(chain_size);
426
427 for (int i = 0; i < chain_size; i++) {
428 string sub = "Alt attest key chaining ";
429 char index = '1' + i;
430 string subject = sub + index;
431 vector<uint8_t> subject_der(make_name_from_str(subject));
432
433 uint64_t serial_int = 90000000 + i;
434 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
435
436 vector<KeyCharacteristics> attested_key_characteristics;
437 AttestationKey attest_key;
438 optional<AttestationKey> attest_key_opt;
439
440 if (i > 0) {
441 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
442 attest_key.keyBlob = key_blob_list[i - 1];
443 attest_key_opt = attest_key;
444 }
445
446 if ((i & 0x1) == 1) {
447 EXPECT_EQ(ErrorCode::OK,
448 GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]449 .EcdsaKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]450 .AttestKey()
451 .AttestationChallenge("foo")
452 .AttestationApplicationId("bar")
453 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
454 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
455 .Authorization(TAG_NO_AUTH_REQUIRED)
456 .SetDefaultValidity(),
457 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
458 &cert_chain_list[i]));
459 } else {
460 EXPECT_EQ(ErrorCode::OK,
461 GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]462 .RsaKey(2048, 65537)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]463 .AttestKey()
464 .AttestationChallenge("foo")
465 .AttestationApplicationId("bar")
466 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
467 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
468 .Authorization(TAG_NO_AUTH_REQUIRED)
469 .SetDefaultValidity(),
470 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
471 &cert_chain_list[i]));
472 }
473
474 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
475 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100[diff] [blame]476 ASSERT_GT(cert_chain_list[i].size(), 0);
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]477 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
478 cert_chain_list[i][0].encodedCertificate));
479
480 if (i > 0) {
481 /*
482 * The first key is attestated with factory chain, but all the rest of the keys are
483 * not supposed to be returned in attestation certificate chains.
484 */
485 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
486
487 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
488 cert_chain_list[i].insert(cert_chain_list[i].end(), //
489 cert_chain_list[i - 1].begin(), //
490 cert_chain_list[i - 1].end());
491 }
492
493 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
494 EXPECT_GT(cert_chain_list[i].size(), i + 1);
495 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
496 }
497
498 for (int i = 0; i < chain_size; i++) {
499 CheckedDeleteKey(&key_blob_list[i]);
500 }
501}
502
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]503TEST_P(AttestKeyTest, MissingChallenge) {
504 for (auto size : ValidKeySizes(Algorithm::RSA)) {
505 /*
506 * Create attestation key.
507 */
508 AttestationKey attest_key;
509 vector<KeyCharacteristics> attest_key_characteristics;
510 vector<Certificate> attest_key_cert_chain;
511 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]512 .RsaKey(size, 65537)
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]513 .AttestKey()
514 .SetDefaultValidity(),
515 {} /* attestation signing key */, &attest_key.keyBlob,
516 &attest_key_characteristics, &attest_key_cert_chain));
517
518 EXPECT_EQ(attest_key_cert_chain.size(), 1);
519 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
520
521 /*
522 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
523 */
524 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
525 vector<uint8_t> attested_key_blob;
526 vector<KeyCharacteristics> attested_key_characteristics;
527 vector<Certificate> attested_key_cert_chain;
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]528 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]529 GenerateKey(AuthorizationSetBuilder()
530 .RsaSigningKey(2048, 65537)
531 .Authorization(TAG_NO_AUTH_REQUIRED)
532 .AttestationApplicationId("bar")
533 .SetDefaultValidity(),
534 attest_key, &attested_key_blob, &attested_key_characteristics,
535 &attested_key_cert_chain));
536
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]537 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]538 GenerateKey(AuthorizationSetBuilder()
539 .EcdsaSigningKey(EcCurve::P_256)
540 .Authorization(TAG_NO_AUTH_REQUIRED)
541 .AttestationApplicationId("bar")
542 .SetDefaultValidity(),
543 attest_key, &attested_key_blob, &attested_key_characteristics,
544 &attested_key_cert_chain));
545
546 CheckedDeleteKey(&attest_key.keyBlob);
547 }
548}
549
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]550TEST_P(AttestKeyTest, AllEcCurves) {
551 for (auto curve : ValidCurves()) {
552 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]553 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]554 */
555 AttestationKey attest_key;
556 vector<KeyCharacteristics> attest_key_characteristics;
557 vector<Certificate> attest_key_cert_chain;
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]558 ASSERT_EQ(
559 ErrorCode::OK,
560 GenerateKey(
561 AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(),
562 {} /* attestation signing key */, &attest_key.keyBlob,
563 &attest_key_characteristics, &attest_key_cert_chain));
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]564
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]565 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]566 EXPECT_EQ(attest_key_cert_chain.size(), 1);
567 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
568
569 /*
570 * Use attestation key to sign RSA key
571 */
572 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
573 vector<uint8_t> attested_key_blob;
574 vector<KeyCharacteristics> attested_key_characteristics;
575 vector<Certificate> attested_key_cert_chain;
576 EXPECT_EQ(ErrorCode::OK,
577 GenerateKey(AuthorizationSetBuilder()
578 .RsaSigningKey(2048, 65537)
579 .Authorization(TAG_NO_AUTH_REQUIRED)
580 .AttestationChallenge("foo")
581 .AttestationApplicationId("bar")
582 .SetDefaultValidity(),
583 attest_key, &attested_key_blob, &attested_key_characteristics,
584 &attested_key_cert_chain));
585
Brian J Murrayaa8a7582021-12-06 22:13:50 -0800[diff] [blame]586 ASSERT_GT(attested_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]587 CheckedDeleteKey(&attested_key_blob);
588
589 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
590 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
591 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
592 attested_key_cert_chain[0].encodedCertificate));
593
594 // Attestation by itself is not valid (last entry is not self-signed).
595 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
596
597 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
598 if (attest_key_cert_chain.size() > 0) {
599 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
600 }
601 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
602
603 /*
604 * Use attestation key to sign EC key
605 */
606 EXPECT_EQ(ErrorCode::OK,
607 GenerateKey(AuthorizationSetBuilder()
608 .EcdsaSigningKey(EcCurve::P_256)
609 .Authorization(TAG_NO_AUTH_REQUIRED)
610 .AttestationChallenge("foo")
611 .AttestationApplicationId("bar")
612 .SetDefaultValidity(),
613 attest_key, &attested_key_blob, &attested_key_characteristics,
614 &attested_key_cert_chain));
615
Brian J Murrayaa8a7582021-12-06 22:13:50 -0800[diff] [blame]616 ASSERT_GT(attested_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]617 CheckedDeleteKey(&attested_key_blob);
618 CheckedDeleteKey(&attest_key.keyBlob);
619
620 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
621 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
622 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
623 attested_key_cert_chain[0].encodedCertificate));
624
625 // Attestation by itself is not valid (last entry is not self-signed).
626 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
627
628 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
629 if (attest_key_cert_chain.size() > 0) {
630 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
631 }
632 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
633
634 // Bail early if anything failed.
635 if (HasFailure()) return;
636 }
637}
638
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]639TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]640 // Create non-attestation key.
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]641 AttestationKey non_attest_key;
642 vector<KeyCharacteristics> non_attest_key_characteristics;
643 vector<Certificate> non_attest_key_cert_chain;
644 ASSERT_EQ(
645 ErrorCode::OK,
646 GenerateKey(
647 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]648 {} /* attestation signing key */, &non_attest_key.keyBlob,
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]649 &non_attest_key_characteristics, &non_attest_key_cert_chain));
650
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]651 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]652 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
653 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
654
655 // Attempt to sign attestation with non-attest key.
656 vector<uint8_t> attested_key_blob;
657 vector<KeyCharacteristics> attested_key_characteristics;
658 vector<Certificate> attested_key_cert_chain;
659 EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
660 GenerateKey(AuthorizationSetBuilder()
661 .EcdsaSigningKey(EcCurve::P_256)
662 .Authorization(TAG_NO_AUTH_REQUIRED)
663 .AttestationChallenge("foo")
664 .AttestationApplicationId("bar")
665 .SetDefaultValidity(),
666 non_attest_key, &attested_key_blob, &attested_key_characteristics,
667 &attested_key_cert_chain));
668}
669
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]670TEST_P(AttestKeyTest, EcdsaAttestationID) {
671 // Create attestation key.
672 AttestationKey attest_key;
673 vector<KeyCharacteristics> attest_key_characteristics;
674 vector<Certificate> attest_key_cert_chain;
675 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]676 .EcdsaKey(EcCurve::P_256)
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]677 .AttestKey()
678 .SetDefaultValidity(),
679 {} /* attestation signing key */, &attest_key.keyBlob,
680 &attest_key_characteristics, &attest_key_cert_chain));
681 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
682 ASSERT_GT(attest_key_cert_chain.size(), 0);
683 EXPECT_EQ(attest_key_cert_chain.size(), 1);
684 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
685
686 // Collection of valid attestation ID tags.
687 auto attestation_id_tags = AuthorizationSetBuilder();
688 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
689 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
690 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
691 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serial");
692 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
693 "ro.product.manufacturer");
694 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
695
696 for (const KeyParameter& tag : attestation_id_tags) {
697 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
698 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
699 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
700 .EcdsaSigningKey(EcCurve::P_256)
701 .Authorization(TAG_NO_AUTH_REQUIRED)
702 .AttestationChallenge("challenge")
703 .AttestationApplicationId("foo")
704 .SetDefaultValidity();
705 builder.push_back(tag);
706 vector<uint8_t> attested_key_blob;
707 vector<KeyCharacteristics> attested_key_characteristics;
708 vector<Certificate> attested_key_cert_chain;
709 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
710 &attested_key_characteristics, &attested_key_cert_chain);
711 if (result == ErrorCode::CANNOT_ATTEST_IDS) {
712 continue;
713 }
714
715 ASSERT_EQ(result, ErrorCode::OK);
716
717 CheckedDeleteKey(&attested_key_blob);
718
719 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
720 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
721
722 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
723 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
724 // attestation extension should contain them, so make sure the extra tag is added.
725 hw_enforced.push_back(tag);
726
727 EXPECT_TRUE(verify_attestation_record("challenge", "foo", sw_enforced, hw_enforced,
728 SecLevel(),
729 attested_key_cert_chain[0].encodedCertificate));
730 }
731 CheckedDeleteKey(&attest_key.keyBlob);
732}
733
734TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {
735 // Create attestation key.
736 AttestationKey attest_key;
737 vector<KeyCharacteristics> attest_key_characteristics;
738 vector<Certificate> attest_key_cert_chain;
739 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
David Drysdaleb3b12142021-11-01 17:13:27 +0000[diff] [blame]740 .EcdsaKey(EcCurve::P_256)
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]741 .AttestKey()
742 .SetDefaultValidity(),
743 {} /* attestation signing key */, &attest_key.keyBlob,
744 &attest_key_characteristics, &attest_key_cert_chain));
745 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
746 ASSERT_GT(attest_key_cert_chain.size(), 0);
747 EXPECT_EQ(attest_key_cert_chain.size(), 1);
748 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
749
750 // Collection of invalid attestation ID tags.
751 auto attestation_id_tags =
752 AuthorizationSetBuilder()
753 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
754 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
755 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
756 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
757 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
758 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
759 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
760 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
761 vector<uint8_t> key_blob;
762 vector<KeyCharacteristics> key_characteristics;
763
764 for (const KeyParameter& invalid_tag : attestation_id_tags) {
765 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
766
767 // Use attestation key to sign an ECDSA key, but include an invalid
768 // attestation ID field.
769 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
770 .EcdsaSigningKey(EcCurve::P_256)
771 .Authorization(TAG_NO_AUTH_REQUIRED)
772 .AttestationChallenge("challenge")
773 .AttestationApplicationId("foo")
774 .SetDefaultValidity();
775 builder.push_back(invalid_tag);
776 vector<uint8_t> attested_key_blob;
777 vector<KeyCharacteristics> attested_key_characteristics;
778 vector<Certificate> attested_key_cert_chain;
779 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
780 &attested_key_characteristics, &attested_key_cert_chain);
781
782 ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG)
783 << "result = " << result;
784 }
785 CheckedDeleteKey(&attest_key.keyBlob);
786}
787
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]788INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
789
790} // namespace aidl::android::hardware::security::keymint::test