blob: 26dc3f510f4fdfcfbc34cbacb3eaeb16f0fb6f83 [file] [log] [blame]
Selene Huang531a72d2021-04-15 01:09:47 -07001/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymint_1_attest_key_test"
18
19#include <cutils/log.h>
20#include <cutils/properties.h>
21#include <keymint_support/key_param_output.h>
22#include <keymint_support/openssl_utils.h>
23
24#include "KeyMintAidlTestBase.h"
25
26namespace aidl::android::hardware::security::keymint::test {
27
28class DeviceUniqueAttestationTest : public KeyMintAidlTestBase {
29 protected:
30 void CheckUniqueAttestationResults(const vector<uint8_t>& key_blob,
31 const vector<KeyCharacteristics>& key_characteristics,
David Drysdalea676c3b2021-06-14 14:46:02 +010032 const AuthorizationSet& hw_enforced) {
Selene Huang531a72d2021-04-15 01:09:47 -070033 ASSERT_GT(cert_chain_.size(), 0);
34
35 if (KeyMintAidlTestBase::dump_Attestations) {
36 std::cout << bin2hex(cert_chain_[0].encodedCertificate) << std::endl;
37 }
38
39 ASSERT_GT(key_blob.size(), 0U);
40
41 AuthorizationSet crypto_params = SecLevelAuthorizations(key_characteristics);
42
Eran Messeri03d7a1a2021-07-06 12:07:57 +010043 // The device-unique attestation chain should contain exactly three certificates:
Eran Messeri90747ad2021-05-27 15:08:03 +010044 // * The leaf with the attestation extension.
Eran Messeri03d7a1a2021-07-06 12:07:57 +010045 // * An intermediate, signing the leaf using the device-unique key.
46 // * A self-signed root, signed using some authority's key, certifying
47 // the device-unique key.
48 const size_t chain_length = cert_chain_.size();
49 ASSERT_TRUE(chain_length == 2 || chain_length == 3);
50 // TODO(b/191361618): Once StrongBox implementations use a correctly-issued
51 // certificate chain, do not skip issuers matching.
52 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_, /* strict_issuer_check= */ false));
Selene Huang531a72d2021-04-15 01:09:47 -070053
54 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +000055 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
56 hw_enforced, SecLevel(),
57 cert_chain_[0].encodedCertificate));
Selene Huang531a72d2021-04-15 01:09:47 -070058 }
59};
60
61/*
62 * DeviceUniqueAttestationTest.RsaNonStrongBoxUnimplemented
63 *
64 * Verifies that non strongbox implementations do not implement Rsa device unique
65 * attestation.
66 */
67TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) {
David Drysdale513bf122021-10-06 11:53:13 +010068 if (SecLevel() == SecurityLevel::STRONGBOX) {
69 GTEST_SKIP() << "Test not applicable to StrongBox device";
70 }
Selene Huang531a72d2021-04-15 01:09:47 -070071
72 vector<uint8_t> key_blob;
73 vector<KeyCharacteristics> key_characteristics;
74
75 // Check RSA implementation
76 auto result = GenerateKey(AuthorizationSetBuilder()
77 .Authorization(TAG_NO_AUTH_REQUIRED)
78 .RsaSigningKey(2048, 65537)
79 .Digest(Digest::SHA_2_256)
80 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
81 .Authorization(TAG_INCLUDE_UNIQUE_ID)
David Drysdale13f2a402021-11-01 11:40:08 +000082 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
Prashant Patil6c1adf02021-11-22 06:21:21 +000083 .SetDefaultValidity()
Selene Huang531a72d2021-04-15 01:09:47 -070084 .AttestationChallenge("challenge")
85 .AttestationApplicationId("foo")
86 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
87 &key_blob, &key_characteristics);
88
David Drysdaledb0dcf52021-05-18 11:43:31 +010089 ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG);
Selene Huang531a72d2021-04-15 01:09:47 -070090}
91
92/*
93 * DeviceUniqueAttestationTest.EcdsaNonStrongBoxUnimplemented
94 *
95 * Verifies that non strongbox implementations do not implement Ecdsa device unique
96 * attestation.
97 */
98TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) {
David Drysdale513bf122021-10-06 11:53:13 +010099 if (SecLevel() == SecurityLevel::STRONGBOX) {
100 GTEST_SKIP() << "Test not applicable to StrongBox device";
101 }
Selene Huang531a72d2021-04-15 01:09:47 -0700102
103 vector<uint8_t> key_blob;
104 vector<KeyCharacteristics> key_characteristics;
105
106 // Check Ecdsa implementation
107 auto result = GenerateKey(AuthorizationSetBuilder()
108 .Authorization(TAG_NO_AUTH_REQUIRED)
109 .EcdsaSigningKey(EcCurve::P_256)
110 .Digest(Digest::SHA_2_256)
111 .Authorization(TAG_INCLUDE_UNIQUE_ID)
David Drysdale13f2a402021-11-01 11:40:08 +0000112 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
Prashant Patil6c1adf02021-11-22 06:21:21 +0000113 .SetDefaultValidity()
Selene Huang531a72d2021-04-15 01:09:47 -0700114 .AttestationChallenge("challenge")
115 .AttestationApplicationId("foo")
116 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
117 &key_blob, &key_characteristics);
118
David Drysdaledb0dcf52021-05-18 11:43:31 +0100119 ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG);
Selene Huang531a72d2021-04-15 01:09:47 -0700120}
121
122/*
123 * DeviceUniqueAttestationTest.RsaDeviceUniqueAttestation
124 *
125 * Verifies that strongbox implementations of Rsa implements device unique
126 * attestation correctly, if implemented.
127 */
128TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) {
David Drysdale513bf122021-10-06 11:53:13 +0100129 if (SecLevel() != SecurityLevel::STRONGBOX) {
130 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
131 }
Selene Huang531a72d2021-04-15 01:09:47 -0700132
133 vector<uint8_t> key_blob;
134 vector<KeyCharacteristics> key_characteristics;
135 int key_size = 2048;
136
137 auto result = GenerateKey(AuthorizationSetBuilder()
138 .Authorization(TAG_NO_AUTH_REQUIRED)
139 .RsaSigningKey(key_size, 65537)
140 .Digest(Digest::SHA_2_256)
141 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
142 .Authorization(TAG_INCLUDE_UNIQUE_ID)
David Drysdale13f2a402021-11-01 11:40:08 +0000143 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
Prashant Patil6c1adf02021-11-22 06:21:21 +0000144 .SetDefaultValidity()
Selene Huang531a72d2021-04-15 01:09:47 -0700145 .AttestationChallenge("challenge")
146 .AttestationApplicationId("foo")
147 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
148 &key_blob, &key_characteristics);
149
150 // It is optional for Strong box to support DeviceUniqueAttestation.
151 if (result == ErrorCode::CANNOT_ATTEST_IDS) return;
152
153 ASSERT_EQ(ErrorCode::OK, result);
154
David Drysdalea676c3b2021-06-14 14:46:02 +0100155 AuthorizationSetBuilder hw_enforced =
156 AuthorizationSetBuilder()
157 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
158 .Authorization(TAG_NO_AUTH_REQUIRED)
159 .RsaSigningKey(2048, 65537)
160 .Digest(Digest::SHA_2_256)
161 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
162 .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED)
163 .Authorization(TAG_OS_VERSION, os_version())
164 .Authorization(TAG_OS_PATCHLEVEL, os_patch_level());
Selene Huang531a72d2021-04-15 01:09:47 -0700165
David Drysdalea676c3b2021-06-14 14:46:02 +0100166 // Any patchlevels attached to the key should also be present in the attestation extension.
167 AuthorizationSet auths;
168 for (const auto& entry : key_characteristics) {
169 auths.push_back(AuthorizationSet(entry.authorizations));
170 }
171 auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
172 if (vendor_pl) {
173 hw_enforced.Authorization(TAG_VENDOR_PATCHLEVEL, *vendor_pl);
174 }
175 auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
176 if (boot_pl) {
177 hw_enforced.Authorization(TAG_BOOT_PATCHLEVEL, *boot_pl);
178 }
179
180 CheckUniqueAttestationResults(key_blob, key_characteristics, hw_enforced);
Selene Huang531a72d2021-04-15 01:09:47 -0700181}
182
183/*
184 * DeviceUniqueAttestationTest.EcdsaDeviceUniqueAttestation
185 *
186 * Verifies that strongbox implementations of Rsa implements device unique
187 * attestation correctly, if implemented.
188 */
189TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) {
David Drysdale513bf122021-10-06 11:53:13 +0100190 if (SecLevel() != SecurityLevel::STRONGBOX) {
191 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
192 }
Selene Huang531a72d2021-04-15 01:09:47 -0700193
194 vector<uint8_t> key_blob;
195 vector<KeyCharacteristics> key_characteristics;
Selene Huang531a72d2021-04-15 01:09:47 -0700196
197 auto result = GenerateKey(AuthorizationSetBuilder()
198 .Authorization(TAG_NO_AUTH_REQUIRED)
David Drysdalea676c3b2021-06-14 14:46:02 +0100199 .EcdsaSigningKey(EcCurve::P_256)
Selene Huang531a72d2021-04-15 01:09:47 -0700200 .Digest(Digest::SHA_2_256)
201 .Authorization(TAG_INCLUDE_UNIQUE_ID)
David Drysdale13f2a402021-11-01 11:40:08 +0000202 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
Prashant Patil6c1adf02021-11-22 06:21:21 +0000203 .SetDefaultValidity()
Selene Huang531a72d2021-04-15 01:09:47 -0700204 .AttestationChallenge("challenge")
205 .AttestationApplicationId("foo")
206 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
207 &key_blob, &key_characteristics);
208
209 // It is optional for Strong box to support DeviceUniqueAttestation.
210 if (result == ErrorCode::CANNOT_ATTEST_IDS) return;
211 ASSERT_EQ(ErrorCode::OK, result);
212
David Drysdalea676c3b2021-06-14 14:46:02 +0100213 AuthorizationSetBuilder hw_enforced =
214 AuthorizationSetBuilder()
215 .Authorization(TAG_NO_AUTH_REQUIRED)
216 .EcdsaSigningKey(EcCurve::P_256)
217 .Digest(Digest::SHA_2_256)
218 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
219 .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED)
220 .Authorization(TAG_OS_VERSION, os_version())
221 .Authorization(TAG_OS_PATCHLEVEL, os_patch_level());
222 // Any patchlevels attached to the key should also be present in the attestation extension.
223 AuthorizationSet auths;
224 for (const auto& entry : key_characteristics) {
225 auths.push_back(AuthorizationSet(entry.authorizations));
226 }
227 auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
228 if (vendor_pl) {
229 hw_enforced.Authorization(TAG_VENDOR_PATCHLEVEL, *vendor_pl);
230 }
231 auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
232 if (boot_pl) {
233 hw_enforced.Authorization(TAG_BOOT_PATCHLEVEL, *boot_pl);
234 }
Selene Huang531a72d2021-04-15 01:09:47 -0700235
David Drysdalea676c3b2021-06-14 14:46:02 +0100236 CheckUniqueAttestationResults(key_blob, key_characteristics, hw_enforced);
237}
238
239/*
240 * DeviceUniqueAttestationTest.EcdsaDeviceUniqueAttestationID
241 *
242 * Verifies that device unique attestation can include IDs that do match the
243 * local device.
244 */
245TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) {
David Drysdale513bf122021-10-06 11:53:13 +0100246 if (SecLevel() != SecurityLevel::STRONGBOX) {
247 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
248 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100249
250 // Collection of valid attestation ID tags.
251 auto attestation_id_tags = AuthorizationSetBuilder();
252 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
253 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
254 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
Tri Vo799e4352022-11-07 17:23:50 -0800255 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
David Drysdalea676c3b2021-06-14 14:46:02 +0100256 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
257 "ro.product.manufacturer");
258 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
259 vector<uint8_t> key_blob;
260 vector<KeyCharacteristics> key_characteristics;
261
262 for (const KeyParameter& tag : attestation_id_tags) {
263 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
David Drysdale13f2a402021-11-01 11:40:08 +0000264 AuthorizationSetBuilder builder =
265 AuthorizationSetBuilder()
266 .Authorization(TAG_NO_AUTH_REQUIRED)
267 .EcdsaSigningKey(EcCurve::P_256)
268 .Digest(Digest::SHA_2_256)
269 .Authorization(TAG_INCLUDE_UNIQUE_ID)
270 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
Prashant Patil6c1adf02021-11-22 06:21:21 +0000271 .SetDefaultValidity()
David Drysdale13f2a402021-11-01 11:40:08 +0000272 .AttestationChallenge("challenge")
273 .AttestationApplicationId("foo")
274 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
David Drysdalea676c3b2021-06-14 14:46:02 +0100275 builder.push_back(tag);
276 auto result = GenerateKey(builder, &key_blob, &key_characteristics);
277
278 // It is optional for Strong box to support DeviceUniqueAttestation.
279 if (result == ErrorCode::CANNOT_ATTEST_IDS) return;
280 ASSERT_EQ(ErrorCode::OK, result);
281
282 AuthorizationSetBuilder hw_enforced =
283 AuthorizationSetBuilder()
284 .Authorization(TAG_NO_AUTH_REQUIRED)
285 .EcdsaSigningKey(EcCurve::P_256)
286 .Digest(Digest::SHA_2_256)
287 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
288 .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED)
289 .Authorization(TAG_OS_VERSION, os_version())
290 .Authorization(TAG_OS_PATCHLEVEL, os_patch_level());
291 // Expect the specified tag to be present in the attestation extension.
292 hw_enforced.push_back(tag);
293 // Any patchlevels attached to the key should also be present in the attestation extension.
294 AuthorizationSet auths;
295 for (const auto& entry : key_characteristics) {
296 auths.push_back(AuthorizationSet(entry.authorizations));
297 }
298 auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
299 if (vendor_pl) {
300 hw_enforced.Authorization(TAG_VENDOR_PATCHLEVEL, *vendor_pl);
301 }
302 auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
303 if (boot_pl) {
304 hw_enforced.Authorization(TAG_BOOT_PATCHLEVEL, *boot_pl);
305 }
306 CheckUniqueAttestationResults(key_blob, key_characteristics, hw_enforced);
307 }
308}
309
310/*
311 * DeviceUniqueAttestationTest.EcdsaDeviceUniqueAttestationMismatchID
312 *
313 * Verifies that device unique attestation rejects attempts to attest to IDs that
314 * don't match the local device.
315 */
316TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
David Drysdale513bf122021-10-06 11:53:13 +0100317 if (SecLevel() != SecurityLevel::STRONGBOX) {
318 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
319 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100320
321 // Collection of invalid attestation ID tags.
322 auto attestation_id_tags =
323 AuthorizationSetBuilder()
324 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
325 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
326 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
327 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
328 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
329 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
330 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
331 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
332 vector<uint8_t> key_blob;
333 vector<KeyCharacteristics> key_characteristics;
334
335 for (const KeyParameter& invalid_tag : attestation_id_tags) {
336 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
David Drysdale13f2a402021-11-01 11:40:08 +0000337 AuthorizationSetBuilder builder =
338 AuthorizationSetBuilder()
339 .Authorization(TAG_NO_AUTH_REQUIRED)
340 .EcdsaSigningKey(EcCurve::P_256)
341 .Digest(Digest::SHA_2_256)
342 .Authorization(TAG_INCLUDE_UNIQUE_ID)
343 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
Prashant Patil6c1adf02021-11-22 06:21:21 +0000344 .SetDefaultValidity()
David Drysdale13f2a402021-11-01 11:40:08 +0000345 .AttestationChallenge("challenge")
346 .AttestationApplicationId("foo")
347 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
David Drysdalea676c3b2021-06-14 14:46:02 +0100348 // Add the tag that doesn't match the local device's real ID.
349 builder.push_back(invalid_tag);
350 auto result = GenerateKey(builder, &key_blob, &key_characteristics);
David Drysdalea676c3b2021-06-14 14:46:02 +0100351 ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG);
Max Biresa97ec692022-11-21 23:37:54 -0800352 device_id_attestation_vsr_check(result);
David Drysdalea676c3b2021-06-14 14:46:02 +0100353 }
Selene Huang531a72d2021-04-15 01:09:47 -0700354}
355
356INSTANTIATE_KEYMINT_AIDL_TEST(DeviceUniqueAttestationTest);
357
358} // namespace aidl::android::hardware::security::keymint::test