Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 98949afb705dc8e9c9f1a2498cc99d22da579660 / . / security / keymint / aidl / vts / functional / AttestKeyTest.cpp
blob: ae2becdf9b8ab451b81cdcd1ceb0bde82bd8ebdd [file] [log] [blame]
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymint_1_attest_key_test"
18#include <cutils/log.h>
19
20#include <keymint_support/key_param_output.h>
21#include <keymint_support/openssl_utils.h>
22
23#include "KeyMintAidlTestBase.h"
24
25namespace aidl::android::hardware::security::keymint::test {
26
27namespace {
28
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]29bool IsSelfSigned(const vector<Certificate>& chain) {
30 if (chain.size() != 1) return false;
31 return ChainSignaturesAreValid(chain);
32}
33
34} // namespace
35
36using AttestKeyTest = KeyMintAidlTestBase;
37
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]38/*
39 * AttestKeyTest.AllRsaSizes
40 *
41 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
42 * used to sign other RSA and EC keys.
43 */
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]44TEST_P(AttestKeyTest, AllRsaSizes) {
45 for (auto size : ValidKeySizes(Algorithm::RSA)) {
46 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]47 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]48 */
49 AttestationKey attest_key;
50 vector<KeyCharacteristics> attest_key_characteristics;
51 vector<Certificate> attest_key_cert_chain;
52 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
53 .RsaSigningKey(size, 65537)
54 .AttestKey()
55 .SetDefaultValidity(),
56 {} /* attestation signing key */, &attest_key.keyBlob,
57 &attest_key_characteristics, &attest_key_cert_chain));
58
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]59 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]60 EXPECT_EQ(attest_key_cert_chain.size(), 1);
61 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
62
63 /*
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]64 * Use attestation key to sign RSA signing key
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]65 */
66 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
67 vector<uint8_t> attested_key_blob;
68 vector<KeyCharacteristics> attested_key_characteristics;
69 vector<Certificate> attested_key_cert_chain;
70 EXPECT_EQ(ErrorCode::OK,
71 GenerateKey(AuthorizationSetBuilder()
72 .RsaSigningKey(2048, 65537)
73 .Authorization(TAG_NO_AUTH_REQUIRED)
74 .AttestationChallenge("foo")
75 .AttestationApplicationId("bar")
76 .SetDefaultValidity(),
77 attest_key, &attested_key_blob, &attested_key_characteristics,
78 &attested_key_cert_chain));
79
80 CheckedDeleteKey(&attested_key_blob);
81
82 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
83 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
84 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
85 attested_key_cert_chain[0].encodedCertificate));
86
87 // Attestation by itself is not valid (last entry is not self-signed).
88 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
89
90 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]91 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]92 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]93 EXPECT_EQ(attested_key_cert_chain.size(), 2);
94
95 /*
96 * Use attestation key to sign RSA decryption key
97 */
98 attested_key_characteristics.resize(0);
99 attested_key_cert_chain.resize(0);
100 EXPECT_EQ(ErrorCode::OK,
101 GenerateKey(AuthorizationSetBuilder()
102 .RsaEncryptionKey(2048, 65537)
103 .Digest(Digest::NONE)
104 .Padding(PaddingMode::NONE)
105 .Authorization(TAG_NO_AUTH_REQUIRED)
106 .AttestationChallenge("foo2")
107 .AttestationApplicationId("bar2")
108 .SetDefaultValidity(),
109 attest_key, &attested_key_blob, &attested_key_characteristics,
110 &attested_key_cert_chain));
111
112 CheckedDeleteKey(&attested_key_blob);
113
114 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
115 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
116 EXPECT_TRUE(verify_attestation_record("foo2", "bar2", sw_enforced, hw_enforced, SecLevel(),
117 attested_key_cert_chain[0].encodedCertificate));
118
119 // Attestation by itself is not valid (last entry is not self-signed).
120 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
121
122 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
123 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
124 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
125 EXPECT_EQ(attested_key_cert_chain.size(), 2);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]126
127 /*
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]128 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]129 */
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]130 attested_key_characteristics.resize(0);
131 attested_key_cert_chain.resize(0);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]132 uint64_t timestamp = 1619621648000;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]133 EXPECT_EQ(ErrorCode::OK,
134 GenerateKey(AuthorizationSetBuilder()
135 .EcdsaSigningKey(EcCurve::P_256)
136 .Authorization(TAG_NO_AUTH_REQUIRED)
137 .AttestationChallenge("foo")
138 .AttestationApplicationId("bar")
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]139 .Authorization(TAG_CREATION_DATETIME, timestamp)
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]140 .SetDefaultValidity(),
141 attest_key, &attested_key_blob, &attested_key_characteristics,
142 &attested_key_cert_chain));
143
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]144 // The returned key characteristics will include CREATION_DATETIME (checked below)
145 // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
146 // call below, to match what getKeyCharacteristics() returns (which doesn't include
147 // any SecurityLevel::KEYSTORE characteristics).
148 CheckCharacteristics(attested_key_blob, attested_key_characteristics);
149
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]150 CheckedDeleteKey(&attested_key_blob);
151 CheckedDeleteKey(&attest_key.keyBlob);
152
153 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
154 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]155
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]156 // The client-specified CREATION_DATETIME should be in sw_enforced.
157 // Its presence will also trigger verify_attestation_record() to check that it
158 // is in the attestation extension with a matching value.
159 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
160 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
161 << " not in hw_enforced:" << hw_enforced;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]162 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
163 attested_key_cert_chain[0].encodedCertificate));
164
165 // Attestation by itself is not valid (last entry is not self-signed).
166 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
167
168 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]169 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]170 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
171
172 // Bail early if anything failed.
173 if (HasFailure()) return;
174 }
175}
176
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]177/*
178 * AttestKeyTest.RsaAttestedAttestKeys
179 *
180 * This test creates an RSA attestation key signed by factory keys, and varifies it can be
181 * used to sign other RSA and EC keys.
182 */
183TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
184 auto challenge = "hello";
185 auto app_id = "foo";
186
187 auto subject = "cert subj 2";
188 vector<uint8_t> subject_der(make_name_from_str(subject));
189
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]190 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
191 // that a zero value doesn't cause problems.
192 uint64_t serial_int = 0;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]193 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
194
195 /*
196 * Create attestation key.
197 */
198 AttestationKey attest_key;
199 vector<KeyCharacteristics> attest_key_characteristics;
200 vector<Certificate> attest_key_cert_chain;
201 ASSERT_EQ(ErrorCode::OK,
202 GenerateKey(AuthorizationSetBuilder()
203 .RsaSigningKey(2048, 65537)
204 .AttestKey()
205 .AttestationChallenge(challenge)
206 .AttestationApplicationId(app_id)
207 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
208 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
209 .Authorization(TAG_NO_AUTH_REQUIRED)
210 .SetDefaultValidity(),
211 {} /* attestation signing key */, &attest_key.keyBlob,
212 &attest_key_characteristics, &attest_key_cert_chain));
213
214 EXPECT_GT(attest_key_cert_chain.size(), 1);
215 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
216 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
217
218 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
219 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
220 EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
221 sw_enforced, hw_enforced, SecLevel(),
222 attest_key_cert_chain[0].encodedCertificate));
223
224 /*
225 * Use attestation key to sign RSA key
226 */
227 attest_key.issuerSubjectName = subject_der;
228 vector<uint8_t> attested_key_blob;
229 vector<KeyCharacteristics> attested_key_characteristics;
230 vector<Certificate> attested_key_cert_chain;
231
232 auto subject2 = "cert subject";
233 vector<uint8_t> subject_der2(make_name_from_str(subject2));
234
David Drysdaledb0dcf52021-05-18 11:43:31 +0100[diff] [blame]235 uint64_t serial_int2 = 255;
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]236 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
237
238 EXPECT_EQ(ErrorCode::OK,
239 GenerateKey(AuthorizationSetBuilder()
240 .RsaSigningKey(2048, 65537)
241 .Authorization(TAG_NO_AUTH_REQUIRED)
242 .AttestationChallenge("foo")
243 .AttestationApplicationId("bar")
244 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
245 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
246 .SetDefaultValidity(),
247 attest_key, &attested_key_blob, &attested_key_characteristics,
248 &attested_key_cert_chain));
249
250 CheckedDeleteKey(&attested_key_blob);
251 CheckedDeleteKey(&attest_key.keyBlob);
252
253 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
254 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
255 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced2, hw_enforced2, SecLevel(),
256 attested_key_cert_chain[0].encodedCertificate));
257
258 // Attestation by itself is not valid (last entry is not self-signed).
259 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
260
261 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
262 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
263 attest_key_cert_chain.end());
264
265 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
266 EXPECT_GT(attested_key_cert_chain.size(), 2);
267 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
268}
269
270/*
271 * AttestKeyTest.RsaAttestKeyChaining
272 *
273 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
274 * with the last attest key signed by the factory chain.
275 */
276TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
277 const int chain_size = 6;
278 vector<vector<uint8_t>> key_blob_list(chain_size);
279 vector<vector<Certificate>> cert_chain_list(chain_size);
280
281 for (int i = 0; i < chain_size; i++) {
282 string sub = "attest key chaining ";
283 char index = '1' + i;
284 string subject = sub + index;
285 vector<uint8_t> subject_der(make_name_from_str(subject));
286
287 uint64_t serial_int = 7000 + i;
288 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
289
290 vector<KeyCharacteristics> attested_key_characteristics;
291 AttestationKey attest_key;
292 optional<AttestationKey> attest_key_opt;
293
294 if (i > 0) {
295 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
296 attest_key.keyBlob = key_blob_list[i - 1];
297 attest_key_opt = attest_key;
298 }
299
300 EXPECT_EQ(ErrorCode::OK,
301 GenerateKey(AuthorizationSetBuilder()
302 .RsaSigningKey(2048, 65537)
303 .AttestKey()
304 .AttestationChallenge("foo")
305 .AttestationApplicationId("bar")
306 .Authorization(TAG_NO_AUTH_REQUIRED)
307 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
308 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
309 .SetDefaultValidity(),
310 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
311 &cert_chain_list[i]));
312
313 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
314 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
315 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
316 cert_chain_list[i][0].encodedCertificate));
317
318 if (i > 0) {
319 /*
320 * The first key is attestated with factory chain, but all the rest of the keys are
321 * not supposed to be returned in attestation certificate chains.
322 */
323 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
324
325 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
326 cert_chain_list[i].insert(cert_chain_list[i].end(), //
327 cert_chain_list[i - 1].begin(), //
328 cert_chain_list[i - 1].end());
329 }
330
331 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
332 EXPECT_GT(cert_chain_list[i].size(), i + 1);
333 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
334 }
335
336 for (int i = 0; i < chain_size; i++) {
337 CheckedDeleteKey(&key_blob_list[i]);
338 }
339}
340
341/*
342 * AttestKeyTest.EcAttestKeyChaining
343 *
344 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
345 * with the last attest key signed by the factory chain.
346 */
347TEST_P(AttestKeyTest, EcAttestKeyChaining) {
348 const int chain_size = 6;
349 vector<vector<uint8_t>> key_blob_list(chain_size);
350 vector<vector<Certificate>> cert_chain_list(chain_size);
351
352 for (int i = 0; i < chain_size; i++) {
353 string sub = "Ec attest key chaining ";
354 char index = '1' + i;
355 string subject = sub + index;
356 vector<uint8_t> subject_der(make_name_from_str(subject));
357
358 uint64_t serial_int = 800000 + i;
359 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
360
361 vector<KeyCharacteristics> attested_key_characteristics;
362 AttestationKey attest_key;
363 optional<AttestationKey> attest_key_opt;
364
365 if (i > 0) {
366 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
367 attest_key.keyBlob = key_blob_list[i - 1];
368 attest_key_opt = attest_key;
369 }
370
371 EXPECT_EQ(ErrorCode::OK,
372 GenerateKey(AuthorizationSetBuilder()
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]373 .EcdsaSigningKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]374 .AttestKey()
375 .AttestationChallenge("foo")
376 .AttestationApplicationId("bar")
377 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
378 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
379 .Authorization(TAG_NO_AUTH_REQUIRED)
380 .SetDefaultValidity(),
381 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
382 &cert_chain_list[i]));
383
384 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
385 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
386 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
387 cert_chain_list[i][0].encodedCertificate));
388
389 if (i > 0) {
390 /*
391 * The first key is attestated with factory chain, but all the rest of the keys are
392 * not supposed to be returned in attestation certificate chains.
393 */
394 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
395
396 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
397 cert_chain_list[i].insert(cert_chain_list[i].end(), //
398 cert_chain_list[i - 1].begin(), //
399 cert_chain_list[i - 1].end());
400 }
401
402 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
403 EXPECT_GT(cert_chain_list[i].size(), i + 1);
404 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
405 }
406
407 for (int i = 0; i < chain_size; i++) {
408 CheckedDeleteKey(&key_blob_list[i]);
409 }
410}
411
412/*
413 * AttestKeyTest.AlternateAttestKeyChaining
414 *
415 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
416 * Each attest key is used to sign the next attest key, with the last attest key signed by
417 * the factory chain. This is to verify different algorithms of attest keys can
418 * cross sign each other and be chained together.
419 */
420TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
421 const int chain_size = 6;
422 vector<vector<uint8_t>> key_blob_list(chain_size);
423 vector<vector<Certificate>> cert_chain_list(chain_size);
424
425 for (int i = 0; i < chain_size; i++) {
426 string sub = "Alt attest key chaining ";
427 char index = '1' + i;
428 string subject = sub + index;
429 vector<uint8_t> subject_der(make_name_from_str(subject));
430
431 uint64_t serial_int = 90000000 + i;
432 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
433
434 vector<KeyCharacteristics> attested_key_characteristics;
435 AttestationKey attest_key;
436 optional<AttestationKey> attest_key_opt;
437
438 if (i > 0) {
439 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
440 attest_key.keyBlob = key_blob_list[i - 1];
441 attest_key_opt = attest_key;
442 }
443
444 if ((i & 0x1) == 1) {
445 EXPECT_EQ(ErrorCode::OK,
446 GenerateKey(AuthorizationSetBuilder()
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]447 .EcdsaSigningKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]448 .AttestKey()
449 .AttestationChallenge("foo")
450 .AttestationApplicationId("bar")
451 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
452 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
453 .Authorization(TAG_NO_AUTH_REQUIRED)
454 .SetDefaultValidity(),
455 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
456 &cert_chain_list[i]));
457 } else {
458 EXPECT_EQ(ErrorCode::OK,
459 GenerateKey(AuthorizationSetBuilder()
460 .RsaSigningKey(2048, 65537)
461 .AttestKey()
462 .AttestationChallenge("foo")
463 .AttestationApplicationId("bar")
464 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
465 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
466 .Authorization(TAG_NO_AUTH_REQUIRED)
467 .SetDefaultValidity(),
468 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
469 &cert_chain_list[i]));
470 }
471
472 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
473 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
474 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
475 cert_chain_list[i][0].encodedCertificate));
476
477 if (i > 0) {
478 /*
479 * The first key is attestated with factory chain, but all the rest of the keys are
480 * not supposed to be returned in attestation certificate chains.
481 */
482 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
483
484 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
485 cert_chain_list[i].insert(cert_chain_list[i].end(), //
486 cert_chain_list[i - 1].begin(), //
487 cert_chain_list[i - 1].end());
488 }
489
490 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
491 EXPECT_GT(cert_chain_list[i].size(), i + 1);
492 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
493 }
494
495 for (int i = 0; i < chain_size; i++) {
496 CheckedDeleteKey(&key_blob_list[i]);
497 }
498}
499
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]500TEST_P(AttestKeyTest, MissingChallenge) {
501 for (auto size : ValidKeySizes(Algorithm::RSA)) {
502 /*
503 * Create attestation key.
504 */
505 AttestationKey attest_key;
506 vector<KeyCharacteristics> attest_key_characteristics;
507 vector<Certificate> attest_key_cert_chain;
508 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
509 .RsaSigningKey(size, 65537)
510 .AttestKey()
511 .SetDefaultValidity(),
512 {} /* attestation signing key */, &attest_key.keyBlob,
513 &attest_key_characteristics, &attest_key_cert_chain));
514
515 EXPECT_EQ(attest_key_cert_chain.size(), 1);
516 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
517
518 /*
519 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
520 */
521 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
522 vector<uint8_t> attested_key_blob;
523 vector<KeyCharacteristics> attested_key_characteristics;
524 vector<Certificate> attested_key_cert_chain;
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]525 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]526 GenerateKey(AuthorizationSetBuilder()
527 .RsaSigningKey(2048, 65537)
528 .Authorization(TAG_NO_AUTH_REQUIRED)
529 .AttestationApplicationId("bar")
530 .SetDefaultValidity(),
531 attest_key, &attested_key_blob, &attested_key_characteristics,
532 &attested_key_cert_chain));
533
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]534 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]535 GenerateKey(AuthorizationSetBuilder()
536 .EcdsaSigningKey(EcCurve::P_256)
537 .Authorization(TAG_NO_AUTH_REQUIRED)
538 .AttestationApplicationId("bar")
539 .SetDefaultValidity(),
540 attest_key, &attested_key_blob, &attested_key_characteristics,
541 &attested_key_cert_chain));
542
543 CheckedDeleteKey(&attest_key.keyBlob);
544 }
545}
546
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]547TEST_P(AttestKeyTest, AllEcCurves) {
548 for (auto curve : ValidCurves()) {
549 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]550 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]551 */
552 AttestationKey attest_key;
553 vector<KeyCharacteristics> attest_key_characteristics;
554 vector<Certificate> attest_key_cert_chain;
555 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
556 .EcdsaSigningKey(curve)
557 .AttestKey()
558 .SetDefaultValidity(),
559 {} /* attestation siging key */, &attest_key.keyBlob,
560 &attest_key_characteristics, &attest_key_cert_chain));
561
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]562 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]563 EXPECT_EQ(attest_key_cert_chain.size(), 1);
564 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
565
566 /*
567 * Use attestation key to sign RSA key
568 */
569 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
570 vector<uint8_t> attested_key_blob;
571 vector<KeyCharacteristics> attested_key_characteristics;
572 vector<Certificate> attested_key_cert_chain;
573 EXPECT_EQ(ErrorCode::OK,
574 GenerateKey(AuthorizationSetBuilder()
575 .RsaSigningKey(2048, 65537)
576 .Authorization(TAG_NO_AUTH_REQUIRED)
577 .AttestationChallenge("foo")
578 .AttestationApplicationId("bar")
579 .SetDefaultValidity(),
580 attest_key, &attested_key_blob, &attested_key_characteristics,
581 &attested_key_cert_chain));
582
583 CheckedDeleteKey(&attested_key_blob);
584
585 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
586 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
587 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
588 attested_key_cert_chain[0].encodedCertificate));
589
590 // Attestation by itself is not valid (last entry is not self-signed).
591 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
592
593 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
594 if (attest_key_cert_chain.size() > 0) {
595 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
596 }
597 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
598
599 /*
600 * Use attestation key to sign EC key
601 */
602 EXPECT_EQ(ErrorCode::OK,
603 GenerateKey(AuthorizationSetBuilder()
604 .EcdsaSigningKey(EcCurve::P_256)
605 .Authorization(TAG_NO_AUTH_REQUIRED)
606 .AttestationChallenge("foo")
607 .AttestationApplicationId("bar")
608 .SetDefaultValidity(),
609 attest_key, &attested_key_blob, &attested_key_characteristics,
610 &attested_key_cert_chain));
611
612 CheckedDeleteKey(&attested_key_blob);
613 CheckedDeleteKey(&attest_key.keyBlob);
614
615 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
616 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
617 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
618 attested_key_cert_chain[0].encodedCertificate));
619
620 // Attestation by itself is not valid (last entry is not self-signed).
621 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
622
623 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
624 if (attest_key_cert_chain.size() > 0) {
625 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
626 }
627 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
628
629 // Bail early if anything failed.
630 if (HasFailure()) return;
631 }
632}
633
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]634TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]635 // Create non-attestation key.
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]636 AttestationKey non_attest_key;
637 vector<KeyCharacteristics> non_attest_key_characteristics;
638 vector<Certificate> non_attest_key_cert_chain;
639 ASSERT_EQ(
640 ErrorCode::OK,
641 GenerateKey(
642 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
643 {} /* attestation siging key */, &non_attest_key.keyBlob,
644 &non_attest_key_characteristics, &non_attest_key_cert_chain));
645
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]646 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]647 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
648 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
649
650 // Attempt to sign attestation with non-attest key.
651 vector<uint8_t> attested_key_blob;
652 vector<KeyCharacteristics> attested_key_characteristics;
653 vector<Certificate> attested_key_cert_chain;
654 EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
655 GenerateKey(AuthorizationSetBuilder()
656 .EcdsaSigningKey(EcCurve::P_256)
657 .Authorization(TAG_NO_AUTH_REQUIRED)
658 .AttestationChallenge("foo")
659 .AttestationApplicationId("bar")
660 .SetDefaultValidity(),
661 non_attest_key, &attested_key_blob, &attested_key_characteristics,
662 &attested_key_cert_chain));
663}
664
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]665INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
666
667} // namespace aidl::android::hardware::security::keymint::test