Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / cad540327059a9617016442af3d2ca2fe75352cd / . / security / keymint / aidl / vts / functional / AttestKeyTest.cpp
blob: e4a877c0cbe1f07825bd557050206a3123cc9534 [file] [log] [blame]
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymint_1_attest_key_test"
18#include <cutils/log.h>
19
20#include <keymint_support/key_param_output.h>
21#include <keymint_support/openssl_utils.h>
22
23#include "KeyMintAidlTestBase.h"
24
25namespace aidl::android::hardware::security::keymint::test {
26
27namespace {
28
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]29bool IsSelfSigned(const vector<Certificate>& chain) {
30 if (chain.size() != 1) return false;
31 return ChainSignaturesAreValid(chain);
32}
33
34} // namespace
35
36using AttestKeyTest = KeyMintAidlTestBase;
37
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]38/*
39 * AttestKeyTest.AllRsaSizes
40 *
41 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
42 * used to sign other RSA and EC keys.
43 */
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]44TEST_P(AttestKeyTest, AllRsaSizes) {
45 for (auto size : ValidKeySizes(Algorithm::RSA)) {
46 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]47 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]48 */
49 AttestationKey attest_key;
50 vector<KeyCharacteristics> attest_key_characteristics;
51 vector<Certificate> attest_key_cert_chain;
52 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
53 .RsaSigningKey(size, 65537)
54 .AttestKey()
55 .SetDefaultValidity(),
56 {} /* attestation signing key */, &attest_key.keyBlob,
57 &attest_key_characteristics, &attest_key_cert_chain));
58
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]59 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]60 EXPECT_EQ(attest_key_cert_chain.size(), 1);
61 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
62
63 /*
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]64 * Use attestation key to sign RSA signing key
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]65 */
66 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
67 vector<uint8_t> attested_key_blob;
68 vector<KeyCharacteristics> attested_key_characteristics;
69 vector<Certificate> attested_key_cert_chain;
70 EXPECT_EQ(ErrorCode::OK,
71 GenerateKey(AuthorizationSetBuilder()
72 .RsaSigningKey(2048, 65537)
73 .Authorization(TAG_NO_AUTH_REQUIRED)
74 .AttestationChallenge("foo")
75 .AttestationApplicationId("bar")
76 .SetDefaultValidity(),
77 attest_key, &attested_key_blob, &attested_key_characteristics,
78 &attested_key_cert_chain));
79
80 CheckedDeleteKey(&attested_key_blob);
81
82 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
83 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
84 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
85 attested_key_cert_chain[0].encodedCertificate));
86
87 // Attestation by itself is not valid (last entry is not self-signed).
88 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
89
90 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]91 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]92 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]93 EXPECT_EQ(attested_key_cert_chain.size(), 2);
94
95 /*
96 * Use attestation key to sign RSA decryption key
97 */
98 attested_key_characteristics.resize(0);
99 attested_key_cert_chain.resize(0);
100 EXPECT_EQ(ErrorCode::OK,
101 GenerateKey(AuthorizationSetBuilder()
102 .RsaEncryptionKey(2048, 65537)
103 .Digest(Digest::NONE)
104 .Padding(PaddingMode::NONE)
105 .Authorization(TAG_NO_AUTH_REQUIRED)
106 .AttestationChallenge("foo2")
107 .AttestationApplicationId("bar2")
108 .SetDefaultValidity(),
109 attest_key, &attested_key_blob, &attested_key_characteristics,
110 &attested_key_cert_chain));
111
112 CheckedDeleteKey(&attested_key_blob);
113
114 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
115 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
116 EXPECT_TRUE(verify_attestation_record("foo2", "bar2", sw_enforced, hw_enforced, SecLevel(),
117 attested_key_cert_chain[0].encodedCertificate));
118
119 // Attestation by itself is not valid (last entry is not self-signed).
120 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
121
122 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
123 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
124 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
125 EXPECT_EQ(attested_key_cert_chain.size(), 2);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]126
127 /*
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]128 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]129 */
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]130 attested_key_characteristics.resize(0);
131 attested_key_cert_chain.resize(0);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]132 uint64_t timestamp = 1619621648000;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]133 EXPECT_EQ(ErrorCode::OK,
134 GenerateKey(AuthorizationSetBuilder()
135 .EcdsaSigningKey(EcCurve::P_256)
136 .Authorization(TAG_NO_AUTH_REQUIRED)
137 .AttestationChallenge("foo")
138 .AttestationApplicationId("bar")
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]139 .Authorization(TAG_CREATION_DATETIME, timestamp)
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]140 .SetDefaultValidity(),
141 attest_key, &attested_key_blob, &attested_key_characteristics,
142 &attested_key_cert_chain));
143
144 CheckedDeleteKey(&attested_key_blob);
145 CheckedDeleteKey(&attest_key.keyBlob);
146
147 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
148 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]149 // The client-specified CREATION_DATETIME should be in sw_enforced.
150 // Its presence will also trigger verify_attestation_record() to check that it
151 // is in the attestation extension with a matching value.
152 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
153 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
154 << " not in hw_enforced:" << hw_enforced;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]155 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
156 attested_key_cert_chain[0].encodedCertificate));
157
158 // Attestation by itself is not valid (last entry is not self-signed).
159 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
160
161 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]162 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]163 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
164
165 // Bail early if anything failed.
166 if (HasFailure()) return;
167 }
168}
169
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]170/*
171 * AttestKeyTest.RsaAttestedAttestKeys
172 *
173 * This test creates an RSA attestation key signed by factory keys, and varifies it can be
174 * used to sign other RSA and EC keys.
175 */
176TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
177 auto challenge = "hello";
178 auto app_id = "foo";
179
180 auto subject = "cert subj 2";
181 vector<uint8_t> subject_der(make_name_from_str(subject));
182
183 uint64_t serial_int = 66;
184 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
185
186 /*
187 * Create attestation key.
188 */
189 AttestationKey attest_key;
190 vector<KeyCharacteristics> attest_key_characteristics;
191 vector<Certificate> attest_key_cert_chain;
192 ASSERT_EQ(ErrorCode::OK,
193 GenerateKey(AuthorizationSetBuilder()
194 .RsaSigningKey(2048, 65537)
195 .AttestKey()
196 .AttestationChallenge(challenge)
197 .AttestationApplicationId(app_id)
198 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
199 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
200 .Authorization(TAG_NO_AUTH_REQUIRED)
201 .SetDefaultValidity(),
202 {} /* attestation signing key */, &attest_key.keyBlob,
203 &attest_key_characteristics, &attest_key_cert_chain));
204
205 EXPECT_GT(attest_key_cert_chain.size(), 1);
206 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
207 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
208
209 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
210 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
211 EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
212 sw_enforced, hw_enforced, SecLevel(),
213 attest_key_cert_chain[0].encodedCertificate));
214
215 /*
216 * Use attestation key to sign RSA key
217 */
218 attest_key.issuerSubjectName = subject_der;
219 vector<uint8_t> attested_key_blob;
220 vector<KeyCharacteristics> attested_key_characteristics;
221 vector<Certificate> attested_key_cert_chain;
222
223 auto subject2 = "cert subject";
224 vector<uint8_t> subject_der2(make_name_from_str(subject2));
225
226 uint64_t serial_int2 = 987;
227 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
228
229 EXPECT_EQ(ErrorCode::OK,
230 GenerateKey(AuthorizationSetBuilder()
231 .RsaSigningKey(2048, 65537)
232 .Authorization(TAG_NO_AUTH_REQUIRED)
233 .AttestationChallenge("foo")
234 .AttestationApplicationId("bar")
235 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
236 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
237 .SetDefaultValidity(),
238 attest_key, &attested_key_blob, &attested_key_characteristics,
239 &attested_key_cert_chain));
240
241 CheckedDeleteKey(&attested_key_blob);
242 CheckedDeleteKey(&attest_key.keyBlob);
243
244 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
245 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
246 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced2, hw_enforced2, SecLevel(),
247 attested_key_cert_chain[0].encodedCertificate));
248
249 // Attestation by itself is not valid (last entry is not self-signed).
250 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
251
252 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
253 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
254 attest_key_cert_chain.end());
255
256 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
257 EXPECT_GT(attested_key_cert_chain.size(), 2);
258 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
259}
260
261/*
262 * AttestKeyTest.RsaAttestKeyChaining
263 *
264 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
265 * with the last attest key signed by the factory chain.
266 */
267TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
268 const int chain_size = 6;
269 vector<vector<uint8_t>> key_blob_list(chain_size);
270 vector<vector<Certificate>> cert_chain_list(chain_size);
271
272 for (int i = 0; i < chain_size; i++) {
273 string sub = "attest key chaining ";
274 char index = '1' + i;
275 string subject = sub + index;
276 vector<uint8_t> subject_der(make_name_from_str(subject));
277
278 uint64_t serial_int = 7000 + i;
279 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
280
281 vector<KeyCharacteristics> attested_key_characteristics;
282 AttestationKey attest_key;
283 optional<AttestationKey> attest_key_opt;
284
285 if (i > 0) {
286 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
287 attest_key.keyBlob = key_blob_list[i - 1];
288 attest_key_opt = attest_key;
289 }
290
291 EXPECT_EQ(ErrorCode::OK,
292 GenerateKey(AuthorizationSetBuilder()
293 .RsaSigningKey(2048, 65537)
294 .AttestKey()
295 .AttestationChallenge("foo")
296 .AttestationApplicationId("bar")
297 .Authorization(TAG_NO_AUTH_REQUIRED)
298 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
299 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
300 .SetDefaultValidity(),
301 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
302 &cert_chain_list[i]));
303
304 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
305 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
306 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
307 cert_chain_list[i][0].encodedCertificate));
308
309 if (i > 0) {
310 /*
311 * The first key is attestated with factory chain, but all the rest of the keys are
312 * not supposed to be returned in attestation certificate chains.
313 */
314 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
315
316 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
317 cert_chain_list[i].insert(cert_chain_list[i].end(), //
318 cert_chain_list[i - 1].begin(), //
319 cert_chain_list[i - 1].end());
320 }
321
322 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
323 EXPECT_GT(cert_chain_list[i].size(), i + 1);
324 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
325 }
326
327 for (int i = 0; i < chain_size; i++) {
328 CheckedDeleteKey(&key_blob_list[i]);
329 }
330}
331
332/*
333 * AttestKeyTest.EcAttestKeyChaining
334 *
335 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
336 * with the last attest key signed by the factory chain.
337 */
338TEST_P(AttestKeyTest, EcAttestKeyChaining) {
339 const int chain_size = 6;
340 vector<vector<uint8_t>> key_blob_list(chain_size);
341 vector<vector<Certificate>> cert_chain_list(chain_size);
342
343 for (int i = 0; i < chain_size; i++) {
344 string sub = "Ec attest key chaining ";
345 char index = '1' + i;
346 string subject = sub + index;
347 vector<uint8_t> subject_der(make_name_from_str(subject));
348
349 uint64_t serial_int = 800000 + i;
350 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
351
352 vector<KeyCharacteristics> attested_key_characteristics;
353 AttestationKey attest_key;
354 optional<AttestationKey> attest_key_opt;
355
356 if (i > 0) {
357 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
358 attest_key.keyBlob = key_blob_list[i - 1];
359 attest_key_opt = attest_key;
360 }
361
362 EXPECT_EQ(ErrorCode::OK,
363 GenerateKey(AuthorizationSetBuilder()
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]364 .EcdsaSigningKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]365 .AttestKey()
366 .AttestationChallenge("foo")
367 .AttestationApplicationId("bar")
368 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
369 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
370 .Authorization(TAG_NO_AUTH_REQUIRED)
371 .SetDefaultValidity(),
372 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
373 &cert_chain_list[i]));
374
375 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
376 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
377 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
378 cert_chain_list[i][0].encodedCertificate));
379
380 if (i > 0) {
381 /*
382 * The first key is attestated with factory chain, but all the rest of the keys are
383 * not supposed to be returned in attestation certificate chains.
384 */
385 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
386
387 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
388 cert_chain_list[i].insert(cert_chain_list[i].end(), //
389 cert_chain_list[i - 1].begin(), //
390 cert_chain_list[i - 1].end());
391 }
392
393 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
394 EXPECT_GT(cert_chain_list[i].size(), i + 1);
395 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
396 }
397
398 for (int i = 0; i < chain_size; i++) {
399 CheckedDeleteKey(&key_blob_list[i]);
400 }
401}
402
403/*
404 * AttestKeyTest.AlternateAttestKeyChaining
405 *
406 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
407 * Each attest key is used to sign the next attest key, with the last attest key signed by
408 * the factory chain. This is to verify different algorithms of attest keys can
409 * cross sign each other and be chained together.
410 */
411TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
412 const int chain_size = 6;
413 vector<vector<uint8_t>> key_blob_list(chain_size);
414 vector<vector<Certificate>> cert_chain_list(chain_size);
415
416 for (int i = 0; i < chain_size; i++) {
417 string sub = "Alt attest key chaining ";
418 char index = '1' + i;
419 string subject = sub + index;
420 vector<uint8_t> subject_der(make_name_from_str(subject));
421
422 uint64_t serial_int = 90000000 + i;
423 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
424
425 vector<KeyCharacteristics> attested_key_characteristics;
426 AttestationKey attest_key;
427 optional<AttestationKey> attest_key_opt;
428
429 if (i > 0) {
430 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
431 attest_key.keyBlob = key_blob_list[i - 1];
432 attest_key_opt = attest_key;
433 }
434
435 if ((i & 0x1) == 1) {
436 EXPECT_EQ(ErrorCode::OK,
437 GenerateKey(AuthorizationSetBuilder()
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]438 .EcdsaSigningKey(EcCurve::P_256)
Selene Huang8f9494c2021-04-21 15:10:36 -0700[diff] [blame]439 .AttestKey()
440 .AttestationChallenge("foo")
441 .AttestationApplicationId("bar")
442 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
443 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
444 .Authorization(TAG_NO_AUTH_REQUIRED)
445 .SetDefaultValidity(),
446 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
447 &cert_chain_list[i]));
448 } else {
449 EXPECT_EQ(ErrorCode::OK,
450 GenerateKey(AuthorizationSetBuilder()
451 .RsaSigningKey(2048, 65537)
452 .AttestKey()
453 .AttestationChallenge("foo")
454 .AttestationApplicationId("bar")
455 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
456 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
457 .Authorization(TAG_NO_AUTH_REQUIRED)
458 .SetDefaultValidity(),
459 attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
460 &cert_chain_list[i]));
461 }
462
463 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
464 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
465 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
466 cert_chain_list[i][0].encodedCertificate));
467
468 if (i > 0) {
469 /*
470 * The first key is attestated with factory chain, but all the rest of the keys are
471 * not supposed to be returned in attestation certificate chains.
472 */
473 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
474
475 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
476 cert_chain_list[i].insert(cert_chain_list[i].end(), //
477 cert_chain_list[i - 1].begin(), //
478 cert_chain_list[i - 1].end());
479 }
480
481 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
482 EXPECT_GT(cert_chain_list[i].size(), i + 1);
483 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
484 }
485
486 for (int i = 0; i < chain_size; i++) {
487 CheckedDeleteKey(&key_blob_list[i]);
488 }
489}
490
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]491TEST_P(AttestKeyTest, MissingChallenge) {
492 for (auto size : ValidKeySizes(Algorithm::RSA)) {
493 /*
494 * Create attestation key.
495 */
496 AttestationKey attest_key;
497 vector<KeyCharacteristics> attest_key_characteristics;
498 vector<Certificate> attest_key_cert_chain;
499 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
500 .RsaSigningKey(size, 65537)
501 .AttestKey()
502 .SetDefaultValidity(),
503 {} /* attestation signing key */, &attest_key.keyBlob,
504 &attest_key_characteristics, &attest_key_cert_chain));
505
506 EXPECT_EQ(attest_key_cert_chain.size(), 1);
507 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
508
509 /*
510 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
511 */
512 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
513 vector<uint8_t> attested_key_blob;
514 vector<KeyCharacteristics> attested_key_characteristics;
515 vector<Certificate> attested_key_cert_chain;
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]516 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]517 GenerateKey(AuthorizationSetBuilder()
518 .RsaSigningKey(2048, 65537)
519 .Authorization(TAG_NO_AUTH_REQUIRED)
520 .AttestationApplicationId("bar")
521 .SetDefaultValidity(),
522 attest_key, &attested_key_blob, &attested_key_characteristics,
523 &attested_key_cert_chain));
524
Tommy Chiuc93c4392021-05-11 18:36:50 +0800[diff] [blame]525 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]526 GenerateKey(AuthorizationSetBuilder()
527 .EcdsaSigningKey(EcCurve::P_256)
528 .Authorization(TAG_NO_AUTH_REQUIRED)
529 .AttestationApplicationId("bar")
530 .SetDefaultValidity(),
531 attest_key, &attested_key_blob, &attested_key_characteristics,
532 &attested_key_cert_chain));
533
534 CheckedDeleteKey(&attest_key.keyBlob);
535 }
536}
537
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]538TEST_P(AttestKeyTest, AllEcCurves) {
539 for (auto curve : ValidCurves()) {
540 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]541 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]542 */
543 AttestationKey attest_key;
544 vector<KeyCharacteristics> attest_key_characteristics;
545 vector<Certificate> attest_key_cert_chain;
546 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
547 .EcdsaSigningKey(curve)
548 .AttestKey()
549 .SetDefaultValidity(),
550 {} /* attestation siging key */, &attest_key.keyBlob,
551 &attest_key_characteristics, &attest_key_cert_chain));
552
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]553 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]554 EXPECT_EQ(attest_key_cert_chain.size(), 1);
555 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
556
557 /*
558 * Use attestation key to sign RSA key
559 */
560 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
561 vector<uint8_t> attested_key_blob;
562 vector<KeyCharacteristics> attested_key_characteristics;
563 vector<Certificate> attested_key_cert_chain;
564 EXPECT_EQ(ErrorCode::OK,
565 GenerateKey(AuthorizationSetBuilder()
566 .RsaSigningKey(2048, 65537)
567 .Authorization(TAG_NO_AUTH_REQUIRED)
568 .AttestationChallenge("foo")
569 .AttestationApplicationId("bar")
570 .SetDefaultValidity(),
571 attest_key, &attested_key_blob, &attested_key_characteristics,
572 &attested_key_cert_chain));
573
574 CheckedDeleteKey(&attested_key_blob);
575
576 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
577 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
578 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
579 attested_key_cert_chain[0].encodedCertificate));
580
581 // Attestation by itself is not valid (last entry is not self-signed).
582 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
583
584 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
585 if (attest_key_cert_chain.size() > 0) {
586 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
587 }
588 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
589
590 /*
591 * Use attestation key to sign EC key
592 */
593 EXPECT_EQ(ErrorCode::OK,
594 GenerateKey(AuthorizationSetBuilder()
595 .EcdsaSigningKey(EcCurve::P_256)
596 .Authorization(TAG_NO_AUTH_REQUIRED)
597 .AttestationChallenge("foo")
598 .AttestationApplicationId("bar")
599 .SetDefaultValidity(),
600 attest_key, &attested_key_blob, &attested_key_characteristics,
601 &attested_key_cert_chain));
602
603 CheckedDeleteKey(&attested_key_blob);
604 CheckedDeleteKey(&attest_key.keyBlob);
605
606 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
607 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
608 EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
609 attested_key_cert_chain[0].encodedCertificate));
610
611 // Attestation by itself is not valid (last entry is not self-signed).
612 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
613
614 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
615 if (attest_key_cert_chain.size() > 0) {
616 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
617 }
618 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
619
620 // Bail early if anything failed.
621 if (HasFailure()) return;
622 }
623}
624
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]625TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]626 // Create non-attestation key.
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]627 AttestationKey non_attest_key;
628 vector<KeyCharacteristics> non_attest_key_characteristics;
629 vector<Certificate> non_attest_key_cert_chain;
630 ASSERT_EQ(
631 ErrorCode::OK,
632 GenerateKey(
633 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
634 {} /* attestation siging key */, &non_attest_key.keyBlob,
635 &non_attest_key_characteristics, &non_attest_key_cert_chain));
636
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600[diff] [blame]637 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
Shawn Willden7bbf6292021-04-01 12:57:21 -0600[diff] [blame]638 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
639 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
640
641 // Attempt to sign attestation with non-attest key.
642 vector<uint8_t> attested_key_blob;
643 vector<KeyCharacteristics> attested_key_characteristics;
644 vector<Certificate> attested_key_cert_chain;
645 EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
646 GenerateKey(AuthorizationSetBuilder()
647 .EcdsaSigningKey(EcCurve::P_256)
648 .Authorization(TAG_NO_AUTH_REQUIRED)
649 .AttestationChallenge("foo")
650 .AttestationApplicationId("bar")
651 .SetDefaultValidity(),
652 non_attest_key, &attested_key_blob, &attested_key_characteristics,
653 &attested_key_cert_chain));
654}
655
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]656INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
657
658} // namespace aidl::android::hardware::security::keymint::test