blob: 8ffc17936202960506c400a34604ad32a0b7e8f0 [file] [log] [blame]
Shawn Willden7c130392020-12-21 09:58:22 -07001/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymint_1_attest_key_test"
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +000018#include <android-base/logging.h>
19#include <android-base/strings.h>
Shawn Willden7c130392020-12-21 09:58:22 -070020#include <cutils/log.h>
David Drysdale43489272022-06-13 10:12:12 +010021#include <cutils/properties.h>
Shawn Willden7c130392020-12-21 09:58:22 -070022
23#include <keymint_support/key_param_output.h>
24#include <keymint_support/openssl_utils.h>
25
26#include "KeyMintAidlTestBase.h"
27
28namespace aidl::android::hardware::security::keymint::test {
29
30namespace {
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +000031string TELEPHONY_CMD_GET_IMEI = "cmd phone get-imei ";
Shawn Willden7c130392020-12-21 09:58:22 -070032
Shawn Willden7c130392020-12-21 09:58:22 -070033bool IsSelfSigned(const vector<Certificate>& chain) {
34 if (chain.size() != 1) return false;
35 return ChainSignaturesAreValid(chain);
36}
37
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +000038/*
39 * Run a shell command and collect the output of it. If any error, set an empty string as the
40 * output.
41 */
42string exec_command(string command) {
43 char buffer[128];
44 string result = "";
45
46 FILE* pipe = popen(command.c_str(), "r");
47 if (!pipe) {
48 LOG(ERROR) << "popen failed.";
49 return result;
50 }
51
52 // read till end of process:
53 while (!feof(pipe)) {
54 if (fgets(buffer, 128, pipe) != NULL) {
55 result += buffer;
56 }
57 }
58
59 pclose(pipe);
60 return result;
61}
62
63/*
64 * Get IMEI using Telephony service shell command. If any error while executing the command
65 * then empty string will be returned as output.
66 */
67string get_imei(int slot) {
68 string cmd = TELEPHONY_CMD_GET_IMEI + std::to_string(slot);
69 string output = exec_command(cmd);
70
71 if (output.empty()) {
72 LOG(ERROR) << "Command failed. Cmd: " << cmd;
73 return "";
74 }
75
76 vector<string> out = ::android::base::Tokenize(::android::base::Trim(output), "Device IMEI:");
77
78 if (out.size() != 1) {
79 LOG(ERROR) << "Error in parsing the command output. Cmd: " << cmd;
80 return "";
81 }
82
83 return ::android::base::Trim(out[0]);
84}
85
Shawn Willden7c130392020-12-21 09:58:22 -070086} // namespace
87
David Drysdale43489272022-06-13 10:12:12 +010088class AttestKeyTest : public KeyMintAidlTestBase {
Benjamin Grimberg981c9c22023-01-05 14:48:36 +020089 public:
90 void SetUp() override {
91 check_skip_test();
92 KeyMintAidlTestBase::SetUp();
93 }
94
David Drysdale43489272022-06-13 10:12:12 +010095 protected:
Benjamin Grimberg981c9c22023-01-05 14:48:36 +020096 const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
97
98 const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
99
David Drysdale43489272022-06-13 10:12:12 +0100100 ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
101 const optional<AttestationKey>& attest_key,
102 vector<uint8_t>* key_blob,
103 vector<KeyCharacteristics>* key_characteristics,
104 vector<Certificate>* cert_chain) {
105 // The original specification for KeyMint v1 required ATTEST_KEY not be combined
106 // with any other key purpose, but the original VTS tests incorrectly did exactly that.
107 // This means that a device that launched prior to Android T (API level 33) may
108 // accept or even require KeyPurpose::SIGN too.
Shawn Willden1a545db2023-02-22 14:32:33 -0700109 if (property_get_int32("ro.board.first_api_level", 0) < __ANDROID_API_T__) {
David Drysdale43489272022-06-13 10:12:12 +0100110 AuthorizationSet key_desc_plus_sign = key_desc;
111 key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN);
112
113 auto result = GenerateKey(key_desc_plus_sign, attest_key, key_blob, key_characteristics,
114 cert_chain);
115 if (result == ErrorCode::OK) {
116 return result;
117 }
118 // If the key generation failed, it may be because the device is (correctly)
119 // rejecting the combination of ATTEST_KEY+SIGN. Fall through to try again with
120 // just ATTEST_KEY.
121 }
122 return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
123 }
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200124
125 // Check if ATTEST_KEY feature is disabled
126 bool is_attest_key_feature_disabled(void) const {
127 if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) {
128 GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled";
129 return true;
130 }
131
132 return false;
133 }
134
135 // Check if StrongBox KeyStore is enabled
136 bool is_strongbox_enabled(void) const {
137 if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) {
138 GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled";
139 return true;
140 }
141
142 return false;
143 }
144
Shawn Willden3a4a3a92023-02-22 14:15:34 -0700145 // Check if chipset has received a waiver allowing it to be launched with Android S or T with
146 // Keymaster 4.0 in StrongBox.
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200147 bool is_chipset_allowed_km4_strongbox(void) const {
148 std::array<char, PROPERTY_VALUE_MAX> buffer;
149
Shawn Willden3a4a3a92023-02-22 14:15:34 -0700150 const int32_t first_api_level = property_get_int32("ro.board.first_api_level", 0);
151 if (first_api_level <= 0 || first_api_level > __ANDROID_API_T__) return false;
152
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200153 auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr);
154 if (res <= 0) return false;
155
156 const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"};
157
158 for (const string model : allowed_soc_models) {
159 if (model.compare(buffer.data()) == 0) {
160 GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0";
161 return true;
162 }
163 }
164
165 return false;
166 }
167
168 // Skip the test if all the following conditions hold:
169 // 1. ATTEST_KEY feature is disabled
170 // 2. STRONGBOX is enabled
171 // 3. The device is running one of the chipsets that have received a waiver
172 // allowing it to be launched with Android S (or later) with Keymaster 4.0
173 // in StrongBox
174 void check_skip_test(void) const {
David Drysdale5b948742023-03-09 10:03:01 +0000175 // Check the chipset first as that doesn't require a round-trip to Package Manager.
176 if (is_chipset_allowed_km4_strongbox() && is_strongbox_enabled() &&
177 is_attest_key_feature_disabled()) {
Benjamin Grimberg981c9c22023-01-05 14:48:36 +0200178 GTEST_SKIP() << "Test is not applicable";
179 }
180 }
David Drysdale43489272022-06-13 10:12:12 +0100181};
Shawn Willden7c130392020-12-21 09:58:22 -0700182
Selene Huang8f9494c2021-04-21 15:10:36 -0700183/*
184 * AttestKeyTest.AllRsaSizes
185 *
186 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
187 * used to sign other RSA and EC keys.
188 */
Shawn Willden7c130392020-12-21 09:58:22 -0700189TEST_P(AttestKeyTest, AllRsaSizes) {
190 for (auto size : ValidKeySizes(Algorithm::RSA)) {
191 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000192 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700193 */
194 AttestationKey attest_key;
195 vector<KeyCharacteristics> attest_key_characteristics;
196 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100197 ASSERT_EQ(ErrorCode::OK,
198 GenerateAttestKey(AuthorizationSetBuilder()
199 .RsaKey(size, 65537)
200 .AttestKey()
201 .SetDefaultValidity(),
202 {} /* attestation signing key */, &attest_key.keyBlob,
203 &attest_key_characteristics, &attest_key_cert_chain));
Shawn Willden7c130392020-12-21 09:58:22 -0700204
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600205 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700206 EXPECT_EQ(attest_key_cert_chain.size(), 1);
207 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
208
209 /*
Selene Huang8f9494c2021-04-21 15:10:36 -0700210 * Use attestation key to sign RSA signing key
Shawn Willden7c130392020-12-21 09:58:22 -0700211 */
212 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
213 vector<uint8_t> attested_key_blob;
214 vector<KeyCharacteristics> attested_key_characteristics;
215 vector<Certificate> attested_key_cert_chain;
216 EXPECT_EQ(ErrorCode::OK,
217 GenerateKey(AuthorizationSetBuilder()
218 .RsaSigningKey(2048, 65537)
219 .Authorization(TAG_NO_AUTH_REQUIRED)
220 .AttestationChallenge("foo")
221 .AttestationApplicationId("bar")
222 .SetDefaultValidity(),
223 attest_key, &attested_key_blob, &attested_key_characteristics,
224 &attested_key_cert_chain));
225
226 CheckedDeleteKey(&attested_key_blob);
227
228 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
229 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000230 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
231 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700232 attested_key_cert_chain[0].encodedCertificate));
233
234 // Attestation by itself is not valid (last entry is not self-signed).
235 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
236
237 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700238 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700239 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
Selene Huang8f9494c2021-04-21 15:10:36 -0700240 EXPECT_EQ(attested_key_cert_chain.size(), 2);
241
242 /*
243 * Use attestation key to sign RSA decryption key
244 */
245 attested_key_characteristics.resize(0);
246 attested_key_cert_chain.resize(0);
247 EXPECT_EQ(ErrorCode::OK,
248 GenerateKey(AuthorizationSetBuilder()
249 .RsaEncryptionKey(2048, 65537)
250 .Digest(Digest::NONE)
251 .Padding(PaddingMode::NONE)
252 .Authorization(TAG_NO_AUTH_REQUIRED)
253 .AttestationChallenge("foo2")
254 .AttestationApplicationId("bar2")
255 .SetDefaultValidity(),
256 attest_key, &attested_key_blob, &attested_key_characteristics,
257 &attested_key_cert_chain));
258
259 CheckedDeleteKey(&attested_key_blob);
260
261 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
262 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000263 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
264 hw_enforced, SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700265 attested_key_cert_chain[0].encodedCertificate));
266
267 // Attestation by itself is not valid (last entry is not self-signed).
268 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
269
270 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
271 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
272 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
273 EXPECT_EQ(attested_key_cert_chain.size(), 2);
Shawn Willden7c130392020-12-21 09:58:22 -0700274
275 /*
David Drysdaled2cc8c22021-04-15 13:29:45 +0100276 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
Shawn Willden7c130392020-12-21 09:58:22 -0700277 */
Selene Huang8f9494c2021-04-21 15:10:36 -0700278 attested_key_characteristics.resize(0);
279 attested_key_cert_chain.resize(0);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100280 uint64_t timestamp = 1619621648000;
Shawn Willden7c130392020-12-21 09:58:22 -0700281 EXPECT_EQ(ErrorCode::OK,
282 GenerateKey(AuthorizationSetBuilder()
283 .EcdsaSigningKey(EcCurve::P_256)
284 .Authorization(TAG_NO_AUTH_REQUIRED)
285 .AttestationChallenge("foo")
286 .AttestationApplicationId("bar")
David Drysdaled2cc8c22021-04-15 13:29:45 +0100287 .Authorization(TAG_CREATION_DATETIME, timestamp)
Shawn Willden7c130392020-12-21 09:58:22 -0700288 .SetDefaultValidity(),
289 attest_key, &attested_key_blob, &attested_key_characteristics,
290 &attested_key_cert_chain));
291
David Drysdale300b5552021-05-20 12:05:26 +0100292 // The returned key characteristics will include CREATION_DATETIME (checked below)
293 // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
294 // call below, to match what getKeyCharacteristics() returns (which doesn't include
295 // any SecurityLevel::KEYSTORE characteristics).
296 CheckCharacteristics(attested_key_blob, attested_key_characteristics);
297
Shawn Willden7c130392020-12-21 09:58:22 -0700298 CheckedDeleteKey(&attested_key_blob);
299 CheckedDeleteKey(&attest_key.keyBlob);
300
301 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
302 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale300b5552021-05-20 12:05:26 +0100303
David Drysdaled2cc8c22021-04-15 13:29:45 +0100304 // The client-specified CREATION_DATETIME should be in sw_enforced.
David Drysdale7dff4fc2021-12-10 10:10:52 +0000305 // Its presence will also trigger verify_attestation_record() to check that
306 // it is in the attestation extension with a matching value.
David Drysdaled2cc8c22021-04-15 13:29:45 +0100307 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
308 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
309 << " not in hw_enforced:" << hw_enforced;
David Drysdale7dff4fc2021-12-10 10:10:52 +0000310 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
311 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700312 attested_key_cert_chain[0].encodedCertificate));
313
314 // Attestation by itself is not valid (last entry is not self-signed).
315 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
316
317 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
Selene Huang8f9494c2021-04-21 15:10:36 -0700318 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
Shawn Willden7c130392020-12-21 09:58:22 -0700319 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
320
321 // Bail early if anything failed.
322 if (HasFailure()) return;
323 }
324}
325
Selene Huang8f9494c2021-04-21 15:10:36 -0700326/*
David Drysdalee60248c2021-10-04 12:54:13 +0100327 * AttestKeyTest.RsaAttestKeyMultiPurposeFail
328 *
329 * This test attempts to create an RSA attestation key that also allows signing.
330 */
331TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
David Drysdale50a66b82022-03-21 15:21:32 +0000332 if (AidlVersion() < 2) {
333 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
334 // with other key purposes. However, this was not checked at the time
335 // so we can only be strict about checking this for implementations of KeyMint
336 // version 2 and above.
337 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
338 }
339
David Drysdalee60248c2021-10-04 12:54:13 +0100340 vector<uint8_t> attest_key_blob;
341 vector<KeyCharacteristics> attest_key_characteristics;
342 vector<Certificate> attest_key_cert_chain;
343 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
344 GenerateKey(AuthorizationSetBuilder()
345 .RsaSigningKey(2048, 65537)
346 .AttestKey()
347 .SetDefaultValidity(),
348 {} /* attestation signing key */, &attest_key_blob,
349 &attest_key_characteristics, &attest_key_cert_chain));
350}
351
352/*
Selene Huang8f9494c2021-04-21 15:10:36 -0700353 * AttestKeyTest.RsaAttestedAttestKeys
354 *
355 * This test creates an RSA attestation key signed by factory keys, and varifies it can be
356 * used to sign other RSA and EC keys.
357 */
358TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
359 auto challenge = "hello";
360 auto app_id = "foo";
361
362 auto subject = "cert subj 2";
363 vector<uint8_t> subject_der(make_name_from_str(subject));
364
David Drysdaledb0dcf52021-05-18 11:43:31 +0100365 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
366 // that a zero value doesn't cause problems.
367 uint64_t serial_int = 0;
Selene Huang8f9494c2021-04-21 15:10:36 -0700368 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
369
370 /*
371 * Create attestation key.
372 */
373 AttestationKey attest_key;
374 vector<KeyCharacteristics> attest_key_characteristics;
375 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100376 auto result = GenerateAttestKey(AuthorizationSetBuilder()
377 .RsaKey(2048, 65537)
378 .AttestKey()
379 .AttestationChallenge(challenge)
380 .AttestationApplicationId(app_id)
381 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
382 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
383 .Authorization(TAG_NO_AUTH_REQUIRED)
384 .SetDefaultValidity(),
385 {} /* attestation signing key */, &attest_key.keyBlob,
386 &attest_key_characteristics, &attest_key_cert_chain);
subrahmanyaman05642492022-02-05 07:10:56 +0000387 // Strongbox may not support factory provisioned attestation key.
388 if (SecLevel() == SecurityLevel::STRONGBOX) {
389 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
390 }
391 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700392
393 EXPECT_GT(attest_key_cert_chain.size(), 1);
394 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
395 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
396
397 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
398 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000399 EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
Selene Huang8f9494c2021-04-21 15:10:36 -0700400 sw_enforced, hw_enforced, SecLevel(),
401 attest_key_cert_chain[0].encodedCertificate));
402
403 /*
404 * Use attestation key to sign RSA key
405 */
406 attest_key.issuerSubjectName = subject_der;
407 vector<uint8_t> attested_key_blob;
408 vector<KeyCharacteristics> attested_key_characteristics;
409 vector<Certificate> attested_key_cert_chain;
410
411 auto subject2 = "cert subject";
412 vector<uint8_t> subject_der2(make_name_from_str(subject2));
413
David Drysdaledb0dcf52021-05-18 11:43:31 +0100414 uint64_t serial_int2 = 255;
Selene Huang8f9494c2021-04-21 15:10:36 -0700415 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
416
417 EXPECT_EQ(ErrorCode::OK,
418 GenerateKey(AuthorizationSetBuilder()
419 .RsaSigningKey(2048, 65537)
420 .Authorization(TAG_NO_AUTH_REQUIRED)
421 .AttestationChallenge("foo")
422 .AttestationApplicationId("bar")
423 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
424 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
425 .SetDefaultValidity(),
426 attest_key, &attested_key_blob, &attested_key_characteristics,
427 &attested_key_cert_chain));
428
429 CheckedDeleteKey(&attested_key_blob);
430 CheckedDeleteKey(&attest_key.keyBlob);
431
432 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
433 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000434 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
435 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700436 attested_key_cert_chain[0].encodedCertificate));
437
438 // Attestation by itself is not valid (last entry is not self-signed).
439 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
440
441 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
442 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
443 attest_key_cert_chain.end());
444
445 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
446 EXPECT_GT(attested_key_cert_chain.size(), 2);
447 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
448}
449
450/*
451 * AttestKeyTest.RsaAttestKeyChaining
452 *
453 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
454 * with the last attest key signed by the factory chain.
455 */
456TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
457 const int chain_size = 6;
458 vector<vector<uint8_t>> key_blob_list(chain_size);
459 vector<vector<Certificate>> cert_chain_list(chain_size);
460
461 for (int i = 0; i < chain_size; i++) {
462 string sub = "attest key chaining ";
463 char index = '1' + i;
464 string subject = sub + index;
465 vector<uint8_t> subject_der(make_name_from_str(subject));
466
467 uint64_t serial_int = 7000 + i;
468 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
469
470 vector<KeyCharacteristics> attested_key_characteristics;
471 AttestationKey attest_key;
472 optional<AttestationKey> attest_key_opt;
473
474 if (i > 0) {
475 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
476 attest_key.keyBlob = key_blob_list[i - 1];
477 attest_key_opt = attest_key;
478 }
479
David Drysdale43489272022-06-13 10:12:12 +0100480 auto result = GenerateAttestKey(AuthorizationSetBuilder()
481 .RsaKey(2048, 65537)
482 .AttestKey()
483 .AttestationChallenge("foo")
484 .AttestationApplicationId("bar")
485 .Authorization(TAG_NO_AUTH_REQUIRED)
486 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
487 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
488 .SetDefaultValidity(),
489 attest_key_opt, &key_blob_list[i],
490 &attested_key_characteristics, &cert_chain_list[i]);
subrahmanyaman05642492022-02-05 07:10:56 +0000491 // Strongbox may not support factory provisioned attestation key.
492 if (SecLevel() == SecurityLevel::STRONGBOX) {
493 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
494 }
495 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700496
497 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
498 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100499 ASSERT_GT(cert_chain_list[i].size(), 0);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000500 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
501 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700502 cert_chain_list[i][0].encodedCertificate));
503
504 if (i > 0) {
505 /*
506 * The first key is attestated with factory chain, but all the rest of the keys are
507 * not supposed to be returned in attestation certificate chains.
508 */
509 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
510
511 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
512 cert_chain_list[i].insert(cert_chain_list[i].end(), //
513 cert_chain_list[i - 1].begin(), //
514 cert_chain_list[i - 1].end());
515 }
516
517 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
518 EXPECT_GT(cert_chain_list[i].size(), i + 1);
519 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
520 }
521
522 for (int i = 0; i < chain_size; i++) {
523 CheckedDeleteKey(&key_blob_list[i]);
524 }
525}
526
527/*
528 * AttestKeyTest.EcAttestKeyChaining
529 *
530 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
531 * with the last attest key signed by the factory chain.
532 */
533TEST_P(AttestKeyTest, EcAttestKeyChaining) {
534 const int chain_size = 6;
535 vector<vector<uint8_t>> key_blob_list(chain_size);
536 vector<vector<Certificate>> cert_chain_list(chain_size);
537
538 for (int i = 0; i < chain_size; i++) {
539 string sub = "Ec attest key chaining ";
540 char index = '1' + i;
541 string subject = sub + index;
542 vector<uint8_t> subject_der(make_name_from_str(subject));
543
544 uint64_t serial_int = 800000 + i;
545 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
546
547 vector<KeyCharacteristics> attested_key_characteristics;
548 AttestationKey attest_key;
549 optional<AttestationKey> attest_key_opt;
550
551 if (i > 0) {
552 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
553 attest_key.keyBlob = key_blob_list[i - 1];
554 attest_key_opt = attest_key;
555 }
556
David Drysdale43489272022-06-13 10:12:12 +0100557 auto result = GenerateAttestKey(AuthorizationSetBuilder()
558 .EcdsaKey(EcCurve::P_256)
559 .AttestKey()
560 .AttestationChallenge("foo")
561 .AttestationApplicationId("bar")
562 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
563 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
564 .Authorization(TAG_NO_AUTH_REQUIRED)
565 .SetDefaultValidity(),
566 attest_key_opt, &key_blob_list[i],
567 &attested_key_characteristics, &cert_chain_list[i]);
subrahmanyaman05642492022-02-05 07:10:56 +0000568 // Strongbox may not support factory provisioned attestation key.
569 if (SecLevel() == SecurityLevel::STRONGBOX) {
570 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
571 }
572 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700573
574 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
575 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100576 ASSERT_GT(cert_chain_list[i].size(), 0);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000577 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
578 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700579 cert_chain_list[i][0].encodedCertificate));
580
581 if (i > 0) {
582 /*
583 * The first key is attestated with factory chain, but all the rest of the keys are
584 * not supposed to be returned in attestation certificate chains.
585 */
586 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
587
588 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
589 cert_chain_list[i].insert(cert_chain_list[i].end(), //
590 cert_chain_list[i - 1].begin(), //
591 cert_chain_list[i - 1].end());
592 }
593
594 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
595 EXPECT_GT(cert_chain_list[i].size(), i + 1);
596 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
597 }
598
599 for (int i = 0; i < chain_size; i++) {
600 CheckedDeleteKey(&key_blob_list[i]);
601 }
602}
603
604/*
David Drysdalee60248c2021-10-04 12:54:13 +0100605 * AttestKeyTest.EcAttestKeyMultiPurposeFail
606 *
607 * This test attempts to create an EC attestation key that also allows signing.
608 */
609TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
David Drysdale50a66b82022-03-21 15:21:32 +0000610 if (AidlVersion() < 2) {
611 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
612 // with other key purposes. However, this was not checked at the time
613 // so we can only be strict about checking this for implementations of KeyMint
614 // version 2 and above.
615 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
616 }
David Drysdalee60248c2021-10-04 12:54:13 +0100617 vector<uint8_t> attest_key_blob;
618 vector<KeyCharacteristics> attest_key_characteristics;
619 vector<Certificate> attest_key_cert_chain;
620 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
621 GenerateKey(AuthorizationSetBuilder()
622 .EcdsaSigningKey(EcCurve::P_256)
623 .AttestKey()
624 .SetDefaultValidity(),
625 {} /* attestation signing key */, &attest_key_blob,
626 &attest_key_characteristics, &attest_key_cert_chain));
627}
628
629/*
Selene Huang8f9494c2021-04-21 15:10:36 -0700630 * AttestKeyTest.AlternateAttestKeyChaining
631 *
632 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
633 * Each attest key is used to sign the next attest key, with the last attest key signed by
634 * the factory chain. This is to verify different algorithms of attest keys can
635 * cross sign each other and be chained together.
636 */
637TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
638 const int chain_size = 6;
639 vector<vector<uint8_t>> key_blob_list(chain_size);
640 vector<vector<Certificate>> cert_chain_list(chain_size);
641
642 for (int i = 0; i < chain_size; i++) {
643 string sub = "Alt attest key chaining ";
644 char index = '1' + i;
645 string subject = sub + index;
646 vector<uint8_t> subject_der(make_name_from_str(subject));
647
648 uint64_t serial_int = 90000000 + i;
649 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
650
651 vector<KeyCharacteristics> attested_key_characteristics;
652 AttestationKey attest_key;
653 optional<AttestationKey> attest_key_opt;
654
655 if (i > 0) {
656 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
657 attest_key.keyBlob = key_blob_list[i - 1];
658 attest_key_opt = attest_key;
659 }
subrahmanyaman05642492022-02-05 07:10:56 +0000660 ErrorCode result;
Selene Huang8f9494c2021-04-21 15:10:36 -0700661 if ((i & 0x1) == 1) {
David Drysdale43489272022-06-13 10:12:12 +0100662 result = GenerateAttestKey(AuthorizationSetBuilder()
663 .EcdsaKey(EcCurve::P_256)
664 .AttestKey()
665 .AttestationChallenge("foo")
666 .AttestationApplicationId("bar")
667 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
668 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
669 .Authorization(TAG_NO_AUTH_REQUIRED)
670 .SetDefaultValidity(),
671 attest_key_opt, &key_blob_list[i],
672 &attested_key_characteristics, &cert_chain_list[i]);
Selene Huang8f9494c2021-04-21 15:10:36 -0700673 } else {
David Drysdale43489272022-06-13 10:12:12 +0100674 result = GenerateAttestKey(AuthorizationSetBuilder()
675 .RsaKey(2048, 65537)
676 .AttestKey()
677 .AttestationChallenge("foo")
678 .AttestationApplicationId("bar")
679 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
680 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
681 .Authorization(TAG_NO_AUTH_REQUIRED)
682 .SetDefaultValidity(),
683 attest_key_opt, &key_blob_list[i],
684 &attested_key_characteristics, &cert_chain_list[i]);
Selene Huang8f9494c2021-04-21 15:10:36 -0700685 }
subrahmanyaman05642492022-02-05 07:10:56 +0000686 // Strongbox may not support factory provisioned attestation key.
687 if (SecLevel() == SecurityLevel::STRONGBOX) {
688 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
689 }
690 ASSERT_EQ(ErrorCode::OK, result);
Selene Huang8f9494c2021-04-21 15:10:36 -0700691
692 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
693 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdalea0386952021-08-05 07:50:23 +0100694 ASSERT_GT(cert_chain_list[i].size(), 0);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000695 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
696 SecLevel(),
Selene Huang8f9494c2021-04-21 15:10:36 -0700697 cert_chain_list[i][0].encodedCertificate));
698
699 if (i > 0) {
700 /*
701 * The first key is attestated with factory chain, but all the rest of the keys are
702 * not supposed to be returned in attestation certificate chains.
703 */
704 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
705
706 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
707 cert_chain_list[i].insert(cert_chain_list[i].end(), //
708 cert_chain_list[i - 1].begin(), //
709 cert_chain_list[i - 1].end());
710 }
711
712 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
713 EXPECT_GT(cert_chain_list[i].size(), i + 1);
714 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
715 }
716
717 for (int i = 0; i < chain_size; i++) {
718 CheckedDeleteKey(&key_blob_list[i]);
719 }
720}
721
David Drysdaled2cc8c22021-04-15 13:29:45 +0100722TEST_P(AttestKeyTest, MissingChallenge) {
723 for (auto size : ValidKeySizes(Algorithm::RSA)) {
724 /*
725 * Create attestation key.
726 */
727 AttestationKey attest_key;
728 vector<KeyCharacteristics> attest_key_characteristics;
729 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100730 ASSERT_EQ(ErrorCode::OK,
731 GenerateAttestKey(AuthorizationSetBuilder()
732 .RsaKey(size, 65537)
733 .AttestKey()
734 .SetDefaultValidity(),
735 {} /* attestation signing key */, &attest_key.keyBlob,
736 &attest_key_characteristics, &attest_key_cert_chain));
David Drysdaled2cc8c22021-04-15 13:29:45 +0100737
738 EXPECT_EQ(attest_key_cert_chain.size(), 1);
739 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
740
741 /*
742 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
743 */
744 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
745 vector<uint8_t> attested_key_blob;
746 vector<KeyCharacteristics> attested_key_characteristics;
747 vector<Certificate> attested_key_cert_chain;
Tommy Chiuc93c4392021-05-11 18:36:50 +0800748 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100749 GenerateKey(AuthorizationSetBuilder()
750 .RsaSigningKey(2048, 65537)
751 .Authorization(TAG_NO_AUTH_REQUIRED)
752 .AttestationApplicationId("bar")
753 .SetDefaultValidity(),
754 attest_key, &attested_key_blob, &attested_key_characteristics,
755 &attested_key_cert_chain));
756
Tommy Chiuc93c4392021-05-11 18:36:50 +0800757 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100758 GenerateKey(AuthorizationSetBuilder()
759 .EcdsaSigningKey(EcCurve::P_256)
760 .Authorization(TAG_NO_AUTH_REQUIRED)
761 .AttestationApplicationId("bar")
762 .SetDefaultValidity(),
763 attest_key, &attested_key_blob, &attested_key_characteristics,
764 &attested_key_cert_chain));
765
766 CheckedDeleteKey(&attest_key.keyBlob);
767 }
768}
769
Shawn Willden7c130392020-12-21 09:58:22 -0700770TEST_P(AttestKeyTest, AllEcCurves) {
771 for (auto curve : ValidCurves()) {
772 /*
David Drysdale7de9feb2021-03-05 14:56:19 +0000773 * Create attestation key.
Shawn Willden7c130392020-12-21 09:58:22 -0700774 */
775 AttestationKey attest_key;
776 vector<KeyCharacteristics> attest_key_characteristics;
777 vector<Certificate> attest_key_cert_chain;
David Drysdaleb3b12142021-11-01 17:13:27 +0000778 ASSERT_EQ(
779 ErrorCode::OK,
David Drysdale43489272022-06-13 10:12:12 +0100780 GenerateAttestKey(
David Drysdaleb3b12142021-11-01 17:13:27 +0000781 AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(),
782 {} /* attestation signing key */, &attest_key.keyBlob,
783 &attest_key_characteristics, &attest_key_cert_chain));
Shawn Willden7c130392020-12-21 09:58:22 -0700784
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600785 ASSERT_GT(attest_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700786 EXPECT_EQ(attest_key_cert_chain.size(), 1);
787 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
788
789 /*
790 * Use attestation key to sign RSA key
791 */
792 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
793 vector<uint8_t> attested_key_blob;
794 vector<KeyCharacteristics> attested_key_characteristics;
795 vector<Certificate> attested_key_cert_chain;
796 EXPECT_EQ(ErrorCode::OK,
797 GenerateKey(AuthorizationSetBuilder()
798 .RsaSigningKey(2048, 65537)
799 .Authorization(TAG_NO_AUTH_REQUIRED)
800 .AttestationChallenge("foo")
801 .AttestationApplicationId("bar")
802 .SetDefaultValidity(),
803 attest_key, &attested_key_blob, &attested_key_characteristics,
804 &attested_key_cert_chain));
805
Brian J Murrayaa8a7582021-12-06 22:13:50 -0800806 ASSERT_GT(attested_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700807 CheckedDeleteKey(&attested_key_blob);
808
809 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
810 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000811 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
812 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700813 attested_key_cert_chain[0].encodedCertificate));
814
815 // Attestation by itself is not valid (last entry is not self-signed).
816 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
817
818 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
819 if (attest_key_cert_chain.size() > 0) {
820 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
821 }
822 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
823
824 /*
825 * Use attestation key to sign EC key
826 */
827 EXPECT_EQ(ErrorCode::OK,
828 GenerateKey(AuthorizationSetBuilder()
829 .EcdsaSigningKey(EcCurve::P_256)
830 .Authorization(TAG_NO_AUTH_REQUIRED)
831 .AttestationChallenge("foo")
832 .AttestationApplicationId("bar")
833 .SetDefaultValidity(),
834 attest_key, &attested_key_blob, &attested_key_characteristics,
835 &attested_key_cert_chain));
836
Brian J Murrayaa8a7582021-12-06 22:13:50 -0800837 ASSERT_GT(attested_key_cert_chain.size(), 0);
Shawn Willden7c130392020-12-21 09:58:22 -0700838 CheckedDeleteKey(&attested_key_blob);
839 CheckedDeleteKey(&attest_key.keyBlob);
840
841 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
842 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000843 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
844 SecLevel(),
Shawn Willden7c130392020-12-21 09:58:22 -0700845 attested_key_cert_chain[0].encodedCertificate));
846
847 // Attestation by itself is not valid (last entry is not self-signed).
848 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
849
850 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
851 if (attest_key_cert_chain.size() > 0) {
852 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
853 }
854 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
855
856 // Bail early if anything failed.
857 if (HasFailure()) return;
858 }
859}
860
Shawn Willden7bbf6292021-04-01 12:57:21 -0600861TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
David Drysdale7de9feb2021-03-05 14:56:19 +0000862 // Create non-attestation key.
Shawn Willden7bbf6292021-04-01 12:57:21 -0600863 AttestationKey non_attest_key;
864 vector<KeyCharacteristics> non_attest_key_characteristics;
865 vector<Certificate> non_attest_key_cert_chain;
866 ASSERT_EQ(
867 ErrorCode::OK,
868 GenerateKey(
869 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
David Drysdalea676c3b2021-06-14 14:46:02 +0100870 {} /* attestation signing key */, &non_attest_key.keyBlob,
Shawn Willden7bbf6292021-04-01 12:57:21 -0600871 &non_attest_key_characteristics, &non_attest_key_cert_chain));
872
Shawn Willdenc410f6f2021-04-22 13:28:45 -0600873 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
Shawn Willden7bbf6292021-04-01 12:57:21 -0600874 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
875 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
876
877 // Attempt to sign attestation with non-attest key.
878 vector<uint8_t> attested_key_blob;
879 vector<KeyCharacteristics> attested_key_characteristics;
880 vector<Certificate> attested_key_cert_chain;
881 EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
882 GenerateKey(AuthorizationSetBuilder()
883 .EcdsaSigningKey(EcCurve::P_256)
884 .Authorization(TAG_NO_AUTH_REQUIRED)
885 .AttestationChallenge("foo")
886 .AttestationApplicationId("bar")
887 .SetDefaultValidity(),
888 non_attest_key, &attested_key_blob, &attested_key_characteristics,
889 &attested_key_cert_chain));
890}
891
David Drysdalea676c3b2021-06-14 14:46:02 +0100892TEST_P(AttestKeyTest, EcdsaAttestationID) {
David Drysdale555ba002022-05-03 18:48:57 +0100893 if (is_gsi_image()) {
894 // GSI sets up a standard set of device identifiers that may not match
895 // the device identifiers held by the device.
896 GTEST_SKIP() << "Test not applicable under GSI";
897 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100898 // Create attestation key.
899 AttestationKey attest_key;
900 vector<KeyCharacteristics> attest_key_characteristics;
901 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100902 ASSERT_EQ(ErrorCode::OK,
903 GenerateAttestKey(AuthorizationSetBuilder()
904 .EcdsaKey(EcCurve::P_256)
905 .AttestKey()
906 .SetDefaultValidity(),
907 {} /* attestation signing key */, &attest_key.keyBlob,
908 &attest_key_characteristics, &attest_key_cert_chain));
David Drysdalea676c3b2021-06-14 14:46:02 +0100909 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
910 ASSERT_GT(attest_key_cert_chain.size(), 0);
911 EXPECT_EQ(attest_key_cert_chain.size(), 1);
912 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
913
914 // Collection of valid attestation ID tags.
915 auto attestation_id_tags = AuthorizationSetBuilder();
Prashant Patil8d779bf2022-09-28 16:09:29 +0100916 // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
917 // to ro.product.brand
918 std::string prop_value =
919 ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
920 if (!prop_value.empty()) {
921 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND,
922 "ro.product.brand_for_attestation");
923 } else {
924 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
925 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100926 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
Prashant Patil8d779bf2022-09-28 16:09:29 +0100927 // Use ro.product.name_for_attestation property for attestation if it is present else fallback
928 // to ro.product.name
929 prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
930 if (!prop_value.empty()) {
931 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT,
932 "ro.product.name_for_attestation");
933 } else {
934 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
935 }
Tri Vo799e4352022-11-07 17:23:50 -0800936 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
David Drysdalea676c3b2021-06-14 14:46:02 +0100937 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
938 "ro.product.manufacturer");
Prashant Patil8d779bf2022-09-28 16:09:29 +0100939 // Use ro.product.model_for_attestation property for attestation if it is present else fallback
940 // to ro.product.model
941 prop_value =
942 ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
943 if (!prop_value.empty()) {
944 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL,
945 "ro.product.model_for_attestation");
946 } else {
947 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
948 }
David Drysdalea676c3b2021-06-14 14:46:02 +0100949
Rajesh Nyamagoudeb644cf2022-12-15 03:50:52 +0000950 string imei = get_imei(0);
951 if (!imei.empty()) {
952 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
953 }
954
David Drysdalea676c3b2021-06-14 14:46:02 +0100955 for (const KeyParameter& tag : attestation_id_tags) {
956 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
957 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
958 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
959 .EcdsaSigningKey(EcCurve::P_256)
960 .Authorization(TAG_NO_AUTH_REQUIRED)
961 .AttestationChallenge("challenge")
962 .AttestationApplicationId("foo")
963 .SetDefaultValidity();
964 builder.push_back(tag);
965 vector<uint8_t> attested_key_blob;
966 vector<KeyCharacteristics> attested_key_characteristics;
967 vector<Certificate> attested_key_cert_chain;
968 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
969 &attested_key_characteristics, &attested_key_cert_chain);
Prashant Patil88ad1892022-03-15 16:31:02 +0000970 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
David Drysdalea676c3b2021-06-14 14:46:02 +0100971 continue;
972 }
973
974 ASSERT_EQ(result, ErrorCode::OK);
975
976 CheckedDeleteKey(&attested_key_blob);
977
978 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
979 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
980
981 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
982 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
983 // attestation extension should contain them, so make sure the extra tag is added.
984 hw_enforced.push_back(tag);
985
David Drysdale7dff4fc2021-12-10 10:10:52 +0000986 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
987 hw_enforced, SecLevel(),
David Drysdalea676c3b2021-06-14 14:46:02 +0100988 attested_key_cert_chain[0].encodedCertificate));
989 }
990 CheckedDeleteKey(&attest_key.keyBlob);
991}
992
993TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {
994 // Create attestation key.
995 AttestationKey attest_key;
996 vector<KeyCharacteristics> attest_key_characteristics;
997 vector<Certificate> attest_key_cert_chain;
David Drysdale43489272022-06-13 10:12:12 +0100998 ASSERT_EQ(ErrorCode::OK,
999 GenerateAttestKey(AuthorizationSetBuilder()
1000 .EcdsaKey(EcCurve::P_256)
1001 .AttestKey()
1002 .SetDefaultValidity(),
1003 {} /* attestation signing key */, &attest_key.keyBlob,
1004 &attest_key_characteristics, &attest_key_cert_chain));
David Drysdalea676c3b2021-06-14 14:46:02 +01001005 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
1006 ASSERT_GT(attest_key_cert_chain.size(), 0);
1007 EXPECT_EQ(attest_key_cert_chain.size(), 1);
1008 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1009
1010 // Collection of invalid attestation ID tags.
1011 auto attestation_id_tags =
1012 AuthorizationSetBuilder()
1013 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
1014 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
1015 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
1016 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
1017 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
1018 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
1019 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
1020 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
Rajesh Nyamagoud5283f812023-01-06 00:27:56 +00001021
1022 // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
1023 if (SecLevel() != SecurityLevel::STRONGBOX) {
1024 if (isSecondImeiIdAttestationRequired()) {
1025 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI,
1026 "invalid-second-imei");
1027 }
1028 }
David Drysdalea676c3b2021-06-14 14:46:02 +01001029 vector<uint8_t> key_blob;
1030 vector<KeyCharacteristics> key_characteristics;
1031
1032 for (const KeyParameter& invalid_tag : attestation_id_tags) {
1033 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
1034
1035 // Use attestation key to sign an ECDSA key, but include an invalid
1036 // attestation ID field.
1037 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1038 .EcdsaSigningKey(EcCurve::P_256)
1039 .Authorization(TAG_NO_AUTH_REQUIRED)
1040 .AttestationChallenge("challenge")
1041 .AttestationApplicationId("foo")
1042 .SetDefaultValidity();
1043 builder.push_back(invalid_tag);
1044 vector<uint8_t> attested_key_blob;
1045 vector<KeyCharacteristics> attested_key_characteristics;
1046 vector<Certificate> attested_key_cert_chain;
1047 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1048 &attested_key_characteristics, &attested_key_cert_chain);
1049
1050 ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG)
1051 << "result = " << result;
Max Biresa97ec692022-11-21 23:37:54 -08001052 device_id_attestation_vsr_check(result);
David Drysdalea676c3b2021-06-14 14:46:02 +01001053 }
1054 CheckedDeleteKey(&attest_key.keyBlob);
1055}
1056
Rajesh Nyamagoud5283f812023-01-06 00:27:56 +00001057TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
1058 if (is_gsi_image()) {
1059 // GSI sets up a standard set of device identifiers that may not match
1060 // the device identifiers held by the device.
1061 GTEST_SKIP() << "Test not applicable under GSI";
1062 }
1063
1064 // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
1065 if (SecLevel() == SecurityLevel::STRONGBOX) {
1066 GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";
1067 }
1068
1069 // Skip the test if there is no second IMEI exists.
1070 string second_imei = get_imei(1);
1071 if (second_imei.empty() || second_imei.compare("null") == 0) {
1072 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
1073 }
1074
1075 if (!isSecondImeiIdAttestationRequired()) {
1076 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
1077 }
1078
1079 // Create attestation key.
1080 AttestationKey attest_key;
1081 vector<KeyCharacteristics> attest_key_characteristics;
1082 vector<Certificate> attest_key_cert_chain;
1083 ASSERT_EQ(ErrorCode::OK,
1084 GenerateAttestKey(AuthorizationSetBuilder()
1085 .EcdsaKey(EcCurve::P_256)
1086 .AttestKey()
1087 .SetDefaultValidity(),
1088 {} /* attestation signing key */, &attest_key.keyBlob,
1089 &attest_key_characteristics, &attest_key_cert_chain));
1090 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
1091 EXPECT_EQ(attest_key_cert_chain.size(), 1);
1092 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1093
1094 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
1095 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1096 .EcdsaSigningKey(EcCurve::P_256)
1097 .Authorization(TAG_NO_AUTH_REQUIRED)
1098 .AttestationChallenge("challenge")
1099 .AttestationApplicationId("foo")
1100 .SetDefaultValidity();
1101 // b/264979486 - second imei doesn't depend on first imei.
1102 // Add second IMEI as attestation id without adding first IMEI as
1103 // attestation id.
1104 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
1105
1106 vector<uint8_t> attested_key_blob;
1107 vector<KeyCharacteristics> attested_key_characteristics;
1108 vector<Certificate> attested_key_cert_chain;
1109 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1110 &attested_key_characteristics, &attested_key_cert_chain);
1111
1112 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
1113 GTEST_SKIP()
1114 << "Test not applicable as device does not support SECOND-IMEI ID attestation.";
1115 }
1116
1117 ASSERT_EQ(result, ErrorCode::OK);
1118
1119 device_id_attestation_vsr_check(result);
1120
1121 CheckedDeleteKey(&attested_key_blob);
1122
1123 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
1124 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
1125
1126 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1127 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1128 // attestation extension should contain them, so make sure the extra tag is added.
1129 vector<uint8_t> imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1130 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob);
1131 hw_enforced.push_back(imei_tag);
1132
1133 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1134 hw_enforced, SecLevel(),
1135 attested_key_cert_chain[0].encodedCertificate));
1136
1137 CheckedDeleteKey(&attest_key.keyBlob);
1138}
1139
1140TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
1141 if (is_gsi_image()) {
1142 // GSI sets up a standard set of device identifiers that may not match
1143 // the device identifiers held by the device.
1144 GTEST_SKIP() << "Test not applicable under GSI";
1145 }
1146
1147 // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
1148 if (SecLevel() == SecurityLevel::STRONGBOX) {
1149 GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";
1150 }
1151
1152 // Skip the test if there is no first IMEI exists.
1153 string imei = get_imei(0);
1154 if (imei.empty() || imei.compare("null") == 0) {
1155 GTEST_SKIP() << "Test not applicable as there is no first IMEI";
1156 }
1157
1158 // Skip the test if there is no second IMEI exists.
1159 string second_imei = get_imei(1);
1160 if (second_imei.empty() || second_imei.compare("null") == 0) {
1161 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
1162 }
1163
1164 if (!isSecondImeiIdAttestationRequired()) {
1165 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
1166 }
1167
1168 // Create attestation key.
1169 AttestationKey attest_key;
1170 vector<KeyCharacteristics> attest_key_characteristics;
1171 vector<Certificate> attest_key_cert_chain;
1172 ASSERT_EQ(ErrorCode::OK,
1173 GenerateAttestKey(AuthorizationSetBuilder()
1174 .EcdsaKey(EcCurve::P_256)
1175 .AttestKey()
1176 .SetDefaultValidity(),
1177 {} /* attestation signing key */, &attest_key.keyBlob,
1178 &attest_key_characteristics, &attest_key_cert_chain));
1179 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
1180 EXPECT_EQ(attest_key_cert_chain.size(), 1);
1181 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1182
1183 // Use attestation key to sign an ECDSA key, but include both IMEI attestation ID fields.
1184 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1185 .EcdsaSigningKey(EcCurve::P_256)
1186 .Authorization(TAG_NO_AUTH_REQUIRED)
1187 .AttestationChallenge("challenge")
1188 .AttestationApplicationId("foo")
1189 .SetDefaultValidity();
1190 builder.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
1191 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
1192
1193 vector<uint8_t> attested_key_blob;
1194 vector<KeyCharacteristics> attested_key_characteristics;
1195 vector<Certificate> attested_key_cert_chain;
1196 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1197 &attested_key_characteristics, &attested_key_cert_chain);
1198
1199 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
1200 GTEST_SKIP() << "Test not applicable as device does not support IMEI ID attestation.";
1201 }
1202
1203 ASSERT_EQ(result, ErrorCode::OK);
1204
1205 device_id_attestation_vsr_check(result);
1206
1207 CheckedDeleteKey(&attested_key_blob);
1208
1209 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
1210 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
1211
1212 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1213 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1214 // attestation extension should contain them, so make sure the extra tag is added.
1215 vector<uint8_t> imei_blob(imei.data(), imei.data() + imei.size());
1216 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_IMEI, imei_blob);
1217 hw_enforced.push_back(imei_tag);
1218 vector<uint8_t> sec_imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1219 KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob);
1220 hw_enforced.push_back(sec_imei_tag);
1221
1222 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1223 hw_enforced, SecLevel(),
1224 attested_key_cert_chain[0].encodedCertificate));
1225
1226 CheckedDeleteKey(&attest_key.keyBlob);
1227}
1228
Shawn Willden7c130392020-12-21 09:58:22 -07001229INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
1230
1231} // namespace aidl::android::hardware::security::keymint::test