1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "keymint_1_attest_key_test"
18 #include <android-base/logging.h>
19 #include <android-base/strings.h>
20 #include <cutils/log.h>
21 #include <cutils/properties.h>
22
23 #include <keymint_support/key_param_output.h>
24 #include <keymint_support/openssl_utils.h>
25
26 #include "KeyMintAidlTestBase.h"
27
28 namespace aidl::android::hardware::security::keymint::test {
29
30 namespace {
31 string TELEPHONY_CMD_GET_IMEI = "cmd phone get-imei ";
32
IsSelfSigned(const vector<Certificate> & chain)33 bool IsSelfSigned(const vector<Certificate>& chain) {
34 if (chain.size() != 1) return false;
35 return ChainSignaturesAreValid(chain);
36 }
37
38 /*
39 * Run a shell command and collect the output of it. If any error, set an empty string as the
40 * output.
41 */
exec_command(string command)42 string exec_command(string command) {
43 char buffer[128];
44 string result = "";
45
46 FILE* pipe = popen(command.c_str(), "r");
47 if (!pipe) {
48 LOG(ERROR) << "popen failed.";
49 return result;
50 }
51
52 // read till end of process:
53 while (!feof(pipe)) {
54 if (fgets(buffer, 128, pipe) != NULL) {
55 result += buffer;
56 }
57 }
58
59 pclose(pipe);
60 return result;
61 }
62
63 /*
64 * Get IMEI using Telephony service shell command. If any error while executing the command
65 * then empty string will be returned as output.
66 */
get_imei(int slot)67 string get_imei(int slot) {
68 string cmd = TELEPHONY_CMD_GET_IMEI + std::to_string(slot);
69 string output = exec_command(cmd);
70
71 if (output.empty()) {
72 LOG(ERROR) << "Command failed. Cmd: " << cmd;
73 return "";
74 }
75
76 vector<string> out = ::android::base::Tokenize(::android::base::Trim(output), "Device IMEI:");
77
78 if (out.size() != 1) {
79 LOG(ERROR) << "Error in parsing the command output. Cmd: " << cmd;
80 return "";
81 }
82
83 string imei = ::android::base::Trim(out[0]);
84 if (imei.compare("null") == 0) {
85 LOG(ERROR) << "Error in getting IMEI from Telephony service: value is null. Cmd: " << cmd;
86 return "";
87 }
88
89 return imei;
90 }
91
92 } // namespace
93
94 class AttestKeyTest : public KeyMintAidlTestBase {
95 public:
SetUp()96 void SetUp() override {
97 skipAttestKeyTest();
98 KeyMintAidlTestBase::SetUp();
99 }
100 };
101
102 /*
103 * AttestKeyTest.AllRsaSizes
104 *
105 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
106 * used to sign other RSA and EC keys.
107 */
TEST_P(AttestKeyTest,AllRsaSizes)108 TEST_P(AttestKeyTest, AllRsaSizes) {
109 for (auto size : ValidKeySizes(Algorithm::RSA)) {
110 /*
111 * Create attestation key.
112 */
113 AttestationKey attest_key;
114 vector<KeyCharacteristics> attest_key_characteristics;
115 vector<Certificate> attest_key_cert_chain;
116 ASSERT_EQ(ErrorCode::OK,
117 GenerateAttestKey(AuthorizationSetBuilder()
118 .RsaKey(size, 65537)
119 .AttestKey()
120 .SetDefaultValidity(),
121 {} /* attestation signing key */, &attest_key.keyBlob,
122 &attest_key_characteristics, &attest_key_cert_chain));
123
124 ASSERT_GT(attest_key_cert_chain.size(), 0);
125 EXPECT_EQ(attest_key_cert_chain.size(), 1);
126 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
127
128 /*
129 * Use attestation key to sign RSA signing key
130 */
131 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
132 vector<uint8_t> attested_key_blob;
133 vector<KeyCharacteristics> attested_key_characteristics;
134 vector<Certificate> attested_key_cert_chain;
135 EXPECT_EQ(ErrorCode::OK,
136 GenerateKey(AuthorizationSetBuilder()
137 .RsaSigningKey(2048, 65537)
138 .Authorization(TAG_NO_AUTH_REQUIRED)
139 .AttestationChallenge("foo")
140 .AttestationApplicationId("bar")
141 .SetDefaultValidity(),
142 attest_key, &attested_key_blob, &attested_key_characteristics,
143 &attested_key_cert_chain));
144
145 CheckedDeleteKey(&attested_key_blob);
146
147 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
148 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
149 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
150 SecLevel(),
151 attested_key_cert_chain[0].encodedCertificate));
152
153 // Attestation by itself is not valid (last entry is not self-signed).
154 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
155
156 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
157 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
158 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
159 EXPECT_EQ(attested_key_cert_chain.size(), 2);
160
161 /*
162 * Use attestation key to sign RSA decryption key
163 */
164 attested_key_characteristics.resize(0);
165 attested_key_cert_chain.resize(0);
166 EXPECT_EQ(ErrorCode::OK,
167 GenerateKey(AuthorizationSetBuilder()
168 .RsaEncryptionKey(2048, 65537)
169 .Digest(Digest::NONE)
170 .Padding(PaddingMode::NONE)
171 .Authorization(TAG_NO_AUTH_REQUIRED)
172 .AttestationChallenge("foo2")
173 .AttestationApplicationId("bar2")
174 .SetDefaultValidity(),
175 attest_key, &attested_key_blob, &attested_key_characteristics,
176 &attested_key_cert_chain));
177
178 CheckedDeleteKey(&attested_key_blob);
179
180 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
181 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
182 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
183 hw_enforced, SecLevel(),
184 attested_key_cert_chain[0].encodedCertificate));
185
186 // Attestation by itself is not valid (last entry is not self-signed).
187 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
188
189 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
190 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
191 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
192 EXPECT_EQ(attested_key_cert_chain.size(), 2);
193
194 /*
195 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
196 */
197 attested_key_characteristics.resize(0);
198 attested_key_cert_chain.resize(0);
199 uint64_t timestamp = 1619621648000;
200 EXPECT_EQ(ErrorCode::OK,
201 GenerateKey(AuthorizationSetBuilder()
202 .EcdsaSigningKey(EcCurve::P_256)
203 .Authorization(TAG_NO_AUTH_REQUIRED)
204 .AttestationChallenge("foo")
205 .AttestationApplicationId("bar")
206 .Authorization(TAG_CREATION_DATETIME, timestamp)
207 .SetDefaultValidity(),
208 attest_key, &attested_key_blob, &attested_key_characteristics,
209 &attested_key_cert_chain));
210
211 // The returned key characteristics will include CREATION_DATETIME (checked below)
212 // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
213 // call below, to match what getKeyCharacteristics() returns (which doesn't include
214 // any SecurityLevel::KEYSTORE characteristics).
215 CheckCharacteristics(attested_key_blob, attested_key_characteristics);
216
217 CheckedDeleteKey(&attested_key_blob);
218 CheckedDeleteKey(&attest_key.keyBlob);
219
220 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
221 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
222
223 // The client-specified CREATION_DATETIME should be in sw_enforced.
224 // Its presence will also trigger verify_attestation_record() to check that
225 // it is in the attestation extension with a matching value.
226 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
227 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
228 << " not in hw_enforced:" << hw_enforced;
229 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
230 SecLevel(),
231 attested_key_cert_chain[0].encodedCertificate));
232
233 // Attestation by itself is not valid (last entry is not self-signed).
234 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
235
236 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
237 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
238 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
239
240 // Bail early if anything failed.
241 if (HasFailure()) return;
242 }
243 }
244
245 /*
246 * AttestKeyTest.RsaAttestKeyMultiPurposeFail
247 *
248 * This test attempts to create an RSA attestation key that also allows signing.
249 */
TEST_P(AttestKeyTest,RsaAttestKeyMultiPurposeFail)250 TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
251 if (AidlVersion() < 2) {
252 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
253 // with other key purposes. However, this was not checked at the time
254 // so we can only be strict about checking this for implementations of KeyMint
255 // version 2 and above.
256 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
257 }
258
259 vector<uint8_t> attest_key_blob;
260 vector<KeyCharacteristics> attest_key_characteristics;
261 vector<Certificate> attest_key_cert_chain;
262 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
263 GenerateKey(AuthorizationSetBuilder()
264 .RsaSigningKey(2048, 65537)
265 .AttestKey()
266 .SetDefaultValidity(),
267 {} /* attestation signing key */, &attest_key_blob,
268 &attest_key_characteristics, &attest_key_cert_chain));
269 }
270
271 /*
272 * AttestKeyTest.RsaAttestedAttestKeys
273 *
274 * This test creates an RSA attestation key signed by factory keys, and varifies it can be
275 * used to sign other RSA and EC keys.
276 */
TEST_P(AttestKeyTest,RsaAttestedAttestKeys)277 TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
278 auto challenge = "hello";
279 auto app_id = "foo";
280
281 auto subject = "cert subj 2";
282 vector<uint8_t> subject_der(make_name_from_str(subject));
283
284 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
285 // that a zero value doesn't cause problems.
286 uint64_t serial_int = 0;
287 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
288
289 /*
290 * Create attestation key.
291 */
292 AttestationKey attest_key;
293 vector<KeyCharacteristics> attest_key_characteristics;
294 vector<Certificate> attest_key_cert_chain;
295 auto result = GenerateAttestKey(AuthorizationSetBuilder()
296 .RsaKey(2048, 65537)
297 .AttestKey()
298 .AttestationChallenge(challenge)
299 .AttestationApplicationId(app_id)
300 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
301 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
302 .Authorization(TAG_NO_AUTH_REQUIRED)
303 .SetDefaultValidity(),
304 {} /* attestation signing key */, &attest_key.keyBlob,
305 &attest_key_characteristics, &attest_key_cert_chain);
306 // Strongbox may not support factory provisioned attestation key.
307 if (SecLevel() == SecurityLevel::STRONGBOX) {
308 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
309 }
310 ASSERT_EQ(ErrorCode::OK, result);
311
312 EXPECT_GT(attest_key_cert_chain.size(), 1);
313 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
314 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
315
316 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
317 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
318 EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
319 sw_enforced, hw_enforced, SecLevel(),
320 attest_key_cert_chain[0].encodedCertificate));
321
322 /*
323 * Use attestation key to sign RSA key
324 */
325 attest_key.issuerSubjectName = subject_der;
326 vector<uint8_t> attested_key_blob;
327 vector<KeyCharacteristics> attested_key_characteristics;
328 vector<Certificate> attested_key_cert_chain;
329
330 auto subject2 = "cert subject";
331 vector<uint8_t> subject_der2(make_name_from_str(subject2));
332
333 uint64_t serial_int2 = 255;
334 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
335
336 EXPECT_EQ(ErrorCode::OK,
337 GenerateKey(AuthorizationSetBuilder()
338 .RsaSigningKey(2048, 65537)
339 .Authorization(TAG_NO_AUTH_REQUIRED)
340 .AttestationChallenge("foo")
341 .AttestationApplicationId("bar")
342 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
343 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
344 .SetDefaultValidity(),
345 attest_key, &attested_key_blob, &attested_key_characteristics,
346 &attested_key_cert_chain));
347
348 CheckedDeleteKey(&attested_key_blob);
349 CheckedDeleteKey(&attest_key.keyBlob);
350
351 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
352 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
353 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
354 SecLevel(),
355 attested_key_cert_chain[0].encodedCertificate));
356
357 // Attestation by itself is not valid (last entry is not self-signed).
358 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
359
360 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
361 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
362 attest_key_cert_chain.end());
363
364 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
365 EXPECT_GT(attested_key_cert_chain.size(), 2);
366 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
367 }
368
369 /*
370 * AttestKeyTest.RsaAttestKeyChaining
371 *
372 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
373 * with the last attest key signed by the factory chain.
374 */
TEST_P(AttestKeyTest,RsaAttestKeyChaining)375 TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
376 const int chain_size = 6;
377 vector<vector<uint8_t>> key_blob_list(chain_size);
378 vector<vector<Certificate>> cert_chain_list(chain_size);
379
380 for (int i = 0; i < chain_size; i++) {
381 string sub = "attest key chaining ";
382 char index = '1' + i;
383 string subject = sub + index;
384 vector<uint8_t> subject_der(make_name_from_str(subject));
385
386 uint64_t serial_int = 7000 + i;
387 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
388
389 vector<KeyCharacteristics> attested_key_characteristics;
390 AttestationKey attest_key;
391 optional<AttestationKey> attest_key_opt;
392
393 if (i > 0) {
394 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
395 attest_key.keyBlob = key_blob_list[i - 1];
396 attest_key_opt = attest_key;
397 }
398
399 auto result = GenerateAttestKey(AuthorizationSetBuilder()
400 .RsaKey(2048, 65537)
401 .AttestKey()
402 .AttestationChallenge("foo")
403 .AttestationApplicationId("bar")
404 .Authorization(TAG_NO_AUTH_REQUIRED)
405 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
406 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
407 .SetDefaultValidity(),
408 attest_key_opt, &key_blob_list[i],
409 &attested_key_characteristics, &cert_chain_list[i]);
410 // Strongbox may not support factory provisioned attestation key.
411 if (SecLevel() == SecurityLevel::STRONGBOX) {
412 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
413 }
414 ASSERT_EQ(ErrorCode::OK, result);
415
416 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
417 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
418 ASSERT_GT(cert_chain_list[i].size(), 0);
419 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
420 SecLevel(),
421 cert_chain_list[i][0].encodedCertificate));
422
423 if (i > 0) {
424 /*
425 * The first key is attestated with factory chain, but all the rest of the keys are
426 * not supposed to be returned in attestation certificate chains.
427 */
428 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
429
430 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
431 cert_chain_list[i].insert(cert_chain_list[i].end(), //
432 cert_chain_list[i - 1].begin(), //
433 cert_chain_list[i - 1].end());
434 }
435
436 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
437 EXPECT_GT(cert_chain_list[i].size(), i + 1);
438 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
439 }
440
441 for (int i = 0; i < chain_size; i++) {
442 CheckedDeleteKey(&key_blob_list[i]);
443 }
444 }
445
446 /*
447 * AttestKeyTest.EcAttestKeyChaining
448 *
449 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
450 * with the last attest key signed by the factory chain.
451 */
TEST_P(AttestKeyTest,EcAttestKeyChaining)452 TEST_P(AttestKeyTest, EcAttestKeyChaining) {
453 const int chain_size = 6;
454 vector<vector<uint8_t>> key_blob_list(chain_size);
455 vector<vector<Certificate>> cert_chain_list(chain_size);
456
457 for (int i = 0; i < chain_size; i++) {
458 string sub = "Ec attest key chaining ";
459 char index = '1' + i;
460 string subject = sub + index;
461 vector<uint8_t> subject_der(make_name_from_str(subject));
462
463 uint64_t serial_int = 800000 + i;
464 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
465
466 vector<KeyCharacteristics> attested_key_characteristics;
467 AttestationKey attest_key;
468 optional<AttestationKey> attest_key_opt;
469
470 if (i > 0) {
471 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
472 attest_key.keyBlob = key_blob_list[i - 1];
473 attest_key_opt = attest_key;
474 }
475
476 auto result = GenerateAttestKey(AuthorizationSetBuilder()
477 .EcdsaKey(EcCurve::P_256)
478 .AttestKey()
479 .AttestationChallenge("foo")
480 .AttestationApplicationId("bar")
481 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
482 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
483 .Authorization(TAG_NO_AUTH_REQUIRED)
484 .SetDefaultValidity(),
485 attest_key_opt, &key_blob_list[i],
486 &attested_key_characteristics, &cert_chain_list[i]);
487 // Strongbox may not support factory provisioned attestation key.
488 if (SecLevel() == SecurityLevel::STRONGBOX) {
489 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
490 }
491 ASSERT_EQ(ErrorCode::OK, result);
492
493 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
494 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
495 ASSERT_GT(cert_chain_list[i].size(), 0);
496 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
497 SecLevel(),
498 cert_chain_list[i][0].encodedCertificate));
499
500 if (i > 0) {
501 /*
502 * The first key is attestated with factory chain, but all the rest of the keys are
503 * not supposed to be returned in attestation certificate chains.
504 */
505 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
506
507 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
508 cert_chain_list[i].insert(cert_chain_list[i].end(), //
509 cert_chain_list[i - 1].begin(), //
510 cert_chain_list[i - 1].end());
511 }
512
513 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
514 EXPECT_GT(cert_chain_list[i].size(), i + 1);
515 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
516 }
517
518 for (int i = 0; i < chain_size; i++) {
519 CheckedDeleteKey(&key_blob_list[i]);
520 }
521 }
522
523 /*
524 * AttestKeyTest.EcAttestKeyMultiPurposeFail
525 *
526 * This test attempts to create an EC attestation key that also allows signing.
527 */
TEST_P(AttestKeyTest,EcAttestKeyMultiPurposeFail)528 TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
529 if (AidlVersion() < 2) {
530 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
531 // with other key purposes. However, this was not checked at the time
532 // so we can only be strict about checking this for implementations of KeyMint
533 // version 2 and above.
534 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
535 }
536 vector<uint8_t> attest_key_blob;
537 vector<KeyCharacteristics> attest_key_characteristics;
538 vector<Certificate> attest_key_cert_chain;
539 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
540 GenerateKey(AuthorizationSetBuilder()
541 .EcdsaSigningKey(EcCurve::P_256)
542 .AttestKey()
543 .SetDefaultValidity(),
544 {} /* attestation signing key */, &attest_key_blob,
545 &attest_key_characteristics, &attest_key_cert_chain));
546 }
547
548 /*
549 * AttestKeyTest.AlternateAttestKeyChaining
550 *
551 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
552 * Each attest key is used to sign the next attest key, with the last attest key signed by
553 * the factory chain. This is to verify different algorithms of attest keys can
554 * cross sign each other and be chained together.
555 */
TEST_P(AttestKeyTest,AlternateAttestKeyChaining)556 TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
557 const int chain_size = 6;
558 vector<vector<uint8_t>> key_blob_list(chain_size);
559 vector<vector<Certificate>> cert_chain_list(chain_size);
560
561 for (int i = 0; i < chain_size; i++) {
562 string sub = "Alt attest key chaining ";
563 char index = '1' + i;
564 string subject = sub + index;
565 vector<uint8_t> subject_der(make_name_from_str(subject));
566
567 uint64_t serial_int = 90000000 + i;
568 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
569
570 vector<KeyCharacteristics> attested_key_characteristics;
571 AttestationKey attest_key;
572 optional<AttestationKey> attest_key_opt;
573
574 if (i > 0) {
575 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
576 attest_key.keyBlob = key_blob_list[i - 1];
577 attest_key_opt = attest_key;
578 }
579 ErrorCode result;
580 if ((i & 0x1) == 1) {
581 result = GenerateAttestKey(AuthorizationSetBuilder()
582 .EcdsaKey(EcCurve::P_256)
583 .AttestKey()
584 .AttestationChallenge("foo")
585 .AttestationApplicationId("bar")
586 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
587 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
588 .Authorization(TAG_NO_AUTH_REQUIRED)
589 .SetDefaultValidity(),
590 attest_key_opt, &key_blob_list[i],
591 &attested_key_characteristics, &cert_chain_list[i]);
592 } else {
593 result = GenerateAttestKey(AuthorizationSetBuilder()
594 .RsaKey(2048, 65537)
595 .AttestKey()
596 .AttestationChallenge("foo")
597 .AttestationApplicationId("bar")
598 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
599 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
600 .Authorization(TAG_NO_AUTH_REQUIRED)
601 .SetDefaultValidity(),
602 attest_key_opt, &key_blob_list[i],
603 &attested_key_characteristics, &cert_chain_list[i]);
604 }
605 // Strongbox may not support factory provisioned attestation key.
606 if (SecLevel() == SecurityLevel::STRONGBOX) {
607 if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
608 }
609 ASSERT_EQ(ErrorCode::OK, result);
610
611 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
612 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
613 ASSERT_GT(cert_chain_list[i].size(), 0);
614 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
615 SecLevel(),
616 cert_chain_list[i][0].encodedCertificate));
617
618 if (i > 0) {
619 /*
620 * The first key is attestated with factory chain, but all the rest of the keys are
621 * not supposed to be returned in attestation certificate chains.
622 */
623 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
624
625 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
626 cert_chain_list[i].insert(cert_chain_list[i].end(), //
627 cert_chain_list[i - 1].begin(), //
628 cert_chain_list[i - 1].end());
629 }
630
631 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
632 EXPECT_GT(cert_chain_list[i].size(), i + 1);
633 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
634 }
635
636 for (int i = 0; i < chain_size; i++) {
637 CheckedDeleteKey(&key_blob_list[i]);
638 }
639 }
640
TEST_P(AttestKeyTest,MissingChallenge)641 TEST_P(AttestKeyTest, MissingChallenge) {
642 for (auto size : ValidKeySizes(Algorithm::RSA)) {
643 /*
644 * Create attestation key.
645 */
646 AttestationKey attest_key;
647 vector<KeyCharacteristics> attest_key_characteristics;
648 vector<Certificate> attest_key_cert_chain;
649 ASSERT_EQ(ErrorCode::OK,
650 GenerateAttestKey(AuthorizationSetBuilder()
651 .RsaKey(size, 65537)
652 .AttestKey()
653 .SetDefaultValidity(),
654 {} /* attestation signing key */, &attest_key.keyBlob,
655 &attest_key_characteristics, &attest_key_cert_chain));
656
657 EXPECT_EQ(attest_key_cert_chain.size(), 1);
658 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
659
660 /*
661 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
662 */
663 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
664 vector<uint8_t> attested_key_blob;
665 vector<KeyCharacteristics> attested_key_characteristics;
666 vector<Certificate> attested_key_cert_chain;
667 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
668 GenerateKey(AuthorizationSetBuilder()
669 .RsaSigningKey(2048, 65537)
670 .Authorization(TAG_NO_AUTH_REQUIRED)
671 .AttestationApplicationId("bar")
672 .SetDefaultValidity(),
673 attest_key, &attested_key_blob, &attested_key_characteristics,
674 &attested_key_cert_chain));
675
676 EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
677 GenerateKey(AuthorizationSetBuilder()
678 .EcdsaSigningKey(EcCurve::P_256)
679 .Authorization(TAG_NO_AUTH_REQUIRED)
680 .AttestationApplicationId("bar")
681 .SetDefaultValidity(),
682 attest_key, &attested_key_blob, &attested_key_characteristics,
683 &attested_key_cert_chain));
684
685 CheckedDeleteKey(&attest_key.keyBlob);
686 }
687 }
688
TEST_P(AttestKeyTest,AllEcCurves)689 TEST_P(AttestKeyTest, AllEcCurves) {
690 for (auto curve : ValidCurves()) {
691 /*
692 * Create attestation key.
693 */
694 AttestationKey attest_key;
695 vector<KeyCharacteristics> attest_key_characteristics;
696 vector<Certificate> attest_key_cert_chain;
697 ASSERT_EQ(
698 ErrorCode::OK,
699 GenerateAttestKey(
700 AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(),
701 {} /* attestation signing key */, &attest_key.keyBlob,
702 &attest_key_characteristics, &attest_key_cert_chain));
703
704 ASSERT_GT(attest_key_cert_chain.size(), 0);
705 EXPECT_EQ(attest_key_cert_chain.size(), 1);
706 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
707
708 /*
709 * Use attestation key to sign RSA key
710 */
711 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
712 vector<uint8_t> attested_key_blob;
713 vector<KeyCharacteristics> attested_key_characteristics;
714 vector<Certificate> attested_key_cert_chain;
715 EXPECT_EQ(ErrorCode::OK,
716 GenerateKey(AuthorizationSetBuilder()
717 .RsaSigningKey(2048, 65537)
718 .Authorization(TAG_NO_AUTH_REQUIRED)
719 .AttestationChallenge("foo")
720 .AttestationApplicationId("bar")
721 .SetDefaultValidity(),
722 attest_key, &attested_key_blob, &attested_key_characteristics,
723 &attested_key_cert_chain));
724
725 ASSERT_GT(attested_key_cert_chain.size(), 0);
726 CheckedDeleteKey(&attested_key_blob);
727
728 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
729 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
730 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
731 SecLevel(),
732 attested_key_cert_chain[0].encodedCertificate));
733
734 // Attestation by itself is not valid (last entry is not self-signed).
735 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
736
737 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
738 if (attest_key_cert_chain.size() > 0) {
739 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
740 }
741 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
742
743 /*
744 * Use attestation key to sign EC key
745 */
746 EXPECT_EQ(ErrorCode::OK,
747 GenerateKey(AuthorizationSetBuilder()
748 .EcdsaSigningKey(EcCurve::P_256)
749 .Authorization(TAG_NO_AUTH_REQUIRED)
750 .AttestationChallenge("foo")
751 .AttestationApplicationId("bar")
752 .SetDefaultValidity(),
753 attest_key, &attested_key_blob, &attested_key_characteristics,
754 &attested_key_cert_chain));
755
756 ASSERT_GT(attested_key_cert_chain.size(), 0);
757 CheckedDeleteKey(&attested_key_blob);
758 CheckedDeleteKey(&attest_key.keyBlob);
759
760 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
761 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
762 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
763 SecLevel(),
764 attested_key_cert_chain[0].encodedCertificate));
765
766 // Attestation by itself is not valid (last entry is not self-signed).
767 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
768
769 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
770 if (attest_key_cert_chain.size() > 0) {
771 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
772 }
773 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
774
775 // Bail early if anything failed.
776 if (HasFailure()) return;
777 }
778 }
779
TEST_P(AttestKeyTest,AttestWithNonAttestKey)780 TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
781 // Create non-attestation key.
782 AttestationKey non_attest_key;
783 vector<KeyCharacteristics> non_attest_key_characteristics;
784 vector<Certificate> non_attest_key_cert_chain;
785 ASSERT_EQ(
786 ErrorCode::OK,
787 GenerateKey(
788 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
789 {} /* attestation signing key */, &non_attest_key.keyBlob,
790 &non_attest_key_characteristics, &non_attest_key_cert_chain));
791
792 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
793 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
794 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
795
796 // Attempt to sign attestation with non-attest key.
797 vector<uint8_t> attested_key_blob;
798 vector<KeyCharacteristics> attested_key_characteristics;
799 vector<Certificate> attested_key_cert_chain;
800 EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
801 GenerateKey(AuthorizationSetBuilder()
802 .EcdsaSigningKey(EcCurve::P_256)
803 .Authorization(TAG_NO_AUTH_REQUIRED)
804 .AttestationChallenge("foo")
805 .AttestationApplicationId("bar")
806 .SetDefaultValidity(),
807 non_attest_key, &attested_key_blob, &attested_key_characteristics,
808 &attested_key_cert_chain));
809 }
810
TEST_P(AttestKeyTest,EcdsaAttestationID)811 TEST_P(AttestKeyTest, EcdsaAttestationID) {
812 if (is_gsi_image()) {
813 // GSI sets up a standard set of device identifiers that may not match
814 // the device identifiers held by the device.
815 GTEST_SKIP() << "Test not applicable under GSI";
816 }
817 // Create attestation key.
818 AttestationKey attest_key;
819 vector<KeyCharacteristics> attest_key_characteristics;
820 vector<Certificate> attest_key_cert_chain;
821 ASSERT_EQ(ErrorCode::OK,
822 GenerateAttestKey(AuthorizationSetBuilder()
823 .EcdsaKey(EcCurve::P_256)
824 .AttestKey()
825 .SetDefaultValidity(),
826 {} /* attestation signing key */, &attest_key.keyBlob,
827 &attest_key_characteristics, &attest_key_cert_chain));
828 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
829 ASSERT_GT(attest_key_cert_chain.size(), 0);
830 EXPECT_EQ(attest_key_cert_chain.size(), 1);
831 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
832
833 // Collection of valid attestation ID tags.
834 auto attestation_id_tags = AuthorizationSetBuilder();
835 // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
836 // to ro.product.brand
837 std::string prop_value =
838 ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
839 if (!prop_value.empty()) {
840 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND,
841 "ro.product.brand_for_attestation");
842 } else {
843 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
844 }
845 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
846 // Use ro.product.name_for_attestation property for attestation if it is present else fallback
847 // to ro.product.name
848 prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
849 if (!prop_value.empty()) {
850 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT,
851 "ro.product.name_for_attestation");
852 } else {
853 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
854 }
855 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
856 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
857 "ro.product.manufacturer");
858 // Use ro.product.model_for_attestation property for attestation if it is present else fallback
859 // to ro.product.model
860 prop_value =
861 ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
862 if (!prop_value.empty()) {
863 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL,
864 "ro.product.model_for_attestation");
865 } else {
866 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
867 }
868
869 string imei = get_imei(0);
870 if (!imei.empty()) {
871 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
872 }
873
874 for (const KeyParameter& tag : attestation_id_tags) {
875 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
876 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
877 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
878 .EcdsaSigningKey(EcCurve::P_256)
879 .Authorization(TAG_NO_AUTH_REQUIRED)
880 .AttestationChallenge("challenge")
881 .AttestationApplicationId("foo")
882 .SetDefaultValidity();
883 builder.push_back(tag);
884 vector<uint8_t> attested_key_blob;
885 vector<KeyCharacteristics> attested_key_characteristics;
886 vector<Certificate> attested_key_cert_chain;
887 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
888 &attested_key_characteristics, &attested_key_cert_chain);
889 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
890 continue;
891 }
892
893 ASSERT_EQ(result, ErrorCode::OK);
894
895 CheckedDeleteKey(&attested_key_blob);
896
897 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
898 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
899
900 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
901 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
902 // attestation extension should contain them, so make sure the extra tag is added.
903 hw_enforced.push_back(tag);
904
905 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
906 hw_enforced, SecLevel(),
907 attested_key_cert_chain[0].encodedCertificate));
908 }
909 CheckedDeleteKey(&attest_key.keyBlob);
910 }
911
TEST_P(AttestKeyTest,EcdsaAttestationMismatchID)912 TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {
913 // Create attestation key.
914 AttestationKey attest_key;
915 vector<KeyCharacteristics> attest_key_characteristics;
916 vector<Certificate> attest_key_cert_chain;
917 ASSERT_EQ(ErrorCode::OK,
918 GenerateAttestKey(AuthorizationSetBuilder()
919 .EcdsaKey(EcCurve::P_256)
920 .AttestKey()
921 .SetDefaultValidity(),
922 {} /* attestation signing key */, &attest_key.keyBlob,
923 &attest_key_characteristics, &attest_key_cert_chain));
924 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
925 ASSERT_GT(attest_key_cert_chain.size(), 0);
926 EXPECT_EQ(attest_key_cert_chain.size(), 1);
927 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
928
929 // Collection of invalid attestation ID tags.
930 auto attestation_id_tags =
931 AuthorizationSetBuilder()
932 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
933 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
934 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
935 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
936 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
937 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
938 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
939 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
940
941 if (isSecondImeiIdAttestationRequired()) {
942 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, "invalid-second-imei");
943 }
944 vector<uint8_t> key_blob;
945 vector<KeyCharacteristics> key_characteristics;
946
947 for (const KeyParameter& invalid_tag : attestation_id_tags) {
948 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
949
950 // Use attestation key to sign an ECDSA key, but include an invalid
951 // attestation ID field.
952 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
953 .EcdsaSigningKey(EcCurve::P_256)
954 .Authorization(TAG_NO_AUTH_REQUIRED)
955 .AttestationChallenge("challenge")
956 .AttestationApplicationId("foo")
957 .SetDefaultValidity();
958 builder.push_back(invalid_tag);
959 vector<uint8_t> attested_key_blob;
960 vector<KeyCharacteristics> attested_key_characteristics;
961 vector<Certificate> attested_key_cert_chain;
962 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
963 &attested_key_characteristics, &attested_key_cert_chain);
964 device_id_attestation_check_acceptable_error(invalid_tag.tag, result);
965 }
966 CheckedDeleteKey(&attest_key.keyBlob);
967 }
968
TEST_P(AttestKeyTest,SecondIMEIAttestationIDSuccess)969 TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
970 if (is_gsi_image()) {
971 // GSI sets up a standard set of device identifiers that may not match
972 // the device identifiers held by the device.
973 GTEST_SKIP() << "Test not applicable under GSI";
974 }
975
976 // Skip the test if there is no second IMEI exists.
977 string second_imei = get_imei(1);
978 if (second_imei.empty()) {
979 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
980 }
981
982 if (!isSecondImeiIdAttestationRequired()) {
983 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
984 }
985
986 // Create attestation key.
987 AttestationKey attest_key;
988 vector<KeyCharacteristics> attest_key_characteristics;
989 vector<Certificate> attest_key_cert_chain;
990 ASSERT_EQ(ErrorCode::OK,
991 GenerateAttestKey(AuthorizationSetBuilder()
992 .EcdsaKey(EcCurve::P_256)
993 .AttestKey()
994 .SetDefaultValidity(),
995 {} /* attestation signing key */, &attest_key.keyBlob,
996 &attest_key_characteristics, &attest_key_cert_chain));
997 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
998 EXPECT_EQ(attest_key_cert_chain.size(), 1);
999 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1000
1001 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
1002 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1003 .EcdsaSigningKey(EcCurve::P_256)
1004 .Authorization(TAG_NO_AUTH_REQUIRED)
1005 .AttestationChallenge("challenge")
1006 .AttestationApplicationId("foo")
1007 .SetDefaultValidity();
1008 // b/264979486 - second imei doesn't depend on first imei.
1009 // Add second IMEI as attestation id without adding first IMEI as
1010 // attestation id.
1011 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
1012
1013 vector<uint8_t> attested_key_blob;
1014 vector<KeyCharacteristics> attested_key_characteristics;
1015 vector<Certificate> attested_key_cert_chain;
1016 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1017 &attested_key_characteristics, &attested_key_cert_chain);
1018
1019 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
1020 GTEST_SKIP()
1021 << "Test not applicable as device does not support SECOND-IMEI ID attestation.";
1022 }
1023
1024 ASSERT_EQ(result, ErrorCode::OK);
1025
1026 CheckedDeleteKey(&attested_key_blob);
1027
1028 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
1029 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
1030
1031 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1032 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1033 // attestation extension should contain them, so make sure the extra tag is added.
1034 vector<uint8_t> imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1035 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob);
1036 hw_enforced.push_back(imei_tag);
1037
1038 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1039 hw_enforced, SecLevel(),
1040 attested_key_cert_chain[0].encodedCertificate));
1041
1042 CheckedDeleteKey(&attest_key.keyBlob);
1043 }
1044
TEST_P(AttestKeyTest,MultipleIMEIAttestationIDSuccess)1045 TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
1046 if (is_gsi_image()) {
1047 // GSI sets up a standard set of device identifiers that may not match
1048 // the device identifiers held by the device.
1049 GTEST_SKIP() << "Test not applicable under GSI";
1050 }
1051
1052 // Skip the test if there is no first IMEI exists.
1053 string imei = get_imei(0);
1054 if (imei.empty()) {
1055 GTEST_SKIP() << "Test not applicable as there is no first IMEI";
1056 }
1057
1058 // Skip the test if there is no second IMEI exists.
1059 string second_imei = get_imei(1);
1060 if (second_imei.empty()) {
1061 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
1062 }
1063
1064 if (!isSecondImeiIdAttestationRequired()) {
1065 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
1066 }
1067
1068 // Create attestation key.
1069 AttestationKey attest_key;
1070 vector<KeyCharacteristics> attest_key_characteristics;
1071 vector<Certificate> attest_key_cert_chain;
1072 ASSERT_EQ(ErrorCode::OK,
1073 GenerateAttestKey(AuthorizationSetBuilder()
1074 .EcdsaKey(EcCurve::P_256)
1075 .AttestKey()
1076 .SetDefaultValidity(),
1077 {} /* attestation signing key */, &attest_key.keyBlob,
1078 &attest_key_characteristics, &attest_key_cert_chain));
1079 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
1080 EXPECT_EQ(attest_key_cert_chain.size(), 1);
1081 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
1082
1083 // Use attestation key to sign an ECDSA key, but include both IMEI attestation ID fields.
1084 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
1085 .EcdsaSigningKey(EcCurve::P_256)
1086 .Authorization(TAG_NO_AUTH_REQUIRED)
1087 .AttestationChallenge("challenge")
1088 .AttestationApplicationId("foo")
1089 .SetDefaultValidity();
1090 builder.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
1091 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
1092
1093 vector<uint8_t> attested_key_blob;
1094 vector<KeyCharacteristics> attested_key_characteristics;
1095 vector<Certificate> attested_key_cert_chain;
1096 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
1097 &attested_key_characteristics, &attested_key_cert_chain);
1098
1099 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
1100 GTEST_SKIP() << "Test not applicable as device does not support IMEI ID attestation.";
1101 }
1102
1103 ASSERT_EQ(result, ErrorCode::OK);
1104
1105 CheckedDeleteKey(&attested_key_blob);
1106
1107 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
1108 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
1109
1110 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1111 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1112 // attestation extension should contain them, so make sure the extra tag is added.
1113 vector<uint8_t> imei_blob(imei.data(), imei.data() + imei.size());
1114 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_IMEI, imei_blob);
1115 hw_enforced.push_back(imei_tag);
1116 vector<uint8_t> sec_imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1117 KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob);
1118 hw_enforced.push_back(sec_imei_tag);
1119
1120 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1121 hw_enforced, SecLevel(),
1122 attested_key_cert_chain[0].encodedCertificate));
1123
1124 CheckedDeleteKey(&attest_key.keyBlob);
1125 }
1126
1127 INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
1128
1129 } // namespace aidl::android::hardware::security::keymint::test
1130