1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "keymint_1_attest_key_test"
18 #include <android-base/logging.h>
19 #include <cutils/log.h>
20 #include <cutils/properties.h>
21
22 #include <keymint_support/authorization_set.h>
23 #include <keymint_support/key_param_output.h>
24 #include <keymint_support/openssl_utils.h>
25
26 #include "KeyMintAidlTestBase.h"
27
28 namespace aidl::android::hardware::security::keymint::test {
29
30 namespace {
31
IsSelfSigned(const vector<Certificate> & chain)32 bool IsSelfSigned(const vector<Certificate>& chain) {
33 if (chain.size() != 1) return false;
34 return ChainSignaturesAreValid(chain);
35 }
36
37 } // namespace
38
39 class AttestKeyTest : public KeyMintAidlTestBase {
40 public:
SetUp()41 void SetUp() override {
42 skipAttestKeyTestIfNeeded();
43 KeyMintAidlTestBase::SetUp();
44 }
45 };
46
47 /*
48 * AttestKeyTest.AllRsaSizes
49 *
50 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
51 * used to sign other RSA and EC keys.
52 */
TEST_P(AttestKeyTest,AllRsaSizes)53 TEST_P(AttestKeyTest, AllRsaSizes) {
54 for (auto size : ValidKeySizes(Algorithm::RSA)) {
55 /*
56 * Create attestation key.
57 */
58 AttestationKey attest_key;
59 vector<KeyCharacteristics> attest_key_characteristics;
60 vector<Certificate> attest_key_cert_chain;
61 ASSERT_EQ(ErrorCode::OK,
62 GenerateAttestKey(AuthorizationSetBuilder()
63 .RsaKey(size, 65537)
64 .AttestKey()
65 .SetDefaultValidity(),
66 {} /* attestation signing key */, &attest_key.keyBlob,
67 &attest_key_characteristics, &attest_key_cert_chain));
68 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
69
70 ASSERT_GT(attest_key_cert_chain.size(), 0);
71 EXPECT_EQ(attest_key_cert_chain.size(), 1);
72 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
73
74 /*
75 * Use attestation key to sign RSA signing key
76 */
77 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
78 vector<uint8_t> attested_key_blob;
79 vector<KeyCharacteristics> attested_key_characteristics;
80 vector<Certificate> attested_key_cert_chain;
81 ASSERT_EQ(ErrorCode::OK,
82 GenerateKey(AuthorizationSetBuilder()
83 .RsaSigningKey(2048, 65537)
84 .Authorization(TAG_NO_AUTH_REQUIRED)
85 .AttestationChallenge("foo")
86 .AttestationApplicationId("bar")
87 .SetDefaultValidity(),
88 attest_key, &attested_key_blob, &attested_key_characteristics,
89 &attested_key_cert_chain));
90 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
91
92 ASSERT_GT(attested_key_cert_chain.size(), 0);
93
94 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
95 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
96 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
97 SecLevel(),
98 attested_key_cert_chain[0].encodedCertificate));
99
100 // Attestation by itself is not valid (last entry is not self-signed).
101 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
102
103 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
104 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
105 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
106 EXPECT_EQ(attested_key_cert_chain.size(), 2);
107
108 /*
109 * Use attestation key to sign RSA decryption key
110 */
111 attested_key_characteristics.resize(0);
112 attested_key_cert_chain.resize(0);
113 ASSERT_EQ(ErrorCode::OK,
114 GenerateKey(AuthorizationSetBuilder()
115 .RsaEncryptionKey(2048, 65537)
116 .Digest(Digest::NONE)
117 .Padding(PaddingMode::NONE)
118 .Authorization(TAG_NO_AUTH_REQUIRED)
119 .AttestationChallenge("foo2")
120 .AttestationApplicationId("bar2")
121 .SetDefaultValidity(),
122 attest_key, &attested_key_blob, &attested_key_characteristics,
123 &attested_key_cert_chain));
124 KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob);
125
126 ASSERT_GT(attested_key_cert_chain.size(), 0);
127
128 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
129 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
130 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
131 hw_enforced, SecLevel(),
132 attested_key_cert_chain[0].encodedCertificate));
133
134 // Attestation by itself is not valid (last entry is not self-signed).
135 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
136
137 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
138 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
139 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
140 EXPECT_EQ(attested_key_cert_chain.size(), 2);
141
142 /*
143 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
144 */
145 attested_key_characteristics.resize(0);
146 attested_key_cert_chain.resize(0);
147 uint64_t timestamp = 1619621648000;
148 ASSERT_EQ(ErrorCode::OK,
149 GenerateKey(AuthorizationSetBuilder()
150 .EcdsaSigningKey(EcCurve::P_256)
151 .Authorization(TAG_NO_AUTH_REQUIRED)
152 .AttestationChallenge("foo")
153 .AttestationApplicationId("bar")
154 .Authorization(TAG_CREATION_DATETIME, timestamp)
155 .SetDefaultValidity(),
156 attest_key, &attested_key_blob, &attested_key_characteristics,
157 &attested_key_cert_chain));
158 KeyBlobDeleter attested_deleter3(keymint_, attested_key_blob);
159
160 ASSERT_GT(attested_key_cert_chain.size(), 0);
161
162 // The returned key characteristics will include CREATION_DATETIME (checked below)
163 // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
164 // call below, to match what getKeyCharacteristics() returns (which doesn't include
165 // any SecurityLevel::KEYSTORE characteristics).
166 CheckCharacteristics(attested_key_blob, attested_key_characteristics);
167
168 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
169 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
170
171 // The client-specified CREATION_DATETIME should be in sw_enforced.
172 // Its presence will also trigger verify_attestation_record() to check that
173 // it is in the attestation extension with a matching value.
174 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
175 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
176 << " not in hw_enforced:" << hw_enforced;
177 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
178 SecLevel(),
179 attested_key_cert_chain[0].encodedCertificate));
180
181 // Attestation by itself is not valid (last entry is not self-signed).
182 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
183
184 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
185 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
186 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
187
188 // Bail early if anything failed.
189 if (HasFailure()) return;
190 }
191 }
192
193 /*
194 * AttestKeyTest.RsaAttestKeyMultiPurposeFail
195 *
196 * This test attempts to create an RSA attestation key that also allows signing.
197 */
TEST_P(AttestKeyTest,RsaAttestKeyMultiPurposeFail)198 TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
199 if (AidlVersion() < 2) {
200 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
201 // with other key purposes. However, this was not checked at the time
202 // so we can only be strict about checking this for implementations of KeyMint
203 // version 2 and above.
204 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
205 }
206
207 vector<uint8_t> attest_key_blob;
208 vector<KeyCharacteristics> attest_key_characteristics;
209 vector<Certificate> attest_key_cert_chain;
210 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
211 GenerateKey(AuthorizationSetBuilder()
212 .RsaSigningKey(2048, 65537)
213 .AttestKey()
214 .SetDefaultValidity(),
215 {} /* attestation signing key */, &attest_key_blob,
216 &attest_key_characteristics, &attest_key_cert_chain));
217 }
218
219 /*
220 * AttestKeyTest.RsaAttestedAttestKeys
221 *
222 * This test creates an RSA attestation key signed by factory keys, and verifies it can be
223 * used to sign other RSA and EC keys.
224 */
TEST_P(AttestKeyTest,RsaAttestedAttestKeys)225 TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
226 auto challenge = "hello";
227 auto app_id = "foo";
228
229 auto subject = "cert subj 2";
230 vector<uint8_t> subject_der(make_name_from_str(subject));
231
232 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
233 // that a zero value doesn't cause problems.
234 uint64_t serial_int = 0;
235 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
236
237 /*
238 * Create attestation key.
239 */
240 AttestationKey attest_key;
241 vector<KeyCharacteristics> attest_key_characteristics;
242 vector<Certificate> attest_key_cert_chain;
243 auto result = GenerateAttestKey(AuthorizationSetBuilder()
244 .RsaKey(2048, 65537)
245 .AttestKey()
246 .AttestationChallenge(challenge)
247 .AttestationApplicationId(app_id)
248 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
249 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
250 .Authorization(TAG_NO_AUTH_REQUIRED)
251 .SetDefaultValidity(),
252 {} /* attestation signing key */, &attest_key.keyBlob,
253 &attest_key_characteristics, &attest_key_cert_chain);
254 if (isRkpOnly() && result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) {
255 GTEST_SKIP() << "RKP-only devices do not have a factory key";
256 }
257 ASSERT_EQ(ErrorCode::OK, result);
258 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
259
260 EXPECT_GT(attest_key_cert_chain.size(), 1);
261 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
262 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
263
264 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
265 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
266 ASSERT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
267 sw_enforced, hw_enforced, SecLevel(),
268 attest_key_cert_chain[0].encodedCertificate));
269
270 /*
271 * Use attestation key to sign RSA key
272 */
273 attest_key.issuerSubjectName = subject_der;
274 vector<uint8_t> attested_key_blob;
275 vector<KeyCharacteristics> attested_key_characteristics;
276 vector<Certificate> attested_key_cert_chain;
277
278 auto subject2 = "cert subject";
279 vector<uint8_t> subject_der2(make_name_from_str(subject2));
280
281 uint64_t serial_int2 = 255;
282 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
283
284 ASSERT_EQ(ErrorCode::OK,
285 GenerateKey(AuthorizationSetBuilder()
286 .RsaSigningKey(2048, 65537)
287 .Authorization(TAG_NO_AUTH_REQUIRED)
288 .AttestationChallenge("foo")
289 .AttestationApplicationId("bar")
290 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
291 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
292 .SetDefaultValidity(),
293 attest_key, &attested_key_blob, &attested_key_characteristics,
294 &attested_key_cert_chain));
295 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
296
297 ASSERT_GT(attested_key_cert_chain.size(), 0);
298
299 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
300 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
301 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
302 SecLevel(),
303 attested_key_cert_chain[0].encodedCertificate));
304
305 // Attestation by itself is not valid (last entry is not self-signed).
306 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
307
308 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
309 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
310 attest_key_cert_chain.end());
311
312 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
313 EXPECT_GT(attested_key_cert_chain.size(), 2);
314 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
315 }
316
317 /*
318 * AttestKeyTest.RsaAttestKeyChaining
319 *
320 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
321 * with the last attest key signed by the factory chain.
322 */
TEST_P(AttestKeyTest,RsaAttestKeyChaining)323 TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
324 const int chain_size = 6;
325 vector<vector<uint8_t>> key_blob_list(chain_size);
326 vector<vector<Certificate>> cert_chain_list(chain_size);
327 vector<KeyBlobDeleter> deleters;
328
329 for (int i = 0; i < chain_size; i++) {
330 string sub = "attest key chaining ";
331 char index = '1' + i;
332 string subject = sub + index;
333 vector<uint8_t> subject_der(make_name_from_str(subject));
334
335 uint64_t serial_int = 7000 + i;
336 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
337
338 vector<KeyCharacteristics> attested_key_characteristics;
339 AttestationKey attest_key;
340 optional<AttestationKey> attest_key_opt;
341
342 if (i > 0) {
343 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
344 attest_key.keyBlob = key_blob_list[i - 1];
345 attest_key_opt = attest_key;
346 }
347
348 AuthorizationSetBuilder auth_set_builder =
349 AuthorizationSetBuilder()
350 .RsaKey(2048, 65537)
351 .AttestKey()
352 .AttestationApplicationId("bar")
353 .Authorization(TAG_NO_AUTH_REQUIRED)
354 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
355 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
356 .SetDefaultValidity();
357 // In RKP-only systems, the first key cannot be attested due to lack of batch key
358 if (!isRkpOnly() || i > 0) {
359 auth_set_builder.AttestationChallenge("foo");
360 }
361 auto result = GenerateAttestKey(auth_set_builder, attest_key_opt, &key_blob_list[i],
362 &attested_key_characteristics, &cert_chain_list[i]);
363 ASSERT_EQ(ErrorCode::OK, result);
364 deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i]));
365
366 if (!isRkpOnly() || i > 0) {
367 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
368 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
369 ASSERT_GT(cert_chain_list[i].size(), 0);
370 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced,
371 hw_enforced, SecLevel(),
372 cert_chain_list[i][0].encodedCertificate));
373 }
374
375 if (i > 0) {
376 /*
377 * The first key is attestated with factory chain, but all the rest of the keys are
378 * not supposed to be returned in attestation certificate chains.
379 */
380 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
381
382 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
383 cert_chain_list[i].insert(cert_chain_list[i].end(), //
384 cert_chain_list[i - 1].begin(), //
385 cert_chain_list[i - 1].end());
386 }
387
388 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
389 EXPECT_GT(cert_chain_list[i].size(), i + (isRkpOnly() ? 0 : 1));
390 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
391 }
392 }
393
394 /*
395 * AttestKeyTest.EcAttestKeyChaining
396 *
397 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
398 * with the last attest key signed by the factory chain.
399 */
TEST_P(AttestKeyTest,EcAttestKeyChaining)400 TEST_P(AttestKeyTest, EcAttestKeyChaining) {
401 const int chain_size = 6;
402 vector<vector<uint8_t>> key_blob_list(chain_size);
403 vector<vector<Certificate>> cert_chain_list(chain_size);
404 vector<KeyBlobDeleter> deleters;
405
406 for (int i = 0; i < chain_size; i++) {
407 string sub = "Ec attest key chaining ";
408 char index = '1' + i;
409 string subject = sub + index;
410 vector<uint8_t> subject_der(make_name_from_str(subject));
411
412 uint64_t serial_int = 800000 + i;
413 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
414
415 vector<KeyCharacteristics> attested_key_characteristics;
416 AttestationKey attest_key;
417 optional<AttestationKey> attest_key_opt;
418
419 if (i > 0) {
420 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
421 attest_key.keyBlob = key_blob_list[i - 1];
422 attest_key_opt = attest_key;
423 }
424
425 AuthorizationSetBuilder auth_set_builder =
426 AuthorizationSetBuilder()
427 .EcdsaKey(EcCurve::P_256)
428 .AttestKey()
429 .AttestationApplicationId("bar")
430 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
431 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
432 .Authorization(TAG_NO_AUTH_REQUIRED)
433 .SetDefaultValidity();
434 // In RKP-only systems, the first key cannot be attested due to lack of batch key
435 if (!isRkpOnly() || i > 0) {
436 auth_set_builder.AttestationChallenge("foo");
437 }
438 auto result = GenerateAttestKey(auth_set_builder, attest_key_opt, &key_blob_list[i],
439 &attested_key_characteristics, &cert_chain_list[i]);
440 ASSERT_EQ(ErrorCode::OK, result);
441 deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i]));
442
443 if (!isRkpOnly() || i > 0) {
444 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
445 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
446 ASSERT_GT(cert_chain_list[i].size(), 0);
447 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced,
448 hw_enforced, SecLevel(),
449 cert_chain_list[i][0].encodedCertificate));
450 }
451
452 if (i > 0) {
453 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
454
455 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
456 cert_chain_list[i].insert(cert_chain_list[i].end(), //
457 cert_chain_list[i - 1].begin(), //
458 cert_chain_list[i - 1].end());
459 }
460
461 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
462 EXPECT_GT(cert_chain_list[i].size(), i + (isRkpOnly() ? 0 : 1));
463 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
464 }
465 }
466
467 /*
468 * AttestKeyTest.EcAttestKeyMultiPurposeFail
469 *
470 * This test attempts to create an EC attestation key that also allows signing.
471 */
TEST_P(AttestKeyTest,EcAttestKeyMultiPurposeFail)472 TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
473 if (AidlVersion() < 2) {
474 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
475 // with other key purposes. However, this was not checked at the time
476 // so we can only be strict about checking this for implementations of KeyMint
477 // version 2 and above.
478 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
479 }
480 vector<uint8_t> attest_key_blob;
481 vector<KeyCharacteristics> attest_key_characteristics;
482 vector<Certificate> attest_key_cert_chain;
483 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
484 GenerateKey(AuthorizationSetBuilder()
485 .EcdsaSigningKey(EcCurve::P_256)
486 .AttestKey()
487 .SetDefaultValidity(),
488 {} /* attestation signing key */, &attest_key_blob,
489 &attest_key_characteristics, &attest_key_cert_chain));
490 }
491
492 /*
493 * AttestKeyTest.AlternateAttestKeyChaining
494 *
495 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
496 * Each attest key is used to sign the next attest key, with the last attest key signed by
497 * the factory chain. This is to verify different algorithms of attest keys can
498 * cross sign each other and be chained together.
499 */
TEST_P(AttestKeyTest,AlternateAttestKeyChaining)500 TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
501 const int chain_size = 6;
502 vector<vector<uint8_t>> key_blob_list(chain_size);
503 vector<vector<Certificate>> cert_chain_list(chain_size);
504 vector<KeyBlobDeleter> deleters;
505
506 for (int i = 0; i < chain_size; i++) {
507 string sub = "Alt attest key chaining ";
508 char index = '1' + i;
509 string subject = sub + index;
510 vector<uint8_t> subject_der(make_name_from_str(subject));
511
512 uint64_t serial_int = 90000000 + i;
513 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
514
515 vector<KeyCharacteristics> attested_key_characteristics;
516 AttestationKey attest_key;
517 optional<AttestationKey> attest_key_opt;
518
519 if (i > 0) {
520 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
521 attest_key.keyBlob = key_blob_list[i - 1];
522 attest_key_opt = attest_key;
523 }
524 AuthorizationSetBuilder auth_set_builder =
525 AuthorizationSetBuilder()
526 .AttestKey()
527 .AttestationApplicationId("bar")
528 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
529 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
530 .Authorization(TAG_NO_AUTH_REQUIRED)
531 .SetDefaultValidity();
532 // In RKP-only systems, the first key cannot be attested due to lack of batch key
533 if (!isRkpOnly() || i > 0) {
534 auth_set_builder.AttestationChallenge("foo");
535 }
536 if ((i & 0x1) == 1) {
537 auth_set_builder.EcdsaKey(EcCurve::P_256);
538 } else {
539 auth_set_builder.RsaKey(2048, 65537);
540 }
541 ErrorCode result = GenerateAttestKey(auth_set_builder, attest_key_opt, &key_blob_list[i],
542 &attested_key_characteristics, &cert_chain_list[i]);
543 ASSERT_EQ(ErrorCode::OK, result);
544 deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i]));
545
546 if (!isRkpOnly() || i > 0) {
547 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
548 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
549 ASSERT_GT(cert_chain_list[i].size(), 0);
550 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced,
551 hw_enforced, SecLevel(),
552 cert_chain_list[i][0].encodedCertificate));
553 }
554
555 if (i > 0) {
556 /*
557 * The first key is attestated with factory chain, but all the rest of the keys are
558 * not supposed to be returned in attestation certificate chains.
559 */
560 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
561
562 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
563 cert_chain_list[i].insert(cert_chain_list[i].end(), //
564 cert_chain_list[i - 1].begin(), //
565 cert_chain_list[i - 1].end());
566 }
567
568 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
569 EXPECT_GT(cert_chain_list[i].size(), i + (isRkpOnly() ? 0 : 1));
570 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
571 }
572 }
573
TEST_P(AttestKeyTest,MissingChallenge)574 TEST_P(AttestKeyTest, MissingChallenge) {
575 for (auto size : ValidKeySizes(Algorithm::RSA)) {
576 /*
577 * Create attestation key.
578 */
579 AttestationKey attest_key;
580 vector<KeyCharacteristics> attest_key_characteristics;
581 vector<Certificate> attest_key_cert_chain;
582 ASSERT_EQ(ErrorCode::OK,
583 GenerateAttestKey(AuthorizationSetBuilder()
584 .RsaKey(size, 65537)
585 .AttestKey()
586 .SetDefaultValidity(),
587 {} /* attestation signing key */, &attest_key.keyBlob,
588 &attest_key_characteristics, &attest_key_cert_chain));
589 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
590
591 EXPECT_EQ(attest_key_cert_chain.size(), 1);
592 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
593
594 /*
595 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
596 */
597 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
598 vector<uint8_t> attested_key_blob;
599 vector<KeyCharacteristics> attested_key_characteristics;
600 vector<Certificate> attested_key_cert_chain;
601 ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
602 GenerateKey(AuthorizationSetBuilder()
603 .RsaSigningKey(2048, 65537)
604 .Authorization(TAG_NO_AUTH_REQUIRED)
605 .AttestationApplicationId("bar")
606 .SetDefaultValidity(),
607 attest_key, &attested_key_blob, &attested_key_characteristics,
608 &attested_key_cert_chain));
609
610 ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
611 GenerateKey(AuthorizationSetBuilder()
612 .EcdsaSigningKey(EcCurve::P_256)
613 .Authorization(TAG_NO_AUTH_REQUIRED)
614 .AttestationApplicationId("bar")
615 .SetDefaultValidity(),
616 attest_key, &attested_key_blob, &attested_key_characteristics,
617 &attested_key_cert_chain));
618 }
619 }
620
TEST_P(AttestKeyTest,AllEcCurves)621 TEST_P(AttestKeyTest, AllEcCurves) {
622 for (auto curve : ValidCurves()) {
623 /*
624 * Create attestation key.
625 */
626 AttestationKey attest_key;
627 vector<KeyCharacteristics> attest_key_characteristics;
628 vector<Certificate> attest_key_cert_chain;
629 ASSERT_EQ(
630 ErrorCode::OK,
631 GenerateAttestKey(
632 AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(),
633 {} /* attestation signing key */, &attest_key.keyBlob,
634 &attest_key_characteristics, &attest_key_cert_chain));
635 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
636
637 ASSERT_GT(attest_key_cert_chain.size(), 0);
638 EXPECT_EQ(attest_key_cert_chain.size(), 1);
639 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
640
641 /*
642 * Use attestation key to sign RSA key
643 */
644 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
645 vector<uint8_t> attested_key_blob;
646 vector<KeyCharacteristics> attested_key_characteristics;
647 vector<Certificate> attested_key_cert_chain;
648 ASSERT_EQ(ErrorCode::OK,
649 GenerateKey(AuthorizationSetBuilder()
650 .RsaSigningKey(2048, 65537)
651 .Authorization(TAG_NO_AUTH_REQUIRED)
652 .AttestationChallenge("foo")
653 .AttestationApplicationId("bar")
654 .SetDefaultValidity(),
655 attest_key, &attested_key_blob, &attested_key_characteristics,
656 &attested_key_cert_chain));
657 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
658
659 ASSERT_GT(attested_key_cert_chain.size(), 0);
660
661 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
662 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
663 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
664 SecLevel(),
665 attested_key_cert_chain[0].encodedCertificate));
666
667 // Attestation by itself is not valid (last entry is not self-signed).
668 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
669
670 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
671 if (attest_key_cert_chain.size() > 0) {
672 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
673 }
674 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
675
676 /*
677 * Use attestation key to sign EC key
678 */
679 ASSERT_EQ(ErrorCode::OK,
680 GenerateKey(AuthorizationSetBuilder()
681 .EcdsaSigningKey(EcCurve::P_256)
682 .Authorization(TAG_NO_AUTH_REQUIRED)
683 .AttestationChallenge("foo")
684 .AttestationApplicationId("bar")
685 .SetDefaultValidity(),
686 attest_key, &attested_key_blob, &attested_key_characteristics,
687 &attested_key_cert_chain));
688 KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob);
689
690 ASSERT_GT(attested_key_cert_chain.size(), 0);
691
692 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
693 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
694 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
695 SecLevel(),
696 attested_key_cert_chain[0].encodedCertificate));
697
698 // Attestation by itself is not valid (last entry is not self-signed).
699 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
700
701 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
702 if (attest_key_cert_chain.size() > 0) {
703 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
704 }
705 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
706
707 // Bail early if anything failed.
708 if (HasFailure()) return;
709 }
710 }
711
TEST_P(AttestKeyTest,AttestWithNonAttestKey)712 TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
713 // Create non-attestation key.
714 AttestationKey non_attest_key;
715 vector<KeyCharacteristics> non_attest_key_characteristics;
716 vector<Certificate> non_attest_key_cert_chain;
717 ASSERT_EQ(
718 ErrorCode::OK,
719 GenerateKey(
720 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
721 {} /* attestation signing key */, &non_attest_key.keyBlob,
722 &non_attest_key_characteristics, &non_attest_key_cert_chain));
723
724 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
725 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
726 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
727
728 // Attempt to sign attestation with non-attest key.
729 vector<uint8_t> attested_key_blob;
730 vector<KeyCharacteristics> attested_key_characteristics;
731 vector<Certificate> attested_key_cert_chain;
732 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
733 GenerateKey(AuthorizationSetBuilder()
734 .EcdsaSigningKey(EcCurve::P_256)
735 .Authorization(TAG_NO_AUTH_REQUIRED)
736 .AttestationChallenge("foo")
737 .AttestationApplicationId("bar")
738 .SetDefaultValidity(),
739 non_attest_key, &attested_key_blob, &attested_key_characteristics,
740 &attested_key_cert_chain));
741 }
742
TEST_P(AttestKeyTest,EcdsaAttestationID)743 TEST_P(AttestKeyTest, EcdsaAttestationID) {
744 // Create attestation key.
745 AttestationKey attest_key;
746 vector<KeyCharacteristics> attest_key_characteristics;
747 vector<Certificate> attest_key_cert_chain;
748 ASSERT_EQ(ErrorCode::OK,
749 GenerateAttestKey(AuthorizationSetBuilder()
750 .EcdsaKey(EcCurve::P_256)
751 .AttestKey()
752 .SetDefaultValidity(),
753 {} /* attestation signing key */, &attest_key.keyBlob,
754 &attest_key_characteristics, &attest_key_cert_chain));
755 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
756 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
757 ASSERT_GT(attest_key_cert_chain.size(), 0);
758 EXPECT_EQ(attest_key_cert_chain.size(), 1);
759 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
760
761 // Collection of valid attestation ID tags.
762 auto attestation_id_tags = AuthorizationSetBuilder();
763 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "brand");
764 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "device");
765 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "name");
766 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER, "manufacturer");
767 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "model");
768 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
769
770 string imei = get_imei(0);
771 if (!imei.empty()) {
772 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
773 }
774
775 for (const KeyParameter& tag : attestation_id_tags) {
776 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
777 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
778 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
779 .EcdsaSigningKey(EcCurve::P_256)
780 .Authorization(TAG_NO_AUTH_REQUIRED)
781 .AttestationChallenge("challenge")
782 .AttestationApplicationId("foo")
783 .SetDefaultValidity();
784 builder.push_back(tag);
785 vector<uint8_t> attested_key_blob;
786 vector<KeyCharacteristics> attested_key_characteristics;
787 vector<Certificate> attested_key_cert_chain;
788 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
789 &attested_key_characteristics, &attested_key_cert_chain);
790 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
791 continue;
792 }
793
794 ASSERT_EQ(result, ErrorCode::OK);
795 ASSERT_GT(attested_key_cert_chain.size(), 0);
796 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
797
798 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
799 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
800
801 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
802 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
803 // attestation extension should contain them, so make sure the extra tag is added.
804 hw_enforced.push_back(tag);
805
806 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
807 hw_enforced, SecLevel(),
808 attested_key_cert_chain[0].encodedCertificate));
809 }
810 }
811
TEST_P(AttestKeyTest,EcdsaAttestationMismatchID)812 TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {
813 // Create attestation key.
814 AttestationKey attest_key;
815 vector<KeyCharacteristics> attest_key_characteristics;
816 vector<Certificate> attest_key_cert_chain;
817 ASSERT_EQ(ErrorCode::OK,
818 GenerateAttestKey(AuthorizationSetBuilder()
819 .EcdsaKey(EcCurve::P_256)
820 .AttestKey()
821 .SetDefaultValidity(),
822 {} /* attestation signing key */, &attest_key.keyBlob,
823 &attest_key_characteristics, &attest_key_cert_chain));
824 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
825 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
826 ASSERT_GT(attest_key_cert_chain.size(), 0);
827 EXPECT_EQ(attest_key_cert_chain.size(), 1);
828 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
829
830 // Collection of invalid attestation ID tags.
831 auto attestation_id_tags =
832 AuthorizationSetBuilder()
833 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
834 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
835 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
836 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
837 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
838 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
839 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
840 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
841
842 if (isSecondImeiIdAttestationRequired()) {
843 // Note: the invalid value here is < 16 bytes long to avoid triggering any implementation
844 // checks on valid IMEI lengths.
845 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, "invalid-imei2");
846 }
847 vector<uint8_t> key_blob;
848 vector<KeyCharacteristics> key_characteristics;
849
850 for (const KeyParameter& invalid_tag : attestation_id_tags) {
851 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
852
853 // Use attestation key to sign an ECDSA key, but include an invalid
854 // attestation ID field.
855 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
856 .EcdsaSigningKey(EcCurve::P_256)
857 .Authorization(TAG_NO_AUTH_REQUIRED)
858 .AttestationChallenge("challenge")
859 .AttestationApplicationId("foo")
860 .SetDefaultValidity();
861 builder.push_back(invalid_tag);
862 vector<uint8_t> attested_key_blob;
863 vector<KeyCharacteristics> attested_key_characteristics;
864 vector<Certificate> attested_key_cert_chain;
865 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
866 &attested_key_characteristics, &attested_key_cert_chain);
867 device_id_attestation_check_acceptable_error(invalid_tag.tag, result);
868 }
869 }
870
TEST_P(AttestKeyTest,SecondIMEIAttestationIDSuccess)871 TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
872 // Skip the test if there is no second IMEI exists.
873 string second_imei = get_imei(1);
874 if (second_imei.empty()) {
875 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
876 }
877
878 if (!isSecondImeiIdAttestationRequired()) {
879 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
880 }
881
882 // Create attestation key.
883 AttestationKey attest_key;
884 vector<KeyCharacteristics> attest_key_characteristics;
885 vector<Certificate> attest_key_cert_chain;
886 ASSERT_EQ(ErrorCode::OK,
887 GenerateAttestKey(AuthorizationSetBuilder()
888 .EcdsaKey(EcCurve::P_256)
889 .AttestKey()
890 .SetDefaultValidity(),
891 {} /* attestation signing key */, &attest_key.keyBlob,
892 &attest_key_characteristics, &attest_key_cert_chain));
893 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
894 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
895 EXPECT_EQ(attest_key_cert_chain.size(), 1);
896 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
897
898 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
899 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
900 .EcdsaSigningKey(EcCurve::P_256)
901 .Authorization(TAG_NO_AUTH_REQUIRED)
902 .AttestationChallenge("challenge")
903 .AttestationApplicationId("foo")
904 .SetDefaultValidity();
905 // b/264979486 - second imei doesn't depend on first imei.
906 // Add second IMEI as attestation id without adding first IMEI as
907 // attestation id.
908 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
909
910 vector<uint8_t> attested_key_blob;
911 vector<KeyCharacteristics> attested_key_characteristics;
912 vector<Certificate> attested_key_cert_chain;
913 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
914 &attested_key_characteristics, &attested_key_cert_chain);
915
916 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
917 GTEST_SKIP()
918 << "Test not applicable as device does not support SECOND-IMEI ID attestation.";
919 }
920
921 ASSERT_EQ(result, ErrorCode::OK);
922 ASSERT_GT(attested_key_cert_chain.size(), 0);
923 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
924
925 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
926 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
927
928 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
929 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
930 // attestation extension should contain them, so make sure the extra tag is added.
931 vector<uint8_t> imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
932 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob);
933 hw_enforced.push_back(imei_tag);
934
935 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
936 hw_enforced, SecLevel(),
937 attested_key_cert_chain[0].encodedCertificate));
938 }
939
TEST_P(AttestKeyTest,MultipleIMEIAttestationIDSuccess)940 TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
941 // Skip the test if there is no first IMEI exists.
942 string imei = get_imei(0);
943 if (imei.empty()) {
944 GTEST_SKIP() << "Test not applicable as there is no first IMEI";
945 }
946
947 // Skip the test if there is no second IMEI exists.
948 string second_imei = get_imei(1);
949 if (second_imei.empty()) {
950 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
951 }
952
953 if (!isSecondImeiIdAttestationRequired()) {
954 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
955 }
956
957 // Create attestation key.
958 AttestationKey attest_key;
959 vector<KeyCharacteristics> attest_key_characteristics;
960 vector<Certificate> attest_key_cert_chain;
961 ASSERT_EQ(ErrorCode::OK,
962 GenerateAttestKey(AuthorizationSetBuilder()
963 .EcdsaKey(EcCurve::P_256)
964 .AttestKey()
965 .SetDefaultValidity(),
966 {} /* attestation signing key */, &attest_key.keyBlob,
967 &attest_key_characteristics, &attest_key_cert_chain));
968 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
969 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
970 EXPECT_EQ(attest_key_cert_chain.size(), 1);
971 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
972
973 // Use attestation key to sign an ECDSA key, but include both IMEI attestation ID fields.
974 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
975 .EcdsaSigningKey(EcCurve::P_256)
976 .Authorization(TAG_NO_AUTH_REQUIRED)
977 .AttestationChallenge("challenge")
978 .AttestationApplicationId("foo")
979 .SetDefaultValidity();
980 builder.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
981 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
982
983 vector<uint8_t> attested_key_blob;
984 vector<KeyCharacteristics> attested_key_characteristics;
985 vector<Certificate> attested_key_cert_chain;
986 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
987 &attested_key_characteristics, &attested_key_cert_chain);
988
989 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
990 GTEST_SKIP() << "Test not applicable as device does not support IMEI ID attestation.";
991 }
992
993 ASSERT_EQ(result, ErrorCode::OK);
994 ASSERT_GT(attested_key_cert_chain.size(), 0);
995 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
996
997 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
998 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
999
1000 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1001 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1002 // attestation extension should contain them, so make sure the extra tag is added.
1003 vector<uint8_t> imei_blob(imei.data(), imei.data() + imei.size());
1004 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_IMEI, imei_blob);
1005 hw_enforced.push_back(imei_tag);
1006 vector<uint8_t> sec_imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1007 KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob);
1008 hw_enforced.push_back(sec_imei_tag);
1009
1010 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1011 hw_enforced, SecLevel(),
1012 attested_key_cert_chain[0].encodedCertificate));
1013 }
1014
1015 INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
1016
1017 } // namespace aidl::android::hardware::security::keymint::test
1018