1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "keymint_1_attest_key_test"
18 #include <android-base/logging.h>
19 #include <cutils/log.h>
20 #include <cutils/properties.h>
21
22 #include <keymint_support/authorization_set.h>
23 #include <keymint_support/key_param_output.h>
24 #include <keymint_support/openssl_utils.h>
25
26 #include "KeyMintAidlTestBase.h"
27
28 namespace aidl::android::hardware::security::keymint::test {
29
30 namespace {
31
IsSelfSigned(const vector<Certificate> & chain)32 bool IsSelfSigned(const vector<Certificate>& chain) {
33 if (chain.size() != 1) return false;
34 return ChainSignaturesAreValid(chain);
35 }
36
37 } // namespace
38
39 class AttestKeyTest : public KeyMintAidlTestBase {
40 public:
SetUp()41 void SetUp() override {
42 if (shouldSkipAttestKeyTest()) {
43 GTEST_SKIP() << "Test using ATTEST_KEY is not applicable on waivered device";
44 }
45 KeyMintAidlTestBase::SetUp();
46 }
47 };
48
49 /*
50 * AttestKeyTest.AllRsaSizes
51 *
52 * This test creates self signed RSA attestation keys of various sizes, and verify they can be
53 * used to sign other RSA and EC keys.
54 */
TEST_P(AttestKeyTest,AllRsaSizes)55 TEST_P(AttestKeyTest, AllRsaSizes) {
56 for (auto size : ValidKeySizes(Algorithm::RSA)) {
57 /*
58 * Create attestation key.
59 */
60 AttestationKey attest_key;
61 vector<KeyCharacteristics> attest_key_characteristics;
62 vector<Certificate> attest_key_cert_chain;
63 ASSERT_EQ(ErrorCode::OK,
64 GenerateAttestKey(AuthorizationSetBuilder()
65 .RsaKey(size, 65537)
66 .AttestKey()
67 .SetDefaultValidity(),
68 {} /* attestation signing key */, &attest_key.keyBlob,
69 &attest_key_characteristics, &attest_key_cert_chain));
70 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
71
72 ASSERT_GT(attest_key_cert_chain.size(), 0);
73 EXPECT_EQ(attest_key_cert_chain.size(), 1);
74 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
75
76 /*
77 * Use attestation key to sign RSA signing key
78 */
79 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
80 vector<uint8_t> attested_key_blob;
81 vector<KeyCharacteristics> attested_key_characteristics;
82 vector<Certificate> attested_key_cert_chain;
83 ASSERT_EQ(ErrorCode::OK,
84 GenerateKey(AuthorizationSetBuilder()
85 .RsaSigningKey(2048, 65537)
86 .Authorization(TAG_NO_AUTH_REQUIRED)
87 .AttestationChallenge("foo")
88 .AttestationApplicationId("bar")
89 .SetDefaultValidity(),
90 attest_key, &attested_key_blob, &attested_key_characteristics,
91 &attested_key_cert_chain));
92 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
93
94 ASSERT_GT(attested_key_cert_chain.size(), 0);
95
96 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
97 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
98 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
99 SecLevel(),
100 attested_key_cert_chain[0].encodedCertificate));
101
102 // Attestation by itself is not valid (last entry is not self-signed).
103 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
104
105 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
106 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
107 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
108 EXPECT_EQ(attested_key_cert_chain.size(), 2);
109
110 /*
111 * Use attestation key to sign RSA decryption key
112 */
113 attested_key_characteristics.resize(0);
114 attested_key_cert_chain.resize(0);
115 ASSERT_EQ(ErrorCode::OK,
116 GenerateKey(AuthorizationSetBuilder()
117 .RsaEncryptionKey(2048, 65537)
118 .Digest(Digest::NONE)
119 .Padding(PaddingMode::NONE)
120 .Authorization(TAG_NO_AUTH_REQUIRED)
121 .AttestationChallenge("foo2")
122 .AttestationApplicationId("bar2")
123 .SetDefaultValidity(),
124 attest_key, &attested_key_blob, &attested_key_characteristics,
125 &attested_key_cert_chain));
126 KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob);
127
128 ASSERT_GT(attested_key_cert_chain.size(), 0);
129
130 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
131 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
132 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
133 hw_enforced, SecLevel(),
134 attested_key_cert_chain[0].encodedCertificate));
135
136 // Attestation by itself is not valid (last entry is not self-signed).
137 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
138
139 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
140 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
141 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
142 EXPECT_EQ(attested_key_cert_chain.size(), 2);
143
144 /*
145 * Use attestation key to sign EC key. Specify a CREATION_DATETIME for this one.
146 */
147 attested_key_characteristics.resize(0);
148 attested_key_cert_chain.resize(0);
149 uint64_t timestamp = 1619621648000;
150 ASSERT_EQ(ErrorCode::OK,
151 GenerateKey(AuthorizationSetBuilder()
152 .EcdsaSigningKey(EcCurve::P_256)
153 .Authorization(TAG_NO_AUTH_REQUIRED)
154 .AttestationChallenge("foo")
155 .AttestationApplicationId("bar")
156 .Authorization(TAG_CREATION_DATETIME, timestamp)
157 .SetDefaultValidity(),
158 attest_key, &attested_key_blob, &attested_key_characteristics,
159 &attested_key_cert_chain));
160 KeyBlobDeleter attested_deleter3(keymint_, attested_key_blob);
161
162 ASSERT_GT(attested_key_cert_chain.size(), 0);
163
164 // The returned key characteristics will include CREATION_DATETIME (checked below)
165 // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
166 // call below, to match what getKeyCharacteristics() returns (which doesn't include
167 // any SecurityLevel::KEYSTORE characteristics).
168 CheckCharacteristics(attested_key_blob, attested_key_characteristics);
169
170 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
171 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
172
173 // The client-specified CREATION_DATETIME should be in sw_enforced.
174 // Its presence will also trigger verify_attestation_record() to check that
175 // it is in the attestation extension with a matching value.
176 EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
177 << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
178 << " not in hw_enforced:" << hw_enforced;
179 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
180 SecLevel(),
181 attested_key_cert_chain[0].encodedCertificate));
182
183 // Attestation by itself is not valid (last entry is not self-signed).
184 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
185
186 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
187 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
188 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
189
190 // Bail early if anything failed.
191 if (HasFailure()) return;
192 }
193 }
194
195 /*
196 * AttestKeyTest.RsaAttestKeyMultiPurposeFail
197 *
198 * This test attempts to create an RSA attestation key that also allows signing.
199 */
TEST_P(AttestKeyTest,RsaAttestKeyMultiPurposeFail)200 TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
201 if (AidlVersion() < 2) {
202 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
203 // with other key purposes. However, this was not checked at the time
204 // so we can only be strict about checking this for implementations of KeyMint
205 // version 2 and above.
206 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
207 }
208
209 vector<uint8_t> attest_key_blob;
210 vector<KeyCharacteristics> attest_key_characteristics;
211 vector<Certificate> attest_key_cert_chain;
212 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
213 GenerateKey(AuthorizationSetBuilder()
214 .RsaSigningKey(2048, 65537)
215 .AttestKey()
216 .SetDefaultValidity(),
217 {} /* attestation signing key */, &attest_key_blob,
218 &attest_key_characteristics, &attest_key_cert_chain));
219 }
220
221 /*
222 * AttestKeyTest.RsaAttestedAttestKeys
223 *
224 * This test creates an RSA attestation key signed by factory keys, and verifies it can be
225 * used to sign other RSA and EC keys.
226 */
TEST_P(AttestKeyTest,RsaAttestedAttestKeys)227 TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
228 auto challenge = "hello";
229 auto app_id = "foo";
230
231 auto subject = "cert subj 2";
232 vector<uint8_t> subject_der(make_name_from_str(subject));
233
234 // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
235 // that a zero value doesn't cause problems.
236 uint64_t serial_int = 0;
237 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
238
239 /*
240 * Create attestation key.
241 */
242 AttestationKey attest_key;
243 vector<KeyCharacteristics> attest_key_characteristics;
244 vector<Certificate> attest_key_cert_chain;
245 auto result = GenerateAttestKey(AuthorizationSetBuilder()
246 .RsaKey(2048, 65537)
247 .AttestKey()
248 .AttestationChallenge(challenge)
249 .AttestationApplicationId(app_id)
250 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
251 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
252 .Authorization(TAG_NO_AUTH_REQUIRED)
253 .SetDefaultValidity(),
254 {} /* attestation signing key */, &attest_key.keyBlob,
255 &attest_key_characteristics, &attest_key_cert_chain);
256 std::optional<bool> rkpOnly = isRkpOnly();
257 if (!rkpOnly.has_value()) {
258 GTEST_SKIP() << "Test not applicable because RKP-only status cannot be determined";
259 }
260 if (rkpOnly.value() && result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) {
261 GTEST_SKIP() << "RKP-only devices do not have a factory key";
262 }
263 ASSERT_EQ(ErrorCode::OK, result);
264 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
265
266 EXPECT_GT(attest_key_cert_chain.size(), 1);
267 verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
268 EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
269
270 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
271 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
272 ASSERT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
273 sw_enforced, hw_enforced, SecLevel(),
274 attest_key_cert_chain[0].encodedCertificate));
275
276 /*
277 * Use attestation key to sign RSA key
278 */
279 attest_key.issuerSubjectName = subject_der;
280 vector<uint8_t> attested_key_blob;
281 vector<KeyCharacteristics> attested_key_characteristics;
282 vector<Certificate> attested_key_cert_chain;
283
284 auto subject2 = "cert subject";
285 vector<uint8_t> subject_der2(make_name_from_str(subject2));
286
287 uint64_t serial_int2 = 255;
288 vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
289
290 ASSERT_EQ(ErrorCode::OK,
291 GenerateKey(AuthorizationSetBuilder()
292 .RsaSigningKey(2048, 65537)
293 .Authorization(TAG_NO_AUTH_REQUIRED)
294 .AttestationChallenge("foo")
295 .AttestationApplicationId("bar")
296 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
297 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
298 .SetDefaultValidity(),
299 attest_key, &attested_key_blob, &attested_key_characteristics,
300 &attested_key_cert_chain));
301 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
302
303 ASSERT_GT(attested_key_cert_chain.size(), 0);
304
305 AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
306 AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
307 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
308 SecLevel(),
309 attested_key_cert_chain[0].encodedCertificate));
310
311 // Attestation by itself is not valid (last entry is not self-signed).
312 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
313
314 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
315 attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
316 attest_key_cert_chain.end());
317
318 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
319 EXPECT_GT(attested_key_cert_chain.size(), 2);
320 verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
321 }
322
323 /*
324 * AttestKeyTest.RsaAttestKeyChaining
325 *
326 * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
327 * with the last attest key signed by the factory chain.
328 */
TEST_P(AttestKeyTest,RsaAttestKeyChaining)329 TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
330 const int chain_size = 6;
331 vector<vector<uint8_t>> key_blob_list(chain_size);
332 vector<vector<Certificate>> cert_chain_list(chain_size);
333 vector<KeyBlobDeleter> deleters;
334
335 for (int i = 0; i < chain_size; i++) {
336 string sub = "attest key chaining ";
337 char index = '1' + i;
338 string subject = sub + index;
339 vector<uint8_t> subject_der(make_name_from_str(subject));
340
341 uint64_t serial_int = 7000 + i;
342 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
343
344 vector<KeyCharacteristics> attested_key_characteristics;
345 AttestationKey attest_key;
346 optional<AttestationKey> attest_key_opt;
347
348 if (i > 0) {
349 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
350 attest_key.keyBlob = key_blob_list[i - 1];
351 attest_key_opt = attest_key;
352 }
353
354 AuthorizationSetBuilder auth_set_builder =
355 AuthorizationSetBuilder()
356 .RsaKey(2048, 65537)
357 .AttestKey()
358 .AttestationApplicationId("bar")
359 .Authorization(TAG_NO_AUTH_REQUIRED)
360 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
361 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
362 .SetDefaultValidity();
363 // In RKP-only systems, the first key cannot be attested due to lack of batch key
364 bool confirmedNotRkpOnly = !isRkpOnly().value_or(true);
365 if (confirmedNotRkpOnly || i > 0) {
366 auth_set_builder.AttestationChallenge("foo");
367 }
368 auto result = GenerateAttestKey(auth_set_builder, attest_key_opt, &key_blob_list[i],
369 &attested_key_characteristics, &cert_chain_list[i]);
370 ASSERT_EQ(ErrorCode::OK, result);
371 deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i]));
372
373 if (confirmedNotRkpOnly || i > 0) {
374 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
375 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
376 ASSERT_GT(cert_chain_list[i].size(), 0);
377 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced,
378 hw_enforced, SecLevel(),
379 cert_chain_list[i][0].encodedCertificate));
380 }
381
382 if (i > 0) {
383 /*
384 * The first key is attestated with factory chain, but all the rest of the keys are
385 * not supposed to be returned in attestation certificate chains.
386 */
387 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
388
389 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
390 cert_chain_list[i].insert(cert_chain_list[i].end(), //
391 cert_chain_list[i - 1].begin(), //
392 cert_chain_list[i - 1].end());
393 }
394
395 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
396 EXPECT_GT(cert_chain_list[i].size(), i + (confirmedNotRkpOnly ? 1 : 0));
397 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
398 }
399 }
400
401 /*
402 * AttestKeyTest.EcAttestKeyChaining
403 *
404 * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
405 * with the last attest key signed by the factory chain.
406 */
TEST_P(AttestKeyTest,EcAttestKeyChaining)407 TEST_P(AttestKeyTest, EcAttestKeyChaining) {
408 const int chain_size = 6;
409 vector<vector<uint8_t>> key_blob_list(chain_size);
410 vector<vector<Certificate>> cert_chain_list(chain_size);
411 vector<KeyBlobDeleter> deleters;
412
413 for (int i = 0; i < chain_size; i++) {
414 string sub = "Ec attest key chaining ";
415 char index = '1' + i;
416 string subject = sub + index;
417 vector<uint8_t> subject_der(make_name_from_str(subject));
418
419 uint64_t serial_int = 800000 + i;
420 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
421
422 vector<KeyCharacteristics> attested_key_characteristics;
423 AttestationKey attest_key;
424 optional<AttestationKey> attest_key_opt;
425
426 if (i > 0) {
427 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
428 attest_key.keyBlob = key_blob_list[i - 1];
429 attest_key_opt = attest_key;
430 }
431
432 AuthorizationSetBuilder auth_set_builder =
433 AuthorizationSetBuilder()
434 .EcdsaKey(EcCurve::P_256)
435 .AttestKey()
436 .AttestationApplicationId("bar")
437 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
438 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
439 .Authorization(TAG_NO_AUTH_REQUIRED)
440 .SetDefaultValidity();
441 // In RKP-only systems, the first key cannot be attested due to lack of batch key
442 bool confirmedNotRkpOnly = !isRkpOnly().value_or(true);
443 if (confirmedNotRkpOnly || i > 0) {
444 auth_set_builder.AttestationChallenge("foo");
445 }
446 auto result = GenerateAttestKey(auth_set_builder, attest_key_opt, &key_blob_list[i],
447 &attested_key_characteristics, &cert_chain_list[i]);
448 ASSERT_EQ(ErrorCode::OK, result);
449 deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i]));
450
451 if (confirmedNotRkpOnly || i > 0) {
452 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
453 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
454 ASSERT_GT(cert_chain_list[i].size(), 0);
455 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced,
456 hw_enforced, SecLevel(),
457 cert_chain_list[i][0].encodedCertificate));
458 }
459
460 if (i > 0) {
461 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
462
463 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
464 cert_chain_list[i].insert(cert_chain_list[i].end(), //
465 cert_chain_list[i - 1].begin(), //
466 cert_chain_list[i - 1].end());
467 }
468
469 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
470 EXPECT_GT(cert_chain_list[i].size(), i + (confirmedNotRkpOnly ? 1 : 0));
471 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
472 }
473 }
474
475 /*
476 * AttestKeyTest.EcAttestKeyMultiPurposeFail
477 *
478 * This test attempts to create an EC attestation key that also allows signing.
479 */
TEST_P(AttestKeyTest,EcAttestKeyMultiPurposeFail)480 TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
481 if (AidlVersion() < 2) {
482 // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
483 // with other key purposes. However, this was not checked at the time
484 // so we can only be strict about checking this for implementations of KeyMint
485 // version 2 and above.
486 GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
487 }
488 vector<uint8_t> attest_key_blob;
489 vector<KeyCharacteristics> attest_key_characteristics;
490 vector<Certificate> attest_key_cert_chain;
491 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
492 GenerateKey(AuthorizationSetBuilder()
493 .EcdsaSigningKey(EcCurve::P_256)
494 .AttestKey()
495 .SetDefaultValidity(),
496 {} /* attestation signing key */, &attest_key_blob,
497 &attest_key_characteristics, &attest_key_cert_chain));
498 }
499
500 /*
501 * AttestKeyTest.AlternateAttestKeyChaining
502 *
503 * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
504 * Each attest key is used to sign the next attest key, with the last attest key signed by
505 * the factory chain. This is to verify different algorithms of attest keys can
506 * cross sign each other and be chained together.
507 */
TEST_P(AttestKeyTest,AlternateAttestKeyChaining)508 TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
509 const int chain_size = 6;
510 vector<vector<uint8_t>> key_blob_list(chain_size);
511 vector<vector<Certificate>> cert_chain_list(chain_size);
512 vector<KeyBlobDeleter> deleters;
513
514 for (int i = 0; i < chain_size; i++) {
515 string sub = "Alt attest key chaining ";
516 char index = '1' + i;
517 string subject = sub + index;
518 vector<uint8_t> subject_der(make_name_from_str(subject));
519
520 uint64_t serial_int = 90000000 + i;
521 vector<uint8_t> serial_blob(build_serial_blob(serial_int));
522
523 vector<KeyCharacteristics> attested_key_characteristics;
524 AttestationKey attest_key;
525 optional<AttestationKey> attest_key_opt;
526
527 if (i > 0) {
528 attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
529 attest_key.keyBlob = key_blob_list[i - 1];
530 attest_key_opt = attest_key;
531 }
532 AuthorizationSetBuilder auth_set_builder =
533 AuthorizationSetBuilder()
534 .AttestKey()
535 .AttestationApplicationId("bar")
536 .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
537 .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
538 .Authorization(TAG_NO_AUTH_REQUIRED)
539 .SetDefaultValidity();
540 // In RKP-only systems, the first key cannot be attested due to lack of batch key
541 bool confirmedNotRkpOnly = !isRkpOnly().value_or(true);
542 if (confirmedNotRkpOnly || i > 0) {
543 auth_set_builder.AttestationChallenge("foo");
544 }
545 if ((i & 0x1) == 1) {
546 auth_set_builder.EcdsaKey(EcCurve::P_256);
547 } else {
548 auth_set_builder.RsaKey(2048, 65537);
549 }
550 ErrorCode result = GenerateAttestKey(auth_set_builder, attest_key_opt, &key_blob_list[i],
551 &attested_key_characteristics, &cert_chain_list[i]);
552 ASSERT_EQ(ErrorCode::OK, result);
553 deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i]));
554
555 if (confirmedNotRkpOnly || i > 0) {
556 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
557 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
558 ASSERT_GT(cert_chain_list[i].size(), 0);
559 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced,
560 hw_enforced, SecLevel(),
561 cert_chain_list[i][0].encodedCertificate));
562 }
563
564 if (i > 0) {
565 /*
566 * The first key is attestated with factory chain, but all the rest of the keys are
567 * not supposed to be returned in attestation certificate chains.
568 */
569 EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
570
571 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
572 cert_chain_list[i].insert(cert_chain_list[i].end(), //
573 cert_chain_list[i - 1].begin(), //
574 cert_chain_list[i - 1].end());
575 }
576
577 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
578 EXPECT_GT(cert_chain_list[i].size(), i + (confirmedNotRkpOnly ? 1 : 0));
579 verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
580 }
581 }
582
TEST_P(AttestKeyTest,MissingChallenge)583 TEST_P(AttestKeyTest, MissingChallenge) {
584 for (auto size : ValidKeySizes(Algorithm::RSA)) {
585 /*
586 * Create attestation key.
587 */
588 AttestationKey attest_key;
589 vector<KeyCharacteristics> attest_key_characteristics;
590 vector<Certificate> attest_key_cert_chain;
591 ASSERT_EQ(ErrorCode::OK,
592 GenerateAttestKey(AuthorizationSetBuilder()
593 .RsaKey(size, 65537)
594 .AttestKey()
595 .SetDefaultValidity(),
596 {} /* attestation signing key */, &attest_key.keyBlob,
597 &attest_key_characteristics, &attest_key_cert_chain));
598 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
599
600 EXPECT_EQ(attest_key_cert_chain.size(), 1);
601 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
602
603 /*
604 * Use attestation key to sign RSA / ECDSA key but forget to provide a challenge
605 */
606 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
607 vector<uint8_t> attested_key_blob;
608 vector<KeyCharacteristics> attested_key_characteristics;
609 vector<Certificate> attested_key_cert_chain;
610 ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
611 GenerateKey(AuthorizationSetBuilder()
612 .RsaSigningKey(2048, 65537)
613 .Authorization(TAG_NO_AUTH_REQUIRED)
614 .AttestationApplicationId("bar")
615 .SetDefaultValidity(),
616 attest_key, &attested_key_blob, &attested_key_characteristics,
617 &attested_key_cert_chain));
618
619 ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
620 GenerateKey(AuthorizationSetBuilder()
621 .EcdsaSigningKey(EcCurve::P_256)
622 .Authorization(TAG_NO_AUTH_REQUIRED)
623 .AttestationApplicationId("bar")
624 .SetDefaultValidity(),
625 attest_key, &attested_key_blob, &attested_key_characteristics,
626 &attested_key_cert_chain));
627 }
628 }
629
TEST_P(AttestKeyTest,AllEcCurves)630 TEST_P(AttestKeyTest, AllEcCurves) {
631 for (auto curve : ValidCurves()) {
632 /*
633 * Create attestation key.
634 */
635 AttestationKey attest_key;
636 vector<KeyCharacteristics> attest_key_characteristics;
637 vector<Certificate> attest_key_cert_chain;
638 ASSERT_EQ(
639 ErrorCode::OK,
640 GenerateAttestKey(
641 AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(),
642 {} /* attestation signing key */, &attest_key.keyBlob,
643 &attest_key_characteristics, &attest_key_cert_chain));
644 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
645
646 ASSERT_GT(attest_key_cert_chain.size(), 0);
647 EXPECT_EQ(attest_key_cert_chain.size(), 1);
648 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
649
650 /*
651 * Use attestation key to sign RSA key
652 */
653 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
654 vector<uint8_t> attested_key_blob;
655 vector<KeyCharacteristics> attested_key_characteristics;
656 vector<Certificate> attested_key_cert_chain;
657 ASSERT_EQ(ErrorCode::OK,
658 GenerateKey(AuthorizationSetBuilder()
659 .RsaSigningKey(2048, 65537)
660 .Authorization(TAG_NO_AUTH_REQUIRED)
661 .AttestationChallenge("foo")
662 .AttestationApplicationId("bar")
663 .SetDefaultValidity(),
664 attest_key, &attested_key_blob, &attested_key_characteristics,
665 &attested_key_cert_chain));
666 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
667
668 ASSERT_GT(attested_key_cert_chain.size(), 0);
669
670 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
671 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
672 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
673 SecLevel(),
674 attested_key_cert_chain[0].encodedCertificate));
675
676 // Attestation by itself is not valid (last entry is not self-signed).
677 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
678
679 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
680 if (attest_key_cert_chain.size() > 0) {
681 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
682 }
683 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
684
685 /*
686 * Use attestation key to sign EC key
687 */
688 ASSERT_EQ(ErrorCode::OK,
689 GenerateKey(AuthorizationSetBuilder()
690 .EcdsaSigningKey(EcCurve::P_256)
691 .Authorization(TAG_NO_AUTH_REQUIRED)
692 .AttestationChallenge("foo")
693 .AttestationApplicationId("bar")
694 .SetDefaultValidity(),
695 attest_key, &attested_key_blob, &attested_key_characteristics,
696 &attested_key_cert_chain));
697 KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob);
698
699 ASSERT_GT(attested_key_cert_chain.size(), 0);
700
701 hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
702 sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
703 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
704 SecLevel(),
705 attested_key_cert_chain[0].encodedCertificate));
706
707 // Attestation by itself is not valid (last entry is not self-signed).
708 EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
709
710 // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
711 if (attest_key_cert_chain.size() > 0) {
712 attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
713 }
714 EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
715
716 // Bail early if anything failed.
717 if (HasFailure()) return;
718 }
719 }
720
TEST_P(AttestKeyTest,AttestWithNonAttestKey)721 TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
722 // Create non-attestation key.
723 AttestationKey non_attest_key;
724 vector<KeyCharacteristics> non_attest_key_characteristics;
725 vector<Certificate> non_attest_key_cert_chain;
726 ASSERT_EQ(
727 ErrorCode::OK,
728 GenerateKey(
729 AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
730 {} /* attestation signing key */, &non_attest_key.keyBlob,
731 &non_attest_key_characteristics, &non_attest_key_cert_chain));
732
733 ASSERT_GT(non_attest_key_cert_chain.size(), 0);
734 EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
735 EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
736
737 // Attempt to sign attestation with non-attest key.
738 vector<uint8_t> attested_key_blob;
739 vector<KeyCharacteristics> attested_key_characteristics;
740 vector<Certificate> attested_key_cert_chain;
741 ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
742 GenerateKey(AuthorizationSetBuilder()
743 .EcdsaSigningKey(EcCurve::P_256)
744 .Authorization(TAG_NO_AUTH_REQUIRED)
745 .AttestationChallenge("foo")
746 .AttestationApplicationId("bar")
747 .SetDefaultValidity(),
748 non_attest_key, &attested_key_blob, &attested_key_characteristics,
749 &attested_key_cert_chain));
750 }
751
TEST_P(AttestKeyTest,EcdsaAttestationID)752 TEST_P(AttestKeyTest, EcdsaAttestationID) {
753 // Create attestation key.
754 AttestationKey attest_key;
755 vector<KeyCharacteristics> attest_key_characteristics;
756 vector<Certificate> attest_key_cert_chain;
757 ASSERT_EQ(ErrorCode::OK,
758 GenerateAttestKey(AuthorizationSetBuilder()
759 .EcdsaKey(EcCurve::P_256)
760 .AttestKey()
761 .SetDefaultValidity(),
762 {} /* attestation signing key */, &attest_key.keyBlob,
763 &attest_key_characteristics, &attest_key_cert_chain));
764 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
765 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
766 ASSERT_GT(attest_key_cert_chain.size(), 0);
767 EXPECT_EQ(attest_key_cert_chain.size(), 1);
768 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
769
770 // Collection of valid attestation ID tags.
771 auto attestation_id_tags = AuthorizationSetBuilder();
772 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "brand");
773 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "device");
774 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "name");
775 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER, "manufacturer");
776 add_attestation_id(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "model");
777 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
778
779 string imei = get_imei(0);
780 if (!imei.empty()) {
781 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
782 }
783
784 for (const KeyParameter& tag : attestation_id_tags) {
785 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
786 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
787 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
788 .EcdsaSigningKey(EcCurve::P_256)
789 .Authorization(TAG_NO_AUTH_REQUIRED)
790 .AttestationChallenge("challenge")
791 .AttestationApplicationId("foo")
792 .SetDefaultValidity();
793 builder.push_back(tag);
794 vector<uint8_t> attested_key_blob;
795 vector<KeyCharacteristics> attested_key_characteristics;
796 vector<Certificate> attested_key_cert_chain;
797 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
798 &attested_key_characteristics, &attested_key_cert_chain);
799 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
800 continue;
801 }
802
803 ASSERT_EQ(result, ErrorCode::OK);
804 ASSERT_GT(attested_key_cert_chain.size(), 0);
805 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
806
807 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
808 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
809
810 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
811 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
812 // attestation extension should contain them, so make sure the extra tag is added.
813 hw_enforced.push_back(tag);
814
815 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
816 hw_enforced, SecLevel(),
817 attested_key_cert_chain[0].encodedCertificate));
818 }
819 }
820
TEST_P(AttestKeyTest,EcdsaAttestationMismatchID)821 TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {
822 // Create attestation key.
823 AttestationKey attest_key;
824 vector<KeyCharacteristics> attest_key_characteristics;
825 vector<Certificate> attest_key_cert_chain;
826 ASSERT_EQ(ErrorCode::OK,
827 GenerateAttestKey(AuthorizationSetBuilder()
828 .EcdsaKey(EcCurve::P_256)
829 .AttestKey()
830 .SetDefaultValidity(),
831 {} /* attestation signing key */, &attest_key.keyBlob,
832 &attest_key_characteristics, &attest_key_cert_chain));
833 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
834 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
835 ASSERT_GT(attest_key_cert_chain.size(), 0);
836 EXPECT_EQ(attest_key_cert_chain.size(), 1);
837 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
838
839 // Collection of invalid attestation ID tags.
840 auto attestation_id_tags =
841 AuthorizationSetBuilder()
842 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
843 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
844 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
845 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
846 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
847 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
848 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
849 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
850
851 if (isSecondImeiIdAttestationRequired()) {
852 // Note: the invalid value here is < 16 bytes long to avoid triggering any implementation
853 // checks on valid IMEI lengths.
854 attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, "invalid-imei2");
855 }
856 vector<uint8_t> key_blob;
857 vector<KeyCharacteristics> key_characteristics;
858
859 for (const KeyParameter& invalid_tag : attestation_id_tags) {
860 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
861
862 // Use attestation key to sign an ECDSA key, but include an invalid
863 // attestation ID field.
864 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
865 .EcdsaSigningKey(EcCurve::P_256)
866 .Authorization(TAG_NO_AUTH_REQUIRED)
867 .AttestationChallenge("challenge")
868 .AttestationApplicationId("foo")
869 .SetDefaultValidity();
870 builder.push_back(invalid_tag);
871 vector<uint8_t> attested_key_blob;
872 vector<KeyCharacteristics> attested_key_characteristics;
873 vector<Certificate> attested_key_cert_chain;
874 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
875 &attested_key_characteristics, &attested_key_cert_chain);
876 device_id_attestation_check_acceptable_error(invalid_tag.tag, result);
877 }
878 }
879
TEST_P(AttestKeyTest,SecondIMEIAttestationIDSuccess)880 TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
881 // Skip the test if there is no second IMEI exists.
882 string second_imei = get_imei(1);
883 if (second_imei.empty()) {
884 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
885 }
886
887 if (!isSecondImeiIdAttestationRequired()) {
888 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
889 }
890
891 // Create attestation key.
892 AttestationKey attest_key;
893 vector<KeyCharacteristics> attest_key_characteristics;
894 vector<Certificate> attest_key_cert_chain;
895 ASSERT_EQ(ErrorCode::OK,
896 GenerateAttestKey(AuthorizationSetBuilder()
897 .EcdsaKey(EcCurve::P_256)
898 .AttestKey()
899 .SetDefaultValidity(),
900 {} /* attestation signing key */, &attest_key.keyBlob,
901 &attest_key_characteristics, &attest_key_cert_chain));
902 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
903 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
904 EXPECT_EQ(attest_key_cert_chain.size(), 1);
905 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
906
907 // Use attestation key to sign an ECDSA key, but include an attestation ID field.
908 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
909 .EcdsaSigningKey(EcCurve::P_256)
910 .Authorization(TAG_NO_AUTH_REQUIRED)
911 .AttestationChallenge("challenge")
912 .AttestationApplicationId("foo")
913 .SetDefaultValidity();
914 // b/264979486 - second imei doesn't depend on first imei.
915 // Add second IMEI as attestation id without adding first IMEI as
916 // attestation id.
917 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
918
919 vector<uint8_t> attested_key_blob;
920 vector<KeyCharacteristics> attested_key_characteristics;
921 vector<Certificate> attested_key_cert_chain;
922 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
923 &attested_key_characteristics, &attested_key_cert_chain);
924
925 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
926 GTEST_SKIP()
927 << "Test not applicable as device does not support SECOND-IMEI ID attestation.";
928 }
929
930 ASSERT_EQ(result, ErrorCode::OK);
931 ASSERT_GT(attested_key_cert_chain.size(), 0);
932 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
933
934 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
935 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
936
937 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
938 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
939 // attestation extension should contain them, so make sure the extra tag is added.
940 vector<uint8_t> imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
941 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob);
942 hw_enforced.push_back(imei_tag);
943
944 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
945 hw_enforced, SecLevel(),
946 attested_key_cert_chain[0].encodedCertificate));
947 }
948
TEST_P(AttestKeyTest,MultipleIMEIAttestationIDSuccess)949 TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
950 // Skip the test if there is no first IMEI exists.
951 string imei = get_imei(0);
952 if (imei.empty()) {
953 GTEST_SKIP() << "Test not applicable as there is no first IMEI";
954 }
955
956 // Skip the test if there is no second IMEI exists.
957 string second_imei = get_imei(1);
958 if (second_imei.empty()) {
959 GTEST_SKIP() << "Test not applicable as there is no second IMEI";
960 }
961
962 if (!isSecondImeiIdAttestationRequired()) {
963 GTEST_SKIP() << "Test not applicable for KeyMint-Version < 3 or first-api-level < 34";
964 }
965
966 // Create attestation key.
967 AttestationKey attest_key;
968 vector<KeyCharacteristics> attest_key_characteristics;
969 vector<Certificate> attest_key_cert_chain;
970 ASSERT_EQ(ErrorCode::OK,
971 GenerateAttestKey(AuthorizationSetBuilder()
972 .EcdsaKey(EcCurve::P_256)
973 .AttestKey()
974 .SetDefaultValidity(),
975 {} /* attestation signing key */, &attest_key.keyBlob,
976 &attest_key_characteristics, &attest_key_cert_chain));
977 KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob);
978 attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
979 EXPECT_EQ(attest_key_cert_chain.size(), 1);
980 EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain));
981
982 // Use attestation key to sign an ECDSA key, but include both IMEI attestation ID fields.
983 AuthorizationSetBuilder builder = AuthorizationSetBuilder()
984 .EcdsaSigningKey(EcCurve::P_256)
985 .Authorization(TAG_NO_AUTH_REQUIRED)
986 .AttestationChallenge("challenge")
987 .AttestationApplicationId("foo")
988 .SetDefaultValidity();
989 builder.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size());
990 builder.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, second_imei.data(), second_imei.size());
991
992 vector<uint8_t> attested_key_blob;
993 vector<KeyCharacteristics> attested_key_characteristics;
994 vector<Certificate> attested_key_cert_chain;
995 auto result = GenerateKey(builder, attest_key, &attested_key_blob,
996 &attested_key_characteristics, &attested_key_cert_chain);
997
998 if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
999 GTEST_SKIP() << "Test not applicable as device does not support IMEI ID attestation.";
1000 }
1001
1002 ASSERT_EQ(result, ErrorCode::OK);
1003 ASSERT_GT(attested_key_cert_chain.size(), 0);
1004 KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
1005
1006 AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
1007 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
1008
1009 // The attested key characteristics will not contain APPLICATION_ID_* fields (their
1010 // spec definitions all have "Must never appear in KeyCharacteristics"), but the
1011 // attestation extension should contain them, so make sure the extra tag is added.
1012 vector<uint8_t> imei_blob(imei.data(), imei.data() + imei.size());
1013 KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_IMEI, imei_blob);
1014 hw_enforced.push_back(imei_tag);
1015 vector<uint8_t> sec_imei_blob(second_imei.data(), second_imei.data() + second_imei.size());
1016 KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob);
1017 hw_enforced.push_back(sec_imei_tag);
1018
1019 ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
1020 hw_enforced, SecLevel(),
1021 attested_key_cert_chain[0].encodedCertificate));
1022 }
1023
1024 INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
1025
1026 } // namespace aidl::android::hardware::security::keymint::test
1027