1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "keymint_1_attest_key_test"
18
19 #include <cutils/log.h>
20 #include <cutils/properties.h>
21 #include <keymint_support/key_param_output.h>
22 #include <keymint_support/openssl_utils.h>
23
24 #include "KeyMintAidlTestBase.h"
25
26 namespace aidl::android::hardware::security::keymint::test {
27
28 class DeviceUniqueAttestationTest : public KeyMintAidlTestBase {
29 protected:
CheckUniqueAttestationResults(const vector<uint8_t> & key_blob,const vector<KeyCharacteristics> & key_characteristics,const AuthorizationSet & hw_enforced)30 void CheckUniqueAttestationResults(const vector<uint8_t>& key_blob,
31 const vector<KeyCharacteristics>& key_characteristics,
32 const AuthorizationSet& hw_enforced) {
33 ASSERT_GT(cert_chain_.size(), 0);
34
35 if (KeyMintAidlTestBase::dump_Attestations) {
36 std::cout << bin2hex(cert_chain_[0].encodedCertificate) << std::endl;
37 }
38
39 ASSERT_GT(key_blob.size(), 0U);
40
41 AuthorizationSet crypto_params = SecLevelAuthorizations(key_characteristics);
42
43 // The device-unique attestation chain should contain exactly three certificates:
44 // * The leaf with the attestation extension.
45 // * An intermediate, signing the leaf using the device-unique key.
46 // * A self-signed root, signed using some authority's key, certifying
47 // the device-unique key.
48 const size_t chain_length = cert_chain_.size();
49 ASSERT_TRUE(chain_length == 2 || chain_length == 3);
50 // TODO(b/191361618): Once StrongBox implementations use a correctly-issued
51 // certificate chain, do not skip issuers matching.
52 EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_, /* strict_issuer_check= */ false));
53
54 AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
55 EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
56 hw_enforced, SecLevel(),
57 cert_chain_[0].encodedCertificate));
58 }
59 };
60
61 /*
62 * DeviceUniqueAttestationTest.RsaNonStrongBoxUnimplemented
63 *
64 * Verifies that non strongbox implementations do not implement Rsa device unique
65 * attestation.
66 */
TEST_P(DeviceUniqueAttestationTest,RsaNonStrongBoxUnimplemented)67 TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) {
68 if (SecLevel() == SecurityLevel::STRONGBOX) {
69 GTEST_SKIP() << "Test not applicable to StrongBox device";
70 }
71
72 vector<uint8_t> key_blob;
73 vector<KeyCharacteristics> key_characteristics;
74
75 // Check RSA implementation
76 auto result =
77 GenerateKey(AuthorizationSetBuilder()
78 .Authorization(TAG_NO_AUTH_REQUIRED)
79 .RsaSigningKey(2048, 65537)
80 .Digest(Digest::SHA_2_256)
81 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
82 .Authorization(TAG_INCLUDE_UNIQUE_ID)
83 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
84 .SetDefaultValidity()
85 .AttestationChallenge("challenge")
86 .AttestationApplicationId("foo")
87 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
88 /*attest_key=*/std::nullopt, &key_blob, &key_characteristics, &cert_chain_);
89
90 ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG)
91 << "Result: " << result;
92 }
93
94 /*
95 * DeviceUniqueAttestationTest.EcdsaNonStrongBoxUnimplemented
96 *
97 * Verifies that non strongbox implementations do not implement Ecdsa device unique
98 * attestation.
99 */
TEST_P(DeviceUniqueAttestationTest,EcdsaNonStrongBoxUnimplemented)100 TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) {
101 if (SecLevel() == SecurityLevel::STRONGBOX) {
102 GTEST_SKIP() << "Test not applicable to StrongBox device";
103 }
104
105 vector<uint8_t> key_blob;
106 vector<KeyCharacteristics> key_characteristics;
107
108 // Check Ecdsa implementation
109 auto result =
110 GenerateKey(AuthorizationSetBuilder()
111 .Authorization(TAG_NO_AUTH_REQUIRED)
112 .EcdsaSigningKey(EcCurve::P_256)
113 .Digest(Digest::SHA_2_256)
114 .Authorization(TAG_INCLUDE_UNIQUE_ID)
115 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
116 .SetDefaultValidity()
117 .AttestationChallenge("challenge")
118 .AttestationApplicationId("foo")
119 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
120 /*attest_key=*/std::nullopt, &key_blob, &key_characteristics, &cert_chain_);
121
122 ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG)
123 << "Result: " << result;
124 }
125
126 /*
127 * DeviceUniqueAttestationTest.RsaDeviceUniqueAttestation
128 *
129 * Verifies that strongbox implementations of Rsa implements device unique
130 * attestation correctly, if implemented.
131 */
TEST_P(DeviceUniqueAttestationTest,RsaDeviceUniqueAttestation)132 TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) {
133 if (SecLevel() != SecurityLevel::STRONGBOX) {
134 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
135 }
136
137 vector<uint8_t> key_blob;
138 vector<KeyCharacteristics> key_characteristics;
139 int key_size = 2048;
140
141 auto result = GenerateKey(AuthorizationSetBuilder()
142 .Authorization(TAG_NO_AUTH_REQUIRED)
143 .RsaSigningKey(key_size, 65537)
144 .Digest(Digest::SHA_2_256)
145 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
146 .Authorization(TAG_INCLUDE_UNIQUE_ID)
147 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
148 .SetDefaultValidity()
149 .AttestationChallenge("challenge")
150 .AttestationApplicationId("foo")
151 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
152 &key_blob, &key_characteristics);
153
154 // It is optional for Strong box to support DeviceUniqueAttestation.
155 if (result == ErrorCode::CANNOT_ATTEST_IDS) return;
156
157 ASSERT_EQ(ErrorCode::OK, result);
158
159 AuthorizationSetBuilder hw_enforced =
160 AuthorizationSetBuilder()
161 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
162 .Authorization(TAG_NO_AUTH_REQUIRED)
163 .RsaSigningKey(2048, 65537)
164 .Digest(Digest::SHA_2_256)
165 .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
166 .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED)
167 .Authorization(TAG_OS_VERSION, os_version())
168 .Authorization(TAG_OS_PATCHLEVEL, os_patch_level());
169
170 // Any patchlevels attached to the key should also be present in the attestation extension.
171 AuthorizationSet auths;
172 for (const auto& entry : key_characteristics) {
173 auths.push_back(AuthorizationSet(entry.authorizations));
174 }
175 auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
176 if (vendor_pl) {
177 hw_enforced.Authorization(TAG_VENDOR_PATCHLEVEL, *vendor_pl);
178 }
179 auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
180 if (boot_pl) {
181 hw_enforced.Authorization(TAG_BOOT_PATCHLEVEL, *boot_pl);
182 }
183
184 CheckUniqueAttestationResults(key_blob, key_characteristics, hw_enforced);
185 }
186
187 /*
188 * DeviceUniqueAttestationTest.EcdsaDeviceUniqueAttestation
189 *
190 * Verifies that strongbox implementations of Rsa implements device unique
191 * attestation correctly, if implemented.
192 */
TEST_P(DeviceUniqueAttestationTest,EcdsaDeviceUniqueAttestation)193 TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) {
194 if (SecLevel() != SecurityLevel::STRONGBOX) {
195 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
196 }
197
198 vector<uint8_t> key_blob;
199 vector<KeyCharacteristics> key_characteristics;
200
201 auto result = GenerateKey(AuthorizationSetBuilder()
202 .Authorization(TAG_NO_AUTH_REQUIRED)
203 .EcdsaSigningKey(EcCurve::P_256)
204 .Digest(Digest::SHA_2_256)
205 .Authorization(TAG_INCLUDE_UNIQUE_ID)
206 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
207 .SetDefaultValidity()
208 .AttestationChallenge("challenge")
209 .AttestationApplicationId("foo")
210 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
211 &key_blob, &key_characteristics);
212
213 // It is optional for Strong box to support DeviceUniqueAttestation.
214 if (result == ErrorCode::CANNOT_ATTEST_IDS) return;
215 ASSERT_EQ(ErrorCode::OK, result);
216
217 AuthorizationSetBuilder hw_enforced =
218 AuthorizationSetBuilder()
219 .Authorization(TAG_NO_AUTH_REQUIRED)
220 .EcdsaSigningKey(EcCurve::P_256)
221 .Digest(Digest::SHA_2_256)
222 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
223 .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED)
224 .Authorization(TAG_OS_VERSION, os_version())
225 .Authorization(TAG_OS_PATCHLEVEL, os_patch_level());
226 // Any patchlevels attached to the key should also be present in the attestation extension.
227 AuthorizationSet auths;
228 for (const auto& entry : key_characteristics) {
229 auths.push_back(AuthorizationSet(entry.authorizations));
230 }
231 auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
232 if (vendor_pl) {
233 hw_enforced.Authorization(TAG_VENDOR_PATCHLEVEL, *vendor_pl);
234 }
235 auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
236 if (boot_pl) {
237 hw_enforced.Authorization(TAG_BOOT_PATCHLEVEL, *boot_pl);
238 }
239
240 CheckUniqueAttestationResults(key_blob, key_characteristics, hw_enforced);
241 }
242
243 /*
244 * DeviceUniqueAttestationTest.EcdsaDeviceUniqueAttestationID
245 *
246 * Verifies that device unique attestation can include IDs that do match the
247 * local device.
248 */
TEST_P(DeviceUniqueAttestationTest,EcdsaDeviceUniqueAttestationID)249 TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) {
250 if (SecLevel() != SecurityLevel::STRONGBOX) {
251 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
252 }
253
254 // Collection of valid attestation ID tags.
255 auto attestation_id_tags = AuthorizationSetBuilder();
256 // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
257 // to ro.product.brand
258 std::string prop_value =
259 ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
260 if (!prop_value.empty()) {
261 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND,
262 "ro.product.brand_for_attestation");
263 } else {
264 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
265 }
266 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
267 // Use ro.product.name_for_attestation property for attestation if it is present else fallback
268 // to ro.product.name
269 prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
270 if (!prop_value.empty()) {
271 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT,
272 "ro.product.name_for_attestation");
273 } else {
274 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
275 }
276 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
277 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
278 "ro.product.manufacturer");
279 // Use ro.product.model_for_attestation property for attestation if it is present else fallback
280 // to ro.product.model
281 prop_value =
282 ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
283 if (!prop_value.empty()) {
284 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL,
285 "ro.product.model_for_attestation");
286 } else {
287 add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
288 }
289 vector<uint8_t> key_blob;
290 vector<KeyCharacteristics> key_characteristics;
291
292 for (const KeyParameter& tag : attestation_id_tags) {
293 SCOPED_TRACE(testing::Message() << "+tag-" << tag);
294 AuthorizationSetBuilder builder =
295 AuthorizationSetBuilder()
296 .Authorization(TAG_NO_AUTH_REQUIRED)
297 .EcdsaSigningKey(EcCurve::P_256)
298 .Digest(Digest::SHA_2_256)
299 .Authorization(TAG_INCLUDE_UNIQUE_ID)
300 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
301 .SetDefaultValidity()
302 .AttestationChallenge("challenge")
303 .AttestationApplicationId("foo")
304 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
305 builder.push_back(tag);
306 auto result = GenerateKey(builder, &key_blob, &key_characteristics);
307
308 // It is optional for Strong box to support DeviceUniqueAttestation.
309 if (result == ErrorCode::CANNOT_ATTEST_IDS) return;
310 ASSERT_EQ(ErrorCode::OK, result);
311
312 AuthorizationSetBuilder hw_enforced =
313 AuthorizationSetBuilder()
314 .Authorization(TAG_NO_AUTH_REQUIRED)
315 .EcdsaSigningKey(EcCurve::P_256)
316 .Digest(Digest::SHA_2_256)
317 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
318 .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED)
319 .Authorization(TAG_OS_VERSION, os_version())
320 .Authorization(TAG_OS_PATCHLEVEL, os_patch_level());
321 // Expect the specified tag to be present in the attestation extension.
322 hw_enforced.push_back(tag);
323 // Any patchlevels attached to the key should also be present in the attestation extension.
324 AuthorizationSet auths;
325 for (const auto& entry : key_characteristics) {
326 auths.push_back(AuthorizationSet(entry.authorizations));
327 }
328 auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
329 if (vendor_pl) {
330 hw_enforced.Authorization(TAG_VENDOR_PATCHLEVEL, *vendor_pl);
331 }
332 auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
333 if (boot_pl) {
334 hw_enforced.Authorization(TAG_BOOT_PATCHLEVEL, *boot_pl);
335 }
336 CheckUniqueAttestationResults(key_blob, key_characteristics, hw_enforced);
337 }
338 }
339
340 /*
341 * DeviceUniqueAttestationTest.EcdsaDeviceUniqueAttestationMismatchID
342 *
343 * Verifies that device unique attestation rejects attempts to attest to IDs that
344 * don't match the local device.
345 */
TEST_P(DeviceUniqueAttestationTest,EcdsaDeviceUniqueAttestationMismatchID)346 TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
347 if (SecLevel() != SecurityLevel::STRONGBOX) {
348 GTEST_SKIP() << "Test not applicable to non-StrongBox device";
349 }
350
351 // Collection of invalid attestation ID tags.
352 auto attestation_id_tags =
353 AuthorizationSetBuilder()
354 .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
355 .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
356 .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
357 .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
358 .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
359 .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
360 .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
361 .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
362 vector<uint8_t> key_blob;
363 vector<KeyCharacteristics> key_characteristics;
364
365 for (const KeyParameter& invalid_tag : attestation_id_tags) {
366 SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
367 AuthorizationSetBuilder builder =
368 AuthorizationSetBuilder()
369 .Authorization(TAG_NO_AUTH_REQUIRED)
370 .EcdsaSigningKey(EcCurve::P_256)
371 .Digest(Digest::SHA_2_256)
372 .Authorization(TAG_INCLUDE_UNIQUE_ID)
373 .Authorization(TAG_CREATION_DATETIME, 1619621648000)
374 .SetDefaultValidity()
375 .AttestationChallenge("challenge")
376 .AttestationApplicationId("foo")
377 .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
378 // Add the tag that doesn't match the local device's real ID.
379 builder.push_back(invalid_tag);
380 auto result = GenerateKey(builder, &key_blob, &key_characteristics);
381
382 device_id_attestation_check_acceptable_error(invalid_tag.tag, result);
383 }
384 }
385
386 INSTANTIATE_KEYMINT_AIDL_TEST(DeviceUniqueAttestationTest);
387
388 } // namespace aidl::android::hardware::security::keymint::test
389