tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "KeyMint VTS: ATTEST_KEY has no other purpose" am: a67b0441fe am: 02c4ee0dca am: 35392ef70e

Browse source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1844276

Change-Id: Ia77411d469b6a291ec333ea27150c5eef8eb2ac1
This commit is contained in:
David Drysdale 2021-12-15 07:11:46 +00:00 committed by Automerger Merge Worker
commit 6e2b1afdeb
3 changed files with 77 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl
View file

@ -44,6 +44,10 @@ enum KeyPurpose {
AGREE_KEY = 6,
/* Usable as an attestation signing key. Keys with this purpose must not have any other
* purpose. */
* purpose; if they do, key generation/import must be rejected with
* ErrorCode::INCOMPATIBLE_PURPOSE. (Rationale: If key also included KeyPurpose::SIGN, then
* it could be used to sign arbitrary data, including any tbsCertificate, and so an
* attestation produced by the key would have no security properties.)
*/
ATTEST_KEY = 7,
}

36
security/keymint/aidl/vts/functional/AttestKeyTest.cpp
View file

@ -174,6 +174,24 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
}
}
/*
* AttestKeyTest.RsaAttestKeyMultiPurposeFail
*
* This test attempts to create an RSA attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537)
.AttestKey()
.SetDefaultValidity(),
{} /* attestation signing key */, &attest_key_blob,
&attest_key_characteristics, &attest_key_cert_chain));
}
/*
* AttestKeyTest.RsaAttestedAttestKeys
*
@ -411,6 +429,24 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
}
}
/*
* AttestKeyTest.EcAttestKeyMultiPurposeFail
*
* This test attempts to create an EC attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256)
.AttestKey()
.SetDefaultValidity(),
{} /* attestation signing key */, &attest_key_blob,
&attest_key_characteristics, &attest_key_cert_chain));
}
/*
* AttestKeyTest.AlternateAttestKeyChaining
*

36
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View file

@ -3351,6 +3351,26 @@ TEST_P(ImportKeyTest, RsaPublicExponentMismatch) {
KeyFormat::PKCS8, rsa_key));
}
/*
* ImportKeyTest.RsaAttestMultiPurposeFail
*
* Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
uint32_t key_size = 2048;
string key = rsa_2048_key;
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(key_size, 65537)
.AttestKey()
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PSS)
.SetDefaultValidity(),
KeyFormat::PKCS8, key));
}
/*
* ImportKeyTest.EcdsaSuccess
*
@ -3469,6 +3489,22 @@ TEST_P(ImportKeyTest, EcdsaCurveMismatch) {
KeyFormat::PKCS8, ec_256_key));
}
/*
* ImportKeyTest.EcdsaAttestMultiPurposeFail
*
* Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(EcCurve::P_256)
.AttestKey()
.Digest(Digest::SHA_2_256)
.SetDefaultValidity(),
KeyFormat::PKCS8, ec_256_key));
}
/*
* ImportKeyTest.AesSuccess
*