Merge "KeyMint VTS: ATTEST_KEY has no other purpose" am: a67b0441fe am: 02c4ee0dca am: 35392ef70e (6e2b1afd) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl

+5 −1

Original line number	Diff line number	Diff line
		@@ -44,6 +44,10 @@ enum KeyPurpose {
		AGREE_KEY = 6,

		/* Usable as an attestation signing key. Keys with this purpose must not have any other
		* purpose. */
		* purpose; if they do, key generation/import must be rejected with
		* ErrorCode::INCOMPATIBLE_PURPOSE. (Rationale: If key also included KeyPurpose::SIGN, then
		* it could be used to sign arbitrary data, including any tbsCertificate, and so an
		* attestation produced by the key would have no security properties.)
		*/
		ATTEST_KEY = 7,
		}

+36 −0

Original line number	Diff line number	Diff line
		@@ -174,6 +174,24 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
		}
		}

		/*
		* AttestKeyTest.RsaAttestKeyMultiPurposeFail
		*
		* This test attempts to create an RSA attestation key that also allows signing.
		*/
		TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
		vector<uint8_t> attest_key_blob;
		vector<KeyCharacteristics> attest_key_characteristics;
		vector<Certificate> attest_key_cert_chain;
		ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
		GenerateKey(AuthorizationSetBuilder()
		.RsaSigningKey(2048, 65537)
		.AttestKey()
		.SetDefaultValidity(),
		{} /* attestation signing key */, &attest_key_blob,
		&attest_key_characteristics, &attest_key_cert_chain));
		}

		/*
		* AttestKeyTest.RsaAttestedAttestKeys
		*
		@@ -411,6 +429,24 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
		}
		}

		/*
		* AttestKeyTest.EcAttestKeyMultiPurposeFail
		*
		* This test attempts to create an EC attestation key that also allows signing.
		*/
		TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
		vector<uint8_t> attest_key_blob;
		vector<KeyCharacteristics> attest_key_characteristics;
		vector<Certificate> attest_key_cert_chain;
		ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
		GenerateKey(AuthorizationSetBuilder()
		.EcdsaSigningKey(EcCurve::P_256)
		.AttestKey()
		.SetDefaultValidity(),
		{} /* attestation signing key */, &attest_key_blob,
		&attest_key_characteristics, &attest_key_cert_chain));
		}

		/*
		* AttestKeyTest.AlternateAttestKeyChaining
		*

+36 −0

Original line number	Diff line number	Diff line
		@@ -3351,6 +3351,26 @@ TEST_P(ImportKeyTest, RsaPublicExponentMismatch) {
		KeyFormat::PKCS8, rsa_key));
		}

		/*
		* ImportKeyTest.RsaAttestMultiPurposeFail
		*
		* Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
		*/
		TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
		uint32_t key_size = 2048;
		string key = rsa_2048_key;

		ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
		ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.RsaSigningKey(key_size, 65537)
		.AttestKey()
		.Digest(Digest::SHA_2_256)
		.Padding(PaddingMode::RSA_PSS)
		.SetDefaultValidity(),
		KeyFormat::PKCS8, key));
		}

		/*
		* ImportKeyTest.EcdsaSuccess
		*
		@@ -3469,6 +3489,22 @@ TEST_P(ImportKeyTest, EcdsaCurveMismatch) {
		KeyFormat::PKCS8, ec_256_key));
		}

		/*
		* ImportKeyTest.EcdsaAttestMultiPurposeFail
		*
		* Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
		*/
		TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
		ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
		ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.EcdsaSigningKey(EcCurve::P_256)
		.AttestKey()
		.Digest(Digest::SHA_2_256)
		.SetDefaultValidity(),
		KeyFormat::PKCS8, ec_256_key));
		}

		/*
		* ImportKeyTest.AesSuccess
		*