KeyAttestationTest#testEcAttestation

最新推荐文章于 2024-08-10 22:37:48 发布

曹禺

最新推荐文章于 2024-08-10 22:37:48 发布

阅读量1.7k

点赞数

分类专栏： GMS认证

原文链接：https://blog.csdn.net/qq_23452385/article/details/87539961

版权

GMS认证专栏收录该内容

11 篇文章 2 订阅

订阅专栏

run cts --subplan CtsKeystoreTestCases-android.keystore.cts.KeyAttestationTest#testEcAttestation

log报android.security.KeyStoreException: -10003 at android.security.KeyStore.getKeyStoreException(KeyStore.java:839)

Error : -10003 means attestation key is not provisioned.

CtsKeystoreTestCases 没有设置Attestation key

https://www.jianshu.com/p/959be78c985e

3、CtsKeystoreTestCases android.keystore.cts.KeyAttestationTest#testEcAttestation

该项测试需要申请google key

QCOM文档：

https://createpoint.qti.qualcomm.com/search/contentdocument/stream/599180?refererRoute=search%2FsearchArgs%2Fq%7C%7CKeyAttestationTest%7C%7Crows%7C%7C10%7C%7CsortField%7C%7Cscore%7C%7CsortOrder%7C%7Cdesc&dcn=KBA-180319234132¤tPage=1&itemTotalIndex=1

MTK文档：

https://online.mediatek.com/FAQ#/SW/FAQ20625

什么是认证密钥？

对于Android O，必须进行密钥认证，并将在CTS/GTS中进行检查。

密钥认证旨在提供一种强有力地确定非对称密钥对是否由硬件支持（如果来自HW keymaster）的方法。

认证密钥是如何工作的？

在应用程序ask keymaster gen密钥对之后，

应用程序可以要求keymaster提供证书链（证书由认证密钥签名，而根证书来自Google），并验证证书链是否有效。

应用程序应该自己进行证书验证。

谷歌网站上的更多信息，你应该要知道：

在提供关键条款之前，最好从谷歌网站获取知识，请参考以下链接：

https://source.android.com/security/keystore/

https://developer.android.com/training/articles/security-key-attestation.html#verifying

https://source.android.com/compatibility/android-cdd#9_security_model_compatibility（CCD chapter 9.11）

如何认证关键条款？

step1: Apply the attestation key keybox from google, detail pls refer to Q1

step2: Split and encrypt the keybox with the splitter tool, splitter tool you can get from the MOL, you can find splitter tool together with SN Writer tool.

stpe3: config the decrypt/verify key to tee file in Android codebase, re-build and update image to phone.

step4: install attestation key keybox into phone with SN writer or sp meta tool.

Q&A

Q1：我如何应用谷歌的认证密钥？

A：你应该用你的谷歌ID登录谷歌的网站，

并使用带有“设备ID”的认证密钥。更多信息请登录以下谷歌网站：

https://accounts.google.com/signin/v2/identifier？service=androidpartner&passive=1209600&continue=https%3a%2f%2fpartner.android.com%2f&followup=https%3a%2f%2fpartner.android.com%2f&flowname=glifwebsignin&flowntry=servicelogin

https://developers.google.com/android-partner/guide/keybox

Q2：如果我没有安装keymaster的认证密钥呢？

A:CTS/GTS将失败

Q3：为什么10W台设备共享一个密钥？如果少于或超过10W台设备共享一个密钥，或者不同的项目共享相同的密钥，该怎么办？

A：为了避免认证密钥涉及到设备的唯一ID，谷歌没有要求认证密钥的编号必须是10W，这只是一个建议。

Q4：设备ID会被注入keymaster吗？

A：在MTK的解决方案中，设备ID不会被注入到keymaster中。谷歌不要求将设备ID注入keymaster。

Q5：如何检查密钥安装是否成功和有效？

A：运行CTS检查密钥是否有效，密钥认证功能是否有效。

运行cts –m ctskeystoretestcases –t android.keystore.cts.keystationtest

Q6：为什么the Keysplitter tool显示错误“内存不足”？

A:keybox文件太大，keybox的最大尺寸是500M，当文件大于500M时，客户需要在使用keysplitter工具之前对文件进行拆分。

测试报告：

Test	Result	Details
android.keystore.cts.KeyAttestationTest#testEcAttestation	fail	java.lang.Exception: Failed on curve 0 and challege 0 at android.keystore.cts.KeyAttestationTest.testEcAttestation(KeyAttestationTest.java:169) at java.lang.reflect.Method.invoke(Native Method) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:115) at android.support.test.internal.runner.junit3.AndroidTestResult.runProtected(AndroidTestResult.java:73) at junit.framework.TestResult.run(TestResult.java:118) at android.support.test.internal.runner.junit3.AndroidTestResult.run(AndroidTestResult.java:51) at junit.framework.TestCase.run(TestCase.java:124) at android.support.test.internal.runner.junit3.NonLeakyTestSuite$NonLeakyTest.run(NonLeakyTestSuite.java:62) at android.support.test.internal.runner.junit3.AndroidTestSuite$2.run(AndroidTestSuite.java:101) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:458) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) at java.lang.Thread.run(Thread.java:764) Caused by: java.security.ProviderException: Failed to generate attestation certificate chain at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.getAttestationChain(AndroidKeyStoreKeyPairGeneratorSpi.java:610) at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.createCertificateChain(AndroidKeyStoreKeyPairGeneratorSpi.java:497) at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:474) at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727) at android.keystore.cts.KeyAttestationTest.generateKeyPair(KeyAttestationTest.java:881) at android.keystore.cts.KeyAttestationTest.testEcAttestation(KeyAttestationTest.java:476) at android.keystore.cts.KeyAttestationTest.testEcAttestation(KeyAttestationTest.java:162) ... 15 more Caused by: android.security.KeyStoreException: -10003 at android.security.KeyStore.getKeyStoreException(KeyStore.java:839) ... 22 more
android.keystore.cts.KeyAttestationTest#testRsaAttestation	fail	java.lang.Exception: Failed on key size 512 challenge [], purposes [2, 3] and paddings [PKCS1] at android.keystore.cts.KeyAttestationTest.testRsaAttestations(KeyAttestationTest.java:382) at android.keystore.cts.KeyAttestationTest.testRsaAttestation(KeyAttestationTest.java:289) at java.lang.reflect.Method.invoke(Native Method) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:115) at android.support.test.internal.runner.junit3.AndroidTestResult.runProtected(AndroidTestResult.java:73) at junit.framework.TestResult.run(TestResult.java:118) at android.support.test.internal.runner.junit3.AndroidTestResult.run(AndroidTestResult.java:51) at junit.framework.TestCase.run(TestCase.java:124) at android.support.test.internal.runner.junit3.NonLeakyTestSuite$NonLeakyTest.run(NonLeakyTestSuite.java:62) at android.support.test.internal.runner.junit3.AndroidTestSuite$2.run(AndroidTestSuite.java:101) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:458) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) at java.lang.Thread.run(Thread.java:764) Caused by: java.security.ProviderException: Failed to generate attestation certificate chain at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.getAttestationChain(AndroidKeyStoreKeyPairGeneratorSpi.java:610) at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.createCertificateChain(AndroidKeyStoreKeyPairGeneratorSpi.java:497) at android.security.keystore.AndroidKeyStoreKeyPairGeneratorSpi.generateKeyPair(AndroidKeyStoreKeyPairGeneratorSpi.java:474) at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:727) at android.keystore.cts.KeyAttestationTest.generateKeyPair(KeyAttestationTest.java:881) at android.keystore.cts.KeyAttestationTest.testRsaAttestation(KeyAttestationTest.java:422) at android.keystore.cts.KeyAttestationTest.testRsaAttestations(KeyAttestationTest.java:374) ... 16 more Caused by: android.security.KeyStoreException: -10003 at android.security.KeyStore.getKeyStoreException(KeyStore.java:839) ... 23 more