Enforce 128-byte limit for attestation challenge #70
+73
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
The duck detector already uses this method for detection.
|
|
Tried in A11, dd still detecting, the enforced is not working in A11 device?
|
This commit aligns the simulator's behavior with the Android Keymaster/KeyMint specification by enforcing a maximum length of 128 bytes for the attestation challenge. Previously, the simulator accepted attestation challenges of arbitrary length during `generateKey`. This discrepancy allowed detection tools to identify the emulated environment by intentionally sending an oversized challenge (e.g., > 128 bytes) and observing that it was accepted instead of rejected. The implementation now validates the size of the `TAG_ATTESTATION_CHALLENGE` parameter. If the challenge exceeds the limit, the transaction is intercepted, and a `ServiceSpecificException` is constructed manually via Binder (using the `EX_SERVICE_SPECIFIC` header) to return the `INVALID_INPUT_LENGTH` (-21) error code. This matches the error code and Binder-visible behavior defined by the KeyMint specification. See AOSP source for the length constraint and error definition: https://cs.android.com/android/platform/superproject/main/+/main:system/keymaster/android_keymaster/android_keymaster.cpp;l=330 https://cs.android.com/android/platform/superproject/main/+/main:system/keymaster/km_openssl/attestation_record.cpp;l=257 https://cs.android.com/android/platform/superproject/main/+/main:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl;l=48
Contributor
Author
|
@Stillhard Could you try this commit, please? |
Tested! Wonderful result 😘 Thank you @XiaoTong6666 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit aligns the simulator's behavior with the Android Keymaster/KeyMint specification by enforcing a maximum length of 128 bytes for the attestation challenge.
Previously, the simulator accepted attestation challenges of arbitrary length during
generateKey. This behavior differed from real implementations and allowed detection tools to identify whether the current TEE / KeyMint / Keymaster environment was emulated or tampered with by intentionally sending an oversized challenge (e.g., > 128 bytes) and observing that it was accepted instead of rejected.The implementation now validates the size of the
TAG_ATTESTATION_CHALLENGEparameter. If the challenge exceeds the limit, the transaction is intercepted, and aServiceSpecificExceptionis constructed manually via Binder (using theEX_SERVICE_SPECIFICheader) to return theINVALID_INPUT_LENGTH(-21) error code. This matches the error code and Binder-visible behavior defined by the KeyMint specification.这个 commit 是通过将 attestation challenge 的最大长度限制为 128 字节,让模拟的行为更加符合 Keymaster / KeyMint 的规范。
在此之前,模拟器在 generateKey 过程中会接受任意长度的 attestation challenge。这种行为与真实实现不一致,导致一些检测工具可以通过刻意发送超长 challenge(比如超过 128 字节),并观察是否被接受,来判断当前 TEE/ KeyMint / Keymaster 是否模拟被篡改。
现在的实现会对 TAG_ATTESTATION_CHALLENGE 的长度进行检查。如果 challenge 超过限制,请求会被直接拦截,并通过 Binder 手动构造一个 ServiceSpecificException(使用 EX_SERVICE_SPECIFIC 头),返回 INVALID_INPUT_LENGTH(-21)错误码,这样可以保证返回的错误码和 Binder 层可观察到的行为与 Keymaster / KeyMint 规范保持一致
See AOSP source for the length constraint and error definition:
https://cs.android.com/android/platform/superproject/main/+/main:system/keymaster/android_keymaster/android_keymaster.cpp;l=330
https://cs.android.com/android/platform/superproject/main/+/main:system/keymaster/km_openssl/attestation_record.cpp;l=257
https://cs.android.com/android/platform/superproject/main/+/main:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl;l=48