Auditor 20 not working on Pixel 3a (RP1A.200720.009.2020.09.29.20)
n1m1 opened this issue · 6 comments
I am running Graphene OS build number RP1A.200720.009.2020.09.29.20. I upgraded it from RP1A.200720.009.2020.09.18.13
Both local and remote scheduled verification do not seem to work.
- Scheduled remote verification does not work. When I scan the QR code on attestation.app my phone says:
Failed to submit remote attestation
- Local verification does not work. My phone says:
Error encountered generating attestation: Failed to verify certificate Certificate
Data:
Version: 3 (0x2)
Serial Number 1(0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: serialNumber=90e8da3cadfc7820/
title=StrongBox
Validity
Not Before: Dec 29 15:31:03 2021 GMT
Not After: May 23 23:59:59 2029 GMT
Subject: CN=Android Keystore Key
Actually the error message is longer than this (I copied it by hand, and I do not know how to copy and past it from the phone, sorry).
I am using Auditor 20 either on Pixel 3a and on the device performing verification. Before testing the new Auditor version I have:
- Cleared Auditor pairings.
- Cleared Auditee pairings.
- Disabled remote verification.
- Cleared Auditor's cache and data on both pones.
- Reboot both the devices.
None of these was helpful.
Can confirm that since the latest update (2020.09.29.20).
Until build 2020.09.25.00 (Auditor 19) it works
@thestinger This is what I get after turning on remote verification on RP1A.200720.009.2020.09.29.20:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: remote verify failure
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: java.security.GeneralSecurityException: Failed to verify certificate Certificate:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Data:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Version: 3 (0x2)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Serial Number: 1 (0x1)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Signature Algorithm: ecdsa-with-SHA256
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Issuer: serialNumber=90e8da3cadfc7820/title=StrongBox
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Validity
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Not Before: Jan 8 13:04:51 2022 GMT
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Not After : May 23 23:59:59 2028 GMT
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Subject: CN=Android Keystore Key
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Subject Public Key Info:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Public Key Algorithm: id-ecPublicKey
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Public-Key: (256 bit)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000000 04 5d a3 00 97 65 7f 7a aa 25 f0 83 db 79 12 a8 |.]...e.z.%...y..|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000010 33 d9 0b 08 18 2e b1 0a 9c 58 4d 01 03 49 56 9a |3........XM..IV.|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000020 7a f7 dd b8 75 f9 fc 42 03 ae e0 77 e1 e2 e3 93 |z...u..B...w....|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000030 ef a1 95 43 a7 fa 74 99 d1 20 9c 91 a5 d7 c1 6d |...C..t.. .....m|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000040 81 |.|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: X509v3 extensions:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: X509v3 Key Usage: critical
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Digital Signature
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 1.3.6.1.4.1.11129.2.1.17:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 0..8...
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: ....)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: ... Mma....5?..=s....G#V.E.......E7...0d.......t......=....t......EH.F0D1.0...app.attestation.auditor...1". .....K..O...2.......Z"....D*Jb.,0....1....................1......w.....>......@L0J. ?6.H...).WeR.O........#.4...-).....
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: ... ...^}Q...~.r.....vi.?W.....m.v.v..A........B........N....4=...O....4=.
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Signature Algorithm: ecdsa-with-SHA256
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 30:46:02:21:00:a6:b7:b9:97:5c:4a:52:85:ef:97:75:d9:ad:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 3a:70:2b:ce:24:f8:76:42:0e:a2:ab:85:b7:2e:08:57:5b:24:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: a8:02:21:00:fc:d3:6c:2d:99:b5:c2:5e:e0:c2:46:70:6e:7b:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 36:22:20:94:18:ec:3b:83:98:fd:71:1f:0d:f2:b9:7b:47:39
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: with public key Public-Key: (256 bit)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000000 04 e4 57 44 c2 b1 9f af 70 8a 17 2b 40 4b 7b 8a |..WD....p..+@K{.|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000010 b8 b1 0d 6f 78 13 c4 db 6f 0b aa 57 50 09 03 c2 |...ox...o..WP...|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000020 6f a2 01 0a 93 3b ac 70 e0 2a 6b 1a be 25 ad b0 |o....;.p.*k..%..|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000030 0d 1a 9c 9c 94 a5 71 d3 56 2c 74 99 d2 32 f5 77 |......q.V,t..2.w|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: 00000040 27 |'|
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob:
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at c.a.a.d.n(:1)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at c.a.a.d.h(:4)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at app.attestation.auditor.RemoteVerifyJob$a.doInBackground(:1)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at android.os.AsyncTask$3.call(AsyncTask.java:394)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at java.util.concurrent.FutureTask.run(FutureTask.java:266)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at java.lang.Thread.run(Thread.java:923)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Sat Jan 08 05:04:51 PST 2022 (compared to Thu Oct 01 12:05:09 PDT 2020)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:264)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at com.android.org.conscrypt.OpenSSLX509Certificate.checkValidity(OpenSSLX509Certificate.java:256)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: at android.security.keystore.DelegatingX509Certificate.checkValidity(DelegatingX509Certificate.java:69)
10-01 12:05:09.217 4843 5039 E RemoteVerifyJob: ... 9 more
Auditor is correctly producing an error due to the Titan M creating the public key certificate with a Not Before date in 2022. You can see the problem in the output. This is the error message from above:
Caused by: java.security.cert.CertificateNotYetValidException: Certificate not valid until Sat Jan 08 05:04:51 PST 2022 (compared to Thu Oct 01 12:05:09 PDT 2020)
The reason this bug was uncovered by the latest release is because we didn't yet have network time sync working on Android 11 until the most recent release. It appears that when the time is synced, the Titan M ends up with the wrong time. Auditor checks the validity dates of the certificates, not really for any particular reason, but because it's good practice, and it errors out because the certificate says it isn't valid until 2022. The only way I could really address this right now is by removing the time validity check for the attestation certificate. It can be left in place for the others.
So, this isn't a bug in Auditor. It can potentially be worked around here, but this is Auditor working as designed. It's a bug in either the OS (in how it syncs time to secure elements) or in the secure element firmware.
47c7c72 works around this.