Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 0a6755018f08a6d35d1dec3293df2ec6d035f9fd / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: 2d2ba632cb72523d239312964cf83ad41ed3cdbc [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]19#include <chrono>
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]20#include <vector>
21
22#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]23#include <android/hidl/manager/1.0/IServiceManager.h>
24
25#include <keymasterV4_0/key_param_output.h>
Shawn Willden2adf7fb2019-11-26 09:00:08 -0700[diff] [blame]26#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]27
28namespace android {
29namespace hardware {
30namespace keymaster {
31namespace V4_0 {
32
33::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
34 if (set.size() == 0)
35 os << "(Empty)" << ::std::endl;
36 else {
37 os << "\n";
38 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
39 }
40 return os;
41}
42
43namespace test {
44
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]45using namespace std::literals::chrono_literals;
46
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]47void KeymasterHidlTest::InitializeKeymaster() {
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]48 std::string instance_name = GetParam();
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]49 keymaster_ = IKeymasterDevice::getService(GetParam());
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]50 ASSERT_NE(keymaster_, nullptr);
51
52 ASSERT_TRUE(keymaster_
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]53 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
54 const hidl_string& author) {
55 securityLevel_ = securityLevel;
56 name_ = name;
57 author_ = author;
58 })
59 .isOk());
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]60}
61
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]62void KeymasterHidlTest::SetUp() {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]63 InitializeKeymaster();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]64
Shawn Willden2adf7fb2019-11-26 09:00:08 -0700[diff] [blame]65 os_version_ = support::getOsVersion();
66 os_patch_level_ = support::getOsPatchlevel();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]67}
68
69ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
70 KeyCharacteristics* key_characteristics) {
71 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
72 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
73 EXPECT_NE(key_characteristics, nullptr)
74 << "Previous characteristics not deleted before generating key. Test bug.";
75
76 ErrorCode error;
77 EXPECT_TRUE(keymaster_
78 ->generateKey(key_desc.hidl_data(),
79 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
80 const KeyCharacteristics& hidl_key_characteristics) {
81 error = hidl_error;
82 *key_blob = hidl_key_blob;
83 *key_characteristics = hidl_key_characteristics;
84 })
85 .isOk());
86 // On error, blob & characteristics should be empty.
87 if (error != ErrorCode::OK) {
88 EXPECT_EQ(0U, key_blob->size());
89 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
90 key_characteristics->hardwareEnforced.size()));
91 }
92 return error;
93}
94
95ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
96 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
97}
98
99ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
100 const string& key_material, HidlBuf* key_blob,
101 KeyCharacteristics* key_characteristics) {
102 ErrorCode error;
103 EXPECT_TRUE(keymaster_
104 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
105 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
106 const KeyCharacteristics& hidl_key_characteristics) {
107 error = hidl_error;
108 *key_blob = hidl_key_blob;
109 *key_characteristics = hidl_key_characteristics;
110 })
111 .isOk());
112 // On error, blob & characteristics should be empty.
113 if (error != ErrorCode::OK) {
114 EXPECT_EQ(0U, key_blob->size());
115 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
116 key_characteristics->hardwareEnforced.size()));
117 }
118 return error;
119}
120
121ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
122 const string& key_material) {
123 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
124}
125
126ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
127 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]128 string masking_key,
129 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]130 ErrorCode error;
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]131 EXPECT_EQ(ErrorCode::OK, ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]132 EXPECT_TRUE(keymaster_
133 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]134 unwrapping_params.hidl_data(), 0 /* passwordSid */,
135 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]136 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
137 const KeyCharacteristics& hidl_key_characteristics) {
138 error = hidl_error;
139 key_blob_ = hidl_key_blob;
140 key_characteristics_ = hidl_key_characteristics;
141 })
142 .isOk());
143 return error;
144}
145
146ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
147 const HidlBuf& client_id, const HidlBuf& app_data,
148 HidlBuf* key_material) {
149 ErrorCode error;
150 EXPECT_TRUE(keymaster_
151 ->exportKey(format, key_blob, client_id, app_data,
152 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
153 error = hidl_error_code;
154 *key_material = hidl_key_material;
155 })
156 .isOk());
157 // On error, blob should be empty.
158 if (error != ErrorCode::OK) {
159 EXPECT_EQ(0U, key_material->size());
160 }
161 return error;
162}
163
164ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
165 HidlBuf client_id, app_data;
166 return ExportKey(format, key_blob_, client_id, app_data, key_material);
167}
168
169ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
170 auto rc = keymaster_->deleteKey(*key_blob);
171 if (!keep_key_blob) *key_blob = HidlBuf();
172 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
173 return rc;
174}
175
176ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
177 return DeleteKey(&key_blob_, keep_key_blob);
178}
179
180ErrorCode KeymasterHidlTest::DeleteAllKeys() {
181 ErrorCode error = keymaster_->deleteAllKeys();
182 return error;
183}
184
185void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
186 auto rc = DeleteKey(key_blob, keep_key_blob);
187 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
188}
189
190void KeymasterHidlTest::CheckedDeleteKey() {
191 CheckedDeleteKey(&key_blob_);
192}
193
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]194void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
195 const HidlBuf& app_data,
196 KeyCharacteristics* key_characteristics) {
197 HidlBuf empty_buf = {};
198 EXPECT_EQ(ErrorCode::OK,
199 GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]200 if (SecLevel() != SecurityLevel::SOFTWARE) {
201 EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
202 }
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]203 EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
204
205 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
206 GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
207 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
208 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
209
210 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
211 GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
212 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
213 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
214
215 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
216 GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
217 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
218 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
219}
220
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]221ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
222 const HidlBuf& app_data,
223 KeyCharacteristics* key_characteristics) {
224 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
225 EXPECT_TRUE(
226 keymaster_
227 ->getKeyCharacteristics(
228 key_blob, client_id, app_data,
229 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
230 error = hidl_error, *key_characteristics = hidl_key_characteristics;
231 })
232 .isOk());
233 return error;
234}
235
236ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
237 KeyCharacteristics* key_characteristics) {
238 HidlBuf client_id, app_data;
239 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
240}
241
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]242ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
243 EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
244 *debug_info = hidl_debug_info;
245 }).isOk());
246 return ErrorCode::OK;
247}
248
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]249ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
250 const AuthorizationSet& in_params, AuthorizationSet* out_params,
251 OperationHandle* op_handle) {
252 SCOPED_TRACE("Begin");
253 ErrorCode error;
254 OperationHandle saved_handle = *op_handle;
255 EXPECT_TRUE(keymaster_
256 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
257 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
258 uint64_t hidl_op_handle) {
259 error = hidl_error;
260 *out_params = hidl_out_params;
261 *op_handle = hidl_op_handle;
262 })
263 .isOk());
264 if (error != ErrorCode::OK) {
265 // Some implementations may modify *op_handle on error.
266 *op_handle = saved_handle;
267 }
268 return error;
269}
270
271ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
272 AuthorizationSet* out_params) {
273 SCOPED_TRACE("Begin");
274 EXPECT_EQ(kOpHandleSentinel, op_handle_);
275 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
276}
277
278ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
279 SCOPED_TRACE("Begin");
280 AuthorizationSet out_params;
281 ErrorCode error = Begin(purpose, in_params, &out_params);
282 EXPECT_TRUE(out_params.empty());
283 return error;
284}
285
286ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
287 const string& input, AuthorizationSet* out_params,
288 string* output, size_t* input_consumed) {
289 SCOPED_TRACE("Update");
290 ErrorCode error;
291 EXPECT_TRUE(keymaster_
292 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
293 VerificationToken(),
294 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
295 const hidl_vec<KeyParameter>& hidl_out_params,
296 const HidlBuf& hidl_output) {
297 error = hidl_error;
298 out_params->push_back(AuthorizationSet(hidl_out_params));
299 output->append(hidl_output.to_string());
300 *input_consumed = hidl_input_consumed;
301 })
302 .isOk());
303 return error;
304}
305
306ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
307 SCOPED_TRACE("Update");
308 AuthorizationSet out_params;
309 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
310 out, input_consumed);
311 EXPECT_TRUE(out_params.empty());
312 return error;
313}
314
315ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
316 const string& input, const string& signature,
317 AuthorizationSet* out_params, string* output) {
318 SCOPED_TRACE("Finish");
319 ErrorCode error;
320 EXPECT_TRUE(
321 keymaster_
322 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
323 HardwareAuthToken(), VerificationToken(),
324 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
325 const HidlBuf& hidl_output) {
326 error = hidl_error;
327 *out_params = hidl_out_params;
328 output->append(hidl_output.to_string());
329 })
330 .isOk());
331 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
332 return error;
333}
334
335ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
336 SCOPED_TRACE("Finish");
337 AuthorizationSet out_params;
338 string finish_output;
339 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
340 "" /* signature */, &out_params, output);
341 if (error != ErrorCode::OK) {
342 return error;
343 }
344 EXPECT_EQ(0U, out_params.size());
345 return error;
346}
347
348ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
349 string* output) {
350 SCOPED_TRACE("Finish");
351 AuthorizationSet out_params;
352 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
353 &out_params, output);
354 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
355 if (error != ErrorCode::OK) {
356 return error;
357 }
358 EXPECT_EQ(0U, out_params.size());
359 return error;
360}
361
362ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
363 SCOPED_TRACE("Abort");
364 auto retval = keymaster_->abort(op_handle);
365 EXPECT_TRUE(retval.isOk());
366 return retval;
367}
368
369void KeymasterHidlTest::AbortIfNeeded() {
370 SCOPED_TRACE("AbortIfNeeded");
371 if (op_handle_ != kOpHandleSentinel) {
372 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
373 op_handle_ = kOpHandleSentinel;
374 }
375}
376
377ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
378 const AuthorizationSet& attest_params,
379 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
380 SCOPED_TRACE("AttestKey");
381 ErrorCode error;
382 auto rc = keymaster_->attestKey(
383 key_blob, attest_params.hidl_data(),
384 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
385 error = hidl_error;
386 *cert_chain = hidl_cert_chain;
387 });
388
389 EXPECT_TRUE(rc.isOk()) << rc.description();
390 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
391
392 return error;
393}
394
395ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
396 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
397 SCOPED_TRACE("AttestKey");
398 return AttestKey(key_blob_, attest_params, cert_chain);
399}
400
401string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
402 const string& message, const AuthorizationSet& in_params,
403 AuthorizationSet* out_params) {
404 SCOPED_TRACE("ProcessMessage");
405 AuthorizationSet begin_out_params;
406 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
407
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]408 string output;
409 size_t consumed = 0;
410 AuthorizationSet update_params;
411 AuthorizationSet update_out_params;
412 EXPECT_EQ(ErrorCode::OK,
413 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
414
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]415 string unused;
416 AuthorizationSet finish_params;
417 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]418 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
419 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]420 op_handle_ = kOpHandleSentinel;
421
422 out_params->push_back(begin_out_params);
423 out_params->push_back(finish_out_params);
424 return output;
425}
426
427string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
428 const AuthorizationSet& params) {
429 SCOPED_TRACE("SignMessage");
430 AuthorizationSet out_params;
431 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
432 EXPECT_TRUE(out_params.empty());
433 return signature;
434}
435
436string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
437 SCOPED_TRACE("SignMessage");
438 return SignMessage(key_blob_, message, params);
439}
440
441string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
442 SCOPED_TRACE("MacMessage");
443 return SignMessage(
444 key_blob_, message,
445 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
446}
447
448void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
449 const string& expected_mac) {
450 SCOPED_TRACE("CheckHmacTestVector");
451 ASSERT_EQ(ErrorCode::OK,
452 ImportKey(AuthorizationSetBuilder()
453 .Authorization(TAG_NO_AUTH_REQUIRED)
454 .HmacKey(key.size() * 8)
455 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
456 .Digest(digest),
457 KeyFormat::RAW, key));
458 string signature = MacMessage(message, digest, expected_mac.size() * 8);
459 EXPECT_EQ(expected_mac, signature)
460 << "Test vector didn't match for key of size " << key.size() << " message of size "
461 << message.size() << " and digest " << digest;
462 CheckedDeleteKey();
463}
464
465void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
466 const string& message,
467 const string& expected_ciphertext) {
468 SCOPED_TRACE("CheckAesCtrTestVector");
469 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
470 .Authorization(TAG_NO_AUTH_REQUIRED)
471 .AesEncryptionKey(key.size() * 8)
472 .BlockMode(BlockMode::CTR)
473 .Authorization(TAG_CALLER_NONCE)
474 .Padding(PaddingMode::NONE),
475 KeyFormat::RAW, key));
476
477 auto params = AuthorizationSetBuilder()
478 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
479 .BlockMode(BlockMode::CTR)
480 .Padding(PaddingMode::NONE);
481 AuthorizationSet out_params;
482 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
483 EXPECT_EQ(expected_ciphertext, ciphertext);
484}
485
486void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
487 PaddingMode padding_mode, const string& key,
488 const string& iv, const string& input,
489 const string& expected_output) {
490 auto authset = AuthorizationSetBuilder()
491 .TripleDesEncryptionKey(key.size() * 7)
492 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]493 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]494 .Padding(padding_mode);
495 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
496 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
497 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
498 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
499 AuthorizationSet output_params;
500 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
501 EXPECT_EQ(expected_output, output);
502}
503
504void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
505 const string& signature, const AuthorizationSet& params) {
506 SCOPED_TRACE("VerifyMessage");
507 AuthorizationSet begin_out_params;
508 ASSERT_EQ(ErrorCode::OK,
509 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
510
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]511 string output;
512 AuthorizationSet update_params;
513 AuthorizationSet update_out_params;
514 size_t consumed;
515 ASSERT_EQ(ErrorCode::OK,
516 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
517 EXPECT_TRUE(output.empty());
518 EXPECT_GT(consumed, 0U);
519
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]520 string unused;
521 AuthorizationSet finish_params;
522 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]523 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
524 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]525 op_handle_ = kOpHandleSentinel;
526 EXPECT_TRUE(output.empty());
527}
528
529void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
530 const AuthorizationSet& params) {
531 SCOPED_TRACE("VerifyMessage");
532 VerifyMessage(key_blob_, message, signature, params);
533}
534
535string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
536 const AuthorizationSet& in_params,
537 AuthorizationSet* out_params) {
538 SCOPED_TRACE("EncryptMessage");
539 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
540}
541
542string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
543 AuthorizationSet* out_params) {
544 SCOPED_TRACE("EncryptMessage");
545 return EncryptMessage(key_blob_, message, params, out_params);
546}
547
548string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
549 SCOPED_TRACE("EncryptMessage");
550 AuthorizationSet out_params;
551 string ciphertext = EncryptMessage(message, params, &out_params);
552 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
553 return ciphertext;
554}
555
556string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
557 PaddingMode padding) {
558 SCOPED_TRACE("EncryptMessage");
559 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
560 AuthorizationSet out_params;
561 string ciphertext = EncryptMessage(message, params, &out_params);
562 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
563 return ciphertext;
564}
565
566string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
567 PaddingMode padding, HidlBuf* iv_out) {
568 SCOPED_TRACE("EncryptMessage");
569 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
570 AuthorizationSet out_params;
571 string ciphertext = EncryptMessage(message, params, &out_params);
572 EXPECT_EQ(1U, out_params.size());
573 auto ivVal = out_params.GetTagValue(TAG_NONCE);
574 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]575 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]576 return ciphertext;
577}
578
579string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
580 PaddingMode padding, const HidlBuf& iv_in) {
581 SCOPED_TRACE("EncryptMessage");
582 auto params = AuthorizationSetBuilder()
583 .BlockMode(block_mode)
584 .Padding(padding)
585 .Authorization(TAG_NONCE, iv_in);
586 AuthorizationSet out_params;
587 string ciphertext = EncryptMessage(message, params, &out_params);
588 return ciphertext;
589}
590
Rob Barnes8ddc1c72019-09-13 18:00:44 -0600[diff] [blame]591string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
592 PaddingMode padding, uint8_t mac_length_bits,
593 const HidlBuf& iv_in) {
594 SCOPED_TRACE("EncryptMessage");
595 auto params = AuthorizationSetBuilder()
596 .BlockMode(block_mode)
597 .Padding(padding)
598 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
599 .Authorization(TAG_NONCE, iv_in);
600 AuthorizationSet out_params;
601 string ciphertext = EncryptMessage(message, params, &out_params);
602 return ciphertext;
603}
604
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]605string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
606 const AuthorizationSet& params) {
607 SCOPED_TRACE("DecryptMessage");
608 AuthorizationSet out_params;
609 string plaintext =
610 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
611 EXPECT_TRUE(out_params.empty());
612 return plaintext;
613}
614
615string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
616 SCOPED_TRACE("DecryptMessage");
617 return DecryptMessage(key_blob_, ciphertext, params);
618}
619
620string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
621 PaddingMode padding_mode, const HidlBuf& iv) {
622 SCOPED_TRACE("DecryptMessage");
623 auto params = AuthorizationSetBuilder()
624 .BlockMode(block_mode)
625 .Padding(padding_mode)
626 .Authorization(TAG_NONCE, iv);
627 return DecryptMessage(key_blob_, ciphertext, params);
628}
629
630std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
631 std::pair<ErrorCode, HidlBuf> retval;
632 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
633 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
634 retval = std::tie(error, upgraded_blob);
635 });
636 return retval;
637}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]638std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
639 switch (algorithm) {
640 case Algorithm::RSA:
641 switch (SecLevel()) {
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]642 case SecurityLevel::SOFTWARE:
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]643 case SecurityLevel::TRUSTED_ENVIRONMENT:
644 return {2048, 3072, 4096};
645 case SecurityLevel::STRONGBOX:
646 return {2048};
647 default:
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]648 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]649 break;
650 }
651 break;
652 case Algorithm::EC:
653 switch (SecLevel()) {
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]654 case SecurityLevel::SOFTWARE:
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]655 case SecurityLevel::TRUSTED_ENVIRONMENT:
656 return {224, 256, 384, 521};
657 case SecurityLevel::STRONGBOX:
658 return {256};
659 default:
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]660 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]661 break;
662 }
663 break;
664 case Algorithm::AES:
665 return {128, 256};
666 case Algorithm::TRIPLE_DES:
667 return {168};
668 case Algorithm::HMAC: {
669 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
670 uint32_t size = 64 - 8;
671 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
672 return retval;
673 }
674 default:
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]675 ADD_FAILURE() << "Invalid Algorithm: " << algorithm;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]676 return {};
677 }
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]678 ADD_FAILURE() << "Should be impossible to get here";
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]679 return {};
680}
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]681
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]682std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]683 if (SecLevel() == SecurityLevel::STRONGBOX) {
684 switch (algorithm) {
685 case Algorithm::RSA:
686 return {3072, 4096};
687 case Algorithm::EC:
688 return {224, 384, 521};
689 case Algorithm::AES:
690 return {192};
691 default:
692 return {};
693 }
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]694 }
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]695 return {};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]696}
697
698std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
699 if (securityLevel_ == SecurityLevel::STRONGBOX) {
700 return {EcCurve::P_256};
701 } else {
702 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
703 }
704}
705
706std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
707 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
708 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
709 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
710}
711
Yi Kong73921752018-09-21 15:30:45 -0700[diff] [blame]712std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]713 switch (SecLevel()) {
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]714 case SecurityLevel::SOFTWARE:
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]715 case SecurityLevel::TRUSTED_ENVIRONMENT:
716 if (withNone) {
717 if (withMD5)
718 return {Digest::NONE, Digest::MD5, Digest::SHA1,
719 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
720 Digest::SHA_2_512};
721 else
722 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
723 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
724 } else {
725 if (withMD5)
726 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
727 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
728 else
729 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
730 Digest::SHA_2_512};
731 }
732 break;
733 case SecurityLevel::STRONGBOX:
734 if (withNone)
735 return {Digest::NONE, Digest::SHA_2_256};
736 else
737 return {Digest::SHA_2_256};
738 break;
739 default:
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]740 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]741 break;
742 }
Shawn Willden0a675502019-11-28 20:15:25 -0700[diff] [blame^]743 ADD_FAILURE() << "Should be impossible to get here";
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]744 return {};
745}
746
747std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
748 return {};
749}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]750
751} // namespace test
752} // namespace V4_0
753} // namespace keymaster
754} // namespace hardware
755} // namespace android