Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 13f4bf8491b676947a6da861f3de010b255ede40 / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: 5d0e262ca5f2f80d2d8b27fbe6490e112b3eef4c [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]19#include <chrono>
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]20#include <vector>
21
22#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]23#include <android/hidl/manager/1.0/IServiceManager.h>
24
25#include <keymasterV4_0/key_param_output.h>
Shawn Willden2adf7fb2019-11-26 09:00:08 -0700[diff] [blame]26#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]27
28namespace android {
29namespace hardware {
30namespace keymaster {
31namespace V4_0 {
32
33::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
34 if (set.size() == 0)
35 os << "(Empty)" << ::std::endl;
36 else {
37 os << "\n";
38 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
39 }
40 return os;
41}
42
43namespace test {
44
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]45using namespace std::literals::chrono_literals;
46
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]47void KeymasterHidlTest::InitializeKeymaster() {
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]48 keymaster_ = IKeymasterDevice::getService(GetParam());
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]49 ASSERT_NE(keymaster_, nullptr);
50
51 ASSERT_TRUE(keymaster_
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]52 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
53 const hidl_string& author) {
54 securityLevel_ = securityLevel;
55 name_ = name;
56 author_ = author;
57 })
58 .isOk());
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]59}
60
Shawn Willden5e1347c2019-11-26 15:05:51 -0700[diff] [blame]61void KeymasterHidlTest::SetUp() {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]62 InitializeKeymaster();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]63
Shawn Willden2adf7fb2019-11-26 09:00:08 -0700[diff] [blame]64 os_version_ = support::getOsVersion();
65 os_patch_level_ = support::getOsPatchlevel();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]66}
67
68ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
69 KeyCharacteristics* key_characteristics) {
70 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
71 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
72 EXPECT_NE(key_characteristics, nullptr)
73 << "Previous characteristics not deleted before generating key. Test bug.";
74
75 ErrorCode error;
76 EXPECT_TRUE(keymaster_
77 ->generateKey(key_desc.hidl_data(),
78 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
79 const KeyCharacteristics& hidl_key_characteristics) {
80 error = hidl_error;
81 *key_blob = hidl_key_blob;
82 *key_characteristics = hidl_key_characteristics;
83 })
84 .isOk());
85 // On error, blob & characteristics should be empty.
86 if (error != ErrorCode::OK) {
87 EXPECT_EQ(0U, key_blob->size());
88 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
89 key_characteristics->hardwareEnforced.size()));
90 }
91 return error;
92}
93
94ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
95 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
96}
97
98ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
99 const string& key_material, HidlBuf* key_blob,
100 KeyCharacteristics* key_characteristics) {
101 ErrorCode error;
102 EXPECT_TRUE(keymaster_
103 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
104 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
105 const KeyCharacteristics& hidl_key_characteristics) {
106 error = hidl_error;
107 *key_blob = hidl_key_blob;
108 *key_characteristics = hidl_key_characteristics;
109 })
110 .isOk());
111 // On error, blob & characteristics should be empty.
112 if (error != ErrorCode::OK) {
113 EXPECT_EQ(0U, key_blob->size());
114 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
115 key_characteristics->hardwareEnforced.size()));
116 }
117 return error;
118}
119
120ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
121 const string& key_material) {
122 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
123}
124
125ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
126 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]127 string masking_key,
128 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]129 ErrorCode error;
130 ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
131 EXPECT_TRUE(keymaster_
132 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]133 unwrapping_params.hidl_data(), 0 /* passwordSid */,
134 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]135 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
136 const KeyCharacteristics& hidl_key_characteristics) {
137 error = hidl_error;
138 key_blob_ = hidl_key_blob;
139 key_characteristics_ = hidl_key_characteristics;
140 })
141 .isOk());
142 return error;
143}
144
145ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
146 const HidlBuf& client_id, const HidlBuf& app_data,
147 HidlBuf* key_material) {
148 ErrorCode error;
149 EXPECT_TRUE(keymaster_
150 ->exportKey(format, key_blob, client_id, app_data,
151 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
152 error = hidl_error_code;
153 *key_material = hidl_key_material;
154 })
155 .isOk());
156 // On error, blob should be empty.
157 if (error != ErrorCode::OK) {
158 EXPECT_EQ(0U, key_material->size());
159 }
160 return error;
161}
162
163ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
164 HidlBuf client_id, app_data;
165 return ExportKey(format, key_blob_, client_id, app_data, key_material);
166}
167
168ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
169 auto rc = keymaster_->deleteKey(*key_blob);
170 if (!keep_key_blob) *key_blob = HidlBuf();
171 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
172 return rc;
173}
174
175ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
176 return DeleteKey(&key_blob_, keep_key_blob);
177}
178
179ErrorCode KeymasterHidlTest::DeleteAllKeys() {
180 ErrorCode error = keymaster_->deleteAllKeys();
181 return error;
182}
183
184void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
185 auto rc = DeleteKey(key_blob, keep_key_blob);
186 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
187}
188
189void KeymasterHidlTest::CheckedDeleteKey() {
190 CheckedDeleteKey(&key_blob_);
191}
192
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]193void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
194 const HidlBuf& app_data,
195 KeyCharacteristics* key_characteristics) {
196 HidlBuf empty_buf = {};
197 EXPECT_EQ(ErrorCode::OK,
198 GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
199 EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
200 EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
201
202 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
203 GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
204 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
205 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
206
207 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
208 GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
209 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
210 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
211
212 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
213 GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
214 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
215 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
216}
217
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]218ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
219 const HidlBuf& app_data,
220 KeyCharacteristics* key_characteristics) {
221 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
222 EXPECT_TRUE(
223 keymaster_
224 ->getKeyCharacteristics(
225 key_blob, client_id, app_data,
226 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
227 error = hidl_error, *key_characteristics = hidl_key_characteristics;
228 })
229 .isOk());
230 return error;
231}
232
233ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
234 KeyCharacteristics* key_characteristics) {
235 HidlBuf client_id, app_data;
236 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
237}
238
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]239ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
240 EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
241 *debug_info = hidl_debug_info;
242 }).isOk());
243 return ErrorCode::OK;
244}
245
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]246ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
247 const AuthorizationSet& in_params, AuthorizationSet* out_params,
248 OperationHandle* op_handle) {
249 SCOPED_TRACE("Begin");
250 ErrorCode error;
251 OperationHandle saved_handle = *op_handle;
252 EXPECT_TRUE(keymaster_
253 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
254 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
255 uint64_t hidl_op_handle) {
256 error = hidl_error;
257 *out_params = hidl_out_params;
258 *op_handle = hidl_op_handle;
259 })
260 .isOk());
261 if (error != ErrorCode::OK) {
262 // Some implementations may modify *op_handle on error.
263 *op_handle = saved_handle;
264 }
265 return error;
266}
267
268ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
269 AuthorizationSet* out_params) {
270 SCOPED_TRACE("Begin");
271 EXPECT_EQ(kOpHandleSentinel, op_handle_);
272 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
273}
274
275ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
276 SCOPED_TRACE("Begin");
277 AuthorizationSet out_params;
278 ErrorCode error = Begin(purpose, in_params, &out_params);
279 EXPECT_TRUE(out_params.empty());
280 return error;
281}
282
283ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
284 const string& input, AuthorizationSet* out_params,
285 string* output, size_t* input_consumed) {
286 SCOPED_TRACE("Update");
287 ErrorCode error;
288 EXPECT_TRUE(keymaster_
289 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
290 VerificationToken(),
291 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
292 const hidl_vec<KeyParameter>& hidl_out_params,
293 const HidlBuf& hidl_output) {
294 error = hidl_error;
295 out_params->push_back(AuthorizationSet(hidl_out_params));
296 output->append(hidl_output.to_string());
297 *input_consumed = hidl_input_consumed;
298 })
299 .isOk());
300 return error;
301}
302
303ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
304 SCOPED_TRACE("Update");
305 AuthorizationSet out_params;
306 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
307 out, input_consumed);
308 EXPECT_TRUE(out_params.empty());
309 return error;
310}
311
312ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
313 const string& input, const string& signature,
314 AuthorizationSet* out_params, string* output) {
315 SCOPED_TRACE("Finish");
316 ErrorCode error;
317 EXPECT_TRUE(
318 keymaster_
319 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
320 HardwareAuthToken(), VerificationToken(),
321 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
322 const HidlBuf& hidl_output) {
323 error = hidl_error;
324 *out_params = hidl_out_params;
325 output->append(hidl_output.to_string());
326 })
327 .isOk());
328 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
329 return error;
330}
331
332ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
333 SCOPED_TRACE("Finish");
334 AuthorizationSet out_params;
335 string finish_output;
336 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
337 "" /* signature */, &out_params, output);
338 if (error != ErrorCode::OK) {
339 return error;
340 }
341 EXPECT_EQ(0U, out_params.size());
342 return error;
343}
344
345ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
346 string* output) {
347 SCOPED_TRACE("Finish");
348 AuthorizationSet out_params;
349 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
350 &out_params, output);
351 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
352 if (error != ErrorCode::OK) {
353 return error;
354 }
355 EXPECT_EQ(0U, out_params.size());
356 return error;
357}
358
359ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
360 SCOPED_TRACE("Abort");
361 auto retval = keymaster_->abort(op_handle);
362 EXPECT_TRUE(retval.isOk());
363 return retval;
364}
365
366void KeymasterHidlTest::AbortIfNeeded() {
367 SCOPED_TRACE("AbortIfNeeded");
368 if (op_handle_ != kOpHandleSentinel) {
369 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
370 op_handle_ = kOpHandleSentinel;
371 }
372}
373
374ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
375 const AuthorizationSet& attest_params,
376 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
377 SCOPED_TRACE("AttestKey");
378 ErrorCode error;
379 auto rc = keymaster_->attestKey(
380 key_blob, attest_params.hidl_data(),
381 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
382 error = hidl_error;
383 *cert_chain = hidl_cert_chain;
384 });
385
386 EXPECT_TRUE(rc.isOk()) << rc.description();
387 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
388
389 return error;
390}
391
392ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
393 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
394 SCOPED_TRACE("AttestKey");
395 return AttestKey(key_blob_, attest_params, cert_chain);
396}
397
398string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
399 const string& message, const AuthorizationSet& in_params,
400 AuthorizationSet* out_params) {
401 SCOPED_TRACE("ProcessMessage");
402 AuthorizationSet begin_out_params;
403 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
404
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]405 string output;
406 size_t consumed = 0;
407 AuthorizationSet update_params;
408 AuthorizationSet update_out_params;
409 EXPECT_EQ(ErrorCode::OK,
410 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
411
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]412 string unused;
413 AuthorizationSet finish_params;
414 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]415 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
416 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]417 op_handle_ = kOpHandleSentinel;
418
419 out_params->push_back(begin_out_params);
420 out_params->push_back(finish_out_params);
421 return output;
422}
423
424string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
425 const AuthorizationSet& params) {
426 SCOPED_TRACE("SignMessage");
427 AuthorizationSet out_params;
428 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
429 EXPECT_TRUE(out_params.empty());
430 return signature;
431}
432
433string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
434 SCOPED_TRACE("SignMessage");
435 return SignMessage(key_blob_, message, params);
436}
437
438string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
439 SCOPED_TRACE("MacMessage");
440 return SignMessage(
441 key_blob_, message,
442 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
443}
444
445void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
446 const string& expected_mac) {
447 SCOPED_TRACE("CheckHmacTestVector");
448 ASSERT_EQ(ErrorCode::OK,
449 ImportKey(AuthorizationSetBuilder()
450 .Authorization(TAG_NO_AUTH_REQUIRED)
451 .HmacKey(key.size() * 8)
452 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
453 .Digest(digest),
454 KeyFormat::RAW, key));
455 string signature = MacMessage(message, digest, expected_mac.size() * 8);
456 EXPECT_EQ(expected_mac, signature)
457 << "Test vector didn't match for key of size " << key.size() << " message of size "
458 << message.size() << " and digest " << digest;
459 CheckedDeleteKey();
460}
461
462void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
463 const string& message,
464 const string& expected_ciphertext) {
465 SCOPED_TRACE("CheckAesCtrTestVector");
466 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
467 .Authorization(TAG_NO_AUTH_REQUIRED)
468 .AesEncryptionKey(key.size() * 8)
469 .BlockMode(BlockMode::CTR)
470 .Authorization(TAG_CALLER_NONCE)
471 .Padding(PaddingMode::NONE),
472 KeyFormat::RAW, key));
473
474 auto params = AuthorizationSetBuilder()
475 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
476 .BlockMode(BlockMode::CTR)
477 .Padding(PaddingMode::NONE);
478 AuthorizationSet out_params;
479 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
480 EXPECT_EQ(expected_ciphertext, ciphertext);
481}
482
483void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
484 PaddingMode padding_mode, const string& key,
485 const string& iv, const string& input,
486 const string& expected_output) {
487 auto authset = AuthorizationSetBuilder()
488 .TripleDesEncryptionKey(key.size() * 7)
489 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]490 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]491 .Padding(padding_mode);
492 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
493 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
494 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
495 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
496 AuthorizationSet output_params;
497 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
498 EXPECT_EQ(expected_output, output);
499}
500
501void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
502 const string& signature, const AuthorizationSet& params) {
503 SCOPED_TRACE("VerifyMessage");
504 AuthorizationSet begin_out_params;
505 ASSERT_EQ(ErrorCode::OK,
506 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
507
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]508 string output;
509 AuthorizationSet update_params;
510 AuthorizationSet update_out_params;
511 size_t consumed;
512 ASSERT_EQ(ErrorCode::OK,
513 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
514 EXPECT_TRUE(output.empty());
515 EXPECT_GT(consumed, 0U);
516
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]517 string unused;
518 AuthorizationSet finish_params;
519 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]520 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
521 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]522 op_handle_ = kOpHandleSentinel;
523 EXPECT_TRUE(output.empty());
524}
525
526void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
527 const AuthorizationSet& params) {
528 SCOPED_TRACE("VerifyMessage");
529 VerifyMessage(key_blob_, message, signature, params);
530}
531
532string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
533 const AuthorizationSet& in_params,
534 AuthorizationSet* out_params) {
535 SCOPED_TRACE("EncryptMessage");
536 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
537}
538
539string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
540 AuthorizationSet* out_params) {
541 SCOPED_TRACE("EncryptMessage");
542 return EncryptMessage(key_blob_, message, params, out_params);
543}
544
545string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
546 SCOPED_TRACE("EncryptMessage");
547 AuthorizationSet out_params;
548 string ciphertext = EncryptMessage(message, params, &out_params);
549 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
550 return ciphertext;
551}
552
553string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
554 PaddingMode padding) {
555 SCOPED_TRACE("EncryptMessage");
556 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
557 AuthorizationSet out_params;
558 string ciphertext = EncryptMessage(message, params, &out_params);
559 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
560 return ciphertext;
561}
562
563string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
564 PaddingMode padding, HidlBuf* iv_out) {
565 SCOPED_TRACE("EncryptMessage");
566 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
567 AuthorizationSet out_params;
568 string ciphertext = EncryptMessage(message, params, &out_params);
569 EXPECT_EQ(1U, out_params.size());
570 auto ivVal = out_params.GetTagValue(TAG_NONCE);
571 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]572 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]573 return ciphertext;
574}
575
576string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
577 PaddingMode padding, const HidlBuf& iv_in) {
578 SCOPED_TRACE("EncryptMessage");
579 auto params = AuthorizationSetBuilder()
580 .BlockMode(block_mode)
581 .Padding(padding)
582 .Authorization(TAG_NONCE, iv_in);
583 AuthorizationSet out_params;
584 string ciphertext = EncryptMessage(message, params, &out_params);
585 return ciphertext;
586}
587
Rob Barnes8ddc1c72019-09-13 18:00:44 -0600[diff] [blame]588string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
589 PaddingMode padding, uint8_t mac_length_bits,
590 const HidlBuf& iv_in) {
591 SCOPED_TRACE("EncryptMessage");
592 auto params = AuthorizationSetBuilder()
593 .BlockMode(block_mode)
594 .Padding(padding)
595 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
596 .Authorization(TAG_NONCE, iv_in);
597 AuthorizationSet out_params;
598 string ciphertext = EncryptMessage(message, params, &out_params);
599 return ciphertext;
600}
601
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]602string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
603 const AuthorizationSet& params) {
604 SCOPED_TRACE("DecryptMessage");
605 AuthorizationSet out_params;
606 string plaintext =
607 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
608 EXPECT_TRUE(out_params.empty());
609 return plaintext;
610}
611
612string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
613 SCOPED_TRACE("DecryptMessage");
614 return DecryptMessage(key_blob_, ciphertext, params);
615}
616
617string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
618 PaddingMode padding_mode, const HidlBuf& iv) {
619 SCOPED_TRACE("DecryptMessage");
620 auto params = AuthorizationSetBuilder()
621 .BlockMode(block_mode)
622 .Padding(padding_mode)
623 .Authorization(TAG_NONCE, iv);
624 return DecryptMessage(key_blob_, ciphertext, params);
625}
626
627std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
628 std::pair<ErrorCode, HidlBuf> retval;
629 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
630 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
631 retval = std::tie(error, upgraded_blob);
632 });
633 return retval;
634}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]635std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
636 switch (algorithm) {
637 case Algorithm::RSA:
638 switch (SecLevel()) {
639 case SecurityLevel::TRUSTED_ENVIRONMENT:
640 return {2048, 3072, 4096};
641 case SecurityLevel::STRONGBOX:
642 return {2048};
643 default:
644 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
645 break;
646 }
647 break;
648 case Algorithm::EC:
649 switch (SecLevel()) {
650 case SecurityLevel::TRUSTED_ENVIRONMENT:
651 return {224, 256, 384, 521};
652 case SecurityLevel::STRONGBOX:
653 return {256};
654 default:
655 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
656 break;
657 }
658 break;
659 case Algorithm::AES:
660 return {128, 256};
661 case Algorithm::TRIPLE_DES:
662 return {168};
663 case Algorithm::HMAC: {
664 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
665 uint32_t size = 64 - 8;
666 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
667 return retval;
668 }
669 default:
670 CHECK(false) << "Invalid Algorithm: " << algorithm;
671 return {};
672 }
673 CHECK(false) << "Should be impossible to get here";
674 return {};
675}
676std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
677 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
678 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
679 switch (algorithm) {
680 case Algorithm::RSA:
681 return {3072, 4096};
682 case Algorithm::EC:
683 return {224, 384, 521};
Baranidharan Muthukumaran88a376b2018-08-24 13:31:35 -0700[diff] [blame]684 case Algorithm::AES:
685 return {192};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]686 default:
687 return {};
688 }
689}
690
691std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
692 if (securityLevel_ == SecurityLevel::STRONGBOX) {
693 return {EcCurve::P_256};
694 } else {
695 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
696 }
697}
698
699std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
700 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
701 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
702 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
703}
704
Yi Kong73921752018-09-21 15:30:45 -0700[diff] [blame]705std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]706 switch (SecLevel()) {
707 case SecurityLevel::TRUSTED_ENVIRONMENT:
708 if (withNone) {
709 if (withMD5)
710 return {Digest::NONE, Digest::MD5, Digest::SHA1,
711 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
712 Digest::SHA_2_512};
713 else
714 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
715 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
716 } else {
717 if (withMD5)
718 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
719 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
720 else
721 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
722 Digest::SHA_2_512};
723 }
724 break;
725 case SecurityLevel::STRONGBOX:
726 if (withNone)
727 return {Digest::NONE, Digest::SHA_2_256};
728 else
729 return {Digest::SHA_2_256};
730 break;
731 default:
732 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
733 break;
734 }
735 CHECK(false) << "Should be impossible to get here";
736 return {};
737}
738
739std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
740 return {};
741}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]742
743} // namespace test
744} // namespace V4_0
745} // namespace keymaster
746} // namespace hardware
747} // namespace android