Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 173d3007923ba36c6ee230cc12979fd833deaa0a / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: 7241984694700a8bfe798edace13ebb7c4f40e43 [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]19#include <chrono>
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]20#include <vector>
21
22#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]23#include <android/hidl/manager/1.0/IServiceManager.h>
24
25#include <keymasterV4_0/key_param_output.h>
26
27namespace android {
28namespace hardware {
29namespace keymaster {
30namespace V4_0 {
31
32::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
33 if (set.size() == 0)
34 os << "(Empty)" << ::std::endl;
35 else {
36 os << "\n";
37 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
38 }
39 return os;
40}
41
42namespace test {
43
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]44void KeymasterHidlTest::InitializeKeymaster() {
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame]45 service_name_ = GetParam();
46 keymaster_ = IKeymasterDevice::getService(service_name_);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]47 ASSERT_NE(keymaster_, nullptr);
48
49 ASSERT_TRUE(keymaster_
50 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
51 const hidl_string& author) {
52 securityLevel_ = securityLevel;
53 name_ = name;
54 author_ = author;
55 })
56 .isOk());
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]57}
58
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame]59void KeymasterHidlTest::SetUp() {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]60 InitializeKeymaster();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]61
62 os_version_ = ::keymaster::GetOsVersion();
63 os_patch_level_ = ::keymaster::GetOsPatchlevel();
64
65 auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();
66 ASSERT_NE(nullptr, service_manager.get());
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]67 all_keymasters_.push_back(keymaster_);
68 service_manager->listByInterface(
69 IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {
70 for (auto& name : names) {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]71 if (name == service_name_) continue;
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame]72 auto keymaster = IKeymasterDevice::getService(name);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]73 ASSERT_NE(keymaster, nullptr);
74 all_keymasters_.push_back(keymaster);
75 }
76 });
77}
78
79ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
80 KeyCharacteristics* key_characteristics) {
81 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
82 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
83 EXPECT_NE(key_characteristics, nullptr)
84 << "Previous characteristics not deleted before generating key. Test bug.";
85
86 ErrorCode error;
87 EXPECT_TRUE(keymaster_
88 ->generateKey(key_desc.hidl_data(),
89 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
90 const KeyCharacteristics& hidl_key_characteristics) {
91 error = hidl_error;
92 *key_blob = hidl_key_blob;
93 *key_characteristics = hidl_key_characteristics;
94 })
95 .isOk());
96 // On error, blob & characteristics should be empty.
97 if (error != ErrorCode::OK) {
98 EXPECT_EQ(0U, key_blob->size());
99 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
100 key_characteristics->hardwareEnforced.size()));
101 }
102 return error;
103}
104
105ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
106 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
107}
108
109ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
110 const string& key_material, HidlBuf* key_blob,
111 KeyCharacteristics* key_characteristics) {
112 ErrorCode error;
113 EXPECT_TRUE(keymaster_
114 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
115 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
116 const KeyCharacteristics& hidl_key_characteristics) {
117 error = hidl_error;
118 *key_blob = hidl_key_blob;
119 *key_characteristics = hidl_key_characteristics;
120 })
121 .isOk());
122 // On error, blob & characteristics should be empty.
123 if (error != ErrorCode::OK) {
124 EXPECT_EQ(0U, key_blob->size());
125 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
126 key_characteristics->hardwareEnforced.size()));
127 }
128 return error;
129}
130
131ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
132 const string& key_material) {
133 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
134}
135
136ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
137 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]138 string masking_key,
139 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]140 ErrorCode error;
141 ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
142 EXPECT_TRUE(keymaster_
143 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]144 unwrapping_params.hidl_data(), 0 /* passwordSid */,
145 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]146 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
147 const KeyCharacteristics& hidl_key_characteristics) {
148 error = hidl_error;
149 key_blob_ = hidl_key_blob;
150 key_characteristics_ = hidl_key_characteristics;
151 })
152 .isOk());
153 return error;
154}
155
156ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
157 const HidlBuf& client_id, const HidlBuf& app_data,
158 HidlBuf* key_material) {
159 ErrorCode error;
160 EXPECT_TRUE(keymaster_
161 ->exportKey(format, key_blob, client_id, app_data,
162 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
163 error = hidl_error_code;
164 *key_material = hidl_key_material;
165 })
166 .isOk());
167 // On error, blob should be empty.
168 if (error != ErrorCode::OK) {
169 EXPECT_EQ(0U, key_material->size());
170 }
171 return error;
172}
173
174ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
175 HidlBuf client_id, app_data;
176 return ExportKey(format, key_blob_, client_id, app_data, key_material);
177}
178
179ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
180 auto rc = keymaster_->deleteKey(*key_blob);
181 if (!keep_key_blob) *key_blob = HidlBuf();
182 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
183 return rc;
184}
185
186ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
187 return DeleteKey(&key_blob_, keep_key_blob);
188}
189
190ErrorCode KeymasterHidlTest::DeleteAllKeys() {
191 ErrorCode error = keymaster_->deleteAllKeys();
192 return error;
193}
194
195void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
196 auto rc = DeleteKey(key_blob, keep_key_blob);
197 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
198}
199
200void KeymasterHidlTest::CheckedDeleteKey() {
201 CheckedDeleteKey(&key_blob_);
202}
203
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]204void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
205 const HidlBuf& app_data,
206 KeyCharacteristics* key_characteristics) {
207 HidlBuf empty_buf = {};
208 EXPECT_EQ(ErrorCode::OK,
209 GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
210 EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
211 EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
212
213 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
214 GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
215 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
216 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
217
218 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
219 GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
220 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
221 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
222
223 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
224 GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
225 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
226 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
227}
228
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]229ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
230 const HidlBuf& app_data,
231 KeyCharacteristics* key_characteristics) {
232 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
233 EXPECT_TRUE(
234 keymaster_
235 ->getKeyCharacteristics(
236 key_blob, client_id, app_data,
237 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
238 error = hidl_error, *key_characteristics = hidl_key_characteristics;
239 })
240 .isOk());
241 return error;
242}
243
244ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
245 KeyCharacteristics* key_characteristics) {
246 HidlBuf client_id, app_data;
247 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
248}
249
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]250ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
251 EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
252 *debug_info = hidl_debug_info;
253 }).isOk());
254 return ErrorCode::OK;
255}
256
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]257ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
258 const AuthorizationSet& in_params, AuthorizationSet* out_params,
259 OperationHandle* op_handle) {
260 SCOPED_TRACE("Begin");
261 ErrorCode error;
262 OperationHandle saved_handle = *op_handle;
263 EXPECT_TRUE(keymaster_
264 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
265 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
266 uint64_t hidl_op_handle) {
267 error = hidl_error;
268 *out_params = hidl_out_params;
269 *op_handle = hidl_op_handle;
270 })
271 .isOk());
272 if (error != ErrorCode::OK) {
273 // Some implementations may modify *op_handle on error.
274 *op_handle = saved_handle;
275 }
276 return error;
277}
278
279ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
280 AuthorizationSet* out_params) {
281 SCOPED_TRACE("Begin");
282 EXPECT_EQ(kOpHandleSentinel, op_handle_);
283 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
284}
285
286ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
287 SCOPED_TRACE("Begin");
288 AuthorizationSet out_params;
289 ErrorCode error = Begin(purpose, in_params, &out_params);
290 EXPECT_TRUE(out_params.empty());
291 return error;
292}
293
294ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
295 const string& input, AuthorizationSet* out_params,
296 string* output, size_t* input_consumed) {
297 SCOPED_TRACE("Update");
298 ErrorCode error;
299 EXPECT_TRUE(keymaster_
300 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
301 VerificationToken(),
302 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
303 const hidl_vec<KeyParameter>& hidl_out_params,
304 const HidlBuf& hidl_output) {
305 error = hidl_error;
306 out_params->push_back(AuthorizationSet(hidl_out_params));
307 output->append(hidl_output.to_string());
308 *input_consumed = hidl_input_consumed;
309 })
310 .isOk());
311 return error;
312}
313
314ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
315 SCOPED_TRACE("Update");
316 AuthorizationSet out_params;
317 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
318 out, input_consumed);
319 EXPECT_TRUE(out_params.empty());
320 return error;
321}
322
323ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
324 const string& input, const string& signature,
325 AuthorizationSet* out_params, string* output) {
326 SCOPED_TRACE("Finish");
327 ErrorCode error;
328 EXPECT_TRUE(
329 keymaster_
330 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
331 HardwareAuthToken(), VerificationToken(),
332 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
333 const HidlBuf& hidl_output) {
334 error = hidl_error;
335 *out_params = hidl_out_params;
336 output->append(hidl_output.to_string());
337 })
338 .isOk());
339 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
340 return error;
341}
342
343ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
344 SCOPED_TRACE("Finish");
345 AuthorizationSet out_params;
346 string finish_output;
347 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
348 "" /* signature */, &out_params, output);
349 if (error != ErrorCode::OK) {
350 return error;
351 }
352 EXPECT_EQ(0U, out_params.size());
353 return error;
354}
355
356ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
357 string* output) {
358 SCOPED_TRACE("Finish");
359 AuthorizationSet out_params;
360 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
361 &out_params, output);
362 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
363 if (error != ErrorCode::OK) {
364 return error;
365 }
366 EXPECT_EQ(0U, out_params.size());
367 return error;
368}
369
370ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
371 SCOPED_TRACE("Abort");
372 auto retval = keymaster_->abort(op_handle);
373 EXPECT_TRUE(retval.isOk());
374 return retval;
375}
376
377void KeymasterHidlTest::AbortIfNeeded() {
378 SCOPED_TRACE("AbortIfNeeded");
379 if (op_handle_ != kOpHandleSentinel) {
380 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
381 op_handle_ = kOpHandleSentinel;
382 }
383}
384
385ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
386 const AuthorizationSet& attest_params,
387 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
388 SCOPED_TRACE("AttestKey");
389 ErrorCode error;
390 auto rc = keymaster_->attestKey(
391 key_blob, attest_params.hidl_data(),
392 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
393 error = hidl_error;
394 *cert_chain = hidl_cert_chain;
395 });
396
397 EXPECT_TRUE(rc.isOk()) << rc.description();
398 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
399
400 return error;
401}
402
403ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
404 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
405 SCOPED_TRACE("AttestKey");
406 return AttestKey(key_blob_, attest_params, cert_chain);
407}
408
409string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
410 const string& message, const AuthorizationSet& in_params,
411 AuthorizationSet* out_params) {
412 SCOPED_TRACE("ProcessMessage");
413 AuthorizationSet begin_out_params;
414 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
415
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]416 string output;
417 size_t consumed = 0;
418 AuthorizationSet update_params;
419 AuthorizationSet update_out_params;
420 EXPECT_EQ(ErrorCode::OK,
421 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
422
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]423 string unused;
424 AuthorizationSet finish_params;
425 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]426 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
427 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]428 op_handle_ = kOpHandleSentinel;
429
430 out_params->push_back(begin_out_params);
431 out_params->push_back(finish_out_params);
432 return output;
433}
434
435string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
436 const AuthorizationSet& params) {
437 SCOPED_TRACE("SignMessage");
438 AuthorizationSet out_params;
439 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
440 EXPECT_TRUE(out_params.empty());
441 return signature;
442}
443
444string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
445 SCOPED_TRACE("SignMessage");
446 return SignMessage(key_blob_, message, params);
447}
448
449string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
450 SCOPED_TRACE("MacMessage");
451 return SignMessage(
452 key_blob_, message,
453 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
454}
455
456void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
457 const string& expected_mac) {
458 SCOPED_TRACE("CheckHmacTestVector");
459 ASSERT_EQ(ErrorCode::OK,
460 ImportKey(AuthorizationSetBuilder()
461 .Authorization(TAG_NO_AUTH_REQUIRED)
462 .HmacKey(key.size() * 8)
463 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
464 .Digest(digest),
465 KeyFormat::RAW, key));
466 string signature = MacMessage(message, digest, expected_mac.size() * 8);
467 EXPECT_EQ(expected_mac, signature)
468 << "Test vector didn't match for key of size " << key.size() << " message of size "
469 << message.size() << " and digest " << digest;
470 CheckedDeleteKey();
471}
472
473void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
474 const string& message,
475 const string& expected_ciphertext) {
476 SCOPED_TRACE("CheckAesCtrTestVector");
477 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
478 .Authorization(TAG_NO_AUTH_REQUIRED)
479 .AesEncryptionKey(key.size() * 8)
480 .BlockMode(BlockMode::CTR)
481 .Authorization(TAG_CALLER_NONCE)
482 .Padding(PaddingMode::NONE),
483 KeyFormat::RAW, key));
484
485 auto params = AuthorizationSetBuilder()
486 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
487 .BlockMode(BlockMode::CTR)
488 .Padding(PaddingMode::NONE);
489 AuthorizationSet out_params;
490 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
491 EXPECT_EQ(expected_ciphertext, ciphertext);
492}
493
494void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
495 PaddingMode padding_mode, const string& key,
496 const string& iv, const string& input,
497 const string& expected_output) {
498 auto authset = AuthorizationSetBuilder()
499 .TripleDesEncryptionKey(key.size() * 7)
500 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]501 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]502 .Padding(padding_mode);
503 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
504 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
505 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
506 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
507 AuthorizationSet output_params;
508 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
509 EXPECT_EQ(expected_output, output);
510}
511
512void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
513 const string& signature, const AuthorizationSet& params) {
514 SCOPED_TRACE("VerifyMessage");
515 AuthorizationSet begin_out_params;
516 ASSERT_EQ(ErrorCode::OK,
517 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
518
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]519 string output;
520 AuthorizationSet update_params;
521 AuthorizationSet update_out_params;
522 size_t consumed;
523 ASSERT_EQ(ErrorCode::OK,
524 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
525 EXPECT_TRUE(output.empty());
526 EXPECT_GT(consumed, 0U);
527
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]528 string unused;
529 AuthorizationSet finish_params;
530 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]531 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
532 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]533 op_handle_ = kOpHandleSentinel;
534 EXPECT_TRUE(output.empty());
535}
536
537void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
538 const AuthorizationSet& params) {
539 SCOPED_TRACE("VerifyMessage");
540 VerifyMessage(key_blob_, message, signature, params);
541}
542
543string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
544 const AuthorizationSet& in_params,
545 AuthorizationSet* out_params) {
546 SCOPED_TRACE("EncryptMessage");
547 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
548}
549
550string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
551 AuthorizationSet* out_params) {
552 SCOPED_TRACE("EncryptMessage");
553 return EncryptMessage(key_blob_, message, params, out_params);
554}
555
556string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
557 SCOPED_TRACE("EncryptMessage");
558 AuthorizationSet out_params;
559 string ciphertext = EncryptMessage(message, params, &out_params);
560 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
561 return ciphertext;
562}
563
564string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
565 PaddingMode padding) {
566 SCOPED_TRACE("EncryptMessage");
567 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
568 AuthorizationSet out_params;
569 string ciphertext = EncryptMessage(message, params, &out_params);
570 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
571 return ciphertext;
572}
573
574string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
575 PaddingMode padding, HidlBuf* iv_out) {
576 SCOPED_TRACE("EncryptMessage");
577 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
578 AuthorizationSet out_params;
579 string ciphertext = EncryptMessage(message, params, &out_params);
580 EXPECT_EQ(1U, out_params.size());
581 auto ivVal = out_params.GetTagValue(TAG_NONCE);
582 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]583 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]584 return ciphertext;
585}
586
587string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
588 PaddingMode padding, const HidlBuf& iv_in) {
589 SCOPED_TRACE("EncryptMessage");
590 auto params = AuthorizationSetBuilder()
591 .BlockMode(block_mode)
592 .Padding(padding)
593 .Authorization(TAG_NONCE, iv_in);
594 AuthorizationSet out_params;
595 string ciphertext = EncryptMessage(message, params, &out_params);
596 return ciphertext;
597}
598
Rob Barnes8ddc1c72019-09-13 18:00:44 -0600[diff] [blame]599string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
600 PaddingMode padding, uint8_t mac_length_bits,
601 const HidlBuf& iv_in) {
602 SCOPED_TRACE("EncryptMessage");
603 auto params = AuthorizationSetBuilder()
604 .BlockMode(block_mode)
605 .Padding(padding)
606 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
607 .Authorization(TAG_NONCE, iv_in);
608 AuthorizationSet out_params;
609 string ciphertext = EncryptMessage(message, params, &out_params);
610 return ciphertext;
611}
612
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]613string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
614 const AuthorizationSet& params) {
615 SCOPED_TRACE("DecryptMessage");
616 AuthorizationSet out_params;
617 string plaintext =
618 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
619 EXPECT_TRUE(out_params.empty());
620 return plaintext;
621}
622
623string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
624 SCOPED_TRACE("DecryptMessage");
625 return DecryptMessage(key_blob_, ciphertext, params);
626}
627
628string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
629 PaddingMode padding_mode, const HidlBuf& iv) {
630 SCOPED_TRACE("DecryptMessage");
631 auto params = AuthorizationSetBuilder()
632 .BlockMode(block_mode)
633 .Padding(padding_mode)
634 .Authorization(TAG_NONCE, iv);
635 return DecryptMessage(key_blob_, ciphertext, params);
636}
637
638std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
639 std::pair<ErrorCode, HidlBuf> retval;
640 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
641 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
642 retval = std::tie(error, upgraded_blob);
643 });
644 return retval;
645}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]646std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
647 switch (algorithm) {
648 case Algorithm::RSA:
649 switch (SecLevel()) {
650 case SecurityLevel::TRUSTED_ENVIRONMENT:
651 return {2048, 3072, 4096};
652 case SecurityLevel::STRONGBOX:
653 return {2048};
654 default:
655 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
656 break;
657 }
658 break;
659 case Algorithm::EC:
660 switch (SecLevel()) {
661 case SecurityLevel::TRUSTED_ENVIRONMENT:
662 return {224, 256, 384, 521};
663 case SecurityLevel::STRONGBOX:
664 return {256};
665 default:
666 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
667 break;
668 }
669 break;
670 case Algorithm::AES:
671 return {128, 256};
672 case Algorithm::TRIPLE_DES:
673 return {168};
674 case Algorithm::HMAC: {
675 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
676 uint32_t size = 64 - 8;
677 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
678 return retval;
679 }
680 default:
681 CHECK(false) << "Invalid Algorithm: " << algorithm;
682 return {};
683 }
684 CHECK(false) << "Should be impossible to get here";
685 return {};
686}
687std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
688 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
689 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
690 switch (algorithm) {
691 case Algorithm::RSA:
692 return {3072, 4096};
693 case Algorithm::EC:
694 return {224, 384, 521};
Baranidharan Muthukumaran88a376b2018-08-24 13:31:35 -0700[diff] [blame]695 case Algorithm::AES:
696 return {192};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]697 default:
698 return {};
699 }
700}
701
702std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
703 if (securityLevel_ == SecurityLevel::STRONGBOX) {
704 return {EcCurve::P_256};
705 } else {
706 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
707 }
708}
709
710std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
711 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
712 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
713 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
714}
715
Yi Kong73921752018-09-21 15:30:45 -0700[diff] [blame]716std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]717 switch (SecLevel()) {
718 case SecurityLevel::TRUSTED_ENVIRONMENT:
719 if (withNone) {
720 if (withMD5)
721 return {Digest::NONE, Digest::MD5, Digest::SHA1,
722 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
723 Digest::SHA_2_512};
724 else
725 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
726 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
727 } else {
728 if (withMD5)
729 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
730 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
731 else
732 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
733 Digest::SHA_2_512};
734 }
735 break;
736 case SecurityLevel::STRONGBOX:
737 if (withNone)
738 return {Digest::NONE, Digest::SHA_2_256};
739 else
740 return {Digest::SHA_2_256};
741 break;
742 default:
743 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
744 break;
745 }
746 CHECK(false) << "Should be impossible to get here";
747 return {};
748}
749
750std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
751 return {};
752}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]753
754} // namespace test
755} // namespace V4_0
756} // namespace keymaster
757} // namespace hardware
758} // namespace android