Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 3bacd7f63416a8e5b379c599b08741a0b5d10afc / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: 07409f673451e0d576b2825ecabeb8494de04b9b [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]19#include <chrono>
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]20#include <vector>
21
22#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]23#include <android/hidl/manager/1.0/IServiceManager.h>
24
25#include <keymasterV4_0/key_param_output.h>
26
27namespace android {
28namespace hardware {
29namespace keymaster {
30namespace V4_0 {
31
32::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
33 if (set.size() == 0)
34 os << "(Empty)" << ::std::endl;
35 else {
36 os << "\n";
37 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
38 }
39 return os;
40}
41
42namespace test {
43
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]44void KeymasterHidlTest::InitializeKeymaster() {
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame^]45 service_name_ = GetParam();
46 keymaster_ = IKeymasterDevice::getService(service_name_);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]47 ASSERT_NE(keymaster_, nullptr);
48
49 ASSERT_TRUE(keymaster_
50 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
51 const hidl_string& author) {
52 securityLevel_ = securityLevel;
53 name_ = name;
54 author_ = author;
55 })
56 .isOk());
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]57}
58
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame^]59void KeymasterHidlTest::SetUp() {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]60 InitializeKeymaster();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]61
62 os_version_ = ::keymaster::GetOsVersion();
63 os_patch_level_ = ::keymaster::GetOsPatchlevel();
64
65 auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();
66 ASSERT_NE(nullptr, service_manager.get());
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]67 all_keymasters_.push_back(keymaster_);
68 service_manager->listByInterface(
69 IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {
70 for (auto& name : names) {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]71 if (name == service_name_) continue;
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame^]72 auto keymaster = IKeymasterDevice::getService(name);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]73 ASSERT_NE(keymaster, nullptr);
74 all_keymasters_.push_back(keymaster);
75 }
76 });
77}
78
79ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
80 KeyCharacteristics* key_characteristics) {
81 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
82 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
83 EXPECT_NE(key_characteristics, nullptr)
84 << "Previous characteristics not deleted before generating key. Test bug.";
85
86 ErrorCode error;
87 EXPECT_TRUE(keymaster_
88 ->generateKey(key_desc.hidl_data(),
89 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
90 const KeyCharacteristics& hidl_key_characteristics) {
91 error = hidl_error;
92 *key_blob = hidl_key_blob;
93 *key_characteristics = hidl_key_characteristics;
94 })
95 .isOk());
96 // On error, blob & characteristics should be empty.
97 if (error != ErrorCode::OK) {
98 EXPECT_EQ(0U, key_blob->size());
99 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
100 key_characteristics->hardwareEnforced.size()));
101 }
102 return error;
103}
104
105ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
106 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
107}
108
109ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
110 const string& key_material, HidlBuf* key_blob,
111 KeyCharacteristics* key_characteristics) {
112 ErrorCode error;
113 EXPECT_TRUE(keymaster_
114 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
115 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
116 const KeyCharacteristics& hidl_key_characteristics) {
117 error = hidl_error;
118 *key_blob = hidl_key_blob;
119 *key_characteristics = hidl_key_characteristics;
120 })
121 .isOk());
122 // On error, blob & characteristics should be empty.
123 if (error != ErrorCode::OK) {
124 EXPECT_EQ(0U, key_blob->size());
125 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
126 key_characteristics->hardwareEnforced.size()));
127 }
128 return error;
129}
130
131ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
132 const string& key_material) {
133 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
134}
135
136ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
137 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]138 string masking_key,
139 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]140 ErrorCode error;
141 ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
142 EXPECT_TRUE(keymaster_
143 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]144 unwrapping_params.hidl_data(), 0 /* passwordSid */,
145 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]146 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
147 const KeyCharacteristics& hidl_key_characteristics) {
148 error = hidl_error;
149 key_blob_ = hidl_key_blob;
150 key_characteristics_ = hidl_key_characteristics;
151 })
152 .isOk());
153 return error;
154}
155
156ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
157 const HidlBuf& client_id, const HidlBuf& app_data,
158 HidlBuf* key_material) {
159 ErrorCode error;
160 EXPECT_TRUE(keymaster_
161 ->exportKey(format, key_blob, client_id, app_data,
162 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
163 error = hidl_error_code;
164 *key_material = hidl_key_material;
165 })
166 .isOk());
167 // On error, blob should be empty.
168 if (error != ErrorCode::OK) {
169 EXPECT_EQ(0U, key_material->size());
170 }
171 return error;
172}
173
174ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
175 HidlBuf client_id, app_data;
176 return ExportKey(format, key_blob_, client_id, app_data, key_material);
177}
178
179ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
180 auto rc = keymaster_->deleteKey(*key_blob);
181 if (!keep_key_blob) *key_blob = HidlBuf();
182 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
183 return rc;
184}
185
186ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
187 return DeleteKey(&key_blob_, keep_key_blob);
188}
189
190ErrorCode KeymasterHidlTest::DeleteAllKeys() {
191 ErrorCode error = keymaster_->deleteAllKeys();
192 return error;
193}
194
195void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
196 auto rc = DeleteKey(key_blob, keep_key_blob);
197 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
198}
199
200void KeymasterHidlTest::CheckedDeleteKey() {
201 CheckedDeleteKey(&key_blob_);
202}
203
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]204void KeymasterHidlTest::CheckCreationDateTime(
205 const AuthorizationSet& sw_enforced,
206 std::chrono::time_point<std::chrono::system_clock> creation) {
207 for (int i = 0; i < sw_enforced.size(); i++) {
208 if (sw_enforced[i].tag == TAG_CREATION_DATETIME) {
209 std::chrono::time_point<std::chrono::system_clock> now =
210 std::chrono::system_clock::now();
211 std::chrono::time_point<std::chrono::system_clock> reported_time{
212 std::chrono::milliseconds(sw_enforced[i].f.dateTime)};
Garret Kelly9c0a4572019-06-24 18:31:38 -0400[diff] [blame]213 // The test is flaky for EC keys, so a buffer time of 120 seconds will be added.
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame^]214 EXPECT_LE(creation - std::chrono::seconds(120), reported_time);
215 EXPECT_LE(reported_time, now + std::chrono::seconds(1));
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]216 }
217 }
218}
219
220void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
221 const HidlBuf& app_data,
222 KeyCharacteristics* key_characteristics) {
223 HidlBuf empty_buf = {};
224 EXPECT_EQ(ErrorCode::OK,
225 GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
226 EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
227 EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
228
229 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
230 GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
231 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
232 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
233
234 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
235 GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
236 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
237 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
238
239 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
240 GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
241 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
242 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
243}
244
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]245ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
246 const HidlBuf& app_data,
247 KeyCharacteristics* key_characteristics) {
248 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
249 EXPECT_TRUE(
250 keymaster_
251 ->getKeyCharacteristics(
252 key_blob, client_id, app_data,
253 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
254 error = hidl_error, *key_characteristics = hidl_key_characteristics;
255 })
256 .isOk());
257 return error;
258}
259
260ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
261 KeyCharacteristics* key_characteristics) {
262 HidlBuf client_id, app_data;
263 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
264}
265
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]266ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
267 EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
268 *debug_info = hidl_debug_info;
269 }).isOk());
270 return ErrorCode::OK;
271}
272
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]273ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
274 const AuthorizationSet& in_params, AuthorizationSet* out_params,
275 OperationHandle* op_handle) {
276 SCOPED_TRACE("Begin");
277 ErrorCode error;
278 OperationHandle saved_handle = *op_handle;
279 EXPECT_TRUE(keymaster_
280 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
281 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
282 uint64_t hidl_op_handle) {
283 error = hidl_error;
284 *out_params = hidl_out_params;
285 *op_handle = hidl_op_handle;
286 })
287 .isOk());
288 if (error != ErrorCode::OK) {
289 // Some implementations may modify *op_handle on error.
290 *op_handle = saved_handle;
291 }
292 return error;
293}
294
295ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
296 AuthorizationSet* out_params) {
297 SCOPED_TRACE("Begin");
298 EXPECT_EQ(kOpHandleSentinel, op_handle_);
299 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
300}
301
302ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
303 SCOPED_TRACE("Begin");
304 AuthorizationSet out_params;
305 ErrorCode error = Begin(purpose, in_params, &out_params);
306 EXPECT_TRUE(out_params.empty());
307 return error;
308}
309
310ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
311 const string& input, AuthorizationSet* out_params,
312 string* output, size_t* input_consumed) {
313 SCOPED_TRACE("Update");
314 ErrorCode error;
315 EXPECT_TRUE(keymaster_
316 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
317 VerificationToken(),
318 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
319 const hidl_vec<KeyParameter>& hidl_out_params,
320 const HidlBuf& hidl_output) {
321 error = hidl_error;
322 out_params->push_back(AuthorizationSet(hidl_out_params));
323 output->append(hidl_output.to_string());
324 *input_consumed = hidl_input_consumed;
325 })
326 .isOk());
327 return error;
328}
329
330ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
331 SCOPED_TRACE("Update");
332 AuthorizationSet out_params;
333 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
334 out, input_consumed);
335 EXPECT_TRUE(out_params.empty());
336 return error;
337}
338
339ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
340 const string& input, const string& signature,
341 AuthorizationSet* out_params, string* output) {
342 SCOPED_TRACE("Finish");
343 ErrorCode error;
344 EXPECT_TRUE(
345 keymaster_
346 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
347 HardwareAuthToken(), VerificationToken(),
348 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
349 const HidlBuf& hidl_output) {
350 error = hidl_error;
351 *out_params = hidl_out_params;
352 output->append(hidl_output.to_string());
353 })
354 .isOk());
355 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
356 return error;
357}
358
359ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
360 SCOPED_TRACE("Finish");
361 AuthorizationSet out_params;
362 string finish_output;
363 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
364 "" /* signature */, &out_params, output);
365 if (error != ErrorCode::OK) {
366 return error;
367 }
368 EXPECT_EQ(0U, out_params.size());
369 return error;
370}
371
372ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
373 string* output) {
374 SCOPED_TRACE("Finish");
375 AuthorizationSet out_params;
376 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
377 &out_params, output);
378 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
379 if (error != ErrorCode::OK) {
380 return error;
381 }
382 EXPECT_EQ(0U, out_params.size());
383 return error;
384}
385
386ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
387 SCOPED_TRACE("Abort");
388 auto retval = keymaster_->abort(op_handle);
389 EXPECT_TRUE(retval.isOk());
390 return retval;
391}
392
393void KeymasterHidlTest::AbortIfNeeded() {
394 SCOPED_TRACE("AbortIfNeeded");
395 if (op_handle_ != kOpHandleSentinel) {
396 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
397 op_handle_ = kOpHandleSentinel;
398 }
399}
400
401ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
402 const AuthorizationSet& attest_params,
403 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
404 SCOPED_TRACE("AttestKey");
405 ErrorCode error;
406 auto rc = keymaster_->attestKey(
407 key_blob, attest_params.hidl_data(),
408 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
409 error = hidl_error;
410 *cert_chain = hidl_cert_chain;
411 });
412
413 EXPECT_TRUE(rc.isOk()) << rc.description();
414 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
415
416 return error;
417}
418
419ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
420 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
421 SCOPED_TRACE("AttestKey");
422 return AttestKey(key_blob_, attest_params, cert_chain);
423}
424
425string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
426 const string& message, const AuthorizationSet& in_params,
427 AuthorizationSet* out_params) {
428 SCOPED_TRACE("ProcessMessage");
429 AuthorizationSet begin_out_params;
430 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
431
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]432 string output;
433 size_t consumed = 0;
434 AuthorizationSet update_params;
435 AuthorizationSet update_out_params;
436 EXPECT_EQ(ErrorCode::OK,
437 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
438
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]439 string unused;
440 AuthorizationSet finish_params;
441 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]442 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
443 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]444 op_handle_ = kOpHandleSentinel;
445
446 out_params->push_back(begin_out_params);
447 out_params->push_back(finish_out_params);
448 return output;
449}
450
451string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
452 const AuthorizationSet& params) {
453 SCOPED_TRACE("SignMessage");
454 AuthorizationSet out_params;
455 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
456 EXPECT_TRUE(out_params.empty());
457 return signature;
458}
459
460string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
461 SCOPED_TRACE("SignMessage");
462 return SignMessage(key_blob_, message, params);
463}
464
465string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
466 SCOPED_TRACE("MacMessage");
467 return SignMessage(
468 key_blob_, message,
469 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
470}
471
472void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
473 const string& expected_mac) {
474 SCOPED_TRACE("CheckHmacTestVector");
475 ASSERT_EQ(ErrorCode::OK,
476 ImportKey(AuthorizationSetBuilder()
477 .Authorization(TAG_NO_AUTH_REQUIRED)
478 .HmacKey(key.size() * 8)
479 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
480 .Digest(digest),
481 KeyFormat::RAW, key));
482 string signature = MacMessage(message, digest, expected_mac.size() * 8);
483 EXPECT_EQ(expected_mac, signature)
484 << "Test vector didn't match for key of size " << key.size() << " message of size "
485 << message.size() << " and digest " << digest;
486 CheckedDeleteKey();
487}
488
489void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
490 const string& message,
491 const string& expected_ciphertext) {
492 SCOPED_TRACE("CheckAesCtrTestVector");
493 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
494 .Authorization(TAG_NO_AUTH_REQUIRED)
495 .AesEncryptionKey(key.size() * 8)
496 .BlockMode(BlockMode::CTR)
497 .Authorization(TAG_CALLER_NONCE)
498 .Padding(PaddingMode::NONE),
499 KeyFormat::RAW, key));
500
501 auto params = AuthorizationSetBuilder()
502 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
503 .BlockMode(BlockMode::CTR)
504 .Padding(PaddingMode::NONE);
505 AuthorizationSet out_params;
506 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
507 EXPECT_EQ(expected_ciphertext, ciphertext);
508}
509
510void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
511 PaddingMode padding_mode, const string& key,
512 const string& iv, const string& input,
513 const string& expected_output) {
514 auto authset = AuthorizationSetBuilder()
515 .TripleDesEncryptionKey(key.size() * 7)
516 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]517 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]518 .Padding(padding_mode);
519 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
520 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
521 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
522 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
523 AuthorizationSet output_params;
524 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
525 EXPECT_EQ(expected_output, output);
526}
527
528void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
529 const string& signature, const AuthorizationSet& params) {
530 SCOPED_TRACE("VerifyMessage");
531 AuthorizationSet begin_out_params;
532 ASSERT_EQ(ErrorCode::OK,
533 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
534
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]535 string output;
536 AuthorizationSet update_params;
537 AuthorizationSet update_out_params;
538 size_t consumed;
539 ASSERT_EQ(ErrorCode::OK,
540 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
541 EXPECT_TRUE(output.empty());
542 EXPECT_GT(consumed, 0U);
543
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]544 string unused;
545 AuthorizationSet finish_params;
546 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]547 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
548 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]549 op_handle_ = kOpHandleSentinel;
550 EXPECT_TRUE(output.empty());
551}
552
553void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
554 const AuthorizationSet& params) {
555 SCOPED_TRACE("VerifyMessage");
556 VerifyMessage(key_blob_, message, signature, params);
557}
558
559string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
560 const AuthorizationSet& in_params,
561 AuthorizationSet* out_params) {
562 SCOPED_TRACE("EncryptMessage");
563 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
564}
565
566string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
567 AuthorizationSet* out_params) {
568 SCOPED_TRACE("EncryptMessage");
569 return EncryptMessage(key_blob_, message, params, out_params);
570}
571
572string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
573 SCOPED_TRACE("EncryptMessage");
574 AuthorizationSet out_params;
575 string ciphertext = EncryptMessage(message, params, &out_params);
576 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
577 return ciphertext;
578}
579
580string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
581 PaddingMode padding) {
582 SCOPED_TRACE("EncryptMessage");
583 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
584 AuthorizationSet out_params;
585 string ciphertext = EncryptMessage(message, params, &out_params);
586 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
587 return ciphertext;
588}
589
590string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
591 PaddingMode padding, HidlBuf* iv_out) {
592 SCOPED_TRACE("EncryptMessage");
593 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
594 AuthorizationSet out_params;
595 string ciphertext = EncryptMessage(message, params, &out_params);
596 EXPECT_EQ(1U, out_params.size());
597 auto ivVal = out_params.GetTagValue(TAG_NONCE);
598 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]599 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]600 return ciphertext;
601}
602
603string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
604 PaddingMode padding, const HidlBuf& iv_in) {
605 SCOPED_TRACE("EncryptMessage");
606 auto params = AuthorizationSetBuilder()
607 .BlockMode(block_mode)
608 .Padding(padding)
609 .Authorization(TAG_NONCE, iv_in);
610 AuthorizationSet out_params;
611 string ciphertext = EncryptMessage(message, params, &out_params);
612 return ciphertext;
613}
614
Rob Barnes8ddc1c72019-09-13 18:00:44 -0600[diff] [blame]615string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
616 PaddingMode padding, uint8_t mac_length_bits,
617 const HidlBuf& iv_in) {
618 SCOPED_TRACE("EncryptMessage");
619 auto params = AuthorizationSetBuilder()
620 .BlockMode(block_mode)
621 .Padding(padding)
622 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
623 .Authorization(TAG_NONCE, iv_in);
624 AuthorizationSet out_params;
625 string ciphertext = EncryptMessage(message, params, &out_params);
626 return ciphertext;
627}
628
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]629string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
630 const AuthorizationSet& params) {
631 SCOPED_TRACE("DecryptMessage");
632 AuthorizationSet out_params;
633 string plaintext =
634 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
635 EXPECT_TRUE(out_params.empty());
636 return plaintext;
637}
638
639string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
640 SCOPED_TRACE("DecryptMessage");
641 return DecryptMessage(key_blob_, ciphertext, params);
642}
643
644string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
645 PaddingMode padding_mode, const HidlBuf& iv) {
646 SCOPED_TRACE("DecryptMessage");
647 auto params = AuthorizationSetBuilder()
648 .BlockMode(block_mode)
649 .Padding(padding_mode)
650 .Authorization(TAG_NONCE, iv);
651 return DecryptMessage(key_blob_, ciphertext, params);
652}
653
654std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
655 std::pair<ErrorCode, HidlBuf> retval;
656 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
657 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
658 retval = std::tie(error, upgraded_blob);
659 });
660 return retval;
661}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]662std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
663 switch (algorithm) {
664 case Algorithm::RSA:
665 switch (SecLevel()) {
666 case SecurityLevel::TRUSTED_ENVIRONMENT:
667 return {2048, 3072, 4096};
668 case SecurityLevel::STRONGBOX:
669 return {2048};
670 default:
671 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
672 break;
673 }
674 break;
675 case Algorithm::EC:
676 switch (SecLevel()) {
677 case SecurityLevel::TRUSTED_ENVIRONMENT:
678 return {224, 256, 384, 521};
679 case SecurityLevel::STRONGBOX:
680 return {256};
681 default:
682 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
683 break;
684 }
685 break;
686 case Algorithm::AES:
687 return {128, 256};
688 case Algorithm::TRIPLE_DES:
689 return {168};
690 case Algorithm::HMAC: {
691 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
692 uint32_t size = 64 - 8;
693 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
694 return retval;
695 }
696 default:
697 CHECK(false) << "Invalid Algorithm: " << algorithm;
698 return {};
699 }
700 CHECK(false) << "Should be impossible to get here";
701 return {};
702}
703std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
704 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
705 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
706 switch (algorithm) {
707 case Algorithm::RSA:
708 return {3072, 4096};
709 case Algorithm::EC:
710 return {224, 384, 521};
Baranidharan Muthukumaran88a376b2018-08-24 13:31:35 -0700[diff] [blame]711 case Algorithm::AES:
712 return {192};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]713 default:
714 return {};
715 }
716}
717
718std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
719 if (securityLevel_ == SecurityLevel::STRONGBOX) {
720 return {EcCurve::P_256};
721 } else {
722 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
723 }
724}
725
726std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
727 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
728 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
729 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
730}
731
Yi Kong73921752018-09-21 15:30:45 -0700[diff] [blame]732std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]733 switch (SecLevel()) {
734 case SecurityLevel::TRUSTED_ENVIRONMENT:
735 if (withNone) {
736 if (withMD5)
737 return {Digest::NONE, Digest::MD5, Digest::SHA1,
738 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
739 Digest::SHA_2_512};
740 else
741 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
742 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
743 } else {
744 if (withMD5)
745 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
746 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
747 else
748 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
749 Digest::SHA_2_512};
750 }
751 break;
752 case SecurityLevel::STRONGBOX:
753 if (withNone)
754 return {Digest::NONE, Digest::SHA_2_256};
755 else
756 return {Digest::SHA_2_256};
757 break;
758 default:
759 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
760 break;
761 }
762 CHECK(false) << "Should be impossible to get here";
763 return {};
764}
765
766std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
767 return {};
768}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]769
770} // namespace test
771} // namespace V4_0
772} // namespace keymaster
773} // namespace hardware
774} // namespace android