Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 3f127ca4d117a9dc94e208f9d69f07bb73b776f2 / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: 6ed61daa5eded95e57a67cc63ec78852788ad9a5 [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]19#include <vector>
20
21#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]22#include <android/hidl/manager/1.0/IServiceManager.h>
23
24#include <keymasterV4_0/key_param_output.h>
25
26namespace android {
27namespace hardware {
28namespace keymaster {
29namespace V4_0 {
30
31::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
32 if (set.size() == 0)
33 os << "(Empty)" << ::std::endl;
34 else {
35 os << "\n";
36 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
37 }
38 return os;
39}
40
41namespace test {
42
43sp<IKeymasterDevice> KeymasterHidlTest::keymaster_;
44std::vector<sp<IKeymasterDevice>> KeymasterHidlTest::all_keymasters_;
45uint32_t KeymasterHidlTest::os_version_;
46uint32_t KeymasterHidlTest::os_patch_level_;
47SecurityLevel KeymasterHidlTest::securityLevel_;
48hidl_string KeymasterHidlTest::name_;
49hidl_string KeymasterHidlTest::author_;
50
51void KeymasterHidlTest::SetUpTestCase() {
52 string service_name = KeymasterHidlEnvironment::Instance()->getServiceName<IKeymasterDevice>();
53 keymaster_ = ::testing::VtsHalHidlTargetTestBase::getService<IKeymasterDevice>(service_name);
54 ASSERT_NE(keymaster_, nullptr);
55
56 ASSERT_TRUE(keymaster_
57 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
58 const hidl_string& author) {
59 securityLevel_ = securityLevel;
60 name_ = name;
61 author_ = author;
62 })
63 .isOk());
64
65 os_version_ = ::keymaster::GetOsVersion();
66 os_patch_level_ = ::keymaster::GetOsPatchlevel();
67
68 auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();
69 ASSERT_NE(nullptr, service_manager.get());
70
71 all_keymasters_.push_back(keymaster_);
72 service_manager->listByInterface(
73 IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {
74 for (auto& name : names) {
75 if (name == service_name) continue;
76 auto keymaster =
77 ::testing::VtsHalHidlTargetTestBase::getService<IKeymasterDevice>(name);
78 ASSERT_NE(keymaster, nullptr);
79 all_keymasters_.push_back(keymaster);
80 }
81 });
82}
83
84ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
85 KeyCharacteristics* key_characteristics) {
86 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
87 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
88 EXPECT_NE(key_characteristics, nullptr)
89 << "Previous characteristics not deleted before generating key. Test bug.";
90
91 ErrorCode error;
92 EXPECT_TRUE(keymaster_
93 ->generateKey(key_desc.hidl_data(),
94 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
95 const KeyCharacteristics& hidl_key_characteristics) {
96 error = hidl_error;
97 *key_blob = hidl_key_blob;
98 *key_characteristics = hidl_key_characteristics;
99 })
100 .isOk());
101 // On error, blob & characteristics should be empty.
102 if (error != ErrorCode::OK) {
103 EXPECT_EQ(0U, key_blob->size());
104 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
105 key_characteristics->hardwareEnforced.size()));
106 }
107 return error;
108}
109
110ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
111 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
112}
113
114ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
115 const string& key_material, HidlBuf* key_blob,
116 KeyCharacteristics* key_characteristics) {
117 ErrorCode error;
118 EXPECT_TRUE(keymaster_
119 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
120 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
121 const KeyCharacteristics& hidl_key_characteristics) {
122 error = hidl_error;
123 *key_blob = hidl_key_blob;
124 *key_characteristics = hidl_key_characteristics;
125 })
126 .isOk());
127 // On error, blob & characteristics should be empty.
128 if (error != ErrorCode::OK) {
129 EXPECT_EQ(0U, key_blob->size());
130 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
131 key_characteristics->hardwareEnforced.size()));
132 }
133 return error;
134}
135
136ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
137 const string& key_material) {
138 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
139}
140
141ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
142 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]143 string masking_key,
144 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]145 ErrorCode error;
146 ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
147 EXPECT_TRUE(keymaster_
148 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]149 unwrapping_params.hidl_data(), 0 /* passwordSid */,
150 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]151 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
152 const KeyCharacteristics& hidl_key_characteristics) {
153 error = hidl_error;
154 key_blob_ = hidl_key_blob;
155 key_characteristics_ = hidl_key_characteristics;
156 })
157 .isOk());
158 return error;
159}
160
161ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
162 const HidlBuf& client_id, const HidlBuf& app_data,
163 HidlBuf* key_material) {
164 ErrorCode error;
165 EXPECT_TRUE(keymaster_
166 ->exportKey(format, key_blob, client_id, app_data,
167 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
168 error = hidl_error_code;
169 *key_material = hidl_key_material;
170 })
171 .isOk());
172 // On error, blob should be empty.
173 if (error != ErrorCode::OK) {
174 EXPECT_EQ(0U, key_material->size());
175 }
176 return error;
177}
178
179ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
180 HidlBuf client_id, app_data;
181 return ExportKey(format, key_blob_, client_id, app_data, key_material);
182}
183
184ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
185 auto rc = keymaster_->deleteKey(*key_blob);
186 if (!keep_key_blob) *key_blob = HidlBuf();
187 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
188 return rc;
189}
190
191ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
192 return DeleteKey(&key_blob_, keep_key_blob);
193}
194
195ErrorCode KeymasterHidlTest::DeleteAllKeys() {
196 ErrorCode error = keymaster_->deleteAllKeys();
197 return error;
198}
199
200void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
201 auto rc = DeleteKey(key_blob, keep_key_blob);
202 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
203}
204
205void KeymasterHidlTest::CheckedDeleteKey() {
206 CheckedDeleteKey(&key_blob_);
207}
208
209ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
210 const HidlBuf& app_data,
211 KeyCharacteristics* key_characteristics) {
212 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
213 EXPECT_TRUE(
214 keymaster_
215 ->getKeyCharacteristics(
216 key_blob, client_id, app_data,
217 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
218 error = hidl_error, *key_characteristics = hidl_key_characteristics;
219 })
220 .isOk());
221 return error;
222}
223
224ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
225 KeyCharacteristics* key_characteristics) {
226 HidlBuf client_id, app_data;
227 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
228}
229
230ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
231 const AuthorizationSet& in_params, AuthorizationSet* out_params,
232 OperationHandle* op_handle) {
233 SCOPED_TRACE("Begin");
234 ErrorCode error;
235 OperationHandle saved_handle = *op_handle;
236 EXPECT_TRUE(keymaster_
237 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
238 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
239 uint64_t hidl_op_handle) {
240 error = hidl_error;
241 *out_params = hidl_out_params;
242 *op_handle = hidl_op_handle;
243 })
244 .isOk());
245 if (error != ErrorCode::OK) {
246 // Some implementations may modify *op_handle on error.
247 *op_handle = saved_handle;
248 }
249 return error;
250}
251
252ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
253 AuthorizationSet* out_params) {
254 SCOPED_TRACE("Begin");
255 EXPECT_EQ(kOpHandleSentinel, op_handle_);
256 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
257}
258
259ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
260 SCOPED_TRACE("Begin");
261 AuthorizationSet out_params;
262 ErrorCode error = Begin(purpose, in_params, &out_params);
263 EXPECT_TRUE(out_params.empty());
264 return error;
265}
266
267ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
268 const string& input, AuthorizationSet* out_params,
269 string* output, size_t* input_consumed) {
270 SCOPED_TRACE("Update");
271 ErrorCode error;
272 EXPECT_TRUE(keymaster_
273 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
274 VerificationToken(),
275 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
276 const hidl_vec<KeyParameter>& hidl_out_params,
277 const HidlBuf& hidl_output) {
278 error = hidl_error;
279 out_params->push_back(AuthorizationSet(hidl_out_params));
280 output->append(hidl_output.to_string());
281 *input_consumed = hidl_input_consumed;
282 })
283 .isOk());
284 return error;
285}
286
287ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
288 SCOPED_TRACE("Update");
289 AuthorizationSet out_params;
290 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
291 out, input_consumed);
292 EXPECT_TRUE(out_params.empty());
293 return error;
294}
295
296ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
297 const string& input, const string& signature,
298 AuthorizationSet* out_params, string* output) {
299 SCOPED_TRACE("Finish");
300 ErrorCode error;
301 EXPECT_TRUE(
302 keymaster_
303 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
304 HardwareAuthToken(), VerificationToken(),
305 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
306 const HidlBuf& hidl_output) {
307 error = hidl_error;
308 *out_params = hidl_out_params;
309 output->append(hidl_output.to_string());
310 })
311 .isOk());
312 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
313 return error;
314}
315
316ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
317 SCOPED_TRACE("Finish");
318 AuthorizationSet out_params;
319 string finish_output;
320 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
321 "" /* signature */, &out_params, output);
322 if (error != ErrorCode::OK) {
323 return error;
324 }
325 EXPECT_EQ(0U, out_params.size());
326 return error;
327}
328
329ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
330 string* output) {
331 SCOPED_TRACE("Finish");
332 AuthorizationSet out_params;
333 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
334 &out_params, output);
335 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
336 if (error != ErrorCode::OK) {
337 return error;
338 }
339 EXPECT_EQ(0U, out_params.size());
340 return error;
341}
342
343ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
344 SCOPED_TRACE("Abort");
345 auto retval = keymaster_->abort(op_handle);
346 EXPECT_TRUE(retval.isOk());
347 return retval;
348}
349
350void KeymasterHidlTest::AbortIfNeeded() {
351 SCOPED_TRACE("AbortIfNeeded");
352 if (op_handle_ != kOpHandleSentinel) {
353 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
354 op_handle_ = kOpHandleSentinel;
355 }
356}
357
358ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
359 const AuthorizationSet& attest_params,
360 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
361 SCOPED_TRACE("AttestKey");
362 ErrorCode error;
363 auto rc = keymaster_->attestKey(
364 key_blob, attest_params.hidl_data(),
365 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
366 error = hidl_error;
367 *cert_chain = hidl_cert_chain;
368 });
369
370 EXPECT_TRUE(rc.isOk()) << rc.description();
371 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
372
373 return error;
374}
375
376ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
377 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
378 SCOPED_TRACE("AttestKey");
379 return AttestKey(key_blob_, attest_params, cert_chain);
380}
381
382string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
383 const string& message, const AuthorizationSet& in_params,
384 AuthorizationSet* out_params) {
385 SCOPED_TRACE("ProcessMessage");
386 AuthorizationSet begin_out_params;
387 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
388
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]389 string output;
390 size_t consumed = 0;
391 AuthorizationSet update_params;
392 AuthorizationSet update_out_params;
393 EXPECT_EQ(ErrorCode::OK,
394 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
395
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]396 string unused;
397 AuthorizationSet finish_params;
398 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]399 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
400 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]401 op_handle_ = kOpHandleSentinel;
402
403 out_params->push_back(begin_out_params);
404 out_params->push_back(finish_out_params);
405 return output;
406}
407
408string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
409 const AuthorizationSet& params) {
410 SCOPED_TRACE("SignMessage");
411 AuthorizationSet out_params;
412 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
413 EXPECT_TRUE(out_params.empty());
414 return signature;
415}
416
417string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
418 SCOPED_TRACE("SignMessage");
419 return SignMessage(key_blob_, message, params);
420}
421
422string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
423 SCOPED_TRACE("MacMessage");
424 return SignMessage(
425 key_blob_, message,
426 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
427}
428
429void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
430 const string& expected_mac) {
431 SCOPED_TRACE("CheckHmacTestVector");
432 ASSERT_EQ(ErrorCode::OK,
433 ImportKey(AuthorizationSetBuilder()
434 .Authorization(TAG_NO_AUTH_REQUIRED)
435 .HmacKey(key.size() * 8)
436 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
437 .Digest(digest),
438 KeyFormat::RAW, key));
439 string signature = MacMessage(message, digest, expected_mac.size() * 8);
440 EXPECT_EQ(expected_mac, signature)
441 << "Test vector didn't match for key of size " << key.size() << " message of size "
442 << message.size() << " and digest " << digest;
443 CheckedDeleteKey();
444}
445
446void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
447 const string& message,
448 const string& expected_ciphertext) {
449 SCOPED_TRACE("CheckAesCtrTestVector");
450 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
451 .Authorization(TAG_NO_AUTH_REQUIRED)
452 .AesEncryptionKey(key.size() * 8)
453 .BlockMode(BlockMode::CTR)
454 .Authorization(TAG_CALLER_NONCE)
455 .Padding(PaddingMode::NONE),
456 KeyFormat::RAW, key));
457
458 auto params = AuthorizationSetBuilder()
459 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
460 .BlockMode(BlockMode::CTR)
461 .Padding(PaddingMode::NONE);
462 AuthorizationSet out_params;
463 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
464 EXPECT_EQ(expected_ciphertext, ciphertext);
465}
466
467void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
468 PaddingMode padding_mode, const string& key,
469 const string& iv, const string& input,
470 const string& expected_output) {
471 auto authset = AuthorizationSetBuilder()
472 .TripleDesEncryptionKey(key.size() * 7)
473 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]474 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]475 .Padding(padding_mode);
476 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
477 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
478 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
479 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
480 AuthorizationSet output_params;
481 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
482 EXPECT_EQ(expected_output, output);
483}
484
485void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
486 const string& signature, const AuthorizationSet& params) {
487 SCOPED_TRACE("VerifyMessage");
488 AuthorizationSet begin_out_params;
489 ASSERT_EQ(ErrorCode::OK,
490 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
491
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]492 string output;
493 AuthorizationSet update_params;
494 AuthorizationSet update_out_params;
495 size_t consumed;
496 ASSERT_EQ(ErrorCode::OK,
497 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
498 EXPECT_TRUE(output.empty());
499 EXPECT_GT(consumed, 0U);
500
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]501 string unused;
502 AuthorizationSet finish_params;
503 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]504 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
505 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]506 op_handle_ = kOpHandleSentinel;
507 EXPECT_TRUE(output.empty());
508}
509
510void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
511 const AuthorizationSet& params) {
512 SCOPED_TRACE("VerifyMessage");
513 VerifyMessage(key_blob_, message, signature, params);
514}
515
516string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
517 const AuthorizationSet& in_params,
518 AuthorizationSet* out_params) {
519 SCOPED_TRACE("EncryptMessage");
520 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
521}
522
523string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
524 AuthorizationSet* out_params) {
525 SCOPED_TRACE("EncryptMessage");
526 return EncryptMessage(key_blob_, message, params, out_params);
527}
528
529string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
530 SCOPED_TRACE("EncryptMessage");
531 AuthorizationSet out_params;
532 string ciphertext = EncryptMessage(message, params, &out_params);
533 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
534 return ciphertext;
535}
536
537string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
538 PaddingMode padding) {
539 SCOPED_TRACE("EncryptMessage");
540 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
541 AuthorizationSet out_params;
542 string ciphertext = EncryptMessage(message, params, &out_params);
543 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
544 return ciphertext;
545}
546
547string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
548 PaddingMode padding, HidlBuf* iv_out) {
549 SCOPED_TRACE("EncryptMessage");
550 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
551 AuthorizationSet out_params;
552 string ciphertext = EncryptMessage(message, params, &out_params);
553 EXPECT_EQ(1U, out_params.size());
554 auto ivVal = out_params.GetTagValue(TAG_NONCE);
555 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]556 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]557 return ciphertext;
558}
559
560string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
561 PaddingMode padding, const HidlBuf& iv_in) {
562 SCOPED_TRACE("EncryptMessage");
563 auto params = AuthorizationSetBuilder()
564 .BlockMode(block_mode)
565 .Padding(padding)
566 .Authorization(TAG_NONCE, iv_in);
567 AuthorizationSet out_params;
568 string ciphertext = EncryptMessage(message, params, &out_params);
569 return ciphertext;
570}
571
572string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
573 const AuthorizationSet& params) {
574 SCOPED_TRACE("DecryptMessage");
575 AuthorizationSet out_params;
576 string plaintext =
577 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
578 EXPECT_TRUE(out_params.empty());
579 return plaintext;
580}
581
582string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
583 SCOPED_TRACE("DecryptMessage");
584 return DecryptMessage(key_blob_, ciphertext, params);
585}
586
587string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
588 PaddingMode padding_mode, const HidlBuf& iv) {
589 SCOPED_TRACE("DecryptMessage");
590 auto params = AuthorizationSetBuilder()
591 .BlockMode(block_mode)
592 .Padding(padding_mode)
593 .Authorization(TAG_NONCE, iv);
594 return DecryptMessage(key_blob_, ciphertext, params);
595}
596
597std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
598 std::pair<ErrorCode, HidlBuf> retval;
599 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
600 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
601 retval = std::tie(error, upgraded_blob);
602 });
603 return retval;
604}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]605std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
606 switch (algorithm) {
607 case Algorithm::RSA:
608 switch (SecLevel()) {
609 case SecurityLevel::TRUSTED_ENVIRONMENT:
610 return {2048, 3072, 4096};
611 case SecurityLevel::STRONGBOX:
612 return {2048};
613 default:
614 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
615 break;
616 }
617 break;
618 case Algorithm::EC:
619 switch (SecLevel()) {
620 case SecurityLevel::TRUSTED_ENVIRONMENT:
621 return {224, 256, 384, 521};
622 case SecurityLevel::STRONGBOX:
623 return {256};
624 default:
625 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
626 break;
627 }
628 break;
629 case Algorithm::AES:
630 return {128, 256};
631 case Algorithm::TRIPLE_DES:
632 return {168};
633 case Algorithm::HMAC: {
634 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
635 uint32_t size = 64 - 8;
636 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
637 return retval;
638 }
639 default:
640 CHECK(false) << "Invalid Algorithm: " << algorithm;
641 return {};
642 }
643 CHECK(false) << "Should be impossible to get here";
644 return {};
645}
646std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
647 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
648 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
649 switch (algorithm) {
650 case Algorithm::RSA:
651 return {3072, 4096};
652 case Algorithm::EC:
653 return {224, 384, 521};
Baranidharan Muthukumaran3f127ca2018-08-24 13:31:35 -0700[diff] [blame^]654 case Algorithm::AES:
655 return {192};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]656 default:
657 return {};
658 }
659}
660
661std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
662 if (securityLevel_ == SecurityLevel::STRONGBOX) {
663 return {EcCurve::P_256};
664 } else {
665 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
666 }
667}
668
669std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
670 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
671 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
672 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
673}
674
675std::initializer_list<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
676 std::vector<Digest> result;
677 switch (SecLevel()) {
678 case SecurityLevel::TRUSTED_ENVIRONMENT:
679 if (withNone) {
680 if (withMD5)
681 return {Digest::NONE, Digest::MD5, Digest::SHA1,
682 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
683 Digest::SHA_2_512};
684 else
685 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
686 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
687 } else {
688 if (withMD5)
689 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
690 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
691 else
692 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
693 Digest::SHA_2_512};
694 }
695 break;
696 case SecurityLevel::STRONGBOX:
697 if (withNone)
698 return {Digest::NONE, Digest::SHA_2_256};
699 else
700 return {Digest::SHA_2_256};
701 break;
702 default:
703 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
704 break;
705 }
706 CHECK(false) << "Should be impossible to get here";
707 return {};
708}
709
710std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
711 return {};
712}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]713
714} // namespace test
715} // namespace V4_0
716} // namespace keymaster
717} // namespace hardware
718} // namespace android