| Shawn Willden | 3f7c80a | 2020-01-15 19:09:50 -0700 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (C) 2020 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "Keymaster4_1HidlTest.h" |
| 18 | |
| 19 | #include <cutils/properties.h> |
| 20 | |
| 21 | #include <openssl/x509.h> |
| 22 | |
| 23 | #include <keymasterV4_1/attestation_record.h> |
| 24 | #include <keymasterV4_1/authorization_set.h> |
| 25 | |
| 26 | namespace android::hardware::keymaster::V4_0 { |
| 27 | |
| 28 | bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) { |
| 29 | return std::equal(a.begin(), a.end(), b.begin(), b.end()); |
| 30 | } |
| 31 | |
| 32 | } // namespace android::hardware::keymaster::V4_0 |
| 33 | |
| 34 | namespace android::hardware::keymaster::V4_1 { |
| 35 | |
| 36 | inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) { |
| 37 | return os << toString(tag); |
| 38 | } |
| 39 | |
| 40 | namespace test { |
| 41 | |
| 42 | using std::string; |
| 43 | using std::tuple; |
| 44 | |
| 45 | namespace { |
| 46 | |
| 47 | char nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', |
| 48 | '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; |
| 49 | |
| 50 | string bin2hex(const hidl_vec<uint8_t>& data) { |
| 51 | string retval; |
| 52 | retval.reserve(data.size() * 2 + 1); |
| 53 | for (uint8_t byte : data) { |
| 54 | retval.push_back(nibble2hex[0x0F & (byte >> 4)]); |
| 55 | retval.push_back(nibble2hex[0x0F & byte]); |
| 56 | } |
| 57 | return retval; |
| 58 | } |
| 59 | |
| 60 | struct AuthorizationSetDifferences { |
| 61 | string aName; |
| 62 | string bName; |
| 63 | AuthorizationSet aWhackB; |
| 64 | AuthorizationSet bWhackA; |
| 65 | }; |
| 66 | |
| 67 | std::ostream& operator<<(std::ostream& o, const AuthorizationSetDifferences& diffs) { |
| 68 | if (!diffs.aWhackB.empty()) { |
| 69 | o << "Set " << diffs.aName << " contains the following that " << diffs.bName << " does not" |
| 70 | << diffs.aWhackB; |
| 71 | if (!diffs.bWhackA.empty()) o << std::endl; |
| 72 | } |
| 73 | |
| 74 | if (!diffs.bWhackA.empty()) { |
| 75 | o << "Set " << diffs.bName << " contains the following that " << diffs.aName << " does not" |
| 76 | << diffs.bWhackA; |
| 77 | } |
| 78 | return o; |
| 79 | } |
| 80 | |
| 81 | // Computes and returns a \ b and b \ a ('\' is the set-difference operator, a \ b means all the |
| 82 | // elements that are in a but not b, i.e. take a and whack all the elements in b) to the provided |
| 83 | // stream. The sets must be sorted. |
| 84 | // |
| 85 | // This provides a simple and clear view of how the two sets differ, generally much |
| 86 | // easier than scrutinizing printouts of the two sets. |
| 87 | AuthorizationSetDifferences difference(string aName, const AuthorizationSet& a, string bName, |
| 88 | const AuthorizationSet& b) { |
| 89 | AuthorizationSetDifferences diffs = {std::move(aName), std::move(bName), {}, {}}; |
| 90 | std::set_difference(a.begin(), a.end(), b.begin(), b.end(), std::back_inserter(diffs.aWhackB)); |
| 91 | std::set_difference(b.begin(), b.end(), a.begin(), a.end(), std::back_inserter(diffs.bWhackA)); |
| 92 | return diffs; |
| 93 | } |
| 94 | |
| 95 | #define DIFFERENCE(a, b) difference(#a, a, #b, b) |
| 96 | |
| 97 | void check_root_of_trust(const RootOfTrust& root_of_trust) { |
| 98 | char vb_meta_device_state[PROPERTY_VALUE_MAX]; |
| 99 | if (property_get("ro.boot.vbmeta.device_state", vb_meta_device_state, "") == 0) return; |
| 100 | |
| 101 | char vb_meta_digest[PROPERTY_VALUE_MAX]; |
| 102 | EXPECT_GT(property_get("ro.boot.vbmeta.digest", vb_meta_digest, ""), 0); |
| 103 | EXPECT_EQ(vb_meta_digest, bin2hex(root_of_trust.verified_boot_hash)); |
| 104 | |
| 105 | // Verified boot key should be all 0's if the boot state is not verified or self signed |
| 106 | HidlBuf empty_boot_key(string(32, '\0')); |
| 107 | |
| 108 | char vb_meta_bootstate[PROPERTY_VALUE_MAX]; |
| 109 | auto& verified_boot_key = root_of_trust.verified_boot_key; |
| 110 | auto& verified_boot_state = root_of_trust.verified_boot_state; |
| 111 | EXPECT_GT(property_get("ro.boot.verifiedbootstate", vb_meta_bootstate, ""), 0); |
| 112 | if (!strcmp(vb_meta_bootstate, "green")) { |
| 113 | EXPECT_EQ(verified_boot_state, V4_0::KM_VERIFIED_BOOT_VERIFIED); |
| 114 | EXPECT_NE(verified_boot_key, empty_boot_key); |
| 115 | } else if (!strcmp(vb_meta_bootstate, "yellow")) { |
| 116 | EXPECT_EQ(verified_boot_state, V4_0::KM_VERIFIED_BOOT_SELF_SIGNED); |
| 117 | EXPECT_NE(verified_boot_key, empty_boot_key); |
| 118 | } else if (!strcmp(vb_meta_bootstate, "orange")) { |
| 119 | EXPECT_EQ(verified_boot_state, V4_0::KM_VERIFIED_BOOT_UNVERIFIED); |
| 120 | EXPECT_EQ(verified_boot_key, empty_boot_key); |
| 121 | } else if (!strcmp(vb_meta_bootstate, "red")) { |
| 122 | EXPECT_EQ(verified_boot_state, V4_0::KM_VERIFIED_BOOT_FAILED); |
| 123 | } else { |
| 124 | EXPECT_EQ(verified_boot_state, V4_0::KM_VERIFIED_BOOT_UNVERIFIED); |
| 125 | EXPECT_EQ(verified_boot_key, empty_boot_key); |
| 126 | } |
| 127 | } |
| 128 | |
| 129 | void check_attestation_record(AttestationRecord attestation, const HidlBuf& challenge, |
| 130 | AuthorizationSet expected_sw_enforced, |
| 131 | AuthorizationSet expected_hw_enforced, |
| 132 | SecurityLevel expected_security_level) { |
| 133 | EXPECT_EQ(41U, attestation.keymaster_version); |
| 134 | EXPECT_EQ(4U, attestation.attestation_version); |
| 135 | EXPECT_EQ(expected_security_level, attestation.attestation_security_level); |
| 136 | EXPECT_EQ(expected_security_level, attestation.keymaster_security_level); |
| 137 | EXPECT_EQ(challenge, attestation.attestation_challenge); |
| 138 | |
| 139 | check_root_of_trust(attestation.root_of_trust); |
| 140 | |
| 141 | // Sort all of the authorization lists, so that equality matching works. |
| 142 | expected_sw_enforced.Sort(); |
| 143 | expected_hw_enforced.Sort(); |
| 144 | attestation.software_enforced.Sort(); |
| 145 | attestation.hardware_enforced.Sort(); |
| 146 | |
| 147 | EXPECT_EQ(expected_sw_enforced, attestation.software_enforced) |
| 148 | << DIFFERENCE(expected_sw_enforced, attestation.software_enforced); |
| 149 | EXPECT_EQ(expected_hw_enforced, attestation.hardware_enforced) |
| 150 | << DIFFERENCE(expected_hw_enforced, attestation.hardware_enforced); |
| 151 | } |
| 152 | |
| 153 | } // namespace |
| 154 | |
| 155 | using std::string; |
| 156 | using DeviceUniqueAttestationTest = Keymaster4_1HidlTest; |
| 157 | |
| 158 | TEST_P(DeviceUniqueAttestationTest, StrongBoxOnly) { |
| 159 | if (SecLevel() != SecurityLevel::STRONGBOX) return; |
| 160 | |
| 161 | ASSERT_EQ(ErrorCode::OK, convert(GenerateKey(AuthorizationSetBuilder() |
| 162 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 163 | .RsaSigningKey(2048, 65537) |
| 164 | .Digest(Digest::SHA_2_256) |
| 165 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) |
| 166 | .Authorization(TAG_INCLUDE_UNIQUE_ID)))); |
| 167 | |
| 168 | hidl_vec<hidl_vec<uint8_t>> cert_chain; |
| 169 | EXPECT_EQ(ErrorCode::UNIMPLEMENTED, |
| 170 | convert(AttestKey( |
| 171 | AuthorizationSetBuilder() |
| 172 | .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION) |
| 173 | .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) |
| 174 | .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), |
| 175 | &cert_chain))); |
| 176 | CheckedDeleteKey(); |
| 177 | |
| 178 | ASSERT_EQ(ErrorCode::OK, convert(GenerateKey(AuthorizationSetBuilder() |
| 179 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 180 | .EcdsaSigningKey(EcCurve::P_256) |
| 181 | .Digest(Digest::SHA_2_256) |
| 182 | .Authorization(TAG_INCLUDE_UNIQUE_ID)))); |
| 183 | |
| 184 | EXPECT_EQ(ErrorCode::UNIMPLEMENTED, |
| 185 | convert(AttestKey( |
| 186 | AuthorizationSetBuilder() |
| 187 | .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) |
| 188 | .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), |
| 189 | &cert_chain))); |
| 190 | } |
| 191 | |
| 192 | TEST_P(DeviceUniqueAttestationTest, Rsa) { |
| 193 | if (SecLevel() != SecurityLevel::STRONGBOX) return; |
| 194 | ASSERT_EQ(ErrorCode::OK, |
| 195 | convert(GenerateKey(AuthorizationSetBuilder() |
| 196 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 197 | .RsaSigningKey(2048, 65537) |
| 198 | .Digest(Digest::SHA_2_256) |
| 199 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) |
| 200 | .Authorization(TAG_CREATION_DATETIME, 1)))); |
| 201 | |
| 202 | hidl_vec<hidl_vec<uint8_t>> cert_chain; |
| 203 | HidlBuf challenge("challenge"); |
| 204 | HidlBuf app_id("foo"); |
| 205 | EXPECT_EQ(ErrorCode::OK, |
| 206 | convert(AttestKey(AuthorizationSetBuilder() |
| 207 | .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION) |
| 208 | .Authorization(TAG_ATTESTATION_CHALLENGE, challenge) |
| 209 | .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id), |
| 210 | &cert_chain))); |
| 211 | |
| 212 | EXPECT_EQ(1U, cert_chain.size()); |
| 213 | auto [err, attestation] = parse_attestation_record(cert_chain[0]); |
| 214 | EXPECT_EQ(ErrorCode::OK, err); |
| 215 | |
| 216 | check_attestation_record(attestation, challenge, |
| 217 | /* sw_enforced */ |
| 218 | AuthorizationSetBuilder() |
| 219 | .Authorization(TAG_CREATION_DATETIME, 1) |
| 220 | .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id), |
| 221 | /* hw_enforced */ |
| 222 | AuthorizationSetBuilder() |
| 223 | .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION) |
| 224 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 225 | .RsaSigningKey(2048, 65537) |
| 226 | .Digest(Digest::SHA_2_256) |
| 227 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) |
| 228 | .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED) |
| 229 | .Authorization(TAG_OS_VERSION, os_version()) |
| 230 | .Authorization(TAG_OS_PATCHLEVEL, os_patch_level()), |
| 231 | SecLevel()); |
| 232 | } |
| 233 | |
| 234 | TEST_P(DeviceUniqueAttestationTest, Ecdsa) { |
| 235 | if (SecLevel() != SecurityLevel::STRONGBOX) return; |
| 236 | ASSERT_EQ(ErrorCode::OK, |
| 237 | convert(GenerateKey(AuthorizationSetBuilder() |
| 238 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 239 | .EcdsaSigningKey(256) |
| 240 | .Digest(Digest::SHA_2_256) |
| 241 | .Authorization(TAG_CREATION_DATETIME, 1)))); |
| 242 | |
| 243 | hidl_vec<hidl_vec<uint8_t>> cert_chain; |
| 244 | HidlBuf challenge("challenge"); |
| 245 | HidlBuf app_id("foo"); |
| 246 | EXPECT_EQ(ErrorCode::OK, |
| 247 | convert(AttestKey(AuthorizationSetBuilder() |
| 248 | .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION) |
| 249 | .Authorization(TAG_ATTESTATION_CHALLENGE, challenge) |
| 250 | .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id), |
| 251 | &cert_chain))); |
| 252 | |
| 253 | EXPECT_EQ(1U, cert_chain.size()); |
| 254 | auto [err, attestation] = parse_attestation_record(cert_chain[0]); |
| 255 | EXPECT_EQ(ErrorCode::OK, err); |
| 256 | |
| 257 | check_attestation_record(attestation, challenge, |
| 258 | /* sw_enforced */ |
| 259 | AuthorizationSetBuilder() |
| 260 | .Authorization(TAG_CREATION_DATETIME, 1) |
| 261 | .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id), |
| 262 | /* hw_enforced */ |
| 263 | AuthorizationSetBuilder() |
| 264 | .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION) |
| 265 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 266 | .EcdsaSigningKey(256) |
| 267 | .Digest(Digest::SHA_2_256) |
| 268 | .Authorization(TAG_EC_CURVE, EcCurve::P_256) |
| 269 | .Authorization(TAG_ORIGIN, KeyOrigin::GENERATED) |
| 270 | .Authorization(TAG_OS_VERSION, os_version()) |
| 271 | .Authorization(TAG_OS_PATCHLEVEL, os_patch_level()), |
| 272 | SecLevel()); |
| 273 | } |
| 274 | |
| 275 | INSTANTIATE_KEYMASTER_4_1_HIDL_TEST(DeviceUniqueAttestationTest); |
| 276 | |
| 277 | } // namespace test |
| 278 | } // namespace android::hardware::keymaster::V4_1 |