Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 56cda83f8c8397df5e0e69bc933a226427b0d5d2 / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: 4838e7e575d3727e25162c6eb2ac0540915c5612 [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]19#include <chrono>
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]20#include <vector>
21
22#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]23#include <android/hidl/manager/1.0/IServiceManager.h>
24
25#include <keymasterV4_0/key_param_output.h>
26
27namespace android {
28namespace hardware {
29namespace keymaster {
30namespace V4_0 {
31
32::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
33 if (set.size() == 0)
34 os << "(Empty)" << ::std::endl;
35 else {
36 os << "\n";
37 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
38 }
39 return os;
40}
41
42namespace test {
43
44sp<IKeymasterDevice> KeymasterHidlTest::keymaster_;
45std::vector<sp<IKeymasterDevice>> KeymasterHidlTest::all_keymasters_;
46uint32_t KeymasterHidlTest::os_version_;
47uint32_t KeymasterHidlTest::os_patch_level_;
48SecurityLevel KeymasterHidlTest::securityLevel_;
49hidl_string KeymasterHidlTest::name_;
50hidl_string KeymasterHidlTest::author_;
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]51string KeymasterHidlTest::service_name_;
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]52
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]53void KeymasterHidlTest::InitializeKeymaster() {
54 service_name_ = KeymasterHidlEnvironment::Instance()->getServiceName<IKeymasterDevice>();
55 keymaster_ = ::testing::VtsHalHidlTargetTestBase::getService<IKeymasterDevice>(service_name_);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]56 ASSERT_NE(keymaster_, nullptr);
57
58 ASSERT_TRUE(keymaster_
59 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
60 const hidl_string& author) {
61 securityLevel_ = securityLevel;
62 name_ = name;
63 author_ = author;
64 })
65 .isOk());
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]66}
67
68void KeymasterHidlTest::SetUpTestCase() {
69
70 InitializeKeymaster();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]71
72 os_version_ = ::keymaster::GetOsVersion();
73 os_patch_level_ = ::keymaster::GetOsPatchlevel();
74
75 auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();
76 ASSERT_NE(nullptr, service_manager.get());
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]77 all_keymasters_.push_back(keymaster_);
78 service_manager->listByInterface(
79 IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {
80 for (auto& name : names) {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]81 if (name == service_name_) continue;
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]82 auto keymaster =
83 ::testing::VtsHalHidlTargetTestBase::getService<IKeymasterDevice>(name);
84 ASSERT_NE(keymaster, nullptr);
85 all_keymasters_.push_back(keymaster);
86 }
87 });
88}
89
90ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
91 KeyCharacteristics* key_characteristics) {
92 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
93 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
94 EXPECT_NE(key_characteristics, nullptr)
95 << "Previous characteristics not deleted before generating key. Test bug.";
96
97 ErrorCode error;
98 EXPECT_TRUE(keymaster_
99 ->generateKey(key_desc.hidl_data(),
100 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
101 const KeyCharacteristics& hidl_key_characteristics) {
102 error = hidl_error;
103 *key_blob = hidl_key_blob;
104 *key_characteristics = hidl_key_characteristics;
105 })
106 .isOk());
107 // On error, blob & characteristics should be empty.
108 if (error != ErrorCode::OK) {
109 EXPECT_EQ(0U, key_blob->size());
110 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
111 key_characteristics->hardwareEnforced.size()));
112 }
113 return error;
114}
115
116ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
117 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
118}
119
120ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
121 const string& key_material, HidlBuf* key_blob,
122 KeyCharacteristics* key_characteristics) {
123 ErrorCode error;
124 EXPECT_TRUE(keymaster_
125 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
126 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
127 const KeyCharacteristics& hidl_key_characteristics) {
128 error = hidl_error;
129 *key_blob = hidl_key_blob;
130 *key_characteristics = hidl_key_characteristics;
131 })
132 .isOk());
133 // On error, blob & characteristics should be empty.
134 if (error != ErrorCode::OK) {
135 EXPECT_EQ(0U, key_blob->size());
136 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
137 key_characteristics->hardwareEnforced.size()));
138 }
139 return error;
140}
141
142ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
143 const string& key_material) {
144 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
145}
146
147ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
148 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]149 string masking_key,
150 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]151 ErrorCode error;
152 ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
153 EXPECT_TRUE(keymaster_
154 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]155 unwrapping_params.hidl_data(), 0 /* passwordSid */,
156 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]157 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
158 const KeyCharacteristics& hidl_key_characteristics) {
159 error = hidl_error;
160 key_blob_ = hidl_key_blob;
161 key_characteristics_ = hidl_key_characteristics;
162 })
163 .isOk());
164 return error;
165}
166
167ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
168 const HidlBuf& client_id, const HidlBuf& app_data,
169 HidlBuf* key_material) {
170 ErrorCode error;
171 EXPECT_TRUE(keymaster_
172 ->exportKey(format, key_blob, client_id, app_data,
173 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
174 error = hidl_error_code;
175 *key_material = hidl_key_material;
176 })
177 .isOk());
178 // On error, blob should be empty.
179 if (error != ErrorCode::OK) {
180 EXPECT_EQ(0U, key_material->size());
181 }
182 return error;
183}
184
185ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
186 HidlBuf client_id, app_data;
187 return ExportKey(format, key_blob_, client_id, app_data, key_material);
188}
189
190ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
191 auto rc = keymaster_->deleteKey(*key_blob);
192 if (!keep_key_blob) *key_blob = HidlBuf();
193 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
194 return rc;
195}
196
197ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
198 return DeleteKey(&key_blob_, keep_key_blob);
199}
200
201ErrorCode KeymasterHidlTest::DeleteAllKeys() {
202 ErrorCode error = keymaster_->deleteAllKeys();
203 return error;
204}
205
206void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
207 auto rc = DeleteKey(key_blob, keep_key_blob);
208 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
209}
210
211void KeymasterHidlTest::CheckedDeleteKey() {
212 CheckedDeleteKey(&key_blob_);
213}
214
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]215void KeymasterHidlTest::CheckCreationDateTime(
216 const AuthorizationSet& sw_enforced,
217 std::chrono::time_point<std::chrono::system_clock> creation) {
218 for (int i = 0; i < sw_enforced.size(); i++) {
219 if (sw_enforced[i].tag == TAG_CREATION_DATETIME) {
220 std::chrono::time_point<std::chrono::system_clock> now =
221 std::chrono::system_clock::now();
222 std::chrono::time_point<std::chrono::system_clock> reported_time{
223 std::chrono::milliseconds(sw_enforced[i].f.dateTime)};
Garret Kelly9c0a4572019-06-24 18:31:38 -0400[diff] [blame]224 // The test is flaky for EC keys, so a buffer time of 120 seconds will be added.
225 EXPECT_LE(creation - 120s, reported_time);
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]226 EXPECT_LE(reported_time, now + 1s);
227 }
228 }
229}
230
231void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
232 const HidlBuf& app_data,
233 KeyCharacteristics* key_characteristics) {
234 HidlBuf empty_buf = {};
235 EXPECT_EQ(ErrorCode::OK,
236 GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
237 EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
238 EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
239
240 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
241 GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
242 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
243 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
244
245 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
246 GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
247 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
248 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
249
250 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
251 GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
252 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
253 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
254}
255
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]256ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
257 const HidlBuf& app_data,
258 KeyCharacteristics* key_characteristics) {
259 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
260 EXPECT_TRUE(
261 keymaster_
262 ->getKeyCharacteristics(
263 key_blob, client_id, app_data,
264 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
265 error = hidl_error, *key_characteristics = hidl_key_characteristics;
266 })
267 .isOk());
268 return error;
269}
270
271ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
272 KeyCharacteristics* key_characteristics) {
273 HidlBuf client_id, app_data;
274 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
275}
276
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]277ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
278 EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
279 *debug_info = hidl_debug_info;
280 }).isOk());
281 return ErrorCode::OK;
282}
283
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]284ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
285 const AuthorizationSet& in_params, AuthorizationSet* out_params,
286 OperationHandle* op_handle) {
287 SCOPED_TRACE("Begin");
288 ErrorCode error;
289 OperationHandle saved_handle = *op_handle;
290 EXPECT_TRUE(keymaster_
291 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
292 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
293 uint64_t hidl_op_handle) {
294 error = hidl_error;
295 *out_params = hidl_out_params;
296 *op_handle = hidl_op_handle;
297 })
298 .isOk());
299 if (error != ErrorCode::OK) {
300 // Some implementations may modify *op_handle on error.
301 *op_handle = saved_handle;
302 }
303 return error;
304}
305
306ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
307 AuthorizationSet* out_params) {
308 SCOPED_TRACE("Begin");
309 EXPECT_EQ(kOpHandleSentinel, op_handle_);
310 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
311}
312
313ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
314 SCOPED_TRACE("Begin");
315 AuthorizationSet out_params;
316 ErrorCode error = Begin(purpose, in_params, &out_params);
317 EXPECT_TRUE(out_params.empty());
318 return error;
319}
320
321ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
322 const string& input, AuthorizationSet* out_params,
323 string* output, size_t* input_consumed) {
324 SCOPED_TRACE("Update");
325 ErrorCode error;
326 EXPECT_TRUE(keymaster_
327 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
328 VerificationToken(),
329 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
330 const hidl_vec<KeyParameter>& hidl_out_params,
331 const HidlBuf& hidl_output) {
332 error = hidl_error;
333 out_params->push_back(AuthorizationSet(hidl_out_params));
334 output->append(hidl_output.to_string());
335 *input_consumed = hidl_input_consumed;
336 })
337 .isOk());
338 return error;
339}
340
341ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
342 SCOPED_TRACE("Update");
343 AuthorizationSet out_params;
344 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
345 out, input_consumed);
346 EXPECT_TRUE(out_params.empty());
347 return error;
348}
349
350ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
351 const string& input, const string& signature,
352 AuthorizationSet* out_params, string* output) {
353 SCOPED_TRACE("Finish");
354 ErrorCode error;
355 EXPECT_TRUE(
356 keymaster_
357 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
358 HardwareAuthToken(), VerificationToken(),
359 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
360 const HidlBuf& hidl_output) {
361 error = hidl_error;
362 *out_params = hidl_out_params;
363 output->append(hidl_output.to_string());
364 })
365 .isOk());
366 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
367 return error;
368}
369
370ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
371 SCOPED_TRACE("Finish");
372 AuthorizationSet out_params;
373 string finish_output;
374 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
375 "" /* signature */, &out_params, output);
376 if (error != ErrorCode::OK) {
377 return error;
378 }
379 EXPECT_EQ(0U, out_params.size());
380 return error;
381}
382
383ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
384 string* output) {
385 SCOPED_TRACE("Finish");
386 AuthorizationSet out_params;
387 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
388 &out_params, output);
389 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
390 if (error != ErrorCode::OK) {
391 return error;
392 }
393 EXPECT_EQ(0U, out_params.size());
394 return error;
395}
396
397ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
398 SCOPED_TRACE("Abort");
399 auto retval = keymaster_->abort(op_handle);
400 EXPECT_TRUE(retval.isOk());
401 return retval;
402}
403
404void KeymasterHidlTest::AbortIfNeeded() {
405 SCOPED_TRACE("AbortIfNeeded");
406 if (op_handle_ != kOpHandleSentinel) {
407 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
408 op_handle_ = kOpHandleSentinel;
409 }
410}
411
412ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
413 const AuthorizationSet& attest_params,
414 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
415 SCOPED_TRACE("AttestKey");
416 ErrorCode error;
417 auto rc = keymaster_->attestKey(
418 key_blob, attest_params.hidl_data(),
419 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
420 error = hidl_error;
421 *cert_chain = hidl_cert_chain;
422 });
423
424 EXPECT_TRUE(rc.isOk()) << rc.description();
425 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
426
427 return error;
428}
429
430ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
431 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
432 SCOPED_TRACE("AttestKey");
433 return AttestKey(key_blob_, attest_params, cert_chain);
434}
435
436string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
437 const string& message, const AuthorizationSet& in_params,
438 AuthorizationSet* out_params) {
439 SCOPED_TRACE("ProcessMessage");
440 AuthorizationSet begin_out_params;
441 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
442
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]443 string output;
444 size_t consumed = 0;
445 AuthorizationSet update_params;
446 AuthorizationSet update_out_params;
447 EXPECT_EQ(ErrorCode::OK,
448 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
449
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]450 string unused;
451 AuthorizationSet finish_params;
452 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]453 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
454 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]455 op_handle_ = kOpHandleSentinel;
456
457 out_params->push_back(begin_out_params);
458 out_params->push_back(finish_out_params);
459 return output;
460}
461
462string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
463 const AuthorizationSet& params) {
464 SCOPED_TRACE("SignMessage");
465 AuthorizationSet out_params;
466 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
467 EXPECT_TRUE(out_params.empty());
468 return signature;
469}
470
471string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
472 SCOPED_TRACE("SignMessage");
473 return SignMessage(key_blob_, message, params);
474}
475
476string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
477 SCOPED_TRACE("MacMessage");
478 return SignMessage(
479 key_blob_, message,
480 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
481}
482
483void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
484 const string& expected_mac) {
485 SCOPED_TRACE("CheckHmacTestVector");
486 ASSERT_EQ(ErrorCode::OK,
487 ImportKey(AuthorizationSetBuilder()
488 .Authorization(TAG_NO_AUTH_REQUIRED)
489 .HmacKey(key.size() * 8)
490 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
491 .Digest(digest),
492 KeyFormat::RAW, key));
493 string signature = MacMessage(message, digest, expected_mac.size() * 8);
494 EXPECT_EQ(expected_mac, signature)
495 << "Test vector didn't match for key of size " << key.size() << " message of size "
496 << message.size() << " and digest " << digest;
497 CheckedDeleteKey();
498}
499
500void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
501 const string& message,
502 const string& expected_ciphertext) {
503 SCOPED_TRACE("CheckAesCtrTestVector");
504 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
505 .Authorization(TAG_NO_AUTH_REQUIRED)
506 .AesEncryptionKey(key.size() * 8)
507 .BlockMode(BlockMode::CTR)
508 .Authorization(TAG_CALLER_NONCE)
509 .Padding(PaddingMode::NONE),
510 KeyFormat::RAW, key));
511
512 auto params = AuthorizationSetBuilder()
513 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
514 .BlockMode(BlockMode::CTR)
515 .Padding(PaddingMode::NONE);
516 AuthorizationSet out_params;
517 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
518 EXPECT_EQ(expected_ciphertext, ciphertext);
519}
520
521void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
522 PaddingMode padding_mode, const string& key,
523 const string& iv, const string& input,
524 const string& expected_output) {
525 auto authset = AuthorizationSetBuilder()
526 .TripleDesEncryptionKey(key.size() * 7)
527 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]528 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]529 .Padding(padding_mode);
530 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
531 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
532 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
533 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
534 AuthorizationSet output_params;
535 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
536 EXPECT_EQ(expected_output, output);
537}
538
539void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
540 const string& signature, const AuthorizationSet& params) {
541 SCOPED_TRACE("VerifyMessage");
542 AuthorizationSet begin_out_params;
543 ASSERT_EQ(ErrorCode::OK,
544 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
545
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]546 string output;
547 AuthorizationSet update_params;
548 AuthorizationSet update_out_params;
549 size_t consumed;
550 ASSERT_EQ(ErrorCode::OK,
551 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
552 EXPECT_TRUE(output.empty());
553 EXPECT_GT(consumed, 0U);
554
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]555 string unused;
556 AuthorizationSet finish_params;
557 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]558 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
559 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]560 op_handle_ = kOpHandleSentinel;
561 EXPECT_TRUE(output.empty());
562}
563
564void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
565 const AuthorizationSet& params) {
566 SCOPED_TRACE("VerifyMessage");
567 VerifyMessage(key_blob_, message, signature, params);
568}
569
570string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
571 const AuthorizationSet& in_params,
572 AuthorizationSet* out_params) {
573 SCOPED_TRACE("EncryptMessage");
574 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
575}
576
577string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
578 AuthorizationSet* out_params) {
579 SCOPED_TRACE("EncryptMessage");
580 return EncryptMessage(key_blob_, message, params, out_params);
581}
582
583string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
584 SCOPED_TRACE("EncryptMessage");
585 AuthorizationSet out_params;
586 string ciphertext = EncryptMessage(message, params, &out_params);
587 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
588 return ciphertext;
589}
590
591string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
592 PaddingMode padding) {
593 SCOPED_TRACE("EncryptMessage");
594 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
595 AuthorizationSet out_params;
596 string ciphertext = EncryptMessage(message, params, &out_params);
597 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
598 return ciphertext;
599}
600
601string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
602 PaddingMode padding, HidlBuf* iv_out) {
603 SCOPED_TRACE("EncryptMessage");
604 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
605 AuthorizationSet out_params;
606 string ciphertext = EncryptMessage(message, params, &out_params);
607 EXPECT_EQ(1U, out_params.size());
608 auto ivVal = out_params.GetTagValue(TAG_NONCE);
609 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]610 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]611 return ciphertext;
612}
613
614string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
615 PaddingMode padding, const HidlBuf& iv_in) {
616 SCOPED_TRACE("EncryptMessage");
617 auto params = AuthorizationSetBuilder()
618 .BlockMode(block_mode)
619 .Padding(padding)
620 .Authorization(TAG_NONCE, iv_in);
621 AuthorizationSet out_params;
622 string ciphertext = EncryptMessage(message, params, &out_params);
623 return ciphertext;
624}
625
Rob Barnes8ddc1c72019-09-13 18:00:44 -0600[diff] [blame]626string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
627 PaddingMode padding, uint8_t mac_length_bits,
628 const HidlBuf& iv_in) {
629 SCOPED_TRACE("EncryptMessage");
630 auto params = AuthorizationSetBuilder()
631 .BlockMode(block_mode)
632 .Padding(padding)
633 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
634 .Authorization(TAG_NONCE, iv_in);
635 AuthorizationSet out_params;
636 string ciphertext = EncryptMessage(message, params, &out_params);
637 return ciphertext;
638}
639
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]640string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
641 const AuthorizationSet& params) {
642 SCOPED_TRACE("DecryptMessage");
643 AuthorizationSet out_params;
644 string plaintext =
645 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
646 EXPECT_TRUE(out_params.empty());
647 return plaintext;
648}
649
650string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
651 SCOPED_TRACE("DecryptMessage");
652 return DecryptMessage(key_blob_, ciphertext, params);
653}
654
655string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
656 PaddingMode padding_mode, const HidlBuf& iv) {
657 SCOPED_TRACE("DecryptMessage");
658 auto params = AuthorizationSetBuilder()
659 .BlockMode(block_mode)
660 .Padding(padding_mode)
661 .Authorization(TAG_NONCE, iv);
662 return DecryptMessage(key_blob_, ciphertext, params);
663}
664
665std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
666 std::pair<ErrorCode, HidlBuf> retval;
667 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
668 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
669 retval = std::tie(error, upgraded_blob);
670 });
671 return retval;
672}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]673std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
674 switch (algorithm) {
675 case Algorithm::RSA:
676 switch (SecLevel()) {
677 case SecurityLevel::TRUSTED_ENVIRONMENT:
678 return {2048, 3072, 4096};
679 case SecurityLevel::STRONGBOX:
680 return {2048};
681 default:
682 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
683 break;
684 }
685 break;
686 case Algorithm::EC:
687 switch (SecLevel()) {
688 case SecurityLevel::TRUSTED_ENVIRONMENT:
689 return {224, 256, 384, 521};
690 case SecurityLevel::STRONGBOX:
691 return {256};
692 default:
693 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
694 break;
695 }
696 break;
697 case Algorithm::AES:
698 return {128, 256};
699 case Algorithm::TRIPLE_DES:
700 return {168};
701 case Algorithm::HMAC: {
702 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
703 uint32_t size = 64 - 8;
704 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
705 return retval;
706 }
707 default:
708 CHECK(false) << "Invalid Algorithm: " << algorithm;
709 return {};
710 }
711 CHECK(false) << "Should be impossible to get here";
712 return {};
713}
714std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
715 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
716 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
717 switch (algorithm) {
718 case Algorithm::RSA:
719 return {3072, 4096};
720 case Algorithm::EC:
721 return {224, 384, 521};
Baranidharan Muthukumaran88a376b2018-08-24 13:31:35 -0700[diff] [blame]722 case Algorithm::AES:
723 return {192};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]724 default:
725 return {};
726 }
727}
728
729std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
730 if (securityLevel_ == SecurityLevel::STRONGBOX) {
731 return {EcCurve::P_256};
732 } else {
733 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
734 }
735}
736
737std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
738 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
739 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
740 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
741}
742
Yi Kong73921752018-09-21 15:30:45 -0700[diff] [blame]743std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]744 switch (SecLevel()) {
745 case SecurityLevel::TRUSTED_ENVIRONMENT:
746 if (withNone) {
747 if (withMD5)
748 return {Digest::NONE, Digest::MD5, Digest::SHA1,
749 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
750 Digest::SHA_2_512};
751 else
752 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
753 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
754 } else {
755 if (withMD5)
756 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
757 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
758 else
759 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
760 Digest::SHA_2_512};
761 }
762 break;
763 case SecurityLevel::STRONGBOX:
764 if (withNone)
765 return {Digest::NONE, Digest::SHA_2_256};
766 else
767 return {Digest::SHA_2_256};
768 break;
769 default:
770 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
771 break;
772 }
773 CHECK(false) << "Should be impossible to get here";
774 return {};
775}
776
777std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
778 return {};
779}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]780
781} // namespace test
782} // namespace V4_0
783} // namespace keymaster
784} // namespace hardware
785} // namespace android