Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 2adf7fb2d5e0c27962dc65f6a743dd21b84aeca0 / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: 1fbd721e24f4c611edeeb7024fb00441715f6dfa [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]19#include <chrono>
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]20#include <vector>
21
22#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]23#include <android/hidl/manager/1.0/IServiceManager.h>
24
25#include <keymasterV4_0/key_param_output.h>
Shawn Willden2adf7fb2019-11-26 09:00:08 -0700[diff] [blame^]26#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]27
28namespace android {
29namespace hardware {
30namespace keymaster {
31namespace V4_0 {
32
33::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
34 if (set.size() == 0)
35 os << "(Empty)" << ::std::endl;
36 else {
37 os << "\n";
38 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
39 }
40 return os;
41}
42
43namespace test {
44
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]45void KeymasterHidlTest::InitializeKeymaster() {
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame]46 service_name_ = GetParam();
47 keymaster_ = IKeymasterDevice::getService(service_name_);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]48 ASSERT_NE(keymaster_, nullptr);
49
50 ASSERT_TRUE(keymaster_
51 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
52 const hidl_string& author) {
53 securityLevel_ = securityLevel;
54 name_ = name;
55 author_ = author;
56 })
57 .isOk());
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]58}
59
Shawn Willden2adf7fb2019-11-26 09:00:08 -0700[diff] [blame^]60void KeymasterHidlTest::SetUpTestCase() {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]61 InitializeKeymaster();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]62
Shawn Willden2adf7fb2019-11-26 09:00:08 -0700[diff] [blame^]63 os_version_ = support::getOsVersion();
64 os_patch_level_ = support::getOsPatchlevel();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]65
66 auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();
67 ASSERT_NE(nullptr, service_manager.get());
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]68 all_keymasters_.push_back(keymaster_);
69 service_manager->listByInterface(
70 IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {
71 for (auto& name : names) {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]72 if (name == service_name_) continue;
Dan Shi3bacd7f2019-12-10 15:41:18 -0800[diff] [blame]73 auto keymaster = IKeymasterDevice::getService(name);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]74 ASSERT_NE(keymaster, nullptr);
75 all_keymasters_.push_back(keymaster);
76 }
77 });
78}
79
80ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
81 KeyCharacteristics* key_characteristics) {
82 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
83 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
84 EXPECT_NE(key_characteristics, nullptr)
85 << "Previous characteristics not deleted before generating key. Test bug.";
86
87 ErrorCode error;
88 EXPECT_TRUE(keymaster_
89 ->generateKey(key_desc.hidl_data(),
90 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
91 const KeyCharacteristics& hidl_key_characteristics) {
92 error = hidl_error;
93 *key_blob = hidl_key_blob;
94 *key_characteristics = hidl_key_characteristics;
95 })
96 .isOk());
97 // On error, blob & characteristics should be empty.
98 if (error != ErrorCode::OK) {
99 EXPECT_EQ(0U, key_blob->size());
100 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
101 key_characteristics->hardwareEnforced.size()));
102 }
103 return error;
104}
105
106ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
107 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
108}
109
110ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
111 const string& key_material, HidlBuf* key_blob,
112 KeyCharacteristics* key_characteristics) {
113 ErrorCode error;
114 EXPECT_TRUE(keymaster_
115 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
116 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
117 const KeyCharacteristics& hidl_key_characteristics) {
118 error = hidl_error;
119 *key_blob = hidl_key_blob;
120 *key_characteristics = hidl_key_characteristics;
121 })
122 .isOk());
123 // On error, blob & characteristics should be empty.
124 if (error != ErrorCode::OK) {
125 EXPECT_EQ(0U, key_blob->size());
126 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
127 key_characteristics->hardwareEnforced.size()));
128 }
129 return error;
130}
131
132ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
133 const string& key_material) {
134 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
135}
136
137ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
138 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]139 string masking_key,
140 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]141 ErrorCode error;
142 ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
143 EXPECT_TRUE(keymaster_
144 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]145 unwrapping_params.hidl_data(), 0 /* passwordSid */,
146 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]147 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
148 const KeyCharacteristics& hidl_key_characteristics) {
149 error = hidl_error;
150 key_blob_ = hidl_key_blob;
151 key_characteristics_ = hidl_key_characteristics;
152 })
153 .isOk());
154 return error;
155}
156
157ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
158 const HidlBuf& client_id, const HidlBuf& app_data,
159 HidlBuf* key_material) {
160 ErrorCode error;
161 EXPECT_TRUE(keymaster_
162 ->exportKey(format, key_blob, client_id, app_data,
163 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
164 error = hidl_error_code;
165 *key_material = hidl_key_material;
166 })
167 .isOk());
168 // On error, blob should be empty.
169 if (error != ErrorCode::OK) {
170 EXPECT_EQ(0U, key_material->size());
171 }
172 return error;
173}
174
175ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
176 HidlBuf client_id, app_data;
177 return ExportKey(format, key_blob_, client_id, app_data, key_material);
178}
179
180ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
181 auto rc = keymaster_->deleteKey(*key_blob);
182 if (!keep_key_blob) *key_blob = HidlBuf();
183 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
184 return rc;
185}
186
187ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
188 return DeleteKey(&key_blob_, keep_key_blob);
189}
190
191ErrorCode KeymasterHidlTest::DeleteAllKeys() {
192 ErrorCode error = keymaster_->deleteAllKeys();
193 return error;
194}
195
196void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
197 auto rc = DeleteKey(key_blob, keep_key_blob);
198 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
199}
200
201void KeymasterHidlTest::CheckedDeleteKey() {
202 CheckedDeleteKey(&key_blob_);
203}
204
Max Bires873d8892019-02-08 12:29:58 -0800[diff] [blame]205void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
206 const HidlBuf& app_data,
207 KeyCharacteristics* key_characteristics) {
208 HidlBuf empty_buf = {};
209 EXPECT_EQ(ErrorCode::OK,
210 GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
211 EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
212 EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
213
214 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
215 GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
216 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
217 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
218
219 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
220 GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
221 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
222 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
223
224 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
225 GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
226 EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
227 EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
228}
229
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]230ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
231 const HidlBuf& app_data,
232 KeyCharacteristics* key_characteristics) {
233 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
234 EXPECT_TRUE(
235 keymaster_
236 ->getKeyCharacteristics(
237 key_blob, client_id, app_data,
238 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
239 error = hidl_error, *key_characteristics = hidl_key_characteristics;
240 })
241 .isOk());
242 return error;
243}
244
245ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
246 KeyCharacteristics* key_characteristics) {
247 HidlBuf client_id, app_data;
248 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
249}
250
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame]251ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
252 EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
253 *debug_info = hidl_debug_info;
254 }).isOk());
255 return ErrorCode::OK;
256}
257
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]258ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
259 const AuthorizationSet& in_params, AuthorizationSet* out_params,
260 OperationHandle* op_handle) {
261 SCOPED_TRACE("Begin");
262 ErrorCode error;
263 OperationHandle saved_handle = *op_handle;
264 EXPECT_TRUE(keymaster_
265 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
266 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
267 uint64_t hidl_op_handle) {
268 error = hidl_error;
269 *out_params = hidl_out_params;
270 *op_handle = hidl_op_handle;
271 })
272 .isOk());
273 if (error != ErrorCode::OK) {
274 // Some implementations may modify *op_handle on error.
275 *op_handle = saved_handle;
276 }
277 return error;
278}
279
280ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
281 AuthorizationSet* out_params) {
282 SCOPED_TRACE("Begin");
283 EXPECT_EQ(kOpHandleSentinel, op_handle_);
284 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
285}
286
287ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
288 SCOPED_TRACE("Begin");
289 AuthorizationSet out_params;
290 ErrorCode error = Begin(purpose, in_params, &out_params);
291 EXPECT_TRUE(out_params.empty());
292 return error;
293}
294
295ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
296 const string& input, AuthorizationSet* out_params,
297 string* output, size_t* input_consumed) {
298 SCOPED_TRACE("Update");
299 ErrorCode error;
300 EXPECT_TRUE(keymaster_
301 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
302 VerificationToken(),
303 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
304 const hidl_vec<KeyParameter>& hidl_out_params,
305 const HidlBuf& hidl_output) {
306 error = hidl_error;
307 out_params->push_back(AuthorizationSet(hidl_out_params));
308 output->append(hidl_output.to_string());
309 *input_consumed = hidl_input_consumed;
310 })
311 .isOk());
312 return error;
313}
314
315ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
316 SCOPED_TRACE("Update");
317 AuthorizationSet out_params;
318 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
319 out, input_consumed);
320 EXPECT_TRUE(out_params.empty());
321 return error;
322}
323
324ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
325 const string& input, const string& signature,
326 AuthorizationSet* out_params, string* output) {
327 SCOPED_TRACE("Finish");
328 ErrorCode error;
329 EXPECT_TRUE(
330 keymaster_
331 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
332 HardwareAuthToken(), VerificationToken(),
333 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
334 const HidlBuf& hidl_output) {
335 error = hidl_error;
336 *out_params = hidl_out_params;
337 output->append(hidl_output.to_string());
338 })
339 .isOk());
340 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
341 return error;
342}
343
344ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
345 SCOPED_TRACE("Finish");
346 AuthorizationSet out_params;
347 string finish_output;
348 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
349 "" /* signature */, &out_params, output);
350 if (error != ErrorCode::OK) {
351 return error;
352 }
353 EXPECT_EQ(0U, out_params.size());
354 return error;
355}
356
357ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
358 string* output) {
359 SCOPED_TRACE("Finish");
360 AuthorizationSet out_params;
361 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
362 &out_params, output);
363 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
364 if (error != ErrorCode::OK) {
365 return error;
366 }
367 EXPECT_EQ(0U, out_params.size());
368 return error;
369}
370
371ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
372 SCOPED_TRACE("Abort");
373 auto retval = keymaster_->abort(op_handle);
374 EXPECT_TRUE(retval.isOk());
375 return retval;
376}
377
378void KeymasterHidlTest::AbortIfNeeded() {
379 SCOPED_TRACE("AbortIfNeeded");
380 if (op_handle_ != kOpHandleSentinel) {
381 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
382 op_handle_ = kOpHandleSentinel;
383 }
384}
385
386ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
387 const AuthorizationSet& attest_params,
388 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
389 SCOPED_TRACE("AttestKey");
390 ErrorCode error;
391 auto rc = keymaster_->attestKey(
392 key_blob, attest_params.hidl_data(),
393 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
394 error = hidl_error;
395 *cert_chain = hidl_cert_chain;
396 });
397
398 EXPECT_TRUE(rc.isOk()) << rc.description();
399 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
400
401 return error;
402}
403
404ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
405 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
406 SCOPED_TRACE("AttestKey");
407 return AttestKey(key_blob_, attest_params, cert_chain);
408}
409
410string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
411 const string& message, const AuthorizationSet& in_params,
412 AuthorizationSet* out_params) {
413 SCOPED_TRACE("ProcessMessage");
414 AuthorizationSet begin_out_params;
415 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
416
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]417 string output;
418 size_t consumed = 0;
419 AuthorizationSet update_params;
420 AuthorizationSet update_out_params;
421 EXPECT_EQ(ErrorCode::OK,
422 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
423
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]424 string unused;
425 AuthorizationSet finish_params;
426 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]427 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
428 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]429 op_handle_ = kOpHandleSentinel;
430
431 out_params->push_back(begin_out_params);
432 out_params->push_back(finish_out_params);
433 return output;
434}
435
436string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
437 const AuthorizationSet& params) {
438 SCOPED_TRACE("SignMessage");
439 AuthorizationSet out_params;
440 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
441 EXPECT_TRUE(out_params.empty());
442 return signature;
443}
444
445string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
446 SCOPED_TRACE("SignMessage");
447 return SignMessage(key_blob_, message, params);
448}
449
450string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
451 SCOPED_TRACE("MacMessage");
452 return SignMessage(
453 key_blob_, message,
454 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
455}
456
457void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
458 const string& expected_mac) {
459 SCOPED_TRACE("CheckHmacTestVector");
460 ASSERT_EQ(ErrorCode::OK,
461 ImportKey(AuthorizationSetBuilder()
462 .Authorization(TAG_NO_AUTH_REQUIRED)
463 .HmacKey(key.size() * 8)
464 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
465 .Digest(digest),
466 KeyFormat::RAW, key));
467 string signature = MacMessage(message, digest, expected_mac.size() * 8);
468 EXPECT_EQ(expected_mac, signature)
469 << "Test vector didn't match for key of size " << key.size() << " message of size "
470 << message.size() << " and digest " << digest;
471 CheckedDeleteKey();
472}
473
474void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
475 const string& message,
476 const string& expected_ciphertext) {
477 SCOPED_TRACE("CheckAesCtrTestVector");
478 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
479 .Authorization(TAG_NO_AUTH_REQUIRED)
480 .AesEncryptionKey(key.size() * 8)
481 .BlockMode(BlockMode::CTR)
482 .Authorization(TAG_CALLER_NONCE)
483 .Padding(PaddingMode::NONE),
484 KeyFormat::RAW, key));
485
486 auto params = AuthorizationSetBuilder()
487 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
488 .BlockMode(BlockMode::CTR)
489 .Padding(PaddingMode::NONE);
490 AuthorizationSet out_params;
491 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
492 EXPECT_EQ(expected_ciphertext, ciphertext);
493}
494
495void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
496 PaddingMode padding_mode, const string& key,
497 const string& iv, const string& input,
498 const string& expected_output) {
499 auto authset = AuthorizationSetBuilder()
500 .TripleDesEncryptionKey(key.size() * 7)
501 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]502 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]503 .Padding(padding_mode);
504 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
505 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
506 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
507 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
508 AuthorizationSet output_params;
509 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
510 EXPECT_EQ(expected_output, output);
511}
512
513void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
514 const string& signature, const AuthorizationSet& params) {
515 SCOPED_TRACE("VerifyMessage");
516 AuthorizationSet begin_out_params;
517 ASSERT_EQ(ErrorCode::OK,
518 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
519
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]520 string output;
521 AuthorizationSet update_params;
522 AuthorizationSet update_out_params;
523 size_t consumed;
524 ASSERT_EQ(ErrorCode::OK,
525 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
526 EXPECT_TRUE(output.empty());
527 EXPECT_GT(consumed, 0U);
528
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]529 string unused;
530 AuthorizationSet finish_params;
531 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]532 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
533 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]534 op_handle_ = kOpHandleSentinel;
535 EXPECT_TRUE(output.empty());
536}
537
538void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
539 const AuthorizationSet& params) {
540 SCOPED_TRACE("VerifyMessage");
541 VerifyMessage(key_blob_, message, signature, params);
542}
543
544string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
545 const AuthorizationSet& in_params,
546 AuthorizationSet* out_params) {
547 SCOPED_TRACE("EncryptMessage");
548 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
549}
550
551string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
552 AuthorizationSet* out_params) {
553 SCOPED_TRACE("EncryptMessage");
554 return EncryptMessage(key_blob_, message, params, out_params);
555}
556
557string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
558 SCOPED_TRACE("EncryptMessage");
559 AuthorizationSet out_params;
560 string ciphertext = EncryptMessage(message, params, &out_params);
561 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
562 return ciphertext;
563}
564
565string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
566 PaddingMode padding) {
567 SCOPED_TRACE("EncryptMessage");
568 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
569 AuthorizationSet out_params;
570 string ciphertext = EncryptMessage(message, params, &out_params);
571 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
572 return ciphertext;
573}
574
575string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
576 PaddingMode padding, HidlBuf* iv_out) {
577 SCOPED_TRACE("EncryptMessage");
578 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
579 AuthorizationSet out_params;
580 string ciphertext = EncryptMessage(message, params, &out_params);
581 EXPECT_EQ(1U, out_params.size());
582 auto ivVal = out_params.GetTagValue(TAG_NONCE);
583 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]584 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]585 return ciphertext;
586}
587
588string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
589 PaddingMode padding, const HidlBuf& iv_in) {
590 SCOPED_TRACE("EncryptMessage");
591 auto params = AuthorizationSetBuilder()
592 .BlockMode(block_mode)
593 .Padding(padding)
594 .Authorization(TAG_NONCE, iv_in);
595 AuthorizationSet out_params;
596 string ciphertext = EncryptMessage(message, params, &out_params);
597 return ciphertext;
598}
599
Rob Barnes8ddc1c72019-09-13 18:00:44 -0600[diff] [blame]600string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
601 PaddingMode padding, uint8_t mac_length_bits,
602 const HidlBuf& iv_in) {
603 SCOPED_TRACE("EncryptMessage");
604 auto params = AuthorizationSetBuilder()
605 .BlockMode(block_mode)
606 .Padding(padding)
607 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
608 .Authorization(TAG_NONCE, iv_in);
609 AuthorizationSet out_params;
610 string ciphertext = EncryptMessage(message, params, &out_params);
611 return ciphertext;
612}
613
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]614string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
615 const AuthorizationSet& params) {
616 SCOPED_TRACE("DecryptMessage");
617 AuthorizationSet out_params;
618 string plaintext =
619 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
620 EXPECT_TRUE(out_params.empty());
621 return plaintext;
622}
623
624string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
625 SCOPED_TRACE("DecryptMessage");
626 return DecryptMessage(key_blob_, ciphertext, params);
627}
628
629string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
630 PaddingMode padding_mode, const HidlBuf& iv) {
631 SCOPED_TRACE("DecryptMessage");
632 auto params = AuthorizationSetBuilder()
633 .BlockMode(block_mode)
634 .Padding(padding_mode)
635 .Authorization(TAG_NONCE, iv);
636 return DecryptMessage(key_blob_, ciphertext, params);
637}
638
639std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
640 std::pair<ErrorCode, HidlBuf> retval;
641 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
642 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
643 retval = std::tie(error, upgraded_blob);
644 });
645 return retval;
646}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]647std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
648 switch (algorithm) {
649 case Algorithm::RSA:
650 switch (SecLevel()) {
651 case SecurityLevel::TRUSTED_ENVIRONMENT:
652 return {2048, 3072, 4096};
653 case SecurityLevel::STRONGBOX:
654 return {2048};
655 default:
656 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
657 break;
658 }
659 break;
660 case Algorithm::EC:
661 switch (SecLevel()) {
662 case SecurityLevel::TRUSTED_ENVIRONMENT:
663 return {224, 256, 384, 521};
664 case SecurityLevel::STRONGBOX:
665 return {256};
666 default:
667 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
668 break;
669 }
670 break;
671 case Algorithm::AES:
672 return {128, 256};
673 case Algorithm::TRIPLE_DES:
674 return {168};
675 case Algorithm::HMAC: {
676 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
677 uint32_t size = 64 - 8;
678 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
679 return retval;
680 }
681 default:
682 CHECK(false) << "Invalid Algorithm: " << algorithm;
683 return {};
684 }
685 CHECK(false) << "Should be impossible to get here";
686 return {};
687}
688std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
689 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
690 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
691 switch (algorithm) {
692 case Algorithm::RSA:
693 return {3072, 4096};
694 case Algorithm::EC:
695 return {224, 384, 521};
Baranidharan Muthukumaran88a376b2018-08-24 13:31:35 -0700[diff] [blame]696 case Algorithm::AES:
697 return {192};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]698 default:
699 return {};
700 }
701}
702
703std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
704 if (securityLevel_ == SecurityLevel::STRONGBOX) {
705 return {EcCurve::P_256};
706 } else {
707 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
708 }
709}
710
711std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
712 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
713 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
714 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
715}
716
Yi Kong73921752018-09-21 15:30:45 -0700[diff] [blame]717std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]718 switch (SecLevel()) {
719 case SecurityLevel::TRUSTED_ENVIRONMENT:
720 if (withNone) {
721 if (withMD5)
722 return {Digest::NONE, Digest::MD5, Digest::SHA1,
723 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
724 Digest::SHA_2_512};
725 else
726 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
727 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
728 } else {
729 if (withMD5)
730 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
731 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
732 else
733 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
734 Digest::SHA_2_512};
735 }
736 break;
737 case SecurityLevel::STRONGBOX:
738 if (withNone)
739 return {Digest::NONE, Digest::SHA_2_256};
740 else
741 return {Digest::SHA_2_256};
742 break;
743 default:
744 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
745 break;
746 }
747 CHECK(false) << "Should be impossible to get here";
748 return {};
749}
750
751std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
752 return {};
753}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]754
755} // namespace test
756} // namespace V4_0
757} // namespace keymaster
758} // namespace hardware
759} // namespace android