Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 650c081f233eb8e13d575e6a44fc359e700e131d / . / security / keymint / aidl / vts / functional / KeyMintAidlTestBase.h
blob: a6a9df60f81852b5aea14eecaba53932fba82696 [file] [log] [blame]
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]1/*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]17#pragma once
18
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]19#include <functional>
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]20#include <string_view>
21
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]22#include <aidl/Gtest.h>
23#include <aidl/Vintf.h>
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]24#include <android-base/properties.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]25#include <binder/IServiceManager.h>
26#include <binder/ProcessState.h>
27#include <gtest/gtest.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]28#include <openssl/x509.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]29
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]30#include <aidl/android/hardware/security/keymint/ErrorCode.h>
31#include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]32#include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
Shawn Willden1d3f85e2020-12-09 14:18:44 -0700[diff] [blame]33
Shawn Willden4315e132022-03-20 12:49:46 -0600[diff] [blame]34#include <keymint_support/attestation_record.h>
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]35#include <keymint_support/authorization_set.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]36#include <keymint_support/openssl_utils.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]37
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]38namespace aidl::android::hardware::security::keymint {
39
40::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set);
41
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]42inline bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
43 return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
44}
45
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]46namespace test {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]47
48using ::android::sp;
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]49using Status = ::ndk::ScopedAStatus;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]50using ::std::optional;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]51using ::std::shared_ptr;
52using ::std::string;
53using ::std::vector;
54
55constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF;
56
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]57class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
58 public:
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]59 struct KeyData {
60 vector<uint8_t> blob;
61 vector<KeyCharacteristics> characteristics;
62 };
63
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]64 static bool arm_deleteAllKeys;
65 static bool dump_Attestations;
66
David Drysdale9f5c0c52022-11-03 15:10:16 +0000[diff] [blame]67 // Directory to store/retrieve keyblobs, using subdirectories named for the
68 // KeyMint instance in question (e.g. "./default/", "./strongbox/").
69 static std::string keyblob_dir;
70
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]71 void SetUp() override;
72 void TearDown() override {
73 if (key_blob_.size()) {
74 CheckedDeleteKey();
75 }
76 AbortIfNeeded();
77 }
78
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]79 void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]80 IKeyMintDevice& keyMint() { return *keymint_; }
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]81 int32_t AidlVersion();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]82 uint32_t os_version() { return os_version_; }
83 uint32_t os_patch_level() { return os_patch_level_; }
David Drysdalebb3d85e2021-04-13 11:15:51 +0100[diff] [blame]84 uint32_t vendor_patch_level() { return vendor_patch_level_; }
David Drysdale37af4b32021-05-14 16:46:59 +0100[diff] [blame]85 uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);
86 uint32_t boot_patch_level();
Prashant Patil88ad1892022-03-15 16:31:02 +0000[diff] [blame]87 bool isDeviceIdAttestationRequired();
Rajesh Nyamagoud5283f812023-01-06 00:27:56 +0000[diff] [blame]88 bool isSecondImeiIdAttestationRequired();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]89
David Drysdale42fe1892021-10-14 14:43:46 +0100[diff] [blame]90 bool Curve25519Supported();
91
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]92 ErrorCode GetReturnErrorCode(const Status& result);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]93
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]94 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
95 vector<KeyCharacteristics>* key_characteristics) {
96 return GenerateKey(key_desc, std::nullopt /* attest_key */, key_blob, key_characteristics,
97 &cert_chain_);
98 }
99 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
100 const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob,
101 vector<KeyCharacteristics>* key_characteristics,
102 vector<Certificate>* cert_chain);
103 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
104 const optional<AttestationKey>& attest_key = std::nullopt);
105
subrahmanyaman7d9bc462022-03-16 01:40:39 +0000[diff] [blame]106 // Generate key for implementations which do not support factory attestation.
107 ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
108 const AuthorizationSet& key_desc,
109 vector<uint8_t>* key_blob,
110 vector<KeyCharacteristics>* key_characteristics,
111 vector<Certificate>* cert_chain);
112
113 ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
114 const AuthorizationSet& key_desc,
115 vector<uint8_t>* key_blob,
116 vector<KeyCharacteristics>* key_characteristics) {
117 return GenerateKeyWithSelfSignedAttestKey(attest_key_desc, key_desc, key_blob,
118 key_characteristics, &cert_chain_);
119 }
120
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]121 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
122 const string& key_material, vector<uint8_t>* key_blob,
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]123 vector<KeyCharacteristics>* key_characteristics);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]124 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
125 const string& key_material);
126
127 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
128 const AuthorizationSet& wrapping_key_desc, string masking_key,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]129 const AuthorizationSet& unwrapping_params, int64_t password_sid,
130 int64_t biometric_sid);
131 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
132 const AuthorizationSet& wrapping_key_desc, string masking_key,
133 const AuthorizationSet& unwrapping_params) {
134 return ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, masking_key,
135 unwrapping_params, 0 /* password_sid */, 0 /* biometric_sid */);
136 }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]137
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]138 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob, const vector<uint8_t>& app_id,
139 const vector<uint8_t>& app_data,
140 vector<KeyCharacteristics>* key_characteristics);
141 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob,
142 vector<KeyCharacteristics>* key_characteristics);
143
144 void CheckCharacteristics(const vector<uint8_t>& key_blob,
145 const vector<KeyCharacteristics>& generate_characteristics);
146 void CheckAppIdCharacteristics(const vector<uint8_t>& key_blob, std::string_view app_id_string,
147 std::string_view app_data_string,
148 const vector<KeyCharacteristics>& generate_characteristics);
149
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]150 ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
151 ErrorCode DeleteKey(bool keep_key_blob = false);
152
153 ErrorCode DeleteAllKeys();
154
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]155 ErrorCode DestroyAttestationIds();
156
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]157 void CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
158 void CheckedDeleteKey();
159
160 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
161 const AuthorizationSet& in_params, AuthorizationSet* out_params,
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]162 std::shared_ptr<IKeyMintOperation>& op);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]163 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
David Drysdale28fa9312023-02-01 14:53:01 +0000[diff] [blame]164 const AuthorizationSet& in_params, AuthorizationSet* out_params,
165 std::optional<HardwareAuthToken> hat = std::nullopt);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]166 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
167 AuthorizationSet* out_params);
168 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
169
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]170 ErrorCode UpdateAad(const string& input);
171 ErrorCode Update(const string& input, string* output);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]172
David Drysdale28fa9312023-02-01 14:53:01 +0000[diff] [blame]173 ErrorCode Finish(const string& message, const string& signature, string* output,
174 std::optional<HardwareAuthToken> hat = std::nullopt,
175 std::optional<secureclock::TimeStampToken> time_token = std::nullopt);
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]176 ErrorCode Finish(const string& message, string* output) {
177 return Finish(message, {} /* signature */, output);
178 }
179 ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]180
181 ErrorCode Abort();
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]182 ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]183 void AbortIfNeeded();
184
185 string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
186 const string& message, const AuthorizationSet& in_params,
187 AuthorizationSet* out_params);
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]188 std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
189 const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
190 const AuthorizationSet& in_params);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]191 string SignMessage(const vector<uint8_t>& key_blob, const string& message,
192 const AuthorizationSet& params);
193 string SignMessage(const string& message, const AuthorizationSet& params);
194
195 string MacMessage(const string& message, Digest digest, size_t mac_length);
196
anil.hiranniah19a4ca12022-03-03 17:39:30 +0530[diff] [blame]197 void CheckAesIncrementalEncryptOperation(BlockMode block_mode, int message_size);
198
Prashant Patildd5f7f02022-07-06 18:58:07 +0000[diff] [blame]199 void AesCheckEncryptOneByteAtATime(const string& key, BlockMode block_mode,
200 PaddingMode padding_mode, const string& iv,
201 const string& plaintext, const string& exp_cipher_text);
202
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]203 void CheckHmacTestVector(const string& key, const string& message, Digest digest,
204 const string& expected_mac);
205
206 void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message,
207 const string& expected_ciphertext);
208
209 void CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
210 PaddingMode padding_mode, const string& key, const string& iv,
211 const string& input, const string& expected_output);
212
213 void VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
214 const string& signature, const AuthorizationSet& params);
215 void VerifyMessage(const string& message, const string& signature,
216 const AuthorizationSet& params);
David Drysdale9f5c0c52022-11-03 15:10:16 +0000[diff] [blame]217 void LocalVerifyMessage(const vector<uint8_t>& der_cert, const string& message,
218 const string& signature, const AuthorizationSet& params);
David Drysdaledf8f52e2021-05-06 08:10:58 +0100[diff] [blame]219 void LocalVerifyMessage(const string& message, const string& signature,
220 const AuthorizationSet& params);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]221
David Drysdale59cae642021-05-12 13:52:03 +0100[diff] [blame]222 string LocalRsaEncryptMessage(const string& message, const AuthorizationSet& params);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]223 string EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
224 const AuthorizationSet& in_params, AuthorizationSet* out_params);
225 string EncryptMessage(const string& message, const AuthorizationSet& params,
226 AuthorizationSet* out_params);
227 string EncryptMessage(const string& message, const AuthorizationSet& params);
228 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding);
229 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
230 vector<uint8_t>* iv_out);
231 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
232 const vector<uint8_t>& iv_in);
233 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
234 uint8_t mac_length_bits, const vector<uint8_t>& iv_in);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]235 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
236 uint8_t mac_length_bits);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]237
238 string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext,
239 const AuthorizationSet& params);
240 string DecryptMessage(const string& ciphertext, const AuthorizationSet& params);
241 string DecryptMessage(const string& ciphertext, BlockMode block_mode, PaddingMode padding_mode,
242 const vector<uint8_t>& iv);
243
244 std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob);
245
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]246 template <typename TagType>
247 std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
248 KeyData /* ecdsaKey */>
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]249 CreateTestKeys(
250 TagType tagToTest, ErrorCode expectedReturn,
251 std::function<void(AuthorizationSetBuilder*)> tagModifier =
252 [](AuthorizationSetBuilder*) {}) {
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]253 /* AES */
254 KeyData aesKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]255 AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder()
256 .AesEncryptionKey(128)
257 .Authorization(tagToTest)
258 .BlockMode(BlockMode::ECB)
259 .Padding(PaddingMode::NONE)
260 .Authorization(TAG_NO_AUTH_REQUIRED);
261 tagModifier(&aesBuilder);
262 ErrorCode errorCode =
263 GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics);
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]264 EXPECT_EQ(expectedReturn, errorCode);
265
266 /* HMAC */
267 KeyData hmacKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]268 AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder()
269 .HmacKey(128)
270 .Authorization(tagToTest)
271 .Digest(Digest::SHA_2_256)
272 .Authorization(TAG_MIN_MAC_LENGTH, 128)
273 .Authorization(TAG_NO_AUTH_REQUIRED);
274 tagModifier(&hmacBuilder);
275 errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics);
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]276 EXPECT_EQ(expectedReturn, errorCode);
277
278 /* RSA */
279 KeyData rsaKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]280 AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder()
281 .RsaSigningKey(2048, 65537)
282 .Authorization(tagToTest)
283 .Digest(Digest::NONE)
284 .Padding(PaddingMode::NONE)
285 .Authorization(TAG_NO_AUTH_REQUIRED)
286 .SetDefaultValidity();
287 tagModifier(&rsaBuilder);
288 errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]289 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
290 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
291 EXPECT_EQ(expectedReturn, errorCode);
292 }
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]293
294 /* ECDSA */
295 KeyData ecdsaKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]296 AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder()
David Drysdaledf09e542021-06-08 15:46:11 +0100[diff] [blame]297 .EcdsaSigningKey(EcCurve::P_256)
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]298 .Authorization(tagToTest)
299 .Digest(Digest::SHA_2_256)
300 .Authorization(TAG_NO_AUTH_REQUIRED)
301 .SetDefaultValidity();
302 tagModifier(&ecdsaBuilder);
303 errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]304 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
305 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
306 EXPECT_EQ(expectedReturn, errorCode);
307 }
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]308 return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
309 }
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]310 bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
311 SecurityLevel SecLevel() const { return securityLevel_; }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]312
313 vector<uint32_t> ValidKeySizes(Algorithm algorithm);
314 vector<uint32_t> InvalidKeySizes(Algorithm algorithm);
315
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]316 vector<BlockMode> ValidBlockModes(Algorithm algorithm);
317 vector<PaddingMode> ValidPaddingModes(Algorithm algorithm, BlockMode blockMode);
318 vector<PaddingMode> InvalidPaddingModes(Algorithm algorithm, BlockMode blockMode);
319
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]320 vector<EcCurve> ValidCurves();
321 vector<EcCurve> InvalidCurves();
322
323 vector<Digest> ValidDigests(bool withNone, bool withMD5);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]324 vector<uint64_t> ValidExponents();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]325
326 static vector<string> build_params() {
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]327 auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]328 return params;
329 }
330
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]331 std::shared_ptr<IKeyMintOperation> op_;
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]332 vector<Certificate> cert_chain_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]333 vector<uint8_t> key_blob_;
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]334 vector<KeyCharacteristics> key_characteristics_;
335
336 const vector<KeyParameter>& SecLevelAuthorizations(
337 const vector<KeyCharacteristics>& key_characteristics);
338 inline const vector<KeyParameter>& SecLevelAuthorizations() {
339 return SecLevelAuthorizations(key_characteristics_);
340 }
Qi Wubeefae42021-01-28 23:16:37 +0800[diff] [blame]341 const vector<KeyParameter>& SecLevelAuthorizations(
342 const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel);
343
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]344 ErrorCode UseAesKey(const vector<uint8_t>& aesKeyBlob);
345 ErrorCode UseHmacKey(const vector<uint8_t>& hmacKeyBlob);
346 ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
347 ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]348
Shawn Willdend659c7c2021-02-19 14:51:51 -0700[diff] [blame]349 protected:
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]350 std::shared_ptr<IKeyMintDevice> keymint_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]351 uint32_t os_version_;
352 uint32_t os_patch_level_;
David Drysdalebb3d85e2021-04-13 11:15:51 +0100[diff] [blame]353 uint32_t vendor_patch_level_;
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]354 bool timestamp_token_required_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]355
356 SecurityLevel securityLevel_;
357 string name_;
358 string author_;
359 long challenge_;
Prashant Patildd5f7f02022-07-06 18:58:07 +0000[diff] [blame]360
361 private:
362 void CheckEncryptOneByteAtATime(BlockMode block_mode, const int block_size,
363 PaddingMode padding_mode, const string& iv,
364 const string& plaintext, const string& exp_cipher_text);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]365};
366
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]367// If the given property is available, add it to the tag set under the given tag ID.
368template <Tag tag>
369void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
370 const char* prop) {
371 std::string prop_value = ::android::base::GetProperty(prop, /* default= */ "");
372 if (!prop_value.empty()) {
373 tags->Authorization(ttag, prop_value.data(), prop_value.size());
374 }
375}
376
Shawn Willden22fb9c12022-06-02 14:04:33 -0600[diff] [blame]377// Return the VSR API level for this device.
378int get_vsr_api_level();
379
David Drysdale555ba002022-05-03 18:48:57 +0100[diff] [blame]380// Indicate whether the test is running on a GSI image.
381bool is_gsi_image();
382
Selene Huang6e46f142021-04-20 19:20:11 -0700[diff] [blame]383vector<uint8_t> build_serial_blob(const uint64_t serial_int);
384void verify_subject(const X509* cert, const string& subject, bool self_signed);
385void verify_serial(X509* cert, const uint64_t expected_serial);
386void verify_subject_and_serial(const Certificate& certificate, //
387 const uint64_t expected_serial, //
388 const string& subject, bool self_signed);
Shawn Willden4315e132022-03-20 12:49:46 -0600[diff] [blame]389void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, //
390 bool device_locked, //
391 VerifiedBoot verified_boot_state, //
392 const vector<uint8_t>& verified_boot_hash);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]393bool verify_attestation_record(int aidl_version, //
394 const string& challenge, //
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]395 const string& app_id, //
396 AuthorizationSet expected_sw_enforced, //
397 AuthorizationSet expected_hw_enforced, //
398 SecurityLevel security_level,
David Drysdale565ccc72021-10-11 12:49:50 +0100[diff] [blame]399 const vector<uint8_t>& attestation_cert,
400 vector<uint8_t>* unique_id = nullptr);
Selene Huang6e46f142021-04-20 19:20:11 -0700[diff] [blame]401
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]402string bin2hex(const vector<uint8_t>& data);
403X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
Tri Voec50ee12023-02-14 16:29:53 -0800[diff] [blame]404ASN1_OCTET_STRING* get_attestation_record(X509* certificate);
David Drysdalef0d516d2021-03-22 07:51:43 +0000[diff] [blame]405vector<uint8_t> make_name_from_str(const string& name);
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]406void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
407 vector<uint8_t>* payload_value);
408void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
Max Biresa97ec692022-11-21 23:37:54 -0800[diff] [blame]409void device_id_attestation_vsr_check(const ErrorCode& result);
David Drysdale3d2ba0a2023-01-11 13:27:26 +0000[diff] [blame]410bool check_feature(const std::string& name);
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]411
David Drysdalef0d516d2021-03-22 07:51:43 +0000[diff] [blame]412AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
413AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
Eran Messeri03d7a1a2021-07-06 12:07:57 +0100[diff] [blame]414::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain,
415 bool strict_issuer_check = true);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]416
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]417#define INSTANTIATE_KEYMINT_AIDL_TEST(name) \
418 INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
419 testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
Shawn Willden7e71f1e2021-04-01 16:44:22 -0600[diff] [blame]420 ::android::PrintInstanceNameToString); \
421 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]422
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]423} // namespace test
424
425} // namespace aidl::android::hardware::security::keymint