Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 83fa6413ac4e0d5af8782bb9e806f1fa02a56347 / . / security / keymint / aidl / vts / functional / KeyMintAidlTestBase.cpp
blob: 9ba4099819989e8ed476cc6b643789ae7e71e445 [file] [log] [blame]
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]1/*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeyMintAidlTestBase.h"
18
19#include <chrono>
20#include <vector>
21
22#include <android-base/logging.h>
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]23#include <android/binder_manager.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]24
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]25#include <keymint_support/key_param_output.h>
26#include <keymint_support/keymint_utils.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]27
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]28namespace aidl::android::hardware::security::keymint {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]29
30using namespace std::literals::chrono_literals;
31using std::endl;
32using std::optional;
33
34::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
35 if (set.size() == 0)
36 os << "(Empty)" << ::std::endl;
37 else {
38 os << "\n";
39 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
40 }
41 return os;
42}
43
44namespace test {
45
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]46ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(const Status& result) {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]47 if (result.isOk()) return ErrorCode::OK;
48
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]49 if (result.getExceptionCode() == EX_SERVICE_SPECIFIC) {
50 return static_cast<ErrorCode>(result.getServiceSpecificError());
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]51 }
52
53 return ErrorCode::UNKNOWN_ERROR;
54}
55
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]56void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint) {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]57 ASSERT_NE(keyMint, nullptr);
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]58 keymint_ = std::move(keyMint);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]59
60 KeyMintHardwareInfo info;
61 ASSERT_TRUE(keymint_->getHardwareInfo(&info).isOk());
62
63 securityLevel_ = info.securityLevel;
64 name_.assign(info.keyMintName.begin(), info.keyMintName.end());
65 author_.assign(info.keyMintAuthorName.begin(), info.keyMintAuthorName.end());
66
67 os_version_ = getOsVersion();
68 os_patch_level_ = getOsPatchlevel();
69}
70
71void KeyMintAidlTestBase::SetUp() {
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]72 if (AServiceManager_isDeclared(GetParam().c_str())) {
73 ::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
74 InitializeKeyMint(IKeyMintDevice::fromBinder(binder));
75 } else {
76 InitializeKeyMint(nullptr);
77 }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]78}
79
80ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc,
81 vector<uint8_t>* keyBlob, KeyCharacteristics* keyChar) {
82 EXPECT_NE(keyBlob, nullptr) << "Key blob pointer must not be null. Test bug";
83 EXPECT_NE(keyChar, nullptr)
84 << "Previous characteristics not deleted before generating key. Test bug.";
85
86 // Aidl does not clear these output parameters if the function returns
87 // error. This is different from hal where output parameter is always
88 // cleared due to hal returning void. So now we need to do our own clearing
89 // of the output variables prior to calling keyMint aidl libraries.
90 keyBlob->clear();
91 keyChar->softwareEnforced.clear();
92 keyChar->hardwareEnforced.clear();
93 certChain_.clear();
94
95 Status result;
96 ByteArray blob;
97
98 result = keymint_->generateKey(key_desc.vector_data(), &blob, keyChar, &certChain_);
99
100 // On result, blob & characteristics should be empty.
101 if (result.isOk()) {
102 if (SecLevel() != SecurityLevel::SOFTWARE) {
103 EXPECT_GT(keyChar->hardwareEnforced.size(), 0);
104 }
105 EXPECT_GT(keyChar->softwareEnforced.size(), 0);
106 // TODO(seleneh) in a later version where we return @nullable
107 // single Certificate, check non-null single certificate is always
108 // non-empty.
109 *keyBlob = blob.data;
110 }
111
112 return GetReturnErrorCode(result);
113}
114
115ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc) {
116 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
117}
118
119ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
120 const string& key_material, vector<uint8_t>* key_blob,
121 KeyCharacteristics* key_characteristics) {
122 Status result;
123
124 certChain_.clear();
125 key_characteristics->softwareEnforced.clear();
126 key_characteristics->hardwareEnforced.clear();
127 key_blob->clear();
128
129 ByteArray blob;
130 result = keymint_->importKey(key_desc.vector_data(), format,
131 vector<uint8_t>(key_material.begin(), key_material.end()), &blob,
132 key_characteristics, &certChain_);
133
134 if (result.isOk()) {
135 if (SecLevel() != SecurityLevel::SOFTWARE) {
136 EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
137 }
138 EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
139 *key_blob = blob.data;
140 }
141
142 return GetReturnErrorCode(result);
143}
144
145ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
146 const string& key_material) {
147 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
148}
149
150ErrorCode KeyMintAidlTestBase::ImportWrappedKey(string wrapped_key, string wrapping_key,
151 const AuthorizationSet& wrapping_key_desc,
152 string masking_key,
153 const AuthorizationSet& unwrapping_params) {
154 Status result;
155 EXPECT_EQ(ErrorCode::OK, ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key));
156
157 ByteArray outBlob;
158 key_characteristics_.softwareEnforced.clear();
159 key_characteristics_.hardwareEnforced.clear();
160
161 result = keymint_->importWrappedKey(vector<uint8_t>(wrapped_key.begin(), wrapped_key.end()),
162 key_blob_,
163 vector<uint8_t>(masking_key.begin(), masking_key.end()),
164 unwrapping_params.vector_data(), 0 /* passwordSid */,
165 0 /* biometricSid */, &outBlob, &key_characteristics_);
166
167 if (result.isOk()) {
168 key_blob_ = outBlob.data;
169 if (SecLevel() != SecurityLevel::SOFTWARE) {
170 EXPECT_GT(key_characteristics_.hardwareEnforced.size(), 0);
171 }
172 EXPECT_GT(key_characteristics_.softwareEnforced.size(), 0);
173 }
174
175 return GetReturnErrorCode(result);
176}
177
178ErrorCode KeyMintAidlTestBase::DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob) {
179 Status result = keymint_->deleteKey(*key_blob);
180 if (!keep_key_blob) {
181 *key_blob = vector<uint8_t>();
182 }
183
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]184 EXPECT_TRUE(result.isOk()) << result.getServiceSpecificError() << endl;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]185 return GetReturnErrorCode(result);
186}
187
188ErrorCode KeyMintAidlTestBase::DeleteKey(bool keep_key_blob) {
189 return DeleteKey(&key_blob_, keep_key_blob);
190}
191
192ErrorCode KeyMintAidlTestBase::DeleteAllKeys() {
193 Status result = keymint_->deleteAllKeys();
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]194 EXPECT_TRUE(result.isOk()) << result.getServiceSpecificError() << endl;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]195 return GetReturnErrorCode(result);
196}
197
198void KeyMintAidlTestBase::CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob) {
199 ErrorCode result = DeleteKey(key_blob, keep_key_blob);
200 EXPECT_TRUE(result == ErrorCode::OK || result == ErrorCode::UNIMPLEMENTED) << result << endl;
201}
202
203void KeyMintAidlTestBase::CheckedDeleteKey() {
204 CheckedDeleteKey(&key_blob_);
205}
206
207ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
208 const AuthorizationSet& in_params,
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]209 AuthorizationSet* out_params,
210 std::shared_ptr<IKeyMintOperation>& op) {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]211 SCOPED_TRACE("Begin");
212 Status result;
213 BeginResult out;
214 result = keymint_->begin(purpose, key_blob, in_params.vector_data(), HardwareAuthToken(), &out);
215
216 if (result.isOk()) {
217 *out_params = out.params;
218 challenge_ = out.challenge;
219 op = out.operation;
220 }
221
222 return GetReturnErrorCode(result);
223}
224
225ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
226 const AuthorizationSet& in_params,
227 AuthorizationSet* out_params) {
228 SCOPED_TRACE("Begin");
229 Status result;
230 BeginResult out;
231
232 result = keymint_->begin(purpose, key_blob, in_params.vector_data(), HardwareAuthToken(), &out);
233
234 if (result.isOk()) {
235 *out_params = out.params;
236 challenge_ = out.challenge;
237 op_ = out.operation;
238 }
239
240 return GetReturnErrorCode(result);
241}
242
243ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
244 AuthorizationSet* out_params) {
245 SCOPED_TRACE("Begin");
246 EXPECT_EQ(nullptr, op_);
247 return Begin(purpose, key_blob_, in_params, out_params);
248}
249
250ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
251 SCOPED_TRACE("Begin");
252 AuthorizationSet out_params;
253 ErrorCode result = Begin(purpose, in_params, &out_params);
254 EXPECT_TRUE(out_params.empty());
255 return result;
256}
257
258ErrorCode KeyMintAidlTestBase::Update(const AuthorizationSet& in_params, const string& input,
259 AuthorizationSet* out_params, string* output,
260 int32_t* input_consumed) {
261 SCOPED_TRACE("Update");
262
263 Status result;
264 EXPECT_NE(op_, nullptr);
265 if (!op_) {
266 return ErrorCode::UNEXPECTED_NULL_POINTER;
267 }
268
269 KeyParameterArray key_params;
270 key_params.params = in_params.vector_data();
271
272 KeyParameterArray in_keyParams;
273 in_keyParams.params = in_params.vector_data();
274
275 optional<KeyParameterArray> out_keyParams;
276 optional<ByteArray> o_put;
277 result = op_->update(in_keyParams, vector<uint8_t>(input.begin(), input.end()), {}, {},
278 &out_keyParams, &o_put, input_consumed);
279
280 if (result.isOk()) {
281 if (o_put) {
282 output->append(o_put->data.begin(), o_put->data.end());
283 }
284
285 if (out_keyParams) {
286 out_params->push_back(AuthorizationSet(out_keyParams->params));
287 }
288 }
289
290 return GetReturnErrorCode(result);
291}
292
293ErrorCode KeyMintAidlTestBase::Update(const string& input, string* out, int32_t* input_consumed) {
294 SCOPED_TRACE("Update");
295 AuthorizationSet out_params;
296 ErrorCode result =
297 Update(AuthorizationSet() /* in_params */, input, &out_params, out, input_consumed);
298 EXPECT_TRUE(out_params.empty());
299 return result;
300}
301
302ErrorCode KeyMintAidlTestBase::Finish(const AuthorizationSet& in_params, const string& input,
303 const string& signature, AuthorizationSet* out_params,
304 string* output) {
305 SCOPED_TRACE("Finish");
306 Status result;
307
308 EXPECT_NE(op_, nullptr);
309 if (!op_) {
310 return ErrorCode::UNEXPECTED_NULL_POINTER;
311 }
312
313 KeyParameterArray key_params;
314 key_params.params = in_params.vector_data();
315
316 KeyParameterArray in_keyParams;
317 in_keyParams.params = in_params.vector_data();
318
319 optional<KeyParameterArray> out_keyParams;
320 optional<vector<uint8_t>> o_put;
321
322 vector<uint8_t> oPut;
323 result = op_->finish(in_keyParams, vector<uint8_t>(input.begin(), input.end()),
324 vector<uint8_t>(signature.begin(), signature.end()), {}, {},
325 &out_keyParams, &oPut);
326
327 if (result.isOk()) {
328 if (out_keyParams) {
329 out_params->push_back(AuthorizationSet(out_keyParams->params));
330 }
331
332 output->append(oPut.begin(), oPut.end());
333 }
334
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]335 op_.reset();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]336 return GetReturnErrorCode(result);
337}
338
339ErrorCode KeyMintAidlTestBase::Finish(const string& message, string* output) {
340 SCOPED_TRACE("Finish");
341 AuthorizationSet out_params;
342 string finish_output;
343 ErrorCode result = Finish(AuthorizationSet() /* in_params */, message, "" /* signature */,
344 &out_params, output);
345 if (result != ErrorCode::OK) {
346 return result;
347 }
348 EXPECT_EQ(0U, out_params.size());
349 return result;
350}
351
352ErrorCode KeyMintAidlTestBase::Finish(const string& message, const string& signature,
353 string* output) {
354 SCOPED_TRACE("Finish");
355 AuthorizationSet out_params;
356 ErrorCode result =
357 Finish(AuthorizationSet() /* in_params */, message, signature, &out_params, output);
358
359 if (result != ErrorCode::OK) {
360 return result;
361 }
362
363 EXPECT_EQ(0U, out_params.size());
364 return result;
365}
366
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]367ErrorCode KeyMintAidlTestBase::Abort(const std::shared_ptr<IKeyMintOperation>& op) {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]368 SCOPED_TRACE("Abort");
369
370 EXPECT_NE(op, nullptr);
371 if (!op) {
372 return ErrorCode::UNEXPECTED_NULL_POINTER;
373 }
374
375 Status retval = op->abort();
376 EXPECT_TRUE(retval.isOk());
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]377 return static_cast<ErrorCode>(retval.getServiceSpecificError());
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]378}
379
380ErrorCode KeyMintAidlTestBase::Abort() {
381 SCOPED_TRACE("Abort");
382
383 EXPECT_NE(op_, nullptr);
384 if (!op_) {
385 return ErrorCode::UNEXPECTED_NULL_POINTER;
386 }
387
388 Status retval = op_->abort();
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]389 return static_cast<ErrorCode>(retval.getServiceSpecificError());
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]390}
391
392void KeyMintAidlTestBase::AbortIfNeeded() {
393 SCOPED_TRACE("AbortIfNeeded");
394 if (op_) {
395 EXPECT_EQ(ErrorCode::OK, Abort());
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]396 op_.reset();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]397 }
398}
399
400string KeyMintAidlTestBase::ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
401 const string& message, const AuthorizationSet& in_params,
402 AuthorizationSet* out_params) {
403 SCOPED_TRACE("ProcessMessage");
404 AuthorizationSet begin_out_params;
405 ErrorCode result = Begin(operation, key_blob, in_params, &begin_out_params);
406 EXPECT_EQ(ErrorCode::OK, result);
407 if (result != ErrorCode::OK) {
408 return "";
409 }
410
411 string output;
412 int32_t consumed = 0;
413 AuthorizationSet update_params;
414 AuthorizationSet update_out_params;
415 result = Update(update_params, message, &update_out_params, &output, &consumed);
416 EXPECT_EQ(ErrorCode::OK, result);
417 if (result != ErrorCode::OK) {
418 return "";
419 }
420
421 string unused;
422 AuthorizationSet finish_params;
423 AuthorizationSet finish_out_params;
424 EXPECT_EQ(ErrorCode::OK,
425 Finish(finish_params, message.substr(consumed), unused, &finish_out_params, &output));
426
427 out_params->push_back(begin_out_params);
428 out_params->push_back(finish_out_params);
429 return output;
430}
431
432string KeyMintAidlTestBase::SignMessage(const vector<uint8_t>& key_blob, const string& message,
433 const AuthorizationSet& params) {
434 SCOPED_TRACE("SignMessage");
435 AuthorizationSet out_params;
436 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
437 EXPECT_TRUE(out_params.empty());
438 return signature;
439}
440
441string KeyMintAidlTestBase::SignMessage(const string& message, const AuthorizationSet& params) {
442 SCOPED_TRACE("SignMessage");
443 return SignMessage(key_blob_, message, params);
444}
445
446string KeyMintAidlTestBase::MacMessage(const string& message, Digest digest, size_t mac_length) {
447 SCOPED_TRACE("MacMessage");
448 return SignMessage(
449 key_blob_, message,
450 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
451}
452
453void KeyMintAidlTestBase::CheckHmacTestVector(const string& key, const string& message,
454 Digest digest, const string& expected_mac) {
455 SCOPED_TRACE("CheckHmacTestVector");
456 ASSERT_EQ(ErrorCode::OK,
457 ImportKey(AuthorizationSetBuilder()
458 .Authorization(TAG_NO_AUTH_REQUIRED)
459 .HmacKey(key.size() * 8)
460 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
461 .Digest(digest),
462 KeyFormat::RAW, key));
463 string signature = MacMessage(message, digest, expected_mac.size() * 8);
464 EXPECT_EQ(expected_mac, signature)
465 << "Test vector didn't match for key of size " << key.size() << " message of size "
466 << message.size() << " and digest " << digest;
467 CheckedDeleteKey();
468}
469
470void KeyMintAidlTestBase::CheckAesCtrTestVector(const string& key, const string& nonce,
471 const string& message,
472 const string& expected_ciphertext) {
473 SCOPED_TRACE("CheckAesCtrTestVector");
474 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
475 .Authorization(TAG_NO_AUTH_REQUIRED)
476 .AesEncryptionKey(key.size() * 8)
477 .BlockMode(BlockMode::CTR)
478 .Authorization(TAG_CALLER_NONCE)
479 .Padding(PaddingMode::NONE),
480 KeyFormat::RAW, key));
481
482 auto params = AuthorizationSetBuilder()
483 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
484 .BlockMode(BlockMode::CTR)
485 .Padding(PaddingMode::NONE);
486 AuthorizationSet out_params;
487 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
488 EXPECT_EQ(expected_ciphertext, ciphertext);
489}
490
491void KeyMintAidlTestBase::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
492 PaddingMode padding_mode, const string& key,
493 const string& iv, const string& input,
494 const string& expected_output) {
495 auto authset = AuthorizationSetBuilder()
496 .TripleDesEncryptionKey(key.size() * 7)
497 .BlockMode(block_mode)
498 .Authorization(TAG_NO_AUTH_REQUIRED)
499 .Padding(padding_mode);
500 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
501 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
502 ASSERT_GT(key_blob_.size(), 0U);
503
504 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
505 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
506 AuthorizationSet output_params;
507 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
508 EXPECT_EQ(expected_output, output);
509}
510
511void KeyMintAidlTestBase::VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
512 const string& signature, const AuthorizationSet& params) {
513 SCOPED_TRACE("VerifyMessage");
514 AuthorizationSet begin_out_params;
515 ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params));
516
517 string output;
518 AuthorizationSet update_params;
519 AuthorizationSet update_out_params;
520 int32_t consumed;
521 ASSERT_EQ(ErrorCode::OK,
522 Update(update_params, message, &update_out_params, &output, &consumed));
523 EXPECT_TRUE(output.empty());
524 EXPECT_GT(consumed, 0U);
525
526 string unused;
527 AuthorizationSet finish_params;
528 AuthorizationSet finish_out_params;
529 EXPECT_EQ(ErrorCode::OK, Finish(finish_params, message.substr(consumed), signature,
530 &finish_out_params, &output));
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]531 op_.reset();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]532 EXPECT_TRUE(output.empty());
533}
534
535void KeyMintAidlTestBase::VerifyMessage(const string& message, const string& signature,
536 const AuthorizationSet& params) {
537 SCOPED_TRACE("VerifyMessage");
538 VerifyMessage(key_blob_, message, signature, params);
539}
540
541string KeyMintAidlTestBase::EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
542 const AuthorizationSet& in_params,
543 AuthorizationSet* out_params) {
544 SCOPED_TRACE("EncryptMessage");
545 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
546}
547
548string KeyMintAidlTestBase::EncryptMessage(const string& message, const AuthorizationSet& params,
549 AuthorizationSet* out_params) {
550 SCOPED_TRACE("EncryptMessage");
551 return EncryptMessage(key_blob_, message, params, out_params);
552}
553
554string KeyMintAidlTestBase::EncryptMessage(const string& message, const AuthorizationSet& params) {
555 SCOPED_TRACE("EncryptMessage");
556 AuthorizationSet out_params;
557 string ciphertext = EncryptMessage(message, params, &out_params);
558 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
559 return ciphertext;
560}
561
562string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
563 PaddingMode padding) {
564 SCOPED_TRACE("EncryptMessage");
565 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
566 AuthorizationSet out_params;
567 string ciphertext = EncryptMessage(message, params, &out_params);
568 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
569 return ciphertext;
570}
571
572string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
573 PaddingMode padding, vector<uint8_t>* iv_out) {
574 SCOPED_TRACE("EncryptMessage");
575 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
576 AuthorizationSet out_params;
577 string ciphertext = EncryptMessage(message, params, &out_params);
578 EXPECT_EQ(1U, out_params.size());
579 auto ivVal = out_params.GetTagValue(TAG_NONCE);
580 EXPECT_TRUE(ivVal.isOk());
581 if (ivVal.isOk()) *iv_out = ivVal.value();
582 return ciphertext;
583}
584
585string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
586 PaddingMode padding, const vector<uint8_t>& iv_in) {
587 SCOPED_TRACE("EncryptMessage");
588 auto params = AuthorizationSetBuilder()
589 .BlockMode(block_mode)
590 .Padding(padding)
591 .Authorization(TAG_NONCE, iv_in);
592 AuthorizationSet out_params;
593 string ciphertext = EncryptMessage(message, params, &out_params);
594 return ciphertext;
595}
596
597string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
598 PaddingMode padding, uint8_t mac_length_bits,
599 const vector<uint8_t>& iv_in) {
600 SCOPED_TRACE("EncryptMessage");
601 auto params = AuthorizationSetBuilder()
602 .BlockMode(block_mode)
603 .Padding(padding)
604 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
605 .Authorization(TAG_NONCE, iv_in);
606 AuthorizationSet out_params;
607 string ciphertext = EncryptMessage(message, params, &out_params);
608 return ciphertext;
609}
610
611string KeyMintAidlTestBase::DecryptMessage(const vector<uint8_t>& key_blob,
612 const string& ciphertext,
613 const AuthorizationSet& params) {
614 SCOPED_TRACE("DecryptMessage");
615 AuthorizationSet out_params;
616 string plaintext =
617 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
618 EXPECT_TRUE(out_params.empty());
619 return plaintext;
620}
621
622string KeyMintAidlTestBase::DecryptMessage(const string& ciphertext,
623 const AuthorizationSet& params) {
624 SCOPED_TRACE("DecryptMessage");
625 return DecryptMessage(key_blob_, ciphertext, params);
626}
627
628string KeyMintAidlTestBase::DecryptMessage(const string& ciphertext, BlockMode block_mode,
629 PaddingMode padding_mode, const vector<uint8_t>& iv) {
630 SCOPED_TRACE("DecryptMessage");
631 auto params = AuthorizationSetBuilder()
632 .BlockMode(block_mode)
633 .Padding(padding_mode)
634 .Authorization(TAG_NONCE, iv);
635 return DecryptMessage(key_blob_, ciphertext, params);
636}
637
638std::pair<ErrorCode, vector<uint8_t>> KeyMintAidlTestBase::UpgradeKey(
639 const vector<uint8_t>& key_blob) {
640 std::pair<ErrorCode, vector<uint8_t>> retval;
641 vector<uint8_t> outKeyBlob;
642 Status result = keymint_->upgradeKey(key_blob, vector<KeyParameter>(), &outKeyBlob);
643 ErrorCode errorcode = GetReturnErrorCode(result);
644 retval = std::tie(errorcode, outKeyBlob);
645
646 return retval;
647}
648vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {
649 switch (algorithm) {
650 case Algorithm::RSA:
651 switch (SecLevel()) {
652 case SecurityLevel::SOFTWARE:
653 case SecurityLevel::TRUSTED_ENVIRONMENT:
654 return {2048, 3072, 4096};
655 case SecurityLevel::STRONGBOX:
656 return {2048};
657 default:
658 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
659 break;
660 }
661 break;
662 case Algorithm::EC:
663 switch (SecLevel()) {
664 case SecurityLevel::SOFTWARE:
665 case SecurityLevel::TRUSTED_ENVIRONMENT:
666 return {224, 256, 384, 521};
667 case SecurityLevel::STRONGBOX:
668 return {256};
669 default:
670 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
671 break;
672 }
673 break;
674 case Algorithm::AES:
675 return {128, 256};
676 case Algorithm::TRIPLE_DES:
677 return {168};
678 case Algorithm::HMAC: {
679 vector<uint32_t> retval((512 - 64) / 8 + 1);
680 uint32_t size = 64 - 8;
681 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
682 return retval;
683 }
684 default:
685 ADD_FAILURE() << "Invalid Algorithm: " << algorithm;
686 return {};
687 }
688 ADD_FAILURE() << "Should be impossible to get here";
689 return {};
690}
691
692vector<uint32_t> KeyMintAidlTestBase::InvalidKeySizes(Algorithm algorithm) {
693 if (SecLevel() == SecurityLevel::STRONGBOX) {
694 switch (algorithm) {
695 case Algorithm::RSA:
696 return {3072, 4096};
697 case Algorithm::EC:
698 return {224, 384, 521};
699 case Algorithm::AES:
700 return {192};
701 default:
702 return {};
703 }
704 }
705 return {};
706}
707
708vector<EcCurve> KeyMintAidlTestBase::ValidCurves() {
709 if (securityLevel_ == SecurityLevel::STRONGBOX) {
710 return {EcCurve::P_256};
711 } else {
712 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
713 }
714}
715
716vector<EcCurve> KeyMintAidlTestBase::InvalidCurves() {
717 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
718 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
719 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
720}
721
722vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
723 switch (SecLevel()) {
724 case SecurityLevel::SOFTWARE:
725 case SecurityLevel::TRUSTED_ENVIRONMENT:
726 if (withNone) {
727 if (withMD5)
728 return {Digest::NONE, Digest::MD5, Digest::SHA1,
729 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
730 Digest::SHA_2_512};
731 else
732 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
733 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
734 } else {
735 if (withMD5)
736 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
737 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
738 else
739 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
740 Digest::SHA_2_512};
741 }
742 break;
743 case SecurityLevel::STRONGBOX:
744 if (withNone)
745 return {Digest::NONE, Digest::SHA_2_256};
746 else
747 return {Digest::SHA_2_256};
748 break;
749 default:
750 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
751 break;
752 }
753 ADD_FAILURE() << "Should be impossible to get here";
754 return {};
755}
756
757} // namespace test
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]758
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]759} // namespace aidl::android::hardware::security::keymint