| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2020 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 17 | #pragma once |
| 18 | |
| David Drysdale | adfe611 | 2021-05-27 12:00:53 +0100 | [diff] [blame] | 19 | #include <functional> |
| David Drysdale | 300b555 | 2021-05-20 12:05:26 +0100 | [diff] [blame] | 20 | #include <string_view> |
| 21 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 22 | #include <aidl/Gtest.h> |
| 23 | #include <aidl/Vintf.h> |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 24 | #include <binder/IServiceManager.h> |
| 25 | #include <binder/ProcessState.h> |
| 26 | #include <gtest/gtest.h> |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 27 | #include <openssl/x509.h> |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 28 | |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 29 | #include <aidl/android/hardware/security/keymint/ErrorCode.h> |
| 30 | #include <aidl/android/hardware/security/keymint/IKeyMintDevice.h> |
| David Drysdale | 4dc0107 | 2021-04-01 12:17:35 +0100 | [diff] [blame] | 31 | #include <aidl/android/hardware/security/keymint/MacedPublicKey.h> |
| Shawn Willden | 1d3f85e | 2020-12-09 14:18:44 -0700 | [diff] [blame] | 32 | |
| Shawn Willden | 08a7e43 | 2020-12-11 13:05:27 +0000 | [diff] [blame] | 33 | #include <keymint_support/authorization_set.h> |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 34 | #include <keymint_support/openssl_utils.h> |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 35 | |
| Shawn Willden | 0e80b5d | 2020-12-17 09:07:27 -0700 | [diff] [blame] | 36 | namespace aidl::android::hardware::security::keymint { |
| 37 | |
| 38 | ::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set); |
| 39 | |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 40 | inline bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) { |
| 41 | return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin()); |
| 42 | } |
| 43 | |
| Shawn Willden | 0e80b5d | 2020-12-17 09:07:27 -0700 | [diff] [blame] | 44 | namespace test { |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 45 | |
| 46 | using ::android::sp; |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 47 | using Status = ::ndk::ScopedAStatus; |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 48 | using ::std::optional; |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 49 | using ::std::shared_ptr; |
| 50 | using ::std::string; |
| 51 | using ::std::vector; |
| 52 | |
| 53 | constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF; |
| 54 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 55 | class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { |
| 56 | public: |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 57 | struct KeyData { |
| 58 | vector<uint8_t> blob; |
| 59 | vector<KeyCharacteristics> characteristics; |
| 60 | }; |
| 61 | |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 62 | static bool arm_deleteAllKeys; |
| 63 | static bool dump_Attestations; |
| 64 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 65 | void SetUp() override; |
| 66 | void TearDown() override { |
| 67 | if (key_blob_.size()) { |
| 68 | CheckedDeleteKey(); |
| 69 | } |
| 70 | AbortIfNeeded(); |
| 71 | } |
| 72 | |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 73 | void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 74 | IKeyMintDevice& keyMint() { return *keymint_; } |
| 75 | uint32_t os_version() { return os_version_; } |
| 76 | uint32_t os_patch_level() { return os_patch_level_; } |
| David Drysdale | bb3d85e | 2021-04-13 11:15:51 +0100 | [diff] [blame] | 77 | uint32_t vendor_patch_level() { return vendor_patch_level_; } |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 78 | |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 79 | ErrorCode GetReturnErrorCode(const Status& result); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 80 | |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 81 | ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob, |
| 82 | vector<KeyCharacteristics>* key_characteristics) { |
| 83 | return GenerateKey(key_desc, std::nullopt /* attest_key */, key_blob, key_characteristics, |
| 84 | &cert_chain_); |
| 85 | } |
| 86 | ErrorCode GenerateKey(const AuthorizationSet& key_desc, |
| 87 | const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob, |
| 88 | vector<KeyCharacteristics>* key_characteristics, |
| 89 | vector<Certificate>* cert_chain); |
| 90 | ErrorCode GenerateKey(const AuthorizationSet& key_desc, |
| 91 | const optional<AttestationKey>& attest_key = std::nullopt); |
| 92 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 93 | ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format, |
| 94 | const string& key_material, vector<uint8_t>* key_blob, |
| Shawn Willden | 7f42437 | 2021-01-10 18:06:50 -0700 | [diff] [blame] | 95 | vector<KeyCharacteristics>* key_characteristics); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 96 | ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format, |
| 97 | const string& key_material); |
| 98 | |
| 99 | ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key, |
| 100 | const AuthorizationSet& wrapping_key_desc, string masking_key, |
| David Drysdale | d2cc8c2 | 2021-04-15 13:29:45 +0100 | [diff] [blame] | 101 | const AuthorizationSet& unwrapping_params, int64_t password_sid, |
| 102 | int64_t biometric_sid); |
| 103 | ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key, |
| 104 | const AuthorizationSet& wrapping_key_desc, string masking_key, |
| 105 | const AuthorizationSet& unwrapping_params) { |
| 106 | return ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, masking_key, |
| 107 | unwrapping_params, 0 /* password_sid */, 0 /* biometric_sid */); |
| 108 | } |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 109 | |
| David Drysdale | 300b555 | 2021-05-20 12:05:26 +0100 | [diff] [blame] | 110 | ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob, const vector<uint8_t>& app_id, |
| 111 | const vector<uint8_t>& app_data, |
| 112 | vector<KeyCharacteristics>* key_characteristics); |
| 113 | ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob, |
| 114 | vector<KeyCharacteristics>* key_characteristics); |
| 115 | |
| 116 | void CheckCharacteristics(const vector<uint8_t>& key_blob, |
| 117 | const vector<KeyCharacteristics>& generate_characteristics); |
| 118 | void CheckAppIdCharacteristics(const vector<uint8_t>& key_blob, std::string_view app_id_string, |
| 119 | std::string_view app_data_string, |
| 120 | const vector<KeyCharacteristics>& generate_characteristics); |
| 121 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 122 | ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false); |
| 123 | ErrorCode DeleteKey(bool keep_key_blob = false); |
| 124 | |
| 125 | ErrorCode DeleteAllKeys(); |
| 126 | |
| David Drysdale | d2cc8c2 | 2021-04-15 13:29:45 +0100 | [diff] [blame] | 127 | ErrorCode DestroyAttestationIds(); |
| 128 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 129 | void CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false); |
| 130 | void CheckedDeleteKey(); |
| 131 | |
| 132 | ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob, |
| 133 | const AuthorizationSet& in_params, AuthorizationSet* out_params, |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 134 | std::shared_ptr<IKeyMintOperation>& op); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 135 | ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob, |
| 136 | const AuthorizationSet& in_params, AuthorizationSet* out_params); |
| 137 | ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params, |
| 138 | AuthorizationSet* out_params); |
| 139 | ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params); |
| 140 | |
| Shawn Willden | 92d79c0 | 2021-02-19 07:31:55 -0700 | [diff] [blame] | 141 | ErrorCode UpdateAad(const string& input); |
| 142 | ErrorCode Update(const string& input, string* output); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 143 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 144 | ErrorCode Finish(const string& message, const string& signature, string* output); |
| Shawn Willden | 92d79c0 | 2021-02-19 07:31:55 -0700 | [diff] [blame] | 145 | ErrorCode Finish(const string& message, string* output) { |
| 146 | return Finish(message, {} /* signature */, output); |
| 147 | } |
| 148 | ErrorCode Finish(string* output) { return Finish({} /* message */, output); } |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 149 | |
| 150 | ErrorCode Abort(); |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 151 | ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 152 | void AbortIfNeeded(); |
| 153 | |
| 154 | string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation, |
| 155 | const string& message, const AuthorizationSet& in_params, |
| 156 | AuthorizationSet* out_params); |
| Shawn Willden | 92d79c0 | 2021-02-19 07:31:55 -0700 | [diff] [blame] | 157 | std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage( |
| 158 | const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message, |
| 159 | const AuthorizationSet& in_params); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 160 | string SignMessage(const vector<uint8_t>& key_blob, const string& message, |
| 161 | const AuthorizationSet& params); |
| 162 | string SignMessage(const string& message, const AuthorizationSet& params); |
| 163 | |
| 164 | string MacMessage(const string& message, Digest digest, size_t mac_length); |
| 165 | |
| 166 | void CheckHmacTestVector(const string& key, const string& message, Digest digest, |
| 167 | const string& expected_mac); |
| 168 | |
| 169 | void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message, |
| 170 | const string& expected_ciphertext); |
| 171 | |
| 172 | void CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode, |
| 173 | PaddingMode padding_mode, const string& key, const string& iv, |
| 174 | const string& input, const string& expected_output); |
| 175 | |
| 176 | void VerifyMessage(const vector<uint8_t>& key_blob, const string& message, |
| 177 | const string& signature, const AuthorizationSet& params); |
| 178 | void VerifyMessage(const string& message, const string& signature, |
| 179 | const AuthorizationSet& params); |
| David Drysdale | df8f52e | 2021-05-06 08:10:58 +0100 | [diff] [blame] | 180 | void LocalVerifyMessage(const string& message, const string& signature, |
| 181 | const AuthorizationSet& params); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 182 | |
| David Drysdale | 59cae64 | 2021-05-12 13:52:03 +0100 | [diff] [blame] | 183 | string LocalRsaEncryptMessage(const string& message, const AuthorizationSet& params); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 184 | string EncryptMessage(const vector<uint8_t>& key_blob, const string& message, |
| 185 | const AuthorizationSet& in_params, AuthorizationSet* out_params); |
| 186 | string EncryptMessage(const string& message, const AuthorizationSet& params, |
| 187 | AuthorizationSet* out_params); |
| 188 | string EncryptMessage(const string& message, const AuthorizationSet& params); |
| 189 | string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding); |
| 190 | string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding, |
| 191 | vector<uint8_t>* iv_out); |
| 192 | string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding, |
| 193 | const vector<uint8_t>& iv_in); |
| 194 | string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding, |
| 195 | uint8_t mac_length_bits, const vector<uint8_t>& iv_in); |
| David Drysdale | d2cc8c2 | 2021-04-15 13:29:45 +0100 | [diff] [blame] | 196 | string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding, |
| 197 | uint8_t mac_length_bits); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 198 | |
| 199 | string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext, |
| 200 | const AuthorizationSet& params); |
| 201 | string DecryptMessage(const string& ciphertext, const AuthorizationSet& params); |
| 202 | string DecryptMessage(const string& ciphertext, BlockMode block_mode, PaddingMode padding_mode, |
| 203 | const vector<uint8_t>& iv); |
| 204 | |
| 205 | std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob); |
| 206 | |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 207 | template <typename TagType> |
| 208 | std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */, |
| 209 | KeyData /* ecdsaKey */> |
| David Drysdale | adfe611 | 2021-05-27 12:00:53 +0100 | [diff] [blame] | 210 | CreateTestKeys( |
| 211 | TagType tagToTest, ErrorCode expectedReturn, |
| 212 | std::function<void(AuthorizationSetBuilder*)> tagModifier = |
| 213 | [](AuthorizationSetBuilder*) {}) { |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 214 | /* AES */ |
| 215 | KeyData aesKeyData; |
| David Drysdale | adfe611 | 2021-05-27 12:00:53 +0100 | [diff] [blame] | 216 | AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder() |
| 217 | .AesEncryptionKey(128) |
| 218 | .Authorization(tagToTest) |
| 219 | .BlockMode(BlockMode::ECB) |
| 220 | .Padding(PaddingMode::NONE) |
| 221 | .Authorization(TAG_NO_AUTH_REQUIRED); |
| 222 | tagModifier(&aesBuilder); |
| 223 | ErrorCode errorCode = |
| 224 | GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics); |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 225 | EXPECT_EQ(expectedReturn, errorCode); |
| 226 | |
| 227 | /* HMAC */ |
| 228 | KeyData hmacKeyData; |
| David Drysdale | adfe611 | 2021-05-27 12:00:53 +0100 | [diff] [blame] | 229 | AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder() |
| 230 | .HmacKey(128) |
| 231 | .Authorization(tagToTest) |
| 232 | .Digest(Digest::SHA_2_256) |
| 233 | .Authorization(TAG_MIN_MAC_LENGTH, 128) |
| 234 | .Authorization(TAG_NO_AUTH_REQUIRED); |
| 235 | tagModifier(&hmacBuilder); |
| 236 | errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics); |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 237 | EXPECT_EQ(expectedReturn, errorCode); |
| 238 | |
| 239 | /* RSA */ |
| 240 | KeyData rsaKeyData; |
| David Drysdale | adfe611 | 2021-05-27 12:00:53 +0100 | [diff] [blame] | 241 | AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder() |
| 242 | .RsaSigningKey(2048, 65537) |
| 243 | .Authorization(tagToTest) |
| 244 | .Digest(Digest::NONE) |
| 245 | .Padding(PaddingMode::NONE) |
| 246 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 247 | .SetDefaultValidity(); |
| 248 | tagModifier(&rsaBuilder); |
| 249 | errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics); |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 250 | EXPECT_EQ(expectedReturn, errorCode); |
| 251 | |
| 252 | /* ECDSA */ |
| 253 | KeyData ecdsaKeyData; |
| David Drysdale | adfe611 | 2021-05-27 12:00:53 +0100 | [diff] [blame] | 254 | AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder() |
| 255 | .EcdsaSigningKey(256) |
| 256 | .Authorization(tagToTest) |
| 257 | .Digest(Digest::SHA_2_256) |
| 258 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 259 | .SetDefaultValidity(); |
| 260 | tagModifier(&ecdsaBuilder); |
| 261 | errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics); |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 262 | EXPECT_EQ(expectedReturn, errorCode); |
| 263 | return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}; |
| 264 | } |
| Shawn Willden | 7f42437 | 2021-01-10 18:06:50 -0700 | [diff] [blame] | 265 | bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; } |
| 266 | SecurityLevel SecLevel() const { return securityLevel_; } |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 267 | |
| 268 | vector<uint32_t> ValidKeySizes(Algorithm algorithm); |
| 269 | vector<uint32_t> InvalidKeySizes(Algorithm algorithm); |
| 270 | |
| David Drysdale | 7de9feb | 2021-03-05 14:56:19 +0000 | [diff] [blame] | 271 | vector<BlockMode> ValidBlockModes(Algorithm algorithm); |
| 272 | vector<PaddingMode> ValidPaddingModes(Algorithm algorithm, BlockMode blockMode); |
| 273 | vector<PaddingMode> InvalidPaddingModes(Algorithm algorithm, BlockMode blockMode); |
| 274 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 275 | vector<EcCurve> ValidCurves(); |
| 276 | vector<EcCurve> InvalidCurves(); |
| 277 | |
| 278 | vector<Digest> ValidDigests(bool withNone, bool withMD5); |
| 279 | |
| 280 | static vector<string> build_params() { |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 281 | auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 282 | return params; |
| 283 | } |
| 284 | |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 285 | std::shared_ptr<IKeyMintOperation> op_; |
| Shawn Willden | 7f42437 | 2021-01-10 18:06:50 -0700 | [diff] [blame] | 286 | vector<Certificate> cert_chain_; |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 287 | vector<uint8_t> key_blob_; |
| Shawn Willden | 7f42437 | 2021-01-10 18:06:50 -0700 | [diff] [blame] | 288 | vector<KeyCharacteristics> key_characteristics_; |
| 289 | |
| 290 | const vector<KeyParameter>& SecLevelAuthorizations( |
| 291 | const vector<KeyCharacteristics>& key_characteristics); |
| 292 | inline const vector<KeyParameter>& SecLevelAuthorizations() { |
| 293 | return SecLevelAuthorizations(key_characteristics_); |
| 294 | } |
| Qi Wu | beefae4 | 2021-01-28 23:16:37 +0800 | [diff] [blame] | 295 | const vector<KeyParameter>& SecLevelAuthorizations( |
| 296 | const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel); |
| 297 | |
| Chirag Pathak | 9ea6a0a | 2021-02-01 23:54:27 +0000 | [diff] [blame] | 298 | ErrorCode UseAesKey(const vector<uint8_t>& aesKeyBlob); |
| 299 | ErrorCode UseHmacKey(const vector<uint8_t>& hmacKeyBlob); |
| 300 | ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob); |
| 301 | ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 302 | |
| Shawn Willden | d659c7c | 2021-02-19 14:51:51 -0700 | [diff] [blame] | 303 | protected: |
| Janis Danisevskis | 24c0470 | 2020-12-16 18:28:39 -0800 | [diff] [blame] | 304 | std::shared_ptr<IKeyMintDevice> keymint_; |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 305 | uint32_t os_version_; |
| 306 | uint32_t os_patch_level_; |
| David Drysdale | bb3d85e | 2021-04-13 11:15:51 +0100 | [diff] [blame] | 307 | uint32_t vendor_patch_level_; |
| David Drysdale | d2cc8c2 | 2021-04-15 13:29:45 +0100 | [diff] [blame] | 308 | bool timestamp_token_required_; |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 309 | |
| 310 | SecurityLevel securityLevel_; |
| 311 | string name_; |
| 312 | string author_; |
| 313 | long challenge_; |
| 314 | }; |
| 315 | |
| Selene Huang | 6e46f14 | 2021-04-20 19:20:11 -0700 | [diff] [blame] | 316 | vector<uint8_t> build_serial_blob(const uint64_t serial_int); |
| 317 | void verify_subject(const X509* cert, const string& subject, bool self_signed); |
| 318 | void verify_serial(X509* cert, const uint64_t expected_serial); |
| 319 | void verify_subject_and_serial(const Certificate& certificate, // |
| 320 | const uint64_t expected_serial, // |
| 321 | const string& subject, bool self_signed); |
| 322 | |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 323 | bool verify_attestation_record(const string& challenge, // |
| 324 | const string& app_id, // |
| 325 | AuthorizationSet expected_sw_enforced, // |
| 326 | AuthorizationSet expected_hw_enforced, // |
| 327 | SecurityLevel security_level, |
| 328 | const vector<uint8_t>& attestation_cert); |
| Selene Huang | 6e46f14 | 2021-04-20 19:20:11 -0700 | [diff] [blame] | 329 | |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 330 | string bin2hex(const vector<uint8_t>& data); |
| 331 | X509_Ptr parse_cert_blob(const vector<uint8_t>& blob); |
| David Drysdale | f0d516d | 2021-03-22 07:51:43 +0000 | [diff] [blame] | 332 | vector<uint8_t> make_name_from_str(const string& name); |
| David Drysdale | 4dc0107 | 2021-04-01 12:17:35 +0100 | [diff] [blame] | 333 | void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode, |
| 334 | vector<uint8_t>* payload_value); |
| 335 | void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey); |
| 336 | |
| David Drysdale | f0d516d | 2021-03-22 07:51:43 +0000 | [diff] [blame] | 337 | AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics); |
| 338 | AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics); |
| Shawn Willden | 7c13039 | 2020-12-21 09:58:22 -0700 | [diff] [blame] | 339 | ::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain); |
| 340 | |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 341 | #define INSTANTIATE_KEYMINT_AIDL_TEST(name) \ |
| 342 | INSTANTIATE_TEST_SUITE_P(PerInstance, name, \ |
| 343 | testing::ValuesIn(KeyMintAidlTestBase::build_params()), \ |
| Shawn Willden | 7e71f1e | 2021-04-01 16:44:22 -0600 | [diff] [blame] | 344 | ::android::PrintInstanceNameToString); \ |
| 345 | GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name); |
| Selene Huang | 31ab404 | 2020-04-29 04:22:39 -0700 | [diff] [blame] | 346 | |
| Shawn Willden | 0e80b5d | 2020-12-17 09:07:27 -0700 | [diff] [blame] | 347 | } // namespace test |
| 348 | |
| 349 | } // namespace aidl::android::hardware::security::keymint |