Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / bb3d85eaa4c8564ea864df2dd5abea8c585e0408 / . / security / keymint / aidl / vts / functional / KeyMintAidlTestBase.h
blob: 88998d587d1b9e4a6492904877153f94b5820d20 [file] [log] [blame]
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]1/*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]17#pragma once
18
19#include <aidl/Gtest.h>
20#include <aidl/Vintf.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]21#include <binder/IServiceManager.h>
22#include <binder/ProcessState.h>
23#include <gtest/gtest.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]24#include <openssl/x509.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]25
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]26#include <aidl/android/hardware/security/keymint/ErrorCode.h>
27#include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]28#include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
Shawn Willden1d3f85e2020-12-09 14:18:44 -0700[diff] [blame]29
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]30#include <keymint_support/authorization_set.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]31#include <keymint_support/openssl_utils.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]32
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]33namespace aidl::android::hardware::security::keymint {
34
35::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set);
36
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]37inline bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
38 return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
39}
40
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]41namespace test {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]42
43using ::android::sp;
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]44using Status = ::ndk::ScopedAStatus;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]45using ::std::optional;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]46using ::std::shared_ptr;
47using ::std::string;
48using ::std::vector;
49
50constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF;
51
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]52class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
53 public:
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]54 struct KeyData {
55 vector<uint8_t> blob;
56 vector<KeyCharacteristics> characteristics;
57 };
58
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]59 static bool arm_deleteAllKeys;
60 static bool dump_Attestations;
61
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]62 void SetUp() override;
63 void TearDown() override {
64 if (key_blob_.size()) {
65 CheckedDeleteKey();
66 }
67 AbortIfNeeded();
68 }
69
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]70 void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]71 IKeyMintDevice& keyMint() { return *keymint_; }
72 uint32_t os_version() { return os_version_; }
73 uint32_t os_patch_level() { return os_patch_level_; }
David Drysdalebb3d85e2021-04-13 11:15:51 +0100[diff] [blame^]74 uint32_t vendor_patch_level() { return vendor_patch_level_; }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]75
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]76 ErrorCode GetReturnErrorCode(const Status& result);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]77
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]78 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
79 vector<KeyCharacteristics>* key_characteristics) {
80 return GenerateKey(key_desc, std::nullopt /* attest_key */, key_blob, key_characteristics,
81 &cert_chain_);
82 }
83 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
84 const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob,
85 vector<KeyCharacteristics>* key_characteristics,
86 vector<Certificate>* cert_chain);
87 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
88 const optional<AttestationKey>& attest_key = std::nullopt);
89
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]90 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
91 const string& key_material, vector<uint8_t>* key_blob,
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]92 vector<KeyCharacteristics>* key_characteristics);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]93 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
94 const string& key_material);
95
96 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
97 const AuthorizationSet& wrapping_key_desc, string masking_key,
98 const AuthorizationSet& unwrapping_params);
99
100 ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
101 ErrorCode DeleteKey(bool keep_key_blob = false);
102
103 ErrorCode DeleteAllKeys();
104
105 void CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
106 void CheckedDeleteKey();
107
108 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
109 const AuthorizationSet& in_params, AuthorizationSet* out_params,
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]110 std::shared_ptr<IKeyMintOperation>& op);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]111 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
112 const AuthorizationSet& in_params, AuthorizationSet* out_params);
113 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
114 AuthorizationSet* out_params);
115 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
116
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]117 ErrorCode UpdateAad(const string& input);
118 ErrorCode Update(const string& input, string* output);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]119
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]120 ErrorCode Finish(const string& message, const string& signature, string* output);
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]121 ErrorCode Finish(const string& message, string* output) {
122 return Finish(message, {} /* signature */, output);
123 }
124 ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]125
126 ErrorCode Abort();
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]127 ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]128 void AbortIfNeeded();
129
130 string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
131 const string& message, const AuthorizationSet& in_params,
132 AuthorizationSet* out_params);
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]133 std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
134 const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
135 const AuthorizationSet& in_params);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]136 string SignMessage(const vector<uint8_t>& key_blob, const string& message,
137 const AuthorizationSet& params);
138 string SignMessage(const string& message, const AuthorizationSet& params);
139
140 string MacMessage(const string& message, Digest digest, size_t mac_length);
141
142 void CheckHmacTestVector(const string& key, const string& message, Digest digest,
143 const string& expected_mac);
144
145 void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message,
146 const string& expected_ciphertext);
147
148 void CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
149 PaddingMode padding_mode, const string& key, const string& iv,
150 const string& input, const string& expected_output);
151
152 void VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
153 const string& signature, const AuthorizationSet& params);
154 void VerifyMessage(const string& message, const string& signature,
155 const AuthorizationSet& params);
156
157 string EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
158 const AuthorizationSet& in_params, AuthorizationSet* out_params);
159 string EncryptMessage(const string& message, const AuthorizationSet& params,
160 AuthorizationSet* out_params);
161 string EncryptMessage(const string& message, const AuthorizationSet& params);
162 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding);
163 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
164 vector<uint8_t>* iv_out);
165 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
166 const vector<uint8_t>& iv_in);
167 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
168 uint8_t mac_length_bits, const vector<uint8_t>& iv_in);
169
170 string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext,
171 const AuthorizationSet& params);
172 string DecryptMessage(const string& ciphertext, const AuthorizationSet& params);
173 string DecryptMessage(const string& ciphertext, BlockMode block_mode, PaddingMode padding_mode,
174 const vector<uint8_t>& iv);
175
176 std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob);
177
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]178 template <typename TagType>
179 std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
180 KeyData /* ecdsaKey */>
181 CreateTestKeys(TagType tagToTest, ErrorCode expectedReturn) {
182 /* AES */
183 KeyData aesKeyData;
184 ErrorCode errorCode = GenerateKey(AuthorizationSetBuilder()
185 .AesEncryptionKey(128)
186 .Authorization(tagToTest)
187 .BlockMode(BlockMode::ECB)
188 .Padding(PaddingMode::NONE)
189 .Authorization(TAG_NO_AUTH_REQUIRED),
190 &aesKeyData.blob, &aesKeyData.characteristics);
191 EXPECT_EQ(expectedReturn, errorCode);
192
193 /* HMAC */
194 KeyData hmacKeyData;
195 errorCode = GenerateKey(AuthorizationSetBuilder()
196 .HmacKey(128)
197 .Authorization(tagToTest)
198 .Digest(Digest::SHA_2_256)
199 .Authorization(TAG_MIN_MAC_LENGTH, 128)
200 .Authorization(TAG_NO_AUTH_REQUIRED),
201 &hmacKeyData.blob, &hmacKeyData.characteristics);
202 EXPECT_EQ(expectedReturn, errorCode);
203
204 /* RSA */
205 KeyData rsaKeyData;
206 errorCode = GenerateKey(AuthorizationSetBuilder()
207 .RsaSigningKey(2048, 65537)
208 .Authorization(tagToTest)
209 .Digest(Digest::NONE)
210 .Padding(PaddingMode::NONE)
211 .Authorization(TAG_NO_AUTH_REQUIRED)
212 .SetDefaultValidity(),
213 &rsaKeyData.blob, &rsaKeyData.characteristics);
214 EXPECT_EQ(expectedReturn, errorCode);
215
216 /* ECDSA */
217 KeyData ecdsaKeyData;
218 errorCode = GenerateKey(AuthorizationSetBuilder()
219 .EcdsaSigningKey(256)
220 .Authorization(tagToTest)
221 .Digest(Digest::SHA_2_256)
222 .Authorization(TAG_NO_AUTH_REQUIRED)
223 .SetDefaultValidity(),
224 &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
225 EXPECT_EQ(expectedReturn, errorCode);
226 return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
227 }
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]228 bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
229 SecurityLevel SecLevel() const { return securityLevel_; }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]230
231 vector<uint32_t> ValidKeySizes(Algorithm algorithm);
232 vector<uint32_t> InvalidKeySizes(Algorithm algorithm);
233
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]234 vector<BlockMode> ValidBlockModes(Algorithm algorithm);
235 vector<PaddingMode> ValidPaddingModes(Algorithm algorithm, BlockMode blockMode);
236 vector<PaddingMode> InvalidPaddingModes(Algorithm algorithm, BlockMode blockMode);
237
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]238 vector<EcCurve> ValidCurves();
239 vector<EcCurve> InvalidCurves();
240
241 vector<Digest> ValidDigests(bool withNone, bool withMD5);
242
243 static vector<string> build_params() {
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]244 auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]245 return params;
246 }
247
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]248 std::shared_ptr<IKeyMintOperation> op_;
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]249 vector<Certificate> cert_chain_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]250 vector<uint8_t> key_blob_;
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]251 vector<KeyCharacteristics> key_characteristics_;
252
253 const vector<KeyParameter>& SecLevelAuthorizations(
254 const vector<KeyCharacteristics>& key_characteristics);
255 inline const vector<KeyParameter>& SecLevelAuthorizations() {
256 return SecLevelAuthorizations(key_characteristics_);
257 }
Qi Wubeefae42021-01-28 23:16:37 +0800[diff] [blame]258 const vector<KeyParameter>& SecLevelAuthorizations(
259 const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel);
260
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]261 ErrorCode UseAesKey(const vector<uint8_t>& aesKeyBlob);
262 ErrorCode UseHmacKey(const vector<uint8_t>& hmacKeyBlob);
263 ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
264 ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]265
Shawn Willdend659c7c2021-02-19 14:51:51 -0700[diff] [blame]266 protected:
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]267 std::shared_ptr<IKeyMintDevice> keymint_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]268 uint32_t os_version_;
269 uint32_t os_patch_level_;
David Drysdalebb3d85e2021-04-13 11:15:51 +0100[diff] [blame^]270 uint32_t vendor_patch_level_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]271
272 SecurityLevel securityLevel_;
273 string name_;
274 string author_;
275 long challenge_;
276};
277
Selene Huang6e46f142021-04-20 19:20:11 -0700[diff] [blame]278vector<uint8_t> build_serial_blob(const uint64_t serial_int);
279void verify_subject(const X509* cert, const string& subject, bool self_signed);
280void verify_serial(X509* cert, const uint64_t expected_serial);
281void verify_subject_and_serial(const Certificate& certificate, //
282 const uint64_t expected_serial, //
283 const string& subject, bool self_signed);
284
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]285bool verify_attestation_record(const string& challenge, //
286 const string& app_id, //
287 AuthorizationSet expected_sw_enforced, //
288 AuthorizationSet expected_hw_enforced, //
289 SecurityLevel security_level,
290 const vector<uint8_t>& attestation_cert);
Selene Huang6e46f142021-04-20 19:20:11 -0700[diff] [blame]291
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]292string bin2hex(const vector<uint8_t>& data);
293X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
David Drysdalef0d516d2021-03-22 07:51:43 +0000[diff] [blame]294vector<uint8_t> make_name_from_str(const string& name);
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]295void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
296 vector<uint8_t>* payload_value);
297void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
298
David Drysdalef0d516d2021-03-22 07:51:43 +0000[diff] [blame]299AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
300AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]301::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain);
302
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]303#define INSTANTIATE_KEYMINT_AIDL_TEST(name) \
304 INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
305 testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
Shawn Willden7e71f1e2021-04-01 16:44:22 -0600[diff] [blame]306 ::android::PrintInstanceNameToString); \
307 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]308
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]309} // namespace test
310
311} // namespace aidl::android::hardware::security::keymint