Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / bd37c3bf35091b4b2d3a1a15426d3390d0e1ae19 / . / keymaster / 4.0 / vts / functional / KeymasterHidlTest.cpp
blob: d2bbae5b62449673fa048d98c507f1f1dc5cb462 [file] [log] [blame]
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterHidlTest.h"
18
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]19#include <vector>
20
21#include <android-base/logging.h>
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]22#include <android/hidl/manager/1.0/IServiceManager.h>
23
24#include <keymasterV4_0/key_param_output.h>
25
26namespace android {
27namespace hardware {
28namespace keymaster {
29namespace V4_0 {
30
31::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
32 if (set.size() == 0)
33 os << "(Empty)" << ::std::endl;
34 else {
35 os << "\n";
36 for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
37 }
38 return os;
39}
40
41namespace test {
42
43sp<IKeymasterDevice> KeymasterHidlTest::keymaster_;
44std::vector<sp<IKeymasterDevice>> KeymasterHidlTest::all_keymasters_;
45uint32_t KeymasterHidlTest::os_version_;
46uint32_t KeymasterHidlTest::os_patch_level_;
47SecurityLevel KeymasterHidlTest::securityLevel_;
48hidl_string KeymasterHidlTest::name_;
49hidl_string KeymasterHidlTest::author_;
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame^]50string KeymasterHidlTest::service_name_;
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]51
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame^]52void KeymasterHidlTest::InitializeKeymaster() {
53 service_name_ = KeymasterHidlEnvironment::Instance()->getServiceName<IKeymasterDevice>();
54 keymaster_ = ::testing::VtsHalHidlTargetTestBase::getService<IKeymasterDevice>(service_name_);
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]55 ASSERT_NE(keymaster_, nullptr);
56
57 ASSERT_TRUE(keymaster_
58 ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
59 const hidl_string& author) {
60 securityLevel_ = securityLevel;
61 name_ = name;
62 author_ = author;
63 })
64 .isOk());
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame^]65}
66
67void KeymasterHidlTest::SetUpTestCase() {
68
69 InitializeKeymaster();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]70
71 os_version_ = ::keymaster::GetOsVersion();
72 os_patch_level_ = ::keymaster::GetOsPatchlevel();
73
74 auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();
75 ASSERT_NE(nullptr, service_manager.get());
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]76 all_keymasters_.push_back(keymaster_);
77 service_manager->listByInterface(
78 IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {
79 for (auto& name : names) {
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame^]80 if (name == service_name_) continue;
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]81 auto keymaster =
82 ::testing::VtsHalHidlTargetTestBase::getService<IKeymasterDevice>(name);
83 ASSERT_NE(keymaster, nullptr);
84 all_keymasters_.push_back(keymaster);
85 }
86 });
87}
88
89ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
90 KeyCharacteristics* key_characteristics) {
91 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
92 EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
93 EXPECT_NE(key_characteristics, nullptr)
94 << "Previous characteristics not deleted before generating key. Test bug.";
95
96 ErrorCode error;
97 EXPECT_TRUE(keymaster_
98 ->generateKey(key_desc.hidl_data(),
99 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
100 const KeyCharacteristics& hidl_key_characteristics) {
101 error = hidl_error;
102 *key_blob = hidl_key_blob;
103 *key_characteristics = hidl_key_characteristics;
104 })
105 .isOk());
106 // On error, blob & characteristics should be empty.
107 if (error != ErrorCode::OK) {
108 EXPECT_EQ(0U, key_blob->size());
109 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
110 key_characteristics->hardwareEnforced.size()));
111 }
112 return error;
113}
114
115ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
116 return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
117}
118
119ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
120 const string& key_material, HidlBuf* key_blob,
121 KeyCharacteristics* key_characteristics) {
122 ErrorCode error;
123 EXPECT_TRUE(keymaster_
124 ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
125 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
126 const KeyCharacteristics& hidl_key_characteristics) {
127 error = hidl_error;
128 *key_blob = hidl_key_blob;
129 *key_characteristics = hidl_key_characteristics;
130 })
131 .isOk());
132 // On error, blob & characteristics should be empty.
133 if (error != ErrorCode::OK) {
134 EXPECT_EQ(0U, key_blob->size());
135 EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
136 key_characteristics->hardwareEnforced.size()));
137 }
138 return error;
139}
140
141ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
142 const string& key_material) {
143 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
144}
145
146ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
147 const AuthorizationSet& wrapping_key_desc,
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]148 string masking_key,
149 const AuthorizationSet& unwrapping_params) {
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]150 ErrorCode error;
151 ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
152 EXPECT_TRUE(keymaster_
153 ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
Shawn Willden8d28efa2018-01-19 13:37:42 -0700[diff] [blame]154 unwrapping_params.hidl_data(), 0 /* passwordSid */,
155 0 /* biometricSid */,
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]156 [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
157 const KeyCharacteristics& hidl_key_characteristics) {
158 error = hidl_error;
159 key_blob_ = hidl_key_blob;
160 key_characteristics_ = hidl_key_characteristics;
161 })
162 .isOk());
163 return error;
164}
165
166ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
167 const HidlBuf& client_id, const HidlBuf& app_data,
168 HidlBuf* key_material) {
169 ErrorCode error;
170 EXPECT_TRUE(keymaster_
171 ->exportKey(format, key_blob, client_id, app_data,
172 [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
173 error = hidl_error_code;
174 *key_material = hidl_key_material;
175 })
176 .isOk());
177 // On error, blob should be empty.
178 if (error != ErrorCode::OK) {
179 EXPECT_EQ(0U, key_material->size());
180 }
181 return error;
182}
183
184ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
185 HidlBuf client_id, app_data;
186 return ExportKey(format, key_blob_, client_id, app_data, key_material);
187}
188
189ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
190 auto rc = keymaster_->deleteKey(*key_blob);
191 if (!keep_key_blob) *key_blob = HidlBuf();
192 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
193 return rc;
194}
195
196ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
197 return DeleteKey(&key_blob_, keep_key_blob);
198}
199
200ErrorCode KeymasterHidlTest::DeleteAllKeys() {
201 ErrorCode error = keymaster_->deleteAllKeys();
202 return error;
203}
204
205void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
206 auto rc = DeleteKey(key_blob, keep_key_blob);
207 EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
208}
209
210void KeymasterHidlTest::CheckedDeleteKey() {
211 CheckedDeleteKey(&key_blob_);
212}
213
214ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
215 const HidlBuf& app_data,
216 KeyCharacteristics* key_characteristics) {
217 ErrorCode error = ErrorCode::UNKNOWN_ERROR;
218 EXPECT_TRUE(
219 keymaster_
220 ->getKeyCharacteristics(
221 key_blob, client_id, app_data,
222 [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
223 error = hidl_error, *key_characteristics = hidl_key_characteristics;
224 })
225 .isOk());
226 return error;
227}
228
229ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
230 KeyCharacteristics* key_characteristics) {
231 HidlBuf client_id, app_data;
232 return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
233}
234
Rob Barnesbd37c3b2019-09-06 12:53:17 -0600[diff] [blame^]235ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
236 EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
237 *debug_info = hidl_debug_info;
238 }).isOk());
239 return ErrorCode::OK;
240}
241
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]242ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
243 const AuthorizationSet& in_params, AuthorizationSet* out_params,
244 OperationHandle* op_handle) {
245 SCOPED_TRACE("Begin");
246 ErrorCode error;
247 OperationHandle saved_handle = *op_handle;
248 EXPECT_TRUE(keymaster_
249 ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
250 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
251 uint64_t hidl_op_handle) {
252 error = hidl_error;
253 *out_params = hidl_out_params;
254 *op_handle = hidl_op_handle;
255 })
256 .isOk());
257 if (error != ErrorCode::OK) {
258 // Some implementations may modify *op_handle on error.
259 *op_handle = saved_handle;
260 }
261 return error;
262}
263
264ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
265 AuthorizationSet* out_params) {
266 SCOPED_TRACE("Begin");
267 EXPECT_EQ(kOpHandleSentinel, op_handle_);
268 return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
269}
270
271ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
272 SCOPED_TRACE("Begin");
273 AuthorizationSet out_params;
274 ErrorCode error = Begin(purpose, in_params, &out_params);
275 EXPECT_TRUE(out_params.empty());
276 return error;
277}
278
279ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
280 const string& input, AuthorizationSet* out_params,
281 string* output, size_t* input_consumed) {
282 SCOPED_TRACE("Update");
283 ErrorCode error;
284 EXPECT_TRUE(keymaster_
285 ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
286 VerificationToken(),
287 [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
288 const hidl_vec<KeyParameter>& hidl_out_params,
289 const HidlBuf& hidl_output) {
290 error = hidl_error;
291 out_params->push_back(AuthorizationSet(hidl_out_params));
292 output->append(hidl_output.to_string());
293 *input_consumed = hidl_input_consumed;
294 })
295 .isOk());
296 return error;
297}
298
299ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
300 SCOPED_TRACE("Update");
301 AuthorizationSet out_params;
302 ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
303 out, input_consumed);
304 EXPECT_TRUE(out_params.empty());
305 return error;
306}
307
308ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
309 const string& input, const string& signature,
310 AuthorizationSet* out_params, string* output) {
311 SCOPED_TRACE("Finish");
312 ErrorCode error;
313 EXPECT_TRUE(
314 keymaster_
315 ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
316 HardwareAuthToken(), VerificationToken(),
317 [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
318 const HidlBuf& hidl_output) {
319 error = hidl_error;
320 *out_params = hidl_out_params;
321 output->append(hidl_output.to_string());
322 })
323 .isOk());
324 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
325 return error;
326}
327
328ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
329 SCOPED_TRACE("Finish");
330 AuthorizationSet out_params;
331 string finish_output;
332 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
333 "" /* signature */, &out_params, output);
334 if (error != ErrorCode::OK) {
335 return error;
336 }
337 EXPECT_EQ(0U, out_params.size());
338 return error;
339}
340
341ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
342 string* output) {
343 SCOPED_TRACE("Finish");
344 AuthorizationSet out_params;
345 ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
346 &out_params, output);
347 op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
348 if (error != ErrorCode::OK) {
349 return error;
350 }
351 EXPECT_EQ(0U, out_params.size());
352 return error;
353}
354
355ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
356 SCOPED_TRACE("Abort");
357 auto retval = keymaster_->abort(op_handle);
358 EXPECT_TRUE(retval.isOk());
359 return retval;
360}
361
362void KeymasterHidlTest::AbortIfNeeded() {
363 SCOPED_TRACE("AbortIfNeeded");
364 if (op_handle_ != kOpHandleSentinel) {
365 EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
366 op_handle_ = kOpHandleSentinel;
367 }
368}
369
370ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
371 const AuthorizationSet& attest_params,
372 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
373 SCOPED_TRACE("AttestKey");
374 ErrorCode error;
375 auto rc = keymaster_->attestKey(
376 key_blob, attest_params.hidl_data(),
377 [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
378 error = hidl_error;
379 *cert_chain = hidl_cert_chain;
380 });
381
382 EXPECT_TRUE(rc.isOk()) << rc.description();
383 if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
384
385 return error;
386}
387
388ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
389 hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
390 SCOPED_TRACE("AttestKey");
391 return AttestKey(key_blob_, attest_params, cert_chain);
392}
393
394string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
395 const string& message, const AuthorizationSet& in_params,
396 AuthorizationSet* out_params) {
397 SCOPED_TRACE("ProcessMessage");
398 AuthorizationSet begin_out_params;
399 EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
400
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]401 string output;
402 size_t consumed = 0;
403 AuthorizationSet update_params;
404 AuthorizationSet update_out_params;
405 EXPECT_EQ(ErrorCode::OK,
406 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
407
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]408 string unused;
409 AuthorizationSet finish_params;
410 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]411 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
412 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]413 op_handle_ = kOpHandleSentinel;
414
415 out_params->push_back(begin_out_params);
416 out_params->push_back(finish_out_params);
417 return output;
418}
419
420string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
421 const AuthorizationSet& params) {
422 SCOPED_TRACE("SignMessage");
423 AuthorizationSet out_params;
424 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
425 EXPECT_TRUE(out_params.empty());
426 return signature;
427}
428
429string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
430 SCOPED_TRACE("SignMessage");
431 return SignMessage(key_blob_, message, params);
432}
433
434string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
435 SCOPED_TRACE("MacMessage");
436 return SignMessage(
437 key_blob_, message,
438 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
439}
440
441void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
442 const string& expected_mac) {
443 SCOPED_TRACE("CheckHmacTestVector");
444 ASSERT_EQ(ErrorCode::OK,
445 ImportKey(AuthorizationSetBuilder()
446 .Authorization(TAG_NO_AUTH_REQUIRED)
447 .HmacKey(key.size() * 8)
448 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
449 .Digest(digest),
450 KeyFormat::RAW, key));
451 string signature = MacMessage(message, digest, expected_mac.size() * 8);
452 EXPECT_EQ(expected_mac, signature)
453 << "Test vector didn't match for key of size " << key.size() << " message of size "
454 << message.size() << " and digest " << digest;
455 CheckedDeleteKey();
456}
457
458void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
459 const string& message,
460 const string& expected_ciphertext) {
461 SCOPED_TRACE("CheckAesCtrTestVector");
462 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
463 .Authorization(TAG_NO_AUTH_REQUIRED)
464 .AesEncryptionKey(key.size() * 8)
465 .BlockMode(BlockMode::CTR)
466 .Authorization(TAG_CALLER_NONCE)
467 .Padding(PaddingMode::NONE),
468 KeyFormat::RAW, key));
469
470 auto params = AuthorizationSetBuilder()
471 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
472 .BlockMode(BlockMode::CTR)
473 .Padding(PaddingMode::NONE);
474 AuthorizationSet out_params;
475 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
476 EXPECT_EQ(expected_ciphertext, ciphertext);
477}
478
479void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
480 PaddingMode padding_mode, const string& key,
481 const string& iv, const string& input,
482 const string& expected_output) {
483 auto authset = AuthorizationSetBuilder()
484 .TripleDesEncryptionKey(key.size() * 7)
485 .BlockMode(block_mode)
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]486 .Authorization(TAG_NO_AUTH_REQUIRED)
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]487 .Padding(padding_mode);
488 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
489 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
490 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
491 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
492 AuthorizationSet output_params;
493 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
494 EXPECT_EQ(expected_output, output);
495}
496
497void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
498 const string& signature, const AuthorizationSet& params) {
499 SCOPED_TRACE("VerifyMessage");
500 AuthorizationSet begin_out_params;
501 ASSERT_EQ(ErrorCode::OK,
502 Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
503
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]504 string output;
505 AuthorizationSet update_params;
506 AuthorizationSet update_out_params;
507 size_t consumed;
508 ASSERT_EQ(ErrorCode::OK,
509 Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
510 EXPECT_TRUE(output.empty());
511 EXPECT_GT(consumed, 0U);
512
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]513 string unused;
514 AuthorizationSet finish_params;
515 AuthorizationSet finish_out_params;
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]516 EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
517 &finish_out_params, &output));
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]518 op_handle_ = kOpHandleSentinel;
519 EXPECT_TRUE(output.empty());
520}
521
522void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
523 const AuthorizationSet& params) {
524 SCOPED_TRACE("VerifyMessage");
525 VerifyMessage(key_blob_, message, signature, params);
526}
527
528string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
529 const AuthorizationSet& in_params,
530 AuthorizationSet* out_params) {
531 SCOPED_TRACE("EncryptMessage");
532 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
533}
534
535string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
536 AuthorizationSet* out_params) {
537 SCOPED_TRACE("EncryptMessage");
538 return EncryptMessage(key_blob_, message, params, out_params);
539}
540
541string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
542 SCOPED_TRACE("EncryptMessage");
543 AuthorizationSet out_params;
544 string ciphertext = EncryptMessage(message, params, &out_params);
545 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
546 return ciphertext;
547}
548
549string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
550 PaddingMode padding) {
551 SCOPED_TRACE("EncryptMessage");
552 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
553 AuthorizationSet out_params;
554 string ciphertext = EncryptMessage(message, params, &out_params);
555 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
556 return ciphertext;
557}
558
559string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
560 PaddingMode padding, HidlBuf* iv_out) {
561 SCOPED_TRACE("EncryptMessage");
562 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
563 AuthorizationSet out_params;
564 string ciphertext = EncryptMessage(message, params, &out_params);
565 EXPECT_EQ(1U, out_params.size());
566 auto ivVal = out_params.GetTagValue(TAG_NONCE);
567 EXPECT_TRUE(ivVal.isOk());
Shawn Willden08839102018-03-29 20:54:51 -0600[diff] [blame]568 if (ivVal.isOk()) *iv_out = ivVal.value();
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]569 return ciphertext;
570}
571
572string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
573 PaddingMode padding, const HidlBuf& iv_in) {
574 SCOPED_TRACE("EncryptMessage");
575 auto params = AuthorizationSetBuilder()
576 .BlockMode(block_mode)
577 .Padding(padding)
578 .Authorization(TAG_NONCE, iv_in);
579 AuthorizationSet out_params;
580 string ciphertext = EncryptMessage(message, params, &out_params);
581 return ciphertext;
582}
583
584string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
585 const AuthorizationSet& params) {
586 SCOPED_TRACE("DecryptMessage");
587 AuthorizationSet out_params;
588 string plaintext =
589 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
590 EXPECT_TRUE(out_params.empty());
591 return plaintext;
592}
593
594string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
595 SCOPED_TRACE("DecryptMessage");
596 return DecryptMessage(key_blob_, ciphertext, params);
597}
598
599string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
600 PaddingMode padding_mode, const HidlBuf& iv) {
601 SCOPED_TRACE("DecryptMessage");
602 auto params = AuthorizationSetBuilder()
603 .BlockMode(block_mode)
604 .Padding(padding_mode)
605 .Authorization(TAG_NONCE, iv);
606 return DecryptMessage(key_blob_, ciphertext, params);
607}
608
609std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
610 std::pair<ErrorCode, HidlBuf> retval;
611 keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
612 [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
613 retval = std::tie(error, upgraded_blob);
614 });
615 return retval;
616}
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]617std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
618 switch (algorithm) {
619 case Algorithm::RSA:
620 switch (SecLevel()) {
621 case SecurityLevel::TRUSTED_ENVIRONMENT:
622 return {2048, 3072, 4096};
623 case SecurityLevel::STRONGBOX:
624 return {2048};
625 default:
626 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
627 break;
628 }
629 break;
630 case Algorithm::EC:
631 switch (SecLevel()) {
632 case SecurityLevel::TRUSTED_ENVIRONMENT:
633 return {224, 256, 384, 521};
634 case SecurityLevel::STRONGBOX:
635 return {256};
636 default:
637 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
638 break;
639 }
640 break;
641 case Algorithm::AES:
642 return {128, 256};
643 case Algorithm::TRIPLE_DES:
644 return {168};
645 case Algorithm::HMAC: {
646 std::vector<uint32_t> retval((512 - 64) / 8 + 1);
647 uint32_t size = 64 - 8;
648 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
649 return retval;
650 }
651 default:
652 CHECK(false) << "Invalid Algorithm: " << algorithm;
653 return {};
654 }
655 CHECK(false) << "Should be impossible to get here";
656 return {};
657}
658std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
659 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
660 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
661 switch (algorithm) {
662 case Algorithm::RSA:
663 return {3072, 4096};
664 case Algorithm::EC:
665 return {224, 384, 521};
Baranidharan Muthukumaran88a376b2018-08-24 13:31:35 -0700[diff] [blame]666 case Algorithm::AES:
667 return {192};
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]668 default:
669 return {};
670 }
671}
672
673std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
674 if (securityLevel_ == SecurityLevel::STRONGBOX) {
675 return {EcCurve::P_256};
676 } else {
677 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
678 }
679}
680
681std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
682 if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
683 CHECK(SecLevel() == SecurityLevel::STRONGBOX);
684 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
685}
686
Yi Kong73921752018-09-21 15:30:45 -0700[diff] [blame]687std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
nagendra modadugubbe92632018-06-05 11:05:19 -0700[diff] [blame]688 switch (SecLevel()) {
689 case SecurityLevel::TRUSTED_ENVIRONMENT:
690 if (withNone) {
691 if (withMD5)
692 return {Digest::NONE, Digest::MD5, Digest::SHA1,
693 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
694 Digest::SHA_2_512};
695 else
696 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
697 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
698 } else {
699 if (withMD5)
700 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
701 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
702 else
703 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
704 Digest::SHA_2_512};
705 }
706 break;
707 case SecurityLevel::STRONGBOX:
708 if (withNone)
709 return {Digest::NONE, Digest::SHA_2_256};
710 else
711 return {Digest::SHA_2_256};
712 break;
713 default:
714 CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
715 break;
716 }
717 CHECK(false) << "Should be impossible to get here";
718 return {};
719}
720
721std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
722 return {};
723}
Shawn Willden252233d2018-01-02 15:13:46 -0700[diff] [blame]724
725} // namespace test
726} // namespace V4_0
727} // namespace keymaster
728} // namespace hardware
729} // namespace android