blob: c17a0b8f83a3f3049ac163415d4415bed64067d9 [file] [log] [blame]
Selene Huang31ab4042020-04-29 04:22:39 -07001/*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeyMintAidlTestBase.h"
18
19#include <chrono>
Shawn Willden7f424372021-01-10 18:06:50 -070020#include <unordered_set>
Selene Huang31ab4042020-04-29 04:22:39 -070021#include <vector>
22
23#include <android-base/logging.h>
Janis Danisevskis24c04702020-12-16 18:28:39 -080024#include <android/binder_manager.h>
David Drysdale4dc01072021-04-01 12:17:35 +010025#include <cppbor_parse.h>
Shawn Willden7c130392020-12-21 09:58:22 -070026#include <cutils/properties.h>
David Drysdale4dc01072021-04-01 12:17:35 +010027#include <gmock/gmock.h>
David Drysdale42fe1892021-10-14 14:43:46 +010028#include <openssl/evp.h>
Shawn Willden7c130392020-12-21 09:58:22 -070029#include <openssl/mem.h>
David Drysdale4dc01072021-04-01 12:17:35 +010030#include <remote_prov/remote_prov_utils.h>
Selene Huang31ab4042020-04-29 04:22:39 -070031
Max Bires9704ff62021-04-07 11:12:01 -070032#include <keymaster/cppcose/cppcose.h>
Shawn Willden7c130392020-12-21 09:58:22 -070033#include <keymint_support/attestation_record.h>
Shawn Willden08a7e432020-12-11 13:05:27 +000034#include <keymint_support/key_param_output.h>
35#include <keymint_support/keymint_utils.h>
Shawn Willden7c130392020-12-21 09:58:22 -070036#include <keymint_support/openssl_utils.h>
Selene Huang31ab4042020-04-29 04:22:39 -070037
Janis Danisevskis24c04702020-12-16 18:28:39 -080038namespace aidl::android::hardware::security::keymint {
Selene Huang31ab4042020-04-29 04:22:39 -070039
David Drysdale4dc01072021-04-01 12:17:35 +010040using namespace cppcose;
Selene Huang31ab4042020-04-29 04:22:39 -070041using namespace std::literals::chrono_literals;
42using std::endl;
43using std::optional;
Shawn Willden7c130392020-12-21 09:58:22 -070044using std::unique_ptr;
45using ::testing::AssertionFailure;
46using ::testing::AssertionResult;
47using ::testing::AssertionSuccess;
Seth Moore026bb742021-04-30 11:41:18 -070048using ::testing::ElementsAreArray;
David Drysdale4dc01072021-04-01 12:17:35 +010049using ::testing::MatchesRegex;
Seth Moore026bb742021-04-30 11:41:18 -070050using ::testing::Not;
Selene Huang31ab4042020-04-29 04:22:39 -070051
52::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
53 if (set.size() == 0)
54 os << "(Empty)" << ::std::endl;
55 else {
56 os << "\n";
Shawn Willden0e80b5d2020-12-17 09:07:27 -070057 for (auto& entry : set) os << entry << ::std::endl;
Selene Huang31ab4042020-04-29 04:22:39 -070058 }
59 return os;
60}
61
62namespace test {
63
Shawn Willden7f424372021-01-10 18:06:50 -070064namespace {
David Drysdaledf8f52e2021-05-06 08:10:58 +010065
David Drysdale37af4b32021-05-14 16:46:59 +010066// Invalid value for a patchlevel (which is of form YYYYMMDD).
67const uint32_t kInvalidPatchlevel = 99998877;
68
David Drysdaledf8f52e2021-05-06 08:10:58 +010069// Overhead for PKCS#1 v1.5 signature padding of undigested messages. Digested messages have
70// additional overhead, for the digest algorithmIdentifier required by PKCS#1.
71const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11;
72
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +000073typedef KeyMintAidlTestBase::KeyData KeyData;
Shawn Willden7f424372021-01-10 18:06:50 -070074// Predicate for testing basic characteristics validity in generation or import.
75bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
76 const vector<KeyCharacteristics>& key_characteristics) {
77 if (key_characteristics.empty()) return false;
78
79 std::unordered_set<SecurityLevel> levels_seen;
80 for (auto& entry : key_characteristics) {
Seth Moore2a9a00e2021-08-04 16:31:52 -070081 if (entry.authorizations.empty()) {
82 GTEST_LOG_(ERROR) << "empty authorizations for " << entry.securityLevel;
83 return false;
84 }
Shawn Willden7f424372021-01-10 18:06:50 -070085
Qi Wubeefae42021-01-28 23:16:37 +080086 // Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.
87 if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;
88
Seth Moore2a9a00e2021-08-04 16:31:52 -070089 if (levels_seen.find(entry.securityLevel) != levels_seen.end()) {
90 GTEST_LOG_(ERROR) << "duplicate authorizations for " << entry.securityLevel;
91 return false;
92 }
Shawn Willden7f424372021-01-10 18:06:50 -070093 levels_seen.insert(entry.securityLevel);
94
95 // Generally, we should only have one entry, at the same security level as the KM
96 // instance. There is an exception: StrongBox KM can have some authorizations that are
97 // enforced by the TEE.
98 bool isExpectedSecurityLevel = secLevel == entry.securityLevel ||
99 (secLevel == SecurityLevel::STRONGBOX &&
100 entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT);
101
Seth Moore2a9a00e2021-08-04 16:31:52 -0700102 if (!isExpectedSecurityLevel) {
103 GTEST_LOG_(ERROR) << "Unexpected security level " << entry.securityLevel;
104 return false;
105 }
Shawn Willden7f424372021-01-10 18:06:50 -0700106 }
107 return true;
108}
109
Shawn Willden7c130392020-12-21 09:58:22 -0700110// Extract attestation record from cert. Returned object is still part of cert; don't free it
111// separately.
112ASN1_OCTET_STRING* get_attestation_record(X509* certificate) {
113 ASN1_OBJECT_Ptr oid(OBJ_txt2obj(kAttestionRecordOid, 1 /* dotted string format */));
114 EXPECT_TRUE(!!oid.get());
115 if (!oid.get()) return nullptr;
116
117 int location = X509_get_ext_by_OBJ(certificate, oid.get(), -1 /* search from beginning */);
118 EXPECT_NE(-1, location) << "Attestation extension not found in certificate";
119 if (location == -1) return nullptr;
120
121 X509_EXTENSION* attest_rec_ext = X509_get_ext(certificate, location);
122 EXPECT_TRUE(!!attest_rec_ext)
123 << "Found attestation extension but couldn't retrieve it? Probably a BoringSSL bug.";
124 if (!attest_rec_ext) return nullptr;
125
126 ASN1_OCTET_STRING* attest_rec = X509_EXTENSION_get_data(attest_rec_ext);
127 EXPECT_TRUE(!!attest_rec) << "Attestation extension contained no data";
128 return attest_rec;
129}
130
David Drysdale7dff4fc2021-12-10 10:10:52 +0000131void check_attestation_version(uint32_t attestation_version, int32_t aidl_version) {
132 // Version numbers in attestation extensions should be a multiple of 100.
133 EXPECT_EQ(attestation_version % 100, 0);
134
135 // The multiplier should never be higher than the AIDL version, but can be less
136 // (for example, if the implementation is from an earlier version but the HAL service
137 // uses the default libraries and so reports the current AIDL version).
138 EXPECT_TRUE((attestation_version / 100) <= aidl_version);
139}
140
Shawn Willden7c130392020-12-21 09:58:22 -0700141bool avb_verification_enabled() {
142 char value[PROPERTY_VALUE_MAX];
143 return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
144}
145
146char nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
147 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
148
149// Attestations don't contain everything in key authorization lists, so we need to filter the key
150// lists to produce the lists that we expect to match the attestations.
151auto kTagsToFilter = {
David Drysdale37af4b32021-05-14 16:46:59 +0100152 Tag::CREATION_DATETIME,
153 Tag::HARDWARE_TYPE,
154 Tag::INCLUDE_UNIQUE_ID,
Shawn Willden7c130392020-12-21 09:58:22 -0700155};
156
157AuthorizationSet filtered_tags(const AuthorizationSet& set) {
158 AuthorizationSet filtered;
159 std::remove_copy_if(
160 set.begin(), set.end(), std::back_inserter(filtered), [](const auto& entry) -> bool {
161 return std::find(kTagsToFilter.begin(), kTagsToFilter.end(), entry.tag) !=
162 kTagsToFilter.end();
163 });
164 return filtered;
165}
166
David Drysdale300b5552021-05-20 12:05:26 +0100167// Remove any SecurityLevel::KEYSTORE entries from a list of key characteristics.
168void strip_keystore_tags(vector<KeyCharacteristics>* characteristics) {
169 characteristics->erase(std::remove_if(characteristics->begin(), characteristics->end(),
170 [](const auto& entry) {
171 return entry.securityLevel == SecurityLevel::KEYSTORE;
172 }),
173 characteristics->end());
174}
175
Shawn Willden7c130392020-12-21 09:58:22 -0700176string x509NameToStr(X509_NAME* name) {
177 char* s = X509_NAME_oneline(name, nullptr, 0);
178 string retval(s);
179 OPENSSL_free(s);
180 return retval;
181}
182
Shawn Willden7f424372021-01-10 18:06:50 -0700183} // namespace
184
Shawn Willden7c130392020-12-21 09:58:22 -0700185bool KeyMintAidlTestBase::arm_deleteAllKeys = false;
186bool KeyMintAidlTestBase::dump_Attestations = false;
187
David Drysdale37af4b32021-05-14 16:46:59 +0100188uint32_t KeyMintAidlTestBase::boot_patch_level(
189 const vector<KeyCharacteristics>& key_characteristics) {
190 // The boot patchlevel is not available as a property, but should be present
191 // in the key characteristics of any created key.
192 AuthorizationSet allAuths;
193 for (auto& entry : key_characteristics) {
194 allAuths.push_back(AuthorizationSet(entry.authorizations));
195 }
196 auto patchlevel = allAuths.GetTagValue(TAG_BOOT_PATCHLEVEL);
197 if (patchlevel.has_value()) {
198 return patchlevel.value();
199 } else {
200 // No boot patchlevel is available. Return a value that won't match anything
201 // and so will trigger test failures.
202 return kInvalidPatchlevel;
203 }
204}
205
206uint32_t KeyMintAidlTestBase::boot_patch_level() {
207 return boot_patch_level(key_characteristics_);
208}
209
David Drysdale42fe1892021-10-14 14:43:46 +0100210bool KeyMintAidlTestBase::Curve25519Supported() {
211 // Strongbox never supports curve 25519.
212 if (SecLevel() == SecurityLevel::STRONGBOX) {
213 return false;
214 }
215
216 // Curve 25519 was included in version 2 of the KeyMint interface.
217 int32_t version = 0;
218 auto status = keymint_->getInterfaceVersion(&version);
219 if (!status.isOk()) {
220 ADD_FAILURE() << "Failed to determine interface version";
221 }
222 return version >= 2;
223}
224
Janis Danisevskis24c04702020-12-16 18:28:39 -0800225ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(const Status& result) {
Selene Huang31ab4042020-04-29 04:22:39 -0700226 if (result.isOk()) return ErrorCode::OK;
227
Janis Danisevskis24c04702020-12-16 18:28:39 -0800228 if (result.getExceptionCode() == EX_SERVICE_SPECIFIC) {
229 return static_cast<ErrorCode>(result.getServiceSpecificError());
Selene Huang31ab4042020-04-29 04:22:39 -0700230 }
231
232 return ErrorCode::UNKNOWN_ERROR;
233}
234
Janis Danisevskis24c04702020-12-16 18:28:39 -0800235void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint) {
Selene Huang31ab4042020-04-29 04:22:39 -0700236 ASSERT_NE(keyMint, nullptr);
Janis Danisevskis24c04702020-12-16 18:28:39 -0800237 keymint_ = std::move(keyMint);
Selene Huang31ab4042020-04-29 04:22:39 -0700238
239 KeyMintHardwareInfo info;
240 ASSERT_TRUE(keymint_->getHardwareInfo(&info).isOk());
241
242 securityLevel_ = info.securityLevel;
243 name_.assign(info.keyMintName.begin(), info.keyMintName.end());
244 author_.assign(info.keyMintAuthorName.begin(), info.keyMintAuthorName.end());
David Drysdaled2cc8c22021-04-15 13:29:45 +0100245 timestamp_token_required_ = info.timestampTokenRequired;
Selene Huang31ab4042020-04-29 04:22:39 -0700246
247 os_version_ = getOsVersion();
248 os_patch_level_ = getOsPatchlevel();
David Drysdalebb3d85e2021-04-13 11:15:51 +0100249 vendor_patch_level_ = getVendorPatchlevel();
Selene Huang31ab4042020-04-29 04:22:39 -0700250}
251
David Drysdale7dff4fc2021-12-10 10:10:52 +0000252int32_t KeyMintAidlTestBase::AidlVersion() {
253 int32_t version = 0;
254 auto status = keymint_->getInterfaceVersion(&version);
255 if (!status.isOk()) {
256 ADD_FAILURE() << "Failed to determine interface version";
257 }
258 return version;
259}
260
Selene Huang31ab4042020-04-29 04:22:39 -0700261void KeyMintAidlTestBase::SetUp() {
Janis Danisevskis24c04702020-12-16 18:28:39 -0800262 if (AServiceManager_isDeclared(GetParam().c_str())) {
263 ::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
264 InitializeKeyMint(IKeyMintDevice::fromBinder(binder));
265 } else {
266 InitializeKeyMint(nullptr);
267 }
Selene Huang31ab4042020-04-29 04:22:39 -0700268}
269
270ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc,
Shawn Willden7c130392020-12-21 09:58:22 -0700271 const optional<AttestationKey>& attest_key,
Shawn Willden7f424372021-01-10 18:06:50 -0700272 vector<uint8_t>* key_blob,
Shawn Willden7c130392020-12-21 09:58:22 -0700273 vector<KeyCharacteristics>* key_characteristics,
274 vector<Certificate>* cert_chain) {
Shawn Willden7f424372021-01-10 18:06:50 -0700275 EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
276 EXPECT_NE(key_characteristics, nullptr)
Selene Huang31ab4042020-04-29 04:22:39 -0700277 << "Previous characteristics not deleted before generating key. Test bug.";
278
Shawn Willden7f424372021-01-10 18:06:50 -0700279 KeyCreationResult creationResult;
Shawn Willden7c130392020-12-21 09:58:22 -0700280 Status result = keymint_->generateKey(key_desc.vector_data(), attest_key, &creationResult);
Selene Huang31ab4042020-04-29 04:22:39 -0700281 if (result.isOk()) {
Shawn Willden7f424372021-01-10 18:06:50 -0700282 EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
283 creationResult.keyCharacteristics);
284 EXPECT_GT(creationResult.keyBlob.size(), 0);
285 *key_blob = std::move(creationResult.keyBlob);
286 *key_characteristics = std::move(creationResult.keyCharacteristics);
Shawn Willden7c130392020-12-21 09:58:22 -0700287 *cert_chain = std::move(creationResult.certificateChain);
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700288
289 auto algorithm = key_desc.GetTagValue(TAG_ALGORITHM);
290 EXPECT_TRUE(algorithm);
291 if (algorithm &&
292 (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) {
Shawn Willden7c130392020-12-21 09:58:22 -0700293 EXPECT_GE(cert_chain->size(), 1);
294 if (key_desc.Contains(TAG_ATTESTATION_CHALLENGE)) {
295 if (attest_key) {
296 EXPECT_EQ(cert_chain->size(), 1);
297 } else {
298 EXPECT_GT(cert_chain->size(), 1);
299 }
300 }
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700301 } else {
302 // For symmetric keys there should be no certificates.
Shawn Willden7c130392020-12-21 09:58:22 -0700303 EXPECT_EQ(cert_chain->size(), 0);
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700304 }
Selene Huang31ab4042020-04-29 04:22:39 -0700305 }
306
307 return GetReturnErrorCode(result);
308}
309
Shawn Willden7c130392020-12-21 09:58:22 -0700310ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc,
311 const optional<AttestationKey>& attest_key) {
312 return GenerateKey(key_desc, attest_key, &key_blob_, &key_characteristics_, &cert_chain_);
Selene Huang31ab4042020-04-29 04:22:39 -0700313}
314
315ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
316 const string& key_material, vector<uint8_t>* key_blob,
Shawn Willden7f424372021-01-10 18:06:50 -0700317 vector<KeyCharacteristics>* key_characteristics) {
Selene Huang31ab4042020-04-29 04:22:39 -0700318 Status result;
319
Shawn Willden7f424372021-01-10 18:06:50 -0700320 cert_chain_.clear();
321 key_characteristics->clear();
Selene Huang31ab4042020-04-29 04:22:39 -0700322 key_blob->clear();
323
Shawn Willden7f424372021-01-10 18:06:50 -0700324 KeyCreationResult creationResult;
Selene Huang31ab4042020-04-29 04:22:39 -0700325 result = keymint_->importKey(key_desc.vector_data(), format,
Shawn Willden7f424372021-01-10 18:06:50 -0700326 vector<uint8_t>(key_material.begin(), key_material.end()),
Shawn Willden7c130392020-12-21 09:58:22 -0700327 {} /* attestationSigningKeyBlob */, &creationResult);
Selene Huang31ab4042020-04-29 04:22:39 -0700328
329 if (result.isOk()) {
Shawn Willden7f424372021-01-10 18:06:50 -0700330 EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
331 creationResult.keyCharacteristics);
332 EXPECT_GT(creationResult.keyBlob.size(), 0);
333
334 *key_blob = std::move(creationResult.keyBlob);
335 *key_characteristics = std::move(creationResult.keyCharacteristics);
336 cert_chain_ = std::move(creationResult.certificateChain);
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700337
338 auto algorithm = key_desc.GetTagValue(TAG_ALGORITHM);
339 EXPECT_TRUE(algorithm);
340 if (algorithm &&
341 (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) {
342 EXPECT_GE(cert_chain_.size(), 1);
343 if (key_desc.Contains(TAG_ATTESTATION_CHALLENGE)) EXPECT_GT(cert_chain_.size(), 1);
344 } else {
345 // For symmetric keys there should be no certificates.
346 EXPECT_EQ(cert_chain_.size(), 0);
347 }
Selene Huang31ab4042020-04-29 04:22:39 -0700348 }
349
350 return GetReturnErrorCode(result);
351}
352
353ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
354 const string& key_material) {
355 return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
356}
357
358ErrorCode KeyMintAidlTestBase::ImportWrappedKey(string wrapped_key, string wrapping_key,
359 const AuthorizationSet& wrapping_key_desc,
360 string masking_key,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100361 const AuthorizationSet& unwrapping_params,
362 int64_t password_sid, int64_t biometric_sid) {
Selene Huang31ab4042020-04-29 04:22:39 -0700363 EXPECT_EQ(ErrorCode::OK, ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key));
364
Shawn Willden7f424372021-01-10 18:06:50 -0700365 key_characteristics_.clear();
Selene Huang31ab4042020-04-29 04:22:39 -0700366
Shawn Willden7f424372021-01-10 18:06:50 -0700367 KeyCreationResult creationResult;
368 Status result = keymint_->importWrappedKey(
369 vector<uint8_t>(wrapped_key.begin(), wrapped_key.end()), key_blob_,
370 vector<uint8_t>(masking_key.begin(), masking_key.end()),
David Drysdaled2cc8c22021-04-15 13:29:45 +0100371 unwrapping_params.vector_data(), password_sid, biometric_sid, &creationResult);
Selene Huang31ab4042020-04-29 04:22:39 -0700372
373 if (result.isOk()) {
Shawn Willden7f424372021-01-10 18:06:50 -0700374 EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
375 creationResult.keyCharacteristics);
376 EXPECT_GT(creationResult.keyBlob.size(), 0);
377
378 key_blob_ = std::move(creationResult.keyBlob);
379 key_characteristics_ = std::move(creationResult.keyCharacteristics);
380 cert_chain_ = std::move(creationResult.certificateChain);
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700381
382 AuthorizationSet allAuths;
383 for (auto& entry : key_characteristics_) {
384 allAuths.push_back(AuthorizationSet(entry.authorizations));
385 }
386 auto algorithm = allAuths.GetTagValue(TAG_ALGORITHM);
387 EXPECT_TRUE(algorithm);
388 if (algorithm &&
389 (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) {
390 EXPECT_GE(cert_chain_.size(), 1);
391 } else {
392 // For symmetric keys there should be no certificates.
393 EXPECT_EQ(cert_chain_.size(), 0);
394 }
Selene Huang31ab4042020-04-29 04:22:39 -0700395 }
396
397 return GetReturnErrorCode(result);
398}
399
David Drysdale300b5552021-05-20 12:05:26 +0100400ErrorCode KeyMintAidlTestBase::GetCharacteristics(const vector<uint8_t>& key_blob,
401 const vector<uint8_t>& app_id,
402 const vector<uint8_t>& app_data,
403 vector<KeyCharacteristics>* key_characteristics) {
404 Status result =
405 keymint_->getKeyCharacteristics(key_blob, app_id, app_data, key_characteristics);
406 return GetReturnErrorCode(result);
407}
408
409ErrorCode KeyMintAidlTestBase::GetCharacteristics(const vector<uint8_t>& key_blob,
410 vector<KeyCharacteristics>* key_characteristics) {
411 vector<uint8_t> empty_app_id, empty_app_data;
412 return GetCharacteristics(key_blob, empty_app_id, empty_app_data, key_characteristics);
413}
414
415void KeyMintAidlTestBase::CheckCharacteristics(
416 const vector<uint8_t>& key_blob,
417 const vector<KeyCharacteristics>& generate_characteristics) {
418 // Any key characteristics that were in SecurityLevel::KEYSTORE when returned from
419 // generateKey() should be excluded, as KeyMint will have no record of them.
420 // This applies to CREATION_DATETIME in particular.
421 vector<KeyCharacteristics> expected_characteristics(generate_characteristics);
422 strip_keystore_tags(&expected_characteristics);
423
424 vector<KeyCharacteristics> retrieved;
425 ASSERT_EQ(ErrorCode::OK, GetCharacteristics(key_blob, &retrieved));
426 EXPECT_EQ(expected_characteristics, retrieved);
427}
428
429void KeyMintAidlTestBase::CheckAppIdCharacteristics(
430 const vector<uint8_t>& key_blob, std::string_view app_id_string,
431 std::string_view app_data_string,
432 const vector<KeyCharacteristics>& generate_characteristics) {
433 // Exclude any SecurityLevel::KEYSTORE characteristics for comparisons.
434 vector<KeyCharacteristics> expected_characteristics(generate_characteristics);
435 strip_keystore_tags(&expected_characteristics);
436
437 vector<uint8_t> app_id(app_id_string.begin(), app_id_string.end());
438 vector<uint8_t> app_data(app_data_string.begin(), app_data_string.end());
439 vector<KeyCharacteristics> retrieved;
440 ASSERT_EQ(ErrorCode::OK, GetCharacteristics(key_blob, app_id, app_data, &retrieved));
441 EXPECT_EQ(expected_characteristics, retrieved);
442
443 // Check that key characteristics can't be retrieved if the app ID or app data is missing.
444 vector<uint8_t> empty;
445 vector<KeyCharacteristics> not_retrieved;
446 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
447 GetCharacteristics(key_blob, empty, app_data, &not_retrieved));
448 EXPECT_EQ(not_retrieved.size(), 0);
449
450 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
451 GetCharacteristics(key_blob, app_id, empty, &not_retrieved));
452 EXPECT_EQ(not_retrieved.size(), 0);
453
454 EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
455 GetCharacteristics(key_blob, empty, empty, &not_retrieved));
456 EXPECT_EQ(not_retrieved.size(), 0);
457}
458
Selene Huang31ab4042020-04-29 04:22:39 -0700459ErrorCode KeyMintAidlTestBase::DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob) {
460 Status result = keymint_->deleteKey(*key_blob);
461 if (!keep_key_blob) {
462 *key_blob = vector<uint8_t>();
463 }
464
Janis Danisevskis24c04702020-12-16 18:28:39 -0800465 EXPECT_TRUE(result.isOk()) << result.getServiceSpecificError() << endl;
Selene Huang31ab4042020-04-29 04:22:39 -0700466 return GetReturnErrorCode(result);
467}
468
469ErrorCode KeyMintAidlTestBase::DeleteKey(bool keep_key_blob) {
470 return DeleteKey(&key_blob_, keep_key_blob);
471}
472
473ErrorCode KeyMintAidlTestBase::DeleteAllKeys() {
474 Status result = keymint_->deleteAllKeys();
Janis Danisevskis24c04702020-12-16 18:28:39 -0800475 EXPECT_TRUE(result.isOk()) << result.getServiceSpecificError() << endl;
Selene Huang31ab4042020-04-29 04:22:39 -0700476 return GetReturnErrorCode(result);
477}
478
David Drysdaled2cc8c22021-04-15 13:29:45 +0100479ErrorCode KeyMintAidlTestBase::DestroyAttestationIds() {
480 Status result = keymint_->destroyAttestationIds();
481 return GetReturnErrorCode(result);
482}
483
Selene Huang31ab4042020-04-29 04:22:39 -0700484void KeyMintAidlTestBase::CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob) {
485 ErrorCode result = DeleteKey(key_blob, keep_key_blob);
486 EXPECT_TRUE(result == ErrorCode::OK || result == ErrorCode::UNIMPLEMENTED) << result << endl;
487}
488
489void KeyMintAidlTestBase::CheckedDeleteKey() {
490 CheckedDeleteKey(&key_blob_);
491}
492
493ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
494 const AuthorizationSet& in_params,
Janis Danisevskis24c04702020-12-16 18:28:39 -0800495 AuthorizationSet* out_params,
496 std::shared_ptr<IKeyMintOperation>& op) {
Selene Huang31ab4042020-04-29 04:22:39 -0700497 SCOPED_TRACE("Begin");
498 Status result;
499 BeginResult out;
David Drysdale56ba9122021-04-19 19:10:47 +0100500 result = keymint_->begin(purpose, key_blob, in_params.vector_data(), std::nullopt, &out);
Selene Huang31ab4042020-04-29 04:22:39 -0700501
502 if (result.isOk()) {
503 *out_params = out.params;
504 challenge_ = out.challenge;
505 op = out.operation;
506 }
507
508 return GetReturnErrorCode(result);
509}
510
511ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
512 const AuthorizationSet& in_params,
513 AuthorizationSet* out_params) {
514 SCOPED_TRACE("Begin");
515 Status result;
516 BeginResult out;
517
David Drysdale56ba9122021-04-19 19:10:47 +0100518 result = keymint_->begin(purpose, key_blob, in_params.vector_data(), std::nullopt, &out);
Selene Huang31ab4042020-04-29 04:22:39 -0700519
520 if (result.isOk()) {
521 *out_params = out.params;
522 challenge_ = out.challenge;
523 op_ = out.operation;
524 }
525
526 return GetReturnErrorCode(result);
527}
528
529ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
530 AuthorizationSet* out_params) {
531 SCOPED_TRACE("Begin");
532 EXPECT_EQ(nullptr, op_);
533 return Begin(purpose, key_blob_, in_params, out_params);
534}
535
536ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
537 SCOPED_TRACE("Begin");
538 AuthorizationSet out_params;
539 ErrorCode result = Begin(purpose, in_params, &out_params);
540 EXPECT_TRUE(out_params.empty());
541 return result;
542}
543
Shawn Willden92d79c02021-02-19 07:31:55 -0700544ErrorCode KeyMintAidlTestBase::UpdateAad(const string& input) {
545 return GetReturnErrorCode(op_->updateAad(vector<uint8_t>(input.begin(), input.end()),
546 {} /* hardwareAuthToken */,
547 {} /* verificationToken */));
548}
549
550ErrorCode KeyMintAidlTestBase::Update(const string& input, string* output) {
Selene Huang31ab4042020-04-29 04:22:39 -0700551 SCOPED_TRACE("Update");
552
553 Status result;
Shawn Willden92d79c02021-02-19 07:31:55 -0700554 if (!output) return ErrorCode::UNEXPECTED_NULL_POINTER;
Selene Huang31ab4042020-04-29 04:22:39 -0700555
Brian J Murrayeabd9d62022-01-06 15:13:51 -0800556 EXPECT_NE(op_, nullptr);
557 if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
558
Shawn Willden92d79c02021-02-19 07:31:55 -0700559 std::vector<uint8_t> o_put;
560 result = op_->update(vector<uint8_t>(input.begin(), input.end()), {}, {}, &o_put);
Selene Huang31ab4042020-04-29 04:22:39 -0700561
David Drysdalefeab5d92022-01-06 15:46:23 +0000562 if (result.isOk()) {
563 output->append(o_put.begin(), o_put.end());
564 } else {
565 // Failure always terminates the operation.
566 op_ = {};
567 }
Selene Huang31ab4042020-04-29 04:22:39 -0700568
569 return GetReturnErrorCode(result);
570}
571
Shawn Willden92d79c02021-02-19 07:31:55 -0700572ErrorCode KeyMintAidlTestBase::Finish(const string& input, const string& signature,
Selene Huang31ab4042020-04-29 04:22:39 -0700573 string* output) {
574 SCOPED_TRACE("Finish");
575 Status result;
576
577 EXPECT_NE(op_, nullptr);
Shawn Willden92d79c02021-02-19 07:31:55 -0700578 if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
Selene Huang31ab4042020-04-29 04:22:39 -0700579
580 vector<uint8_t> oPut;
Shawn Willden92d79c02021-02-19 07:31:55 -0700581 result = op_->finish(vector<uint8_t>(input.begin(), input.end()),
582 vector<uint8_t>(signature.begin(), signature.end()), {} /* authToken */,
583 {} /* timestampToken */, {} /* confirmationToken */, &oPut);
Selene Huang31ab4042020-04-29 04:22:39 -0700584
Shawn Willden92d79c02021-02-19 07:31:55 -0700585 if (result.isOk()) output->append(oPut.begin(), oPut.end());
Selene Huang31ab4042020-04-29 04:22:39 -0700586
Shawn Willden92d79c02021-02-19 07:31:55 -0700587 op_ = {};
Selene Huang31ab4042020-04-29 04:22:39 -0700588 return GetReturnErrorCode(result);
589}
590
Janis Danisevskis24c04702020-12-16 18:28:39 -0800591ErrorCode KeyMintAidlTestBase::Abort(const std::shared_ptr<IKeyMintOperation>& op) {
Selene Huang31ab4042020-04-29 04:22:39 -0700592 SCOPED_TRACE("Abort");
593
594 EXPECT_NE(op, nullptr);
Shawn Willden92d79c02021-02-19 07:31:55 -0700595 if (!op) return ErrorCode::UNEXPECTED_NULL_POINTER;
Selene Huang31ab4042020-04-29 04:22:39 -0700596
597 Status retval = op->abort();
598 EXPECT_TRUE(retval.isOk());
Janis Danisevskis24c04702020-12-16 18:28:39 -0800599 return static_cast<ErrorCode>(retval.getServiceSpecificError());
Selene Huang31ab4042020-04-29 04:22:39 -0700600}
601
602ErrorCode KeyMintAidlTestBase::Abort() {
603 SCOPED_TRACE("Abort");
604
605 EXPECT_NE(op_, nullptr);
Shawn Willden92d79c02021-02-19 07:31:55 -0700606 if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
Selene Huang31ab4042020-04-29 04:22:39 -0700607
608 Status retval = op_->abort();
Janis Danisevskis24c04702020-12-16 18:28:39 -0800609 return static_cast<ErrorCode>(retval.getServiceSpecificError());
Selene Huang31ab4042020-04-29 04:22:39 -0700610}
611
612void KeyMintAidlTestBase::AbortIfNeeded() {
613 SCOPED_TRACE("AbortIfNeeded");
614 if (op_) {
615 EXPECT_EQ(ErrorCode::OK, Abort());
Janis Danisevskis24c04702020-12-16 18:28:39 -0800616 op_.reset();
Selene Huang31ab4042020-04-29 04:22:39 -0700617 }
618}
619
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000620auto KeyMintAidlTestBase::ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
621 const string& message, const AuthorizationSet& in_params)
Shawn Willden92d79c02021-02-19 07:31:55 -0700622 -> std::tuple<ErrorCode, string> {
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000623 AuthorizationSet begin_out_params;
624 ErrorCode result = Begin(operation, key_blob, in_params, &begin_out_params);
Shawn Willden92d79c02021-02-19 07:31:55 -0700625 if (result != ErrorCode::OK) return {result, {}};
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000626
627 string output;
Shawn Willden92d79c02021-02-19 07:31:55 -0700628 return {Finish(message, &output), output};
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000629}
630
Selene Huang31ab4042020-04-29 04:22:39 -0700631string KeyMintAidlTestBase::ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
632 const string& message, const AuthorizationSet& in_params,
633 AuthorizationSet* out_params) {
634 SCOPED_TRACE("ProcessMessage");
635 AuthorizationSet begin_out_params;
Shawn Willden92d79c02021-02-19 07:31:55 -0700636 ErrorCode result = Begin(operation, key_blob, in_params, out_params);
Selene Huang31ab4042020-04-29 04:22:39 -0700637 EXPECT_EQ(ErrorCode::OK, result);
638 if (result != ErrorCode::OK) {
639 return "";
640 }
641
642 string output;
Shawn Willden92d79c02021-02-19 07:31:55 -0700643 EXPECT_EQ(ErrorCode::OK, Finish(message, &output));
Selene Huang31ab4042020-04-29 04:22:39 -0700644 return output;
645}
646
647string KeyMintAidlTestBase::SignMessage(const vector<uint8_t>& key_blob, const string& message,
648 const AuthorizationSet& params) {
649 SCOPED_TRACE("SignMessage");
650 AuthorizationSet out_params;
651 string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
652 EXPECT_TRUE(out_params.empty());
653 return signature;
654}
655
656string KeyMintAidlTestBase::SignMessage(const string& message, const AuthorizationSet& params) {
657 SCOPED_TRACE("SignMessage");
658 return SignMessage(key_blob_, message, params);
659}
660
661string KeyMintAidlTestBase::MacMessage(const string& message, Digest digest, size_t mac_length) {
662 SCOPED_TRACE("MacMessage");
663 return SignMessage(
664 key_blob_, message,
665 AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
666}
667
anil.hiranniah19a4ca12022-03-03 17:39:30 +0530668void KeyMintAidlTestBase::CheckAesIncrementalEncryptOperation(BlockMode block_mode,
669 int message_size) {
670 ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
671 .Authorization(TAG_NO_AUTH_REQUIRED)
672 .AesEncryptionKey(128)
673 .BlockMode(block_mode)
674 .Padding(PaddingMode::NONE)
675 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
676
677 for (int increment = 1; increment <= message_size; ++increment) {
678 string message(message_size, 'a');
679 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(PaddingMode::NONE);
680 if (block_mode == BlockMode::GCM) {
681 params.Authorization(TAG_MAC_LENGTH, 128) /* for GCM */;
682 }
683
684 AuthorizationSet output_params;
685 EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &output_params));
686
687 string ciphertext;
688 string to_send;
689 for (size_t i = 0; i < message.size(); i += increment) {
690 EXPECT_EQ(ErrorCode::OK, Update(message.substr(i, increment), &ciphertext));
691 }
692 EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext))
693 << "Error sending " << to_send << " with block mode " << block_mode;
694
695 switch (block_mode) {
696 case BlockMode::GCM:
697 EXPECT_EQ(message.size() + 16, ciphertext.size());
698 break;
699 case BlockMode::CTR:
700 EXPECT_EQ(message.size(), ciphertext.size());
701 break;
702 case BlockMode::CBC:
703 case BlockMode::ECB:
704 EXPECT_EQ(message.size() + message.size() % 16, ciphertext.size());
705 break;
706 }
707
708 auto iv = output_params.GetTagValue(TAG_NONCE);
709 switch (block_mode) {
710 case BlockMode::CBC:
711 case BlockMode::GCM:
712 case BlockMode::CTR:
713 ASSERT_TRUE(iv) << "No IV for block mode " << block_mode;
714 EXPECT_EQ(block_mode == BlockMode::GCM ? 12U : 16U, iv->get().size());
715 params.push_back(TAG_NONCE, iv->get());
716 break;
717
718 case BlockMode::ECB:
719 EXPECT_FALSE(iv) << "ECB mode should not generate IV";
720 break;
721 }
722
723 EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params))
724 << "Decrypt begin() failed for block mode " << block_mode;
725
726 string plaintext;
727 for (size_t i = 0; i < ciphertext.size(); i += increment) {
728 EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));
729 }
730 ErrorCode error = Finish(to_send, &plaintext);
731 ASSERT_EQ(ErrorCode::OK, error) << "Decryption failed for block mode " << block_mode
732 << " and increment " << increment;
733 if (error == ErrorCode::OK) {
734 ASSERT_EQ(message, plaintext) << "Decryption didn't match for block mode " << block_mode
735 << " and increment " << increment;
736 }
737 }
738}
739
Selene Huang31ab4042020-04-29 04:22:39 -0700740void KeyMintAidlTestBase::CheckHmacTestVector(const string& key, const string& message,
741 Digest digest, const string& expected_mac) {
742 SCOPED_TRACE("CheckHmacTestVector");
743 ASSERT_EQ(ErrorCode::OK,
744 ImportKey(AuthorizationSetBuilder()
745 .Authorization(TAG_NO_AUTH_REQUIRED)
746 .HmacKey(key.size() * 8)
747 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
748 .Digest(digest),
749 KeyFormat::RAW, key));
750 string signature = MacMessage(message, digest, expected_mac.size() * 8);
751 EXPECT_EQ(expected_mac, signature)
752 << "Test vector didn't match for key of size " << key.size() << " message of size "
753 << message.size() << " and digest " << digest;
754 CheckedDeleteKey();
755}
756
757void KeyMintAidlTestBase::CheckAesCtrTestVector(const string& key, const string& nonce,
758 const string& message,
759 const string& expected_ciphertext) {
760 SCOPED_TRACE("CheckAesCtrTestVector");
761 ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
762 .Authorization(TAG_NO_AUTH_REQUIRED)
763 .AesEncryptionKey(key.size() * 8)
764 .BlockMode(BlockMode::CTR)
765 .Authorization(TAG_CALLER_NONCE)
766 .Padding(PaddingMode::NONE),
767 KeyFormat::RAW, key));
768
769 auto params = AuthorizationSetBuilder()
770 .Authorization(TAG_NONCE, nonce.data(), nonce.size())
771 .BlockMode(BlockMode::CTR)
772 .Padding(PaddingMode::NONE);
773 AuthorizationSet out_params;
774 string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
775 EXPECT_EQ(expected_ciphertext, ciphertext);
776}
777
778void KeyMintAidlTestBase::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
779 PaddingMode padding_mode, const string& key,
780 const string& iv, const string& input,
781 const string& expected_output) {
782 auto authset = AuthorizationSetBuilder()
783 .TripleDesEncryptionKey(key.size() * 7)
784 .BlockMode(block_mode)
785 .Authorization(TAG_NO_AUTH_REQUIRED)
786 .Padding(padding_mode);
787 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
788 ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
789 ASSERT_GT(key_blob_.size(), 0U);
790
791 auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
792 if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
793 AuthorizationSet output_params;
794 string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
795 EXPECT_EQ(expected_output, output);
796}
797
798void KeyMintAidlTestBase::VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
799 const string& signature, const AuthorizationSet& params) {
800 SCOPED_TRACE("VerifyMessage");
801 AuthorizationSet begin_out_params;
802 ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params));
803
804 string output;
Shawn Willden92d79c02021-02-19 07:31:55 -0700805 EXPECT_EQ(ErrorCode::OK, Finish(message, signature, &output));
Selene Huang31ab4042020-04-29 04:22:39 -0700806 EXPECT_TRUE(output.empty());
Shawn Willden92d79c02021-02-19 07:31:55 -0700807 op_ = {};
Selene Huang31ab4042020-04-29 04:22:39 -0700808}
809
810void KeyMintAidlTestBase::VerifyMessage(const string& message, const string& signature,
811 const AuthorizationSet& params) {
812 SCOPED_TRACE("VerifyMessage");
813 VerifyMessage(key_blob_, message, signature, params);
814}
815
David Drysdaledf8f52e2021-05-06 08:10:58 +0100816void KeyMintAidlTestBase::LocalVerifyMessage(const string& message, const string& signature,
817 const AuthorizationSet& params) {
818 SCOPED_TRACE("LocalVerifyMessage");
819
820 // Retrieve the public key from the leaf certificate.
821 ASSERT_GT(cert_chain_.size(), 0);
822 X509_Ptr key_cert(parse_cert_blob(cert_chain_[0].encodedCertificate));
823 ASSERT_TRUE(key_cert.get());
824 EVP_PKEY_Ptr pub_key(X509_get_pubkey(key_cert.get()));
825 ASSERT_TRUE(pub_key.get());
826
827 Digest digest = params.GetTagValue(TAG_DIGEST).value();
828 PaddingMode padding = PaddingMode::NONE;
829 auto tag = params.GetTagValue(TAG_PADDING);
830 if (tag.has_value()) {
831 padding = tag.value();
832 }
833
834 if (digest == Digest::NONE) {
835 switch (EVP_PKEY_id(pub_key.get())) {
David Drysdale42fe1892021-10-14 14:43:46 +0100836 case EVP_PKEY_ED25519: {
837 ASSERT_EQ(64, signature.size());
838 uint8_t pub_keydata[32];
839 size_t pub_len = sizeof(pub_keydata);
840 ASSERT_EQ(1, EVP_PKEY_get_raw_public_key(pub_key.get(), pub_keydata, &pub_len));
841 ASSERT_EQ(sizeof(pub_keydata), pub_len);
842 ASSERT_EQ(1, ED25519_verify(reinterpret_cast<const uint8_t*>(message.data()),
843 message.size(),
844 reinterpret_cast<const uint8_t*>(signature.data()),
845 pub_keydata));
846 break;
847 }
848
David Drysdaledf8f52e2021-05-06 08:10:58 +0100849 case EVP_PKEY_EC: {
850 vector<uint8_t> data((EVP_PKEY_bits(pub_key.get()) + 7) / 8);
851 size_t data_size = std::min(data.size(), message.size());
852 memcpy(data.data(), message.data(), data_size);
853 EC_KEY_Ptr ecdsa(EVP_PKEY_get1_EC_KEY(pub_key.get()));
854 ASSERT_TRUE(ecdsa.get());
855 ASSERT_EQ(1,
856 ECDSA_verify(0, reinterpret_cast<const uint8_t*>(data.data()), data_size,
857 reinterpret_cast<const uint8_t*>(signature.data()),
858 signature.size(), ecdsa.get()));
859 break;
860 }
861 case EVP_PKEY_RSA: {
862 vector<uint8_t> data(EVP_PKEY_size(pub_key.get()));
863 size_t data_size = std::min(data.size(), message.size());
864 memcpy(data.data(), message.data(), data_size);
865
866 RSA_Ptr rsa(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pub_key.get())));
867 ASSERT_TRUE(rsa.get());
868
869 size_t key_len = RSA_size(rsa.get());
870 int openssl_padding = RSA_NO_PADDING;
871 switch (padding) {
872 case PaddingMode::NONE:
873 ASSERT_TRUE(data_size <= key_len);
874 ASSERT_EQ(key_len, signature.size());
875 openssl_padding = RSA_NO_PADDING;
876 break;
877 case PaddingMode::RSA_PKCS1_1_5_SIGN:
878 ASSERT_TRUE(data_size + kPkcs1UndigestedSignaturePaddingOverhead <=
879 key_len);
880 openssl_padding = RSA_PKCS1_PADDING;
881 break;
882 default:
883 ADD_FAILURE() << "Unsupported RSA padding mode " << padding;
884 }
885
886 vector<uint8_t> decrypted_data(key_len);
887 int bytes_decrypted = RSA_public_decrypt(
888 signature.size(), reinterpret_cast<const uint8_t*>(signature.data()),
889 decrypted_data.data(), rsa.get(), openssl_padding);
890 ASSERT_GE(bytes_decrypted, 0);
891
892 const uint8_t* compare_pos = decrypted_data.data();
893 size_t bytes_to_compare = bytes_decrypted;
894 uint8_t zero_check_result = 0;
895 if (padding == PaddingMode::NONE && data_size < bytes_to_compare) {
896 // If the data is short, for "unpadded" signing we zero-pad to the left. So
897 // during verification we should have zeros on the left of the decrypted data.
898 // Do a constant-time check.
899 const uint8_t* zero_end = compare_pos + bytes_to_compare - data_size;
900 while (compare_pos < zero_end) zero_check_result |= *compare_pos++;
901 ASSERT_EQ(0, zero_check_result);
902 bytes_to_compare = data_size;
903 }
904 ASSERT_EQ(0, memcmp(compare_pos, data.data(), bytes_to_compare));
905 break;
906 }
907 default:
908 ADD_FAILURE() << "Unknown public key type";
909 }
910 } else {
911 EVP_MD_CTX digest_ctx;
912 EVP_MD_CTX_init(&digest_ctx);
913 EVP_PKEY_CTX* pkey_ctx;
914 const EVP_MD* md = openssl_digest(digest);
915 ASSERT_NE(md, nullptr);
916 ASSERT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, md, nullptr, pub_key.get()));
917
918 if (padding == PaddingMode::RSA_PSS) {
919 EXPECT_GT(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING), 0);
920 EXPECT_GT(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, EVP_MD_size(md)), 0);
David Drysdalec6b89072021-12-14 14:32:51 +0000921 EXPECT_GT(EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, md), 0);
David Drysdaledf8f52e2021-05-06 08:10:58 +0100922 }
923
924 ASSERT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx,
925 reinterpret_cast<const uint8_t*>(message.data()),
926 message.size()));
927 ASSERT_EQ(1, EVP_DigestVerifyFinal(&digest_ctx,
928 reinterpret_cast<const uint8_t*>(signature.data()),
929 signature.size()));
930 EVP_MD_CTX_cleanup(&digest_ctx);
931 }
932}
933
David Drysdale59cae642021-05-12 13:52:03 +0100934string KeyMintAidlTestBase::LocalRsaEncryptMessage(const string& message,
935 const AuthorizationSet& params) {
936 SCOPED_TRACE("LocalRsaEncryptMessage");
937
938 // Retrieve the public key from the leaf certificate.
939 if (cert_chain_.empty()) {
940 ADD_FAILURE() << "No public key available";
941 return "Failure";
942 }
943 X509_Ptr key_cert(parse_cert_blob(cert_chain_[0].encodedCertificate));
944 EVP_PKEY_Ptr pub_key(X509_get_pubkey(key_cert.get()));
945 RSA_Ptr rsa(EVP_PKEY_get1_RSA(const_cast<EVP_PKEY*>(pub_key.get())));
946
947 // Retrieve relevant tags.
948 Digest digest = Digest::NONE;
949 Digest mgf_digest = Digest::NONE;
950 PaddingMode padding = PaddingMode::NONE;
951
952 auto digest_tag = params.GetTagValue(TAG_DIGEST);
953 if (digest_tag.has_value()) digest = digest_tag.value();
954 auto pad_tag = params.GetTagValue(TAG_PADDING);
955 if (pad_tag.has_value()) padding = pad_tag.value();
956 auto mgf_tag = params.GetTagValue(TAG_RSA_OAEP_MGF_DIGEST);
957 if (mgf_tag.has_value()) mgf_digest = mgf_tag.value();
958
959 const EVP_MD* md = openssl_digest(digest);
960 const EVP_MD* mgf_md = openssl_digest(mgf_digest);
961
962 // Set up encryption context.
963 EVP_PKEY_CTX_Ptr ctx(EVP_PKEY_CTX_new(pub_key.get(), /* engine= */ nullptr));
964 if (EVP_PKEY_encrypt_init(ctx.get()) <= 0) {
965 ADD_FAILURE() << "Encryption init failed: " << ERR_peek_last_error();
966 return "Failure";
967 }
968
969 int rc = -1;
970 switch (padding) {
971 case PaddingMode::NONE:
972 rc = EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING);
973 break;
974 case PaddingMode::RSA_PKCS1_1_5_ENCRYPT:
975 rc = EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_PADDING);
976 break;
977 case PaddingMode::RSA_OAEP:
978 rc = EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_OAEP_PADDING);
979 break;
980 default:
981 break;
982 }
983 if (rc <= 0) {
984 ADD_FAILURE() << "Set padding failed: " << ERR_peek_last_error();
985 return "Failure";
986 }
987 if (padding == PaddingMode::RSA_OAEP) {
988 if (!EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), md)) {
989 ADD_FAILURE() << "Set digest failed: " << ERR_peek_last_error();
990 return "Failure";
991 }
992 if (!EVP_PKEY_CTX_set_rsa_mgf1_md(ctx.get(), mgf_md)) {
993 ADD_FAILURE() << "Set MGF digest failed: " << ERR_peek_last_error();
994 return "Failure";
995 }
996 }
997
998 // Determine output size.
999 size_t outlen;
1000 if (EVP_PKEY_encrypt(ctx.get(), nullptr /* out */, &outlen,
1001 reinterpret_cast<const uint8_t*>(message.data()), message.size()) <= 0) {
1002 ADD_FAILURE() << "Determine output size failed: " << ERR_peek_last_error();
1003 return "Failure";
1004 }
1005
1006 // Left-zero-pad the input if necessary.
1007 const uint8_t* to_encrypt = reinterpret_cast<const uint8_t*>(message.data());
1008 size_t to_encrypt_len = message.size();
1009
1010 std::unique_ptr<string> zero_padded_message;
1011 if (padding == PaddingMode::NONE && to_encrypt_len < outlen) {
1012 zero_padded_message.reset(new string(outlen, '\0'));
1013 memcpy(zero_padded_message->data() + (outlen - to_encrypt_len), message.data(),
1014 message.size());
1015 to_encrypt = reinterpret_cast<const uint8_t*>(zero_padded_message->data());
1016 to_encrypt_len = outlen;
1017 }
1018
1019 // Do the encryption.
1020 string output(outlen, '\0');
1021 if (EVP_PKEY_encrypt(ctx.get(), reinterpret_cast<uint8_t*>(output.data()), &outlen, to_encrypt,
1022 to_encrypt_len) <= 0) {
1023 ADD_FAILURE() << "Encryption failed: " << ERR_peek_last_error();
1024 return "Failure";
1025 }
1026 return output;
1027}
1028
Selene Huang31ab4042020-04-29 04:22:39 -07001029string KeyMintAidlTestBase::EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
1030 const AuthorizationSet& in_params,
1031 AuthorizationSet* out_params) {
1032 SCOPED_TRACE("EncryptMessage");
1033 return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
1034}
1035
1036string KeyMintAidlTestBase::EncryptMessage(const string& message, const AuthorizationSet& params,
1037 AuthorizationSet* out_params) {
1038 SCOPED_TRACE("EncryptMessage");
1039 return EncryptMessage(key_blob_, message, params, out_params);
1040}
1041
1042string KeyMintAidlTestBase::EncryptMessage(const string& message, const AuthorizationSet& params) {
1043 SCOPED_TRACE("EncryptMessage");
1044 AuthorizationSet out_params;
1045 string ciphertext = EncryptMessage(message, params, &out_params);
1046 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
1047 return ciphertext;
1048}
1049
1050string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
1051 PaddingMode padding) {
1052 SCOPED_TRACE("EncryptMessage");
1053 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
1054 AuthorizationSet out_params;
1055 string ciphertext = EncryptMessage(message, params, &out_params);
1056 EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
1057 return ciphertext;
1058}
1059
1060string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
1061 PaddingMode padding, vector<uint8_t>* iv_out) {
1062 SCOPED_TRACE("EncryptMessage");
1063 auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
1064 AuthorizationSet out_params;
1065 string ciphertext = EncryptMessage(message, params, &out_params);
1066 EXPECT_EQ(1U, out_params.size());
1067 auto ivVal = out_params.GetTagValue(TAG_NONCE);
Janis Danisevskis5ba09332020-12-17 10:05:15 -08001068 EXPECT_TRUE(ivVal);
1069 if (ivVal) *iv_out = *ivVal;
Selene Huang31ab4042020-04-29 04:22:39 -07001070 return ciphertext;
1071}
1072
1073string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
1074 PaddingMode padding, const vector<uint8_t>& iv_in) {
1075 SCOPED_TRACE("EncryptMessage");
1076 auto params = AuthorizationSetBuilder()
1077 .BlockMode(block_mode)
1078 .Padding(padding)
1079 .Authorization(TAG_NONCE, iv_in);
1080 AuthorizationSet out_params;
1081 string ciphertext = EncryptMessage(message, params, &out_params);
1082 return ciphertext;
1083}
1084
1085string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
1086 PaddingMode padding, uint8_t mac_length_bits,
1087 const vector<uint8_t>& iv_in) {
1088 SCOPED_TRACE("EncryptMessage");
1089 auto params = AuthorizationSetBuilder()
1090 .BlockMode(block_mode)
1091 .Padding(padding)
1092 .Authorization(TAG_MAC_LENGTH, mac_length_bits)
1093 .Authorization(TAG_NONCE, iv_in);
1094 AuthorizationSet out_params;
1095 string ciphertext = EncryptMessage(message, params, &out_params);
1096 return ciphertext;
1097}
1098
David Drysdaled2cc8c22021-04-15 13:29:45 +01001099string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
1100 PaddingMode padding, uint8_t mac_length_bits) {
1101 SCOPED_TRACE("EncryptMessage");
1102 auto params = AuthorizationSetBuilder()
1103 .BlockMode(block_mode)
1104 .Padding(padding)
1105 .Authorization(TAG_MAC_LENGTH, mac_length_bits);
1106 AuthorizationSet out_params;
1107 string ciphertext = EncryptMessage(message, params, &out_params);
1108 return ciphertext;
1109}
1110
Selene Huang31ab4042020-04-29 04:22:39 -07001111string KeyMintAidlTestBase::DecryptMessage(const vector<uint8_t>& key_blob,
1112 const string& ciphertext,
1113 const AuthorizationSet& params) {
1114 SCOPED_TRACE("DecryptMessage");
1115 AuthorizationSet out_params;
1116 string plaintext =
1117 ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
1118 EXPECT_TRUE(out_params.empty());
1119 return plaintext;
1120}
1121
1122string KeyMintAidlTestBase::DecryptMessage(const string& ciphertext,
1123 const AuthorizationSet& params) {
1124 SCOPED_TRACE("DecryptMessage");
1125 return DecryptMessage(key_blob_, ciphertext, params);
1126}
1127
1128string KeyMintAidlTestBase::DecryptMessage(const string& ciphertext, BlockMode block_mode,
1129 PaddingMode padding_mode, const vector<uint8_t>& iv) {
1130 SCOPED_TRACE("DecryptMessage");
1131 auto params = AuthorizationSetBuilder()
1132 .BlockMode(block_mode)
1133 .Padding(padding_mode)
1134 .Authorization(TAG_NONCE, iv);
1135 return DecryptMessage(key_blob_, ciphertext, params);
1136}
1137
1138std::pair<ErrorCode, vector<uint8_t>> KeyMintAidlTestBase::UpgradeKey(
1139 const vector<uint8_t>& key_blob) {
1140 std::pair<ErrorCode, vector<uint8_t>> retval;
1141 vector<uint8_t> outKeyBlob;
1142 Status result = keymint_->upgradeKey(key_blob, vector<KeyParameter>(), &outKeyBlob);
1143 ErrorCode errorcode = GetReturnErrorCode(result);
1144 retval = std::tie(errorcode, outKeyBlob);
1145
1146 return retval;
1147}
1148vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {
1149 switch (algorithm) {
1150 case Algorithm::RSA:
1151 switch (SecLevel()) {
1152 case SecurityLevel::SOFTWARE:
1153 case SecurityLevel::TRUSTED_ENVIRONMENT:
1154 return {2048, 3072, 4096};
1155 case SecurityLevel::STRONGBOX:
1156 return {2048};
1157 default:
1158 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
1159 break;
1160 }
1161 break;
1162 case Algorithm::EC:
David Drysdaledf09e542021-06-08 15:46:11 +01001163 ADD_FAILURE() << "EC keys must be specified by curve not size";
Selene Huang31ab4042020-04-29 04:22:39 -07001164 break;
1165 case Algorithm::AES:
1166 return {128, 256};
1167 case Algorithm::TRIPLE_DES:
1168 return {168};
1169 case Algorithm::HMAC: {
1170 vector<uint32_t> retval((512 - 64) / 8 + 1);
1171 uint32_t size = 64 - 8;
1172 std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
1173 return retval;
1174 }
1175 default:
1176 ADD_FAILURE() << "Invalid Algorithm: " << algorithm;
1177 return {};
1178 }
1179 ADD_FAILURE() << "Should be impossible to get here";
1180 return {};
1181}
1182
1183vector<uint32_t> KeyMintAidlTestBase::InvalidKeySizes(Algorithm algorithm) {
1184 if (SecLevel() == SecurityLevel::STRONGBOX) {
1185 switch (algorithm) {
1186 case Algorithm::RSA:
1187 return {3072, 4096};
1188 case Algorithm::EC:
1189 return {224, 384, 521};
1190 case Algorithm::AES:
1191 return {192};
David Drysdale7de9feb2021-03-05 14:56:19 +00001192 case Algorithm::TRIPLE_DES:
1193 return {56};
1194 default:
1195 return {};
1196 }
1197 } else {
1198 switch (algorithm) {
Prashant Patild72b3512021-11-16 08:19:19 +00001199 case Algorithm::AES:
1200 return {64, 96, 131, 512};
David Drysdale7de9feb2021-03-05 14:56:19 +00001201 case Algorithm::TRIPLE_DES:
1202 return {56};
Selene Huang31ab4042020-04-29 04:22:39 -07001203 default:
1204 return {};
1205 }
1206 }
1207 return {};
1208}
1209
David Drysdale7de9feb2021-03-05 14:56:19 +00001210vector<BlockMode> KeyMintAidlTestBase::ValidBlockModes(Algorithm algorithm) {
1211 switch (algorithm) {
1212 case Algorithm::AES:
1213 return {
1214 BlockMode::CBC,
1215 BlockMode::CTR,
1216 BlockMode::ECB,
1217 BlockMode::GCM,
1218 };
1219 case Algorithm::TRIPLE_DES:
1220 return {
1221 BlockMode::CBC,
1222 BlockMode::ECB,
1223 };
1224 default:
1225 return {};
1226 }
1227}
1228
1229vector<PaddingMode> KeyMintAidlTestBase::ValidPaddingModes(Algorithm algorithm,
1230 BlockMode blockMode) {
1231 switch (algorithm) {
1232 case Algorithm::AES:
1233 switch (blockMode) {
1234 case BlockMode::CBC:
1235 case BlockMode::ECB:
1236 return {PaddingMode::NONE, PaddingMode::PKCS7};
1237 case BlockMode::CTR:
1238 case BlockMode::GCM:
1239 return {PaddingMode::NONE};
1240 default:
1241 return {};
1242 };
1243 case Algorithm::TRIPLE_DES:
1244 switch (blockMode) {
1245 case BlockMode::CBC:
1246 case BlockMode::ECB:
1247 return {PaddingMode::NONE, PaddingMode::PKCS7};
1248 default:
1249 return {};
1250 };
1251 default:
1252 return {};
1253 }
1254}
1255
1256vector<PaddingMode> KeyMintAidlTestBase::InvalidPaddingModes(Algorithm algorithm,
1257 BlockMode blockMode) {
1258 switch (algorithm) {
1259 case Algorithm::AES:
1260 switch (blockMode) {
1261 case BlockMode::CTR:
1262 case BlockMode::GCM:
1263 return {PaddingMode::PKCS7};
1264 default:
1265 return {};
1266 };
1267 default:
1268 return {};
1269 }
1270}
1271
Selene Huang31ab4042020-04-29 04:22:39 -07001272vector<EcCurve> KeyMintAidlTestBase::ValidCurves() {
1273 if (securityLevel_ == SecurityLevel::STRONGBOX) {
1274 return {EcCurve::P_256};
David Drysdale42fe1892021-10-14 14:43:46 +01001275 } else if (Curve25519Supported()) {
1276 return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521,
1277 EcCurve::CURVE_25519};
Selene Huang31ab4042020-04-29 04:22:39 -07001278 } else {
David Drysdale42fe1892021-10-14 14:43:46 +01001279 return {
1280 EcCurve::P_224,
1281 EcCurve::P_256,
1282 EcCurve::P_384,
1283 EcCurve::P_521,
1284 };
Selene Huang31ab4042020-04-29 04:22:39 -07001285 }
1286}
1287
1288vector<EcCurve> KeyMintAidlTestBase::InvalidCurves() {
David Drysdaledf09e542021-06-08 15:46:11 +01001289 if (SecLevel() == SecurityLevel::STRONGBOX) {
David Drysdale42fe1892021-10-14 14:43:46 +01001290 // Curve 25519 is not supported, either because:
1291 // - KeyMint v1: it's an unknown enum value
1292 // - KeyMint v2+: it's not supported by StrongBox.
1293 return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521, EcCurve::CURVE_25519};
David Drysdaledf09e542021-06-08 15:46:11 +01001294 } else {
David Drysdale42fe1892021-10-14 14:43:46 +01001295 if (Curve25519Supported()) {
1296 return {};
1297 } else {
1298 return {EcCurve::CURVE_25519};
1299 }
David Drysdaledf09e542021-06-08 15:46:11 +01001300 }
Selene Huang31ab4042020-04-29 04:22:39 -07001301}
1302
subrahmanyaman05642492022-02-05 07:10:56 +00001303vector<uint64_t> KeyMintAidlTestBase::ValidExponents() {
1304 if (SecLevel() == SecurityLevel::STRONGBOX) {
1305 return {65537};
1306 } else {
1307 return {3, 65537};
1308 }
1309}
1310
Selene Huang31ab4042020-04-29 04:22:39 -07001311vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
1312 switch (SecLevel()) {
1313 case SecurityLevel::SOFTWARE:
1314 case SecurityLevel::TRUSTED_ENVIRONMENT:
1315 if (withNone) {
1316 if (withMD5)
1317 return {Digest::NONE, Digest::MD5, Digest::SHA1,
1318 Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
1319 Digest::SHA_2_512};
1320 else
1321 return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
1322 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
1323 } else {
1324 if (withMD5)
1325 return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
1326 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
1327 else
1328 return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
1329 Digest::SHA_2_512};
1330 }
1331 break;
1332 case SecurityLevel::STRONGBOX:
1333 if (withNone)
1334 return {Digest::NONE, Digest::SHA_2_256};
1335 else
1336 return {Digest::SHA_2_256};
1337 break;
1338 default:
1339 ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
1340 break;
1341 }
1342 ADD_FAILURE() << "Should be impossible to get here";
1343 return {};
1344}
1345
Shawn Willden7f424372021-01-10 18:06:50 -07001346static const vector<KeyParameter> kEmptyAuthList{};
1347
1348const vector<KeyParameter>& KeyMintAidlTestBase::SecLevelAuthorizations(
1349 const vector<KeyCharacteristics>& key_characteristics) {
1350 auto found = std::find_if(key_characteristics.begin(), key_characteristics.end(),
1351 [this](auto& entry) { return entry.securityLevel == SecLevel(); });
1352 return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations;
1353}
1354
Qi Wubeefae42021-01-28 23:16:37 +08001355const vector<KeyParameter>& KeyMintAidlTestBase::SecLevelAuthorizations(
1356 const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel) {
1357 auto found = std::find_if(
1358 key_characteristics.begin(), key_characteristics.end(),
1359 [securityLevel](auto& entry) { return entry.securityLevel == securityLevel; });
Shawn Willden0e80b5d2020-12-17 09:07:27 -07001360 return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations;
1361}
1362
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +00001363ErrorCode KeyMintAidlTestBase::UseAesKey(const vector<uint8_t>& aesKeyBlob) {
Shawn Willden92d79c02021-02-19 07:31:55 -07001364 auto [result, ciphertext] = ProcessMessage(
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +00001365 aesKeyBlob, KeyPurpose::ENCRYPT, "1234567890123456",
1366 AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE));
1367 return result;
1368}
1369
1370ErrorCode KeyMintAidlTestBase::UseHmacKey(const vector<uint8_t>& hmacKeyBlob) {
Shawn Willden92d79c02021-02-19 07:31:55 -07001371 auto [result, mac] = ProcessMessage(
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +00001372 hmacKeyBlob, KeyPurpose::SIGN, "1234567890123456",
1373 AuthorizationSetBuilder().Authorization(TAG_MAC_LENGTH, 128).Digest(Digest::SHA_2_256));
1374 return result;
1375}
1376
1377ErrorCode KeyMintAidlTestBase::UseRsaKey(const vector<uint8_t>& rsaKeyBlob) {
1378 std::string message(2048 / 8, 'a');
Shawn Willden92d79c02021-02-19 07:31:55 -07001379 auto [result, signature] = ProcessMessage(
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +00001380 rsaKeyBlob, KeyPurpose::SIGN, message,
1381 AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
1382 return result;
1383}
1384
1385ErrorCode KeyMintAidlTestBase::UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob) {
Shawn Willden92d79c02021-02-19 07:31:55 -07001386 auto [result, signature] = ProcessMessage(ecdsaKeyBlob, KeyPurpose::SIGN, "a",
1387 AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +00001388 return result;
1389}
1390
Selene Huang6e46f142021-04-20 19:20:11 -07001391void verify_serial(X509* cert, const uint64_t expected_serial) {
1392 BIGNUM_Ptr ser(BN_new());
1393 EXPECT_TRUE(ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), ser.get()));
1394
1395 uint64_t serial;
1396 EXPECT_TRUE(BN_get_u64(ser.get(), &serial));
1397 EXPECT_EQ(serial, expected_serial);
1398}
1399
1400// Please set self_signed to true for fake certificates or self signed
1401// certificates
1402void verify_subject(const X509* cert, //
1403 const string& subject, //
1404 bool self_signed) {
1405 char* cert_issuer = //
1406 X509_NAME_oneline(X509_get_issuer_name(cert), nullptr, 0);
1407
1408 char* cert_subj = X509_NAME_oneline(X509_get_subject_name(cert), nullptr, 0);
1409
1410 string expected_subject("/CN=");
1411 if (subject.empty()) {
1412 expected_subject.append("Android Keystore Key");
1413 } else {
1414 expected_subject.append(subject);
1415 }
1416
1417 EXPECT_STREQ(expected_subject.c_str(), cert_subj) << "Cert has wrong subject." << cert_subj;
1418
1419 if (self_signed) {
1420 EXPECT_STREQ(cert_issuer, cert_subj)
1421 << "Cert issuer and subject mismatch for self signed certificate.";
1422 }
1423
1424 OPENSSL_free(cert_subj);
1425 OPENSSL_free(cert_issuer);
1426}
1427
1428vector<uint8_t> build_serial_blob(const uint64_t serial_int) {
1429 BIGNUM_Ptr serial(BN_new());
1430 EXPECT_TRUE(BN_set_u64(serial.get(), serial_int));
1431
1432 int len = BN_num_bytes(serial.get());
1433 vector<uint8_t> serial_blob(len);
1434 if (BN_bn2bin(serial.get(), serial_blob.data()) != len) {
1435 return {};
1436 }
1437
David Drysdaledb0dcf52021-05-18 11:43:31 +01001438 if (serial_blob.empty() || serial_blob[0] & 0x80) {
1439 // An empty blob is OpenSSL's encoding of the zero value; we need single zero byte.
1440 // Top bit being set indicates a negative number in two's complement, but our input
1441 // was positive.
1442 // In either case, prepend a zero byte.
1443 serial_blob.insert(serial_blob.begin(), 0x00);
1444 }
1445
Selene Huang6e46f142021-04-20 19:20:11 -07001446 return serial_blob;
1447}
1448
1449void verify_subject_and_serial(const Certificate& certificate, //
1450 const uint64_t expected_serial, //
1451 const string& subject, bool self_signed) {
1452 X509_Ptr cert(parse_cert_blob(certificate.encodedCertificate));
1453 ASSERT_TRUE(!!cert.get());
1454
1455 verify_serial(cert.get(), expected_serial);
1456 verify_subject(cert.get(), subject, self_signed);
1457}
1458
David Drysdale7dff4fc2021-12-10 10:10:52 +00001459bool verify_attestation_record(int32_t aidl_version, //
1460 const string& challenge, //
Shawn Willden7c130392020-12-21 09:58:22 -07001461 const string& app_id, //
1462 AuthorizationSet expected_sw_enforced, //
1463 AuthorizationSet expected_hw_enforced, //
1464 SecurityLevel security_level,
David Drysdale565ccc72021-10-11 12:49:50 +01001465 const vector<uint8_t>& attestation_cert,
1466 vector<uint8_t>* unique_id) {
Shawn Willden7c130392020-12-21 09:58:22 -07001467 X509_Ptr cert(parse_cert_blob(attestation_cert));
1468 EXPECT_TRUE(!!cert.get());
1469 if (!cert.get()) return false;
1470
1471 ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get());
1472 EXPECT_TRUE(!!attest_rec);
1473 if (!attest_rec) return false;
1474
1475 AuthorizationSet att_sw_enforced;
1476 AuthorizationSet att_hw_enforced;
1477 uint32_t att_attestation_version;
David Drysdale37af4b32021-05-14 16:46:59 +01001478 uint32_t att_keymint_version;
Shawn Willden7c130392020-12-21 09:58:22 -07001479 SecurityLevel att_attestation_security_level;
David Drysdale37af4b32021-05-14 16:46:59 +01001480 SecurityLevel att_keymint_security_level;
Shawn Willden7c130392020-12-21 09:58:22 -07001481 vector<uint8_t> att_challenge;
1482 vector<uint8_t> att_unique_id;
1483 vector<uint8_t> att_app_id;
1484
1485 auto error = parse_attestation_record(attest_rec->data, //
1486 attest_rec->length, //
1487 &att_attestation_version, //
1488 &att_attestation_security_level, //
David Drysdale37af4b32021-05-14 16:46:59 +01001489 &att_keymint_version, //
1490 &att_keymint_security_level, //
Shawn Willden7c130392020-12-21 09:58:22 -07001491 &att_challenge, //
1492 &att_sw_enforced, //
1493 &att_hw_enforced, //
1494 &att_unique_id);
1495 EXPECT_EQ(ErrorCode::OK, error);
1496 if (error != ErrorCode::OK) return false;
1497
David Drysdale7dff4fc2021-12-10 10:10:52 +00001498 check_attestation_version(att_attestation_version, aidl_version);
Selene Huang4f64c222021-04-13 19:54:36 -07001499 vector<uint8_t> appId(app_id.begin(), app_id.end());
Shawn Willden7c130392020-12-21 09:58:22 -07001500
Selene Huang4f64c222021-04-13 19:54:36 -07001501 // check challenge and app id only if we expects a non-fake certificate
1502 if (challenge.length() > 0) {
1503 EXPECT_EQ(challenge.length(), att_challenge.size());
1504 EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length()));
1505
1506 expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, appId);
1507 }
Shawn Willden7c130392020-12-21 09:58:22 -07001508
David Drysdale7dff4fc2021-12-10 10:10:52 +00001509 check_attestation_version(att_keymint_version, aidl_version);
David Drysdale37af4b32021-05-14 16:46:59 +01001510 EXPECT_EQ(security_level, att_keymint_security_level);
Shawn Willden7c130392020-12-21 09:58:22 -07001511 EXPECT_EQ(security_level, att_attestation_security_level);
1512
Shawn Willden7c130392020-12-21 09:58:22 -07001513
1514 char property_value[PROPERTY_VALUE_MAX] = {};
1515 // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed
David Drysdale37af4b32021-05-14 16:46:59 +01001516 // keymint implementation will report YYYYMM dates instead of YYYYMMDD
Shawn Willden7c130392020-12-21 09:58:22 -07001517 // for the BOOT_PATCH_LEVEL.
1518 if (avb_verification_enabled()) {
1519 for (int i = 0; i < att_hw_enforced.size(); i++) {
1520 if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL ||
1521 att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) {
1522 std::string date =
Tommy Chiuf00d8f12021-04-08 11:07:48 +08001523 std::to_string(att_hw_enforced[i].value.get<KeyParameterValue::integer>());
David Drysdale168228a2021-10-05 08:43:52 +01001524
Shawn Willden7c130392020-12-21 09:58:22 -07001525 // strptime seems to require delimiters, but the tag value will
1526 // be YYYYMMDD
David Drysdale168228a2021-10-05 08:43:52 +01001527 if (date.size() != 8) {
1528 ADD_FAILURE() << "Tag " << att_hw_enforced[i].tag
1529 << " with invalid format (not YYYYMMDD): " << date;
1530 return false;
1531 }
Shawn Willden7c130392020-12-21 09:58:22 -07001532 date.insert(6, "-");
1533 date.insert(4, "-");
Shawn Willden7c130392020-12-21 09:58:22 -07001534 struct tm time;
1535 strptime(date.c_str(), "%Y-%m-%d", &time);
1536
1537 // Day of the month (0-31)
1538 EXPECT_GE(time.tm_mday, 0);
1539 EXPECT_LT(time.tm_mday, 32);
1540 // Months since Jan (0-11)
1541 EXPECT_GE(time.tm_mon, 0);
1542 EXPECT_LT(time.tm_mon, 12);
1543 // Years since 1900
1544 EXPECT_GT(time.tm_year, 110);
1545 EXPECT_LT(time.tm_year, 200);
1546 }
1547 }
1548 }
1549
1550 // Check to make sure boolean values are properly encoded. Presence of a boolean tag
1551 // indicates true. A provided boolean tag that can be pulled back out of the certificate
1552 // indicates correct encoding. No need to check if it's in both lists, since the
1553 // AuthorizationSet compare below will handle mismatches of tags.
1554 if (security_level == SecurityLevel::SOFTWARE) {
1555 EXPECT_TRUE(expected_sw_enforced.Contains(TAG_NO_AUTH_REQUIRED));
1556 } else {
1557 EXPECT_TRUE(expected_hw_enforced.Contains(TAG_NO_AUTH_REQUIRED));
1558 }
1559
Shawn Willden7c130392020-12-21 09:58:22 -07001560 if (att_hw_enforced.Contains(TAG_ALGORITHM, Algorithm::EC)) {
1561 // For ECDSA keys, either an EC_CURVE or a KEY_SIZE can be specified, but one must be.
1562 EXPECT_TRUE(att_hw_enforced.Contains(TAG_EC_CURVE) ||
1563 att_hw_enforced.Contains(TAG_KEY_SIZE));
1564 }
1565
1566 // Test root of trust elements
1567 vector<uint8_t> verified_boot_key;
1568 VerifiedBoot verified_boot_state;
1569 bool device_locked;
1570 vector<uint8_t> verified_boot_hash;
1571 error = parse_root_of_trust(attest_rec->data, attest_rec->length, &verified_boot_key,
1572 &verified_boot_state, &device_locked, &verified_boot_hash);
1573 EXPECT_EQ(ErrorCode::OK, error);
1574
1575 if (avb_verification_enabled()) {
1576 EXPECT_NE(property_get("ro.boot.vbmeta.digest", property_value, ""), 0);
1577 string prop_string(property_value);
1578 EXPECT_EQ(prop_string.size(), 64);
1579 EXPECT_EQ(prop_string, bin2hex(verified_boot_hash));
1580
1581 EXPECT_NE(property_get("ro.boot.vbmeta.device_state", property_value, ""), 0);
1582 if (!strcmp(property_value, "unlocked")) {
1583 EXPECT_FALSE(device_locked);
1584 } else {
1585 EXPECT_TRUE(device_locked);
1586 }
1587
1588 // Check that the device is locked if not debuggable, e.g., user build
1589 // images in CTS. For VTS, debuggable images are used to allow adb root
1590 // and the device is unlocked.
1591 if (!property_get_bool("ro.debuggable", false)) {
1592 EXPECT_TRUE(device_locked);
1593 } else {
1594 EXPECT_FALSE(device_locked);
1595 }
1596 }
1597
1598 // Verified boot key should be all 0's if the boot state is not verified or self signed
1599 std::string empty_boot_key(32, '\0');
1600 std::string verified_boot_key_str((const char*)verified_boot_key.data(),
1601 verified_boot_key.size());
1602 EXPECT_NE(property_get("ro.boot.verifiedbootstate", property_value, ""), 0);
1603 if (!strcmp(property_value, "green")) {
1604 EXPECT_EQ(verified_boot_state, VerifiedBoot::VERIFIED);
1605 EXPECT_NE(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
1606 verified_boot_key.size()));
1607 } else if (!strcmp(property_value, "yellow")) {
1608 EXPECT_EQ(verified_boot_state, VerifiedBoot::SELF_SIGNED);
1609 EXPECT_NE(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
1610 verified_boot_key.size()));
1611 } else if (!strcmp(property_value, "orange")) {
1612 EXPECT_EQ(verified_boot_state, VerifiedBoot::UNVERIFIED);
1613 EXPECT_EQ(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
1614 verified_boot_key.size()));
1615 } else if (!strcmp(property_value, "red")) {
1616 EXPECT_EQ(verified_boot_state, VerifiedBoot::FAILED);
1617 } else {
1618 EXPECT_EQ(verified_boot_state, VerifiedBoot::UNVERIFIED);
1619 EXPECT_NE(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
1620 verified_boot_key.size()));
1621 }
1622
1623 att_sw_enforced.Sort();
1624 expected_sw_enforced.Sort();
David Drysdale37af4b32021-05-14 16:46:59 +01001625 EXPECT_EQ(filtered_tags(expected_sw_enforced), filtered_tags(att_sw_enforced));
Shawn Willden7c130392020-12-21 09:58:22 -07001626
1627 att_hw_enforced.Sort();
1628 expected_hw_enforced.Sort();
1629 EXPECT_EQ(filtered_tags(expected_hw_enforced), filtered_tags(att_hw_enforced));
1630
David Drysdale565ccc72021-10-11 12:49:50 +01001631 if (unique_id != nullptr) {
1632 *unique_id = att_unique_id;
1633 }
1634
Shawn Willden7c130392020-12-21 09:58:22 -07001635 return true;
1636}
1637
1638string bin2hex(const vector<uint8_t>& data) {
1639 string retval;
1640 retval.reserve(data.size() * 2 + 1);
1641 for (uint8_t byte : data) {
1642 retval.push_back(nibble2hex[0x0F & (byte >> 4)]);
1643 retval.push_back(nibble2hex[0x0F & byte]);
1644 }
1645 return retval;
1646}
1647
David Drysdalef0d516d2021-03-22 07:51:43 +00001648AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics) {
1649 AuthorizationSet authList;
1650 for (auto& entry : key_characteristics) {
1651 if (entry.securityLevel == SecurityLevel::STRONGBOX ||
1652 entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT) {
1653 authList.push_back(AuthorizationSet(entry.authorizations));
1654 }
1655 }
1656 return authList;
1657}
1658
1659AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics) {
1660 AuthorizationSet authList;
1661 for (auto& entry : key_characteristics) {
1662 if (entry.securityLevel == SecurityLevel::SOFTWARE ||
1663 entry.securityLevel == SecurityLevel::KEYSTORE) {
1664 authList.push_back(AuthorizationSet(entry.authorizations));
1665 }
1666 }
1667 return authList;
1668}
1669
Eran Messeri03d7a1a2021-07-06 12:07:57 +01001670AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain,
1671 bool strict_issuer_check) {
Shawn Willden7c130392020-12-21 09:58:22 -07001672 std::stringstream cert_data;
1673
1674 for (size_t i = 0; i < chain.size(); ++i) {
1675 cert_data << bin2hex(chain[i].encodedCertificate) << std::endl;
1676
1677 X509_Ptr key_cert(parse_cert_blob(chain[i].encodedCertificate));
1678 X509_Ptr signing_cert;
1679 if (i < chain.size() - 1) {
1680 signing_cert = parse_cert_blob(chain[i + 1].encodedCertificate);
1681 } else {
1682 signing_cert = parse_cert_blob(chain[i].encodedCertificate);
1683 }
1684 if (!key_cert.get() || !signing_cert.get()) return AssertionFailure() << cert_data.str();
1685
1686 EVP_PKEY_Ptr signing_pubkey(X509_get_pubkey(signing_cert.get()));
1687 if (!signing_pubkey.get()) return AssertionFailure() << cert_data.str();
1688
1689 if (!X509_verify(key_cert.get(), signing_pubkey.get())) {
1690 return AssertionFailure()
1691 << "Verification of certificate " << i << " failed "
1692 << "OpenSSL error string: " << ERR_error_string(ERR_get_error(), NULL) << '\n'
1693 << cert_data.str();
1694 }
1695
1696 string cert_issuer = x509NameToStr(X509_get_issuer_name(key_cert.get()));
1697 string signer_subj = x509NameToStr(X509_get_subject_name(signing_cert.get()));
Eran Messeri03d7a1a2021-07-06 12:07:57 +01001698 if (cert_issuer != signer_subj && strict_issuer_check) {
Selene Huang8f9494c2021-04-21 15:10:36 -07001699 return AssertionFailure() << "Cert " << i << " has wrong issuer.\n"
1700 << " Signer subject is " << signer_subj
1701 << " Issuer subject is " << cert_issuer << endl
1702 << cert_data.str();
Shawn Willden7c130392020-12-21 09:58:22 -07001703 }
Shawn Willden7c130392020-12-21 09:58:22 -07001704 }
1705
1706 if (KeyMintAidlTestBase::dump_Attestations) std::cout << cert_data.str();
1707 return AssertionSuccess();
1708}
1709
1710X509_Ptr parse_cert_blob(const vector<uint8_t>& blob) {
1711 const uint8_t* p = blob.data();
1712 return X509_Ptr(d2i_X509(nullptr /* allocate new */, &p, blob.size()));
1713}
1714
David Drysdalef0d516d2021-03-22 07:51:43 +00001715vector<uint8_t> make_name_from_str(const string& name) {
1716 X509_NAME_Ptr x509_name(X509_NAME_new());
1717 EXPECT_TRUE(x509_name.get() != nullptr);
1718 if (!x509_name) return {};
1719
1720 EXPECT_EQ(1, X509_NAME_add_entry_by_txt(x509_name.get(), //
1721 "CN", //
1722 MBSTRING_ASC,
1723 reinterpret_cast<const uint8_t*>(name.c_str()),
1724 -1, // len
1725 -1, // loc
1726 0 /* set */));
1727
1728 int len = i2d_X509_NAME(x509_name.get(), nullptr /* only return length */);
1729 EXPECT_GT(len, 0);
1730
1731 vector<uint8_t> retval(len);
1732 uint8_t* p = retval.data();
1733 i2d_X509_NAME(x509_name.get(), &p);
1734
1735 return retval;
1736}
1737
David Drysdale4dc01072021-04-01 12:17:35 +01001738namespace {
1739
1740void check_cose_key(const vector<uint8_t>& data, bool testMode) {
1741 auto [parsedPayload, __, payloadParseErr] = cppbor::parse(data);
1742 ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
1743
1744 // The following check assumes that canonical CBOR encoding is used for the COSE_Key.
1745 if (testMode) {
1746 EXPECT_THAT(cppbor::prettyPrint(parsedPayload.get()),
1747 MatchesRegex("{\n"
1748 " 1 : 2,\n" // kty: EC2
1749 " 3 : -7,\n" // alg: ES256
1750 " -1 : 1,\n" // EC id: P256
1751 // The regex {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}} matches a
1752 // sequence of 32 hexadecimal bytes, enclosed in braces and
1753 // separated by commas. In this case, some Ed25519 public key.
1754 " -2 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_x: data
1755 " -3 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_y: data
1756 " -70000 : null,\n" // test marker
1757 "}"));
1758 } else {
1759 EXPECT_THAT(cppbor::prettyPrint(parsedPayload.get()),
1760 MatchesRegex("{\n"
1761 " 1 : 2,\n" // kty: EC2
1762 " 3 : -7,\n" // alg: ES256
1763 " -1 : 1,\n" // EC id: P256
1764 // The regex {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}} matches a
1765 // sequence of 32 hexadecimal bytes, enclosed in braces and
1766 // separated by commas. In this case, some Ed25519 public key.
1767 " -2 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_x: data
1768 " -3 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_y: data
1769 "}"));
1770 }
1771}
1772
1773} // namespace
1774
1775void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
1776 vector<uint8_t>* payload_value) {
1777 auto [coseMac0, _, mac0ParseErr] = cppbor::parse(macedPubKey.macedKey);
1778 ASSERT_TRUE(coseMac0) << "COSE Mac0 parse failed " << mac0ParseErr;
1779
1780 ASSERT_NE(coseMac0->asArray(), nullptr);
1781 ASSERT_EQ(coseMac0->asArray()->size(), kCoseMac0EntryCount);
1782
1783 auto protParms = coseMac0->asArray()->get(kCoseMac0ProtectedParams)->asBstr();
1784 ASSERT_NE(protParms, nullptr);
1785
1786 // Header label:value of 'alg': HMAC-256
1787 ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");
1788
1789 auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
1790 ASSERT_NE(unprotParms, nullptr);
1791 ASSERT_EQ(unprotParms->size(), 0);
1792
1793 // The payload is a bstr holding an encoded COSE_Key
1794 auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
1795 ASSERT_NE(payload, nullptr);
1796 check_cose_key(payload->value(), testMode);
1797
1798 auto coseMac0Tag = coseMac0->asArray()->get(kCoseMac0Tag)->asBstr();
1799 ASSERT_TRUE(coseMac0Tag);
1800 auto extractedTag = coseMac0Tag->value();
1801 EXPECT_EQ(extractedTag.size(), 32U);
1802
1803 // Compare with tag generated with kTestMacKey. Should only match in test mode
Seth Moore026bb742021-04-30 11:41:18 -07001804 auto macFunction = [](const cppcose::bytevec& input) {
1805 return cppcose::generateHmacSha256(remote_prov::kTestMacKey, input);
1806 };
1807 auto testTag =
1808 cppcose::generateCoseMac0Mac(macFunction, {} /* external_aad */, payload->value());
David Drysdale4dc01072021-04-01 12:17:35 +01001809 ASSERT_TRUE(testTag) << "Tag calculation failed: " << testTag.message();
1810
1811 if (testMode) {
Seth Moore026bb742021-04-30 11:41:18 -07001812 EXPECT_THAT(*testTag, ElementsAreArray(extractedTag));
David Drysdale4dc01072021-04-01 12:17:35 +01001813 } else {
Seth Moore026bb742021-04-30 11:41:18 -07001814 EXPECT_THAT(*testTag, Not(ElementsAreArray(extractedTag)));
David Drysdale4dc01072021-04-01 12:17:35 +01001815 }
1816 if (payload_value != nullptr) {
1817 *payload_value = payload->value();
1818 }
1819}
1820
1821void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey) {
1822 // Extract x and y affine coordinates from the encoded Cose_Key.
1823 auto [parsedPayload, __, payloadParseErr] = cppbor::parse(coseKeyData);
1824 ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
1825 auto coseKey = parsedPayload->asMap();
1826 const std::unique_ptr<cppbor::Item>& xItem = coseKey->get(cppcose::CoseKey::PUBKEY_X);
1827 ASSERT_NE(xItem->asBstr(), nullptr);
1828 vector<uint8_t> x = xItem->asBstr()->value();
1829 const std::unique_ptr<cppbor::Item>& yItem = coseKey->get(cppcose::CoseKey::PUBKEY_Y);
1830 ASSERT_NE(yItem->asBstr(), nullptr);
1831 vector<uint8_t> y = yItem->asBstr()->value();
1832
1833 // Concatenate: 0x04 (uncompressed form marker) | x | y
1834 vector<uint8_t> pubKeyData{0x04};
1835 pubKeyData.insert(pubKeyData.end(), x.begin(), x.end());
1836 pubKeyData.insert(pubKeyData.end(), y.begin(), y.end());
1837
1838 EC_KEY_Ptr ecKey = EC_KEY_Ptr(EC_KEY_new());
1839 ASSERT_NE(ecKey, nullptr);
1840 EC_GROUP_Ptr group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
1841 ASSERT_NE(group, nullptr);
1842 ASSERT_EQ(EC_KEY_set_group(ecKey.get(), group.get()), 1);
1843 EC_POINT_Ptr point = EC_POINT_Ptr(EC_POINT_new(group.get()));
1844 ASSERT_NE(point, nullptr);
1845 ASSERT_EQ(EC_POINT_oct2point(group.get(), point.get(), pubKeyData.data(), pubKeyData.size(),
1846 nullptr),
1847 1);
1848 ASSERT_EQ(EC_KEY_set_public_key(ecKey.get(), point.get()), 1);
1849
1850 EVP_PKEY_Ptr pubKey = EVP_PKEY_Ptr(EVP_PKEY_new());
1851 ASSERT_NE(pubKey, nullptr);
1852 EVP_PKEY_assign_EC_KEY(pubKey.get(), ecKey.release());
1853 *signingKey = std::move(pubKey);
1854}
1855
Selene Huang31ab4042020-04-29 04:22:39 -07001856} // namespace test
Shawn Willden08a7e432020-12-11 13:05:27 +00001857
Janis Danisevskis24c04702020-12-16 18:28:39 -08001858} // namespace aidl::android::hardware::security::keymint