Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / fd3514abddfb899d949792f34956c863ed8a5ace / . / security / keymint / aidl / vts / functional / KeyMintAidlTestBase.h
blob: 1c121360f73211a477d5be2ddff581cdfcbc9406 [file] [log] [blame]
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]1/*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]17#pragma once
18
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]19#include <functional>
David Drysdale7b05efd2024-10-10 18:11:25 +0100[diff] [blame]20#include <optional>
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]21#include <string_view>
22
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]23#include <aidl/Gtest.h>
24#include <aidl/Vintf.h>
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]25#include <android-base/properties.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]26#include <binder/IServiceManager.h>
27#include <binder/ProcessState.h>
28#include <gtest/gtest.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]29#include <openssl/x509.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]30
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]31#include <aidl/android/hardware/security/keymint/ErrorCode.h>
32#include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]33#include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
Shawn Willden1d3f85e2020-12-09 14:18:44 -0700[diff] [blame]34
Shawn Willden4315e132022-03-20 12:49:46 -0600[diff] [blame]35#include <keymint_support/attestation_record.h>
Shawn Willden08a7e432020-12-11 13:05:27 +0000[diff] [blame]36#include <keymint_support/authorization_set.h>
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]37#include <keymint_support/openssl_utils.h>
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]38
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]39namespace aidl::android::hardware::security::keymint {
40
41::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set);
42
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]43inline bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
44 return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
45}
46
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]47namespace test {
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]48
49using ::android::sp;
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]50using Status = ::ndk::ScopedAStatus;
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]51using ::std::optional;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]52using ::std::shared_ptr;
53using ::std::string;
54using ::std::vector;
55
56constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF;
57
Subrahmanyaman50fcf7d2023-04-20 22:48:39 +0000[diff] [blame]58const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
59const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
David Drysdale6c9bdb82024-01-23 09:32:04 +0000[diff] [blame]60const string FEATURE_HARDWARE_KEYSTORE = "android.hardware.hardware_keystore";
Subrahmanyaman50fcf7d2023-04-20 22:48:39 +0000[diff] [blame]61
David Drysdale1b9febc2023-06-07 13:43:24 +0100[diff] [blame]62// RAII class to ensure that a keyblob is deleted regardless of how a test exits.
63class KeyBlobDeleter {
64 public:
65 KeyBlobDeleter(const shared_ptr<IKeyMintDevice>& keymint, const vector<uint8_t>& key_blob)
66 : keymint_(keymint), key_blob_(key_blob) {}
67 ~KeyBlobDeleter();
68
69 private:
70 shared_ptr<IKeyMintDevice> keymint_;
71 vector<uint8_t> key_blob_;
72};
73
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]74class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
75 public:
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]76 struct KeyData {
77 vector<uint8_t> blob;
78 vector<KeyCharacteristics> characteristics;
79 };
80
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]81 static bool arm_deleteAllKeys;
82 static bool dump_Attestations;
83
David Drysdale9f5c0c52022-11-03 15:10:16 +0000[diff] [blame]84 // Directory to store/retrieve keyblobs, using subdirectories named for the
85 // KeyMint instance in question (e.g. "./default/", "./strongbox/").
86 static std::string keyblob_dir;
Tommy Chiu025f3c52023-05-15 06:23:44 +0000[diff] [blame]87 // To specify if users expect an upgrade on the keyBlobs.
88 static std::optional<bool> expect_upgrade;
David Drysdale9f5c0c52022-11-03 15:10:16 +0000[diff] [blame]89
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]90 void SetUp() override;
91 void TearDown() override {
92 if (key_blob_.size()) {
93 CheckedDeleteKey();
94 }
95 AbortIfNeeded();
96 }
97
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]98 void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]99 IKeyMintDevice& keyMint() { return *keymint_; }
Prashant Patil2114dca2023-09-21 14:57:10 +0000[diff] [blame]100 int32_t AidlVersion() const;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]101 uint32_t os_version() { return os_version_; }
102 uint32_t os_patch_level() { return os_patch_level_; }
David Drysdalebb3d85e2021-04-13 11:15:51 +0100[diff] [blame]103 uint32_t vendor_patch_level() { return vendor_patch_level_; }
David Drysdale37af4b32021-05-14 16:46:59 +0100[diff] [blame]104 uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);
105 uint32_t boot_patch_level();
David Drysdaleda0b04c2024-11-07 13:35:43 +0000[diff] [blame]106 std::optional<vector<uint8_t>> getModuleHash();
Prashant Patil88ad1892022-03-15 16:31:02 +0000[diff] [blame]107 bool isDeviceIdAttestationRequired();
Rajesh Nyamagoud5283f812023-01-06 00:27:56 +0000[diff] [blame]108 bool isSecondImeiIdAttestationRequired();
Karuna Wadhera0c5b6502024-07-09 20:21:44 +0000[diff] [blame]109 std::optional<bool> isRkpOnly();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]110
David Drysdale42fe1892021-10-14 14:43:46 +0100[diff] [blame]111 bool Curve25519Supported();
112
Seth Moorec5c52ce2024-04-07 15:26:33 -0700[diff] [blame]113 ErrorCode GenerateKey(const AuthorizationSet& key_desc);
114
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]115 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
Seth Moorec5c52ce2024-04-07 15:26:33 -0700[diff] [blame]116 vector<KeyCharacteristics>* key_characteristics);
117
David Drysdaleda0b04c2024-11-07 13:35:43 +0000[diff] [blame]118 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
119 vector<KeyCharacteristics>* key_characteristics,
120 vector<Certificate>* cert_chain);
121
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]122 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
123 const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob,
124 vector<KeyCharacteristics>* key_characteristics,
125 vector<Certificate>* cert_chain);
subrahmanyaman7d9bc462022-03-16 01:40:39 +0000[diff] [blame]126
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]127 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
128 const string& key_material, vector<uint8_t>* key_blob,
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]129 vector<KeyCharacteristics>* key_characteristics);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]130 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
131 const string& key_material);
132
133 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
134 const AuthorizationSet& wrapping_key_desc, string masking_key,
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]135 const AuthorizationSet& unwrapping_params, int64_t password_sid,
136 int64_t biometric_sid);
137 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
138 const AuthorizationSet& wrapping_key_desc, string masking_key,
139 const AuthorizationSet& unwrapping_params) {
140 return ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, masking_key,
141 unwrapping_params, 0 /* password_sid */, 0 /* biometric_sid */);
142 }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]143
David Drysdale300b5552021-05-20 12:05:26 +0100[diff] [blame]144 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob, const vector<uint8_t>& app_id,
145 const vector<uint8_t>& app_data,
146 vector<KeyCharacteristics>* key_characteristics);
147 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob,
148 vector<KeyCharacteristics>* key_characteristics);
149
150 void CheckCharacteristics(const vector<uint8_t>& key_blob,
151 const vector<KeyCharacteristics>& generate_characteristics);
152 void CheckAppIdCharacteristics(const vector<uint8_t>& key_blob, std::string_view app_id_string,
153 std::string_view app_data_string,
154 const vector<KeyCharacteristics>& generate_characteristics);
155
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]156 ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
157 ErrorCode DeleteKey(bool keep_key_blob = false);
158
159 ErrorCode DeleteAllKeys();
160
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]161 ErrorCode DestroyAttestationIds();
162
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]163 void CheckedDeleteKey();
164
165 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
166 const AuthorizationSet& in_params, AuthorizationSet* out_params,
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]167 std::shared_ptr<IKeyMintOperation>& op);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]168 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
David Drysdale28fa9312023-02-01 14:53:01 +0000[diff] [blame]169 const AuthorizationSet& in_params, AuthorizationSet* out_params,
170 std::optional<HardwareAuthToken> hat = std::nullopt);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]171 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
172 AuthorizationSet* out_params);
173 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
174
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]175 ErrorCode UpdateAad(const string& input);
176 ErrorCode Update(const string& input, string* output);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]177
David Drysdale28fa9312023-02-01 14:53:01 +0000[diff] [blame]178 ErrorCode Finish(const string& message, const string& signature, string* output,
179 std::optional<HardwareAuthToken> hat = std::nullopt,
180 std::optional<secureclock::TimeStampToken> time_token = std::nullopt);
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]181 ErrorCode Finish(const string& message, string* output) {
182 return Finish(message, {} /* signature */, output);
183 }
184 ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]185
186 ErrorCode Abort();
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]187 ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]188 void AbortIfNeeded();
189
190 string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
191 const string& message, const AuthorizationSet& in_params,
192 AuthorizationSet* out_params);
Shawn Willden92d79c02021-02-19 07:31:55 -0700[diff] [blame]193 std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
194 const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
195 const AuthorizationSet& in_params);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]196 string SignMessage(const vector<uint8_t>& key_blob, const string& message,
197 const AuthorizationSet& params);
198 string SignMessage(const string& message, const AuthorizationSet& params);
199
200 string MacMessage(const string& message, Digest digest, size_t mac_length);
201
anil.hiranniah19a4ca12022-03-03 17:39:30 +0530[diff] [blame]202 void CheckAesIncrementalEncryptOperation(BlockMode block_mode, int message_size);
203
Prashant Patildd5f7f02022-07-06 18:58:07 +0000[diff] [blame]204 void AesCheckEncryptOneByteAtATime(const string& key, BlockMode block_mode,
205 PaddingMode padding_mode, const string& iv,
206 const string& plaintext, const string& exp_cipher_text);
207
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]208 void CheckHmacTestVector(const string& key, const string& message, Digest digest,
209 const string& expected_mac);
210
211 void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message,
212 const string& expected_ciphertext);
213
214 void CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
215 PaddingMode padding_mode, const string& key, const string& iv,
216 const string& input, const string& expected_output);
217
218 void VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
219 const string& signature, const AuthorizationSet& params);
220 void VerifyMessage(const string& message, const string& signature,
221 const AuthorizationSet& params);
David Drysdale9f5c0c52022-11-03 15:10:16 +0000[diff] [blame]222 void LocalVerifyMessage(const vector<uint8_t>& der_cert, const string& message,
223 const string& signature, const AuthorizationSet& params);
David Drysdaledf8f52e2021-05-06 08:10:58 +0100[diff] [blame]224 void LocalVerifyMessage(const string& message, const string& signature,
225 const AuthorizationSet& params);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]226
David Drysdale59cae642021-05-12 13:52:03 +0100[diff] [blame]227 string LocalRsaEncryptMessage(const string& message, const AuthorizationSet& params);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]228 string EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
229 const AuthorizationSet& in_params, AuthorizationSet* out_params);
230 string EncryptMessage(const string& message, const AuthorizationSet& params,
231 AuthorizationSet* out_params);
232 string EncryptMessage(const string& message, const AuthorizationSet& params);
233 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding);
234 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
235 vector<uint8_t>* iv_out);
236 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
237 const vector<uint8_t>& iv_in);
238 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
239 uint8_t mac_length_bits, const vector<uint8_t>& iv_in);
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]240 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
241 uint8_t mac_length_bits);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]242
243 string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext,
244 const AuthorizationSet& params);
245 string DecryptMessage(const string& ciphertext, const AuthorizationSet& params);
246 string DecryptMessage(const string& ciphertext, BlockMode block_mode, PaddingMode padding_mode,
247 const vector<uint8_t>& iv);
248
249 std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob);
250
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]251 template <typename TagType>
252 std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
253 KeyData /* ecdsaKey */>
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]254 CreateTestKeys(
255 TagType tagToTest, ErrorCode expectedReturn,
256 std::function<void(AuthorizationSetBuilder*)> tagModifier =
257 [](AuthorizationSetBuilder*) {}) {
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]258 /* AES */
259 KeyData aesKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]260 AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder()
261 .AesEncryptionKey(128)
262 .Authorization(tagToTest)
263 .BlockMode(BlockMode::ECB)
264 .Padding(PaddingMode::NONE)
265 .Authorization(TAG_NO_AUTH_REQUIRED);
266 tagModifier(&aesBuilder);
267 ErrorCode errorCode =
268 GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics);
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]269 EXPECT_EQ(expectedReturn, errorCode);
270
271 /* HMAC */
272 KeyData hmacKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]273 AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder()
274 .HmacKey(128)
275 .Authorization(tagToTest)
276 .Digest(Digest::SHA_2_256)
277 .Authorization(TAG_MIN_MAC_LENGTH, 128)
278 .Authorization(TAG_NO_AUTH_REQUIRED);
279 tagModifier(&hmacBuilder);
280 errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics);
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]281 EXPECT_EQ(expectedReturn, errorCode);
282
283 /* RSA */
284 KeyData rsaKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]285 AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder()
286 .RsaSigningKey(2048, 65537)
287 .Authorization(tagToTest)
288 .Digest(Digest::NONE)
289 .Padding(PaddingMode::NONE)
290 .Authorization(TAG_NO_AUTH_REQUIRED)
291 .SetDefaultValidity();
292 tagModifier(&rsaBuilder);
293 errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]294 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
295 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
296 EXPECT_EQ(expectedReturn, errorCode);
297 }
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]298
299 /* ECDSA */
300 KeyData ecdsaKeyData;
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]301 AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder()
David Drysdaledf09e542021-06-08 15:46:11 +0100[diff] [blame]302 .EcdsaSigningKey(EcCurve::P_256)
David Drysdaleadfe6112021-05-27 12:00:53 +0100[diff] [blame]303 .Authorization(tagToTest)
304 .Digest(Digest::SHA_2_256)
305 .Authorization(TAG_NO_AUTH_REQUIRED)
306 .SetDefaultValidity();
307 tagModifier(&ecdsaBuilder);
308 errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]309 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
310 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
311 EXPECT_EQ(expectedReturn, errorCode);
312 }
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]313 return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
314 }
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]315 bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
316 SecurityLevel SecLevel() const { return securityLevel_; }
Seth Moorea12ac742023-03-03 13:40:30 -0800[diff] [blame]317 bool IsRkpSupportRequired() const;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]318
319 vector<uint32_t> ValidKeySizes(Algorithm algorithm);
320 vector<uint32_t> InvalidKeySizes(Algorithm algorithm);
321
David Drysdale7de9feb2021-03-05 14:56:19 +0000[diff] [blame]322 vector<BlockMode> ValidBlockModes(Algorithm algorithm);
323 vector<PaddingMode> ValidPaddingModes(Algorithm algorithm, BlockMode blockMode);
324 vector<PaddingMode> InvalidPaddingModes(Algorithm algorithm, BlockMode blockMode);
325
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]326 vector<EcCurve> ValidCurves();
327 vector<EcCurve> InvalidCurves();
328
329 vector<Digest> ValidDigests(bool withNone, bool withMD5);
subrahmanyaman05642492022-02-05 07:10:56 +0000[diff] [blame]330 vector<uint64_t> ValidExponents();
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]331
332 static vector<string> build_params() {
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]333 auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]334 return params;
335 }
336
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]337 std::shared_ptr<IKeyMintOperation> op_;
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]338 vector<Certificate> cert_chain_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]339 vector<uint8_t> key_blob_;
Shawn Willden7f424372021-01-10 18:06:50 -0700[diff] [blame]340 vector<KeyCharacteristics> key_characteristics_;
341
342 const vector<KeyParameter>& SecLevelAuthorizations(
343 const vector<KeyCharacteristics>& key_characteristics);
344 inline const vector<KeyParameter>& SecLevelAuthorizations() {
345 return SecLevelAuthorizations(key_characteristics_);
346 }
Qi Wubeefae42021-01-28 23:16:37 +0800[diff] [blame]347 const vector<KeyParameter>& SecLevelAuthorizations(
348 const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel);
349
Chirag Pathak9ea6a0a2021-02-01 23:54:27 +0000[diff] [blame]350 ErrorCode UseAesKey(const vector<uint8_t>& aesKeyBlob);
351 ErrorCode UseHmacKey(const vector<uint8_t>& hmacKeyBlob);
352 ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
353 ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]354
Subrahmanyaman50fcf7d2023-04-20 22:48:39 +0000[diff] [blame]355 ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
356 const optional<AttestationKey>& attest_key,
357 vector<uint8_t>* key_blob,
358 vector<KeyCharacteristics>* key_characteristics,
359 vector<Certificate>* cert_chain);
360
361 bool is_attest_key_feature_disabled(void) const;
362 bool is_strongbox_enabled(void) const;
363 bool is_chipset_allowed_km4_strongbox(void) const;
David Drysdalec3de1ca2023-05-09 08:10:36 +0100[diff] [blame]364 bool shouldSkipAttestKeyTest(void) const;
Subrahmanyaman50fcf7d2023-04-20 22:48:39 +0000[diff] [blame]365
Prashant Patil2114dca2023-09-21 14:57:10 +0000[diff] [blame]366 void assert_mgf_digests_present_or_not_in_key_characteristics(
367 const vector<KeyCharacteristics>& key_characteristics,
368 std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
369 bool is_mgf_digest_expected) const;
370
371 void assert_mgf_digests_present_or_not_in_key_characteristics(
372 std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
373 bool is_mgf_digest_expected) const;
374
Shawn Willdend659c7c2021-02-19 14:51:51 -0700[diff] [blame]375 protected:
Janis Danisevskis24c04702020-12-16 18:28:39 -0800[diff] [blame]376 std::shared_ptr<IKeyMintDevice> keymint_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]377 uint32_t os_version_;
378 uint32_t os_patch_level_;
David Drysdalebb3d85e2021-04-13 11:15:51 +0100[diff] [blame]379 uint32_t vendor_patch_level_;
David Drysdaled2cc8c22021-04-15 13:29:45 +0100[diff] [blame]380 bool timestamp_token_required_;
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]381
382 SecurityLevel securityLevel_;
383 string name_;
384 string author_;
David Drysdale4cbe2152023-03-07 14:44:38 +0000[diff] [blame]385 int64_t challenge_;
Prashant Patildd5f7f02022-07-06 18:58:07 +0000[diff] [blame]386
387 private:
388 void CheckEncryptOneByteAtATime(BlockMode block_mode, const int block_size,
389 PaddingMode padding_mode, const string& iv,
390 const string& plaintext, const string& exp_cipher_text);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]391};
392
David Drysdale7b05efd2024-10-10 18:11:25 +0100[diff] [blame]393// If the given string is non-empty, add it to the tag set under the given tag ID.
394template <Tag tag>
395void add_tag(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
396 const std::string& prop_value) {
397 if (!prop_value.empty()) {
398 tags->Authorization(ttag, prop_value.data(), prop_value.size());
399 }
400}
401
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]402// If the given property is available, add it to the tag set under the given tag ID.
403template <Tag tag>
404void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
405 const char* prop) {
David Drysdale7b05efd2024-10-10 18:11:25 +0100[diff] [blame]406 add_tag(tags, ttag, ::android::base::GetProperty(prop, /* default= */ ""));
David Drysdalea676c3b2021-06-14 14:46:02 +0100[diff] [blame]407}
408
Shawn Willden22fb9c12022-06-02 14:04:33 -0600[diff] [blame]409// Return the VSR API level for this device.
410int get_vsr_api_level();
411
David Drysdale555ba002022-05-03 18:48:57 +0100[diff] [blame]412// Indicate whether the test is running on a GSI image.
413bool is_gsi_image();
414
Selene Huang6e46f142021-04-20 19:20:11 -0700[diff] [blame]415vector<uint8_t> build_serial_blob(const uint64_t serial_int);
416void verify_subject(const X509* cert, const string& subject, bool self_signed);
417void verify_serial(X509* cert, const uint64_t expected_serial);
418void verify_subject_and_serial(const Certificate& certificate, //
419 const uint64_t expected_serial, //
420 const string& subject, bool self_signed);
Shawn Willden4315e132022-03-20 12:49:46 -0600[diff] [blame]421void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, //
422 bool device_locked, //
423 VerifiedBoot verified_boot_state, //
424 const vector<uint8_t>& verified_boot_hash);
David Drysdale7dff4fc2021-12-10 10:10:52 +0000[diff] [blame]425bool verify_attestation_record(int aidl_version, //
426 const string& challenge, //
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]427 const string& app_id, //
428 AuthorizationSet expected_sw_enforced, //
429 AuthorizationSet expected_hw_enforced, //
430 SecurityLevel security_level,
David Drysdale565ccc72021-10-11 12:49:50 +0100[diff] [blame]431 const vector<uint8_t>& attestation_cert,
432 vector<uint8_t>* unique_id = nullptr);
Selene Huang6e46f142021-04-20 19:20:11 -0700[diff] [blame]433
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]434string bin2hex(const vector<uint8_t>& data);
435X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
Tri Voec50ee12023-02-14 16:29:53 -0800[diff] [blame]436ASN1_OCTET_STRING* get_attestation_record(X509* certificate);
David Drysdalef0d516d2021-03-22 07:51:43 +0000[diff] [blame]437vector<uint8_t> make_name_from_str(const string& name);
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]438void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
439 vector<uint8_t>* payload_value);
440void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
David Drysdalef42238c2023-06-15 09:41:05 +0100[diff] [blame]441void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result);
David Drysdale3d2ba0a2023-01-11 13:27:26 +0000[diff] [blame]442bool check_feature(const std::string& name);
David Drysdale6c9bdb82024-01-23 09:32:04 +0000[diff] [blame]443std::optional<int32_t> keymint_feature_value(bool strongbox);
David Drysdaleef1123b2024-05-28 15:23:08 +0100[diff] [blame]444std::string get_imei(int slot);
David Drysdale4dc01072021-04-01 12:17:35 +0100[diff] [blame]445
David Drysdale7b05efd2024-10-10 18:11:25 +0100[diff] [blame]446// Retrieve a device ID property value, to match what is expected in attestations.
447std::optional<std::string> get_attestation_id(const char* prop);
448
449// Add the appropriate attestation device ID tag value to the provided `AuthorizationSetBuilder`,
450// if found.
451template <Tag tag>
452void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
453 TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
454 auto prop_value = get_attestation_id(prop);
455 if (prop_value.has_value()) {
456 add_tag(attestation_id_tags, tag_type, prop_value.value());
457 }
458}
459
David Drysdalef0d516d2021-03-22 07:51:43 +0000[diff] [blame]460AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
461AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
Eran Messeri03d7a1a2021-07-06 12:07:57 +0100[diff] [blame]462::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain,
463 bool strict_issuer_check = true);
Shawn Willden7c130392020-12-21 09:58:22 -0700[diff] [blame]464
David Drysdale1b9febc2023-06-07 13:43:24 +0100[diff] [blame]465ErrorCode GetReturnErrorCode(const Status& result);
466
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]467#define INSTANTIATE_KEYMINT_AIDL_TEST(name) \
468 INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
469 testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
Shawn Willden7e71f1e2021-04-01 16:44:22 -0600[diff] [blame]470 ::android::PrintInstanceNameToString); \
471 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
Selene Huang31ab4042020-04-29 04:22:39 -0700[diff] [blame]472
Shawn Willden0e80b5d2020-12-17 09:07:27 -0700[diff] [blame]473} // namespace test
474
475} // namespace aidl::android::hardware::security::keymint