Blame - keystore2/src/rkpd_client.rs - android_system_security

2022-12-21 08:53:56 -0800

[diff] [blame]

1

2

//

3

// Licensed under the Apache License, Version 2.0 (the "License");

4

// you may not use this file except in compliance with the License.

5

// You may obtain a copy of the License at

6

//

7

// http://www.apache.org/licenses/LICENSE-2.0

8

//

9

// Unless required by applicable law or agreed to in writing, software

10

// distributed under the License is distributed on an "AS IS" BASIS,

11

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

12

// See the License for the specific language governing permissions and

13

// limitations under the License.

14

15

//! Helper wrapper around RKPD interface.

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

16

// TODO(b/264891956): Return RKP specific errors.

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

17

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

18

use crate::error::{map_binder_status_code, Error};

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

19

use crate::globals::get_remotely_provisioned_component_name;

20

use crate::ks_err;

21

use crate::utils::watchdog as wd;

22

use android_hardware_security_keymint::aidl::android::hardware::security::keymint::SecurityLevel::SecurityLevel;

23

use android_security_rkp_aidl::aidl::android::security::rkp::{

24

IGetKeyCallback::BnGetKeyCallback, IGetKeyCallback::IGetKeyCallback,

25

IGetRegistrationCallback::BnGetRegistrationCallback,

26

IGetRegistrationCallback::IGetRegistrationCallback, IRegistration::IRegistration,

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

27

IRemoteProvisioning::IRemoteProvisioning,

28

IStoreUpgradedKeyCallback::BnStoreUpgradedKeyCallback,

29

IStoreUpgradedKeyCallback::IStoreUpgradedKeyCallback,

30

RemotelyProvisionedKey::RemotelyProvisionedKey,

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

31

};

32

use android_security_rkp_aidl::binder::{BinderFeatures, Interface, Strong};

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

33

use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

34

use anyhow::{Context, Result};

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

35

use std::sync::Mutex;

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

36

use std::time::Duration;

37

use tokio::sync::oneshot;

38

use tokio::time::timeout;

39

40

// Normally, we block indefinitely when making calls outside of keystore and rely on watchdog to

41

// report deadlocks. However, RKPD is mainline updatable. Also, calls to RKPD may wait on network

42

// for certificates. So, we err on the side of caution and timeout instead.

43

static RKPD_TIMEOUT: Duration = Duration::from_secs(10);

44

45

fn tokio_rt() -> tokio::runtime::Runtime {

46

tokio::runtime::Builder::new_current_thread().enable_all().build().unwrap()

47

}

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

48

Seth Moore

2023-01-09 16:55:10 -0800

[diff] [blame]

49

/// Thread-safe channel for sending a value once and only once. If a value has

50

/// already been send, subsequent calls to send will noop.

51

struct SafeSender<T> {

52

inner: Mutex<Option<oneshot::Sender<T>>>,

53

}

54

55

impl<T> SafeSender<T> {

56

fn new(sender: oneshot::Sender<T>) -> Self {

57

Self { inner: Mutex::new(Some(sender)) }

58

}

59

60

fn send(&self, value: T) {

61

if let Some(inner) = self.inner.lock().unwrap().take() {

62

// assert instead of unwrap, because on failure send returns Err(value)

63

assert!(inner.send(value).is_ok(), "thread state is terminally broken");

64

}

65

}

66

}

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

67

68

struct GetRegistrationCallback {

Seth Moore

2023-01-09 16:55:10 -0800

[diff] [blame]

69

registration_tx: SafeSender<Result<binder::Strong<dyn IRegistration>>>,

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

70

}

71

72

impl GetRegistrationCallback {

73

pub fn new_native_binder(

Seth Moore

2023-01-09 16:55:10 -0800

[diff] [blame]

74

registration_tx: oneshot::Sender<Result<binder::Strong<dyn IRegistration>>>,

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

75

) -> Strong<dyn IGetRegistrationCallback> {

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

76

let result: Self =

Seth Moore

2023-01-09 16:55:10 -0800

[diff] [blame]

77

GetRegistrationCallback { registration_tx: SafeSender::new(registration_tx) };

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

78

BnGetRegistrationCallback::new_binder(result, BinderFeatures::default())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

}

}

impl Interface for GetRegistrationCallback {}

83

84

impl IGetRegistrationCallback for GetRegistrationCallback {

85

fn onSuccess(&self, registration: &Strong<dyn IRegistration>) -> binder::Result<()> {

86

let _wp = wd::watch_millis("IGetRegistrationCallback::onSuccess", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

87

self.registration_tx.send(Ok(registration.clone()));

88

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

89

}

90

fn onCancel(&self) -> binder::Result<()> {

91

let _wp = wd::watch_millis("IGetRegistrationCallback::onCancel", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

92

log::warn!("IGetRegistrationCallback cancelled");

93

self.registration_tx.send(

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

94

Err(Error::Rc(ResponseCode::OUT_OF_KEYS))

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

95

.context(ks_err!("GetRegistrationCallback cancelled.")),

96

);

97

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

98

}

99

fn onError(&self, error: &str) -> binder::Result<()> {

100

let _wp = wd::watch_millis("IGetRegistrationCallback::onError", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

101

log::error!("IGetRegistrationCallback failed: '{error}'");

102

self.registration_tx.send(

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

103

Err(Error::Rc(ResponseCode::OUT_OF_KEYS))

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

104

.context(ks_err!("GetRegistrationCallback failed: {:?}", error)),

105

);

106

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

}

}

/// Make a new connection to a IRegistration service.

111

async fn get_rkpd_registration(

112

security_level: &SecurityLevel,

113

) -> Result<binder::Strong<dyn IRegistration>> {

114

let remote_provisioning: Strong<dyn IRemoteProvisioning> =

115

map_binder_status_code(binder::get_interface("remote_provisioning"))

116

.context(ks_err!("Trying to connect to IRemoteProvisioning service."))?;

117

118

let rpc_name = get_remotely_provisioned_component_name(security_level)

119

.context(ks_err!("Trying to get IRPC name."))?;

120

121

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

122

let cb = GetRegistrationCallback::new_native_binder(tx);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

123

124

remote_provisioning

125

.getRegistration(&rpc_name, &cb)

126

.context(ks_err!("Trying to get registration."))?;

127

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

128

match timeout(RKPD_TIMEOUT, rx).await {

129

Err(e) => {

130

Err(Error::Rc(ResponseCode::SYSTEM_ERROR)).context(ks_err!("Waiting for RKPD: {:?}", e))

131

}

132

Ok(v) => v.unwrap(),

133

}

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

134

}

135

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

136

struct GetKeyCallback {

Seth Moore

2023-01-09 16:55:10 -0800

[diff] [blame]

137

key_tx: SafeSender<Result<RemotelyProvisionedKey>>,

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

138

}

139

140

impl GetKeyCallback {

Seth Moore

2023-01-09 16:55:10 -0800

[diff] [blame]

141

pub fn new_native_binder(

142

key_tx: oneshot::Sender<Result<RemotelyProvisionedKey>>,

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

143

) -> Strong<dyn IGetKeyCallback> {

Seth Moore

2023-01-09 16:55:10 -0800

[diff] [blame]

144

let result: Self = GetKeyCallback { key_tx: SafeSender::new(key_tx) };

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

145

BnGetKeyCallback::new_binder(result, BinderFeatures::default())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

}

}

impl Interface for GetKeyCallback {}

150

151

impl IGetKeyCallback for GetKeyCallback {

152

fn onSuccess(&self, key: &RemotelyProvisionedKey) -> binder::Result<()> {

153

let _wp = wd::watch_millis("IGetKeyCallback::onSuccess", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

154

self.key_tx.send(Ok(RemotelyProvisionedKey {

155

keyBlob: key.keyBlob.clone(),

156

encodedCertChain: key.encodedCertChain.clone(),

157

}));

158

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

159

}

160

fn onCancel(&self) -> binder::Result<()> {

161

let _wp = wd::watch_millis("IGetKeyCallback::onCancel", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

162

log::warn!("IGetKeyCallback cancelled");

163

self.key_tx.send(

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

164

Err(Error::Rc(ResponseCode::OUT_OF_KEYS)).context(ks_err!("GetKeyCallback cancelled.")),

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

165

);

166

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

167

}

168

fn onError(&self, error: &str) -> binder::Result<()> {

169

let _wp = wd::watch_millis("IGetKeyCallback::onError", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

170

log::error!("IGetKeyCallback failed: {error}");

171

self.key_tx.send(

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

172

Err(Error::Rc(ResponseCode::OUT_OF_KEYS))

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

173

.context(ks_err!("GetKeyCallback failed: {:?}", error)),

174

);

175

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

}

}

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

179

async fn get_rkpd_attestation_key_from_registration_async(

180

registration: &Strong<dyn IRegistration>,

181

caller_uid: u32,

182

) -> Result<RemotelyProvisionedKey> {

183

let (tx, rx) = oneshot::channel();

184

let cb = GetKeyCallback::new_native_binder(tx);

185

186

registration

187

.getKey(caller_uid.try_into().unwrap(), &cb)

188

.context(ks_err!("Trying to get key."))?;

189

190

match timeout(RKPD_TIMEOUT, rx).await {

191

Err(e) => Err(Error::Rc(ResponseCode::OUT_OF_KEYS))

192

.context(ks_err!("Waiting for RKPD key timed out: {:?}", e)),

Ok(v) => v.unwrap(),

}

}

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

197

async fn get_rkpd_attestation_key_async(

198

security_level: &SecurityLevel,

199

caller_uid: u32,

200

) -> Result<RemotelyProvisionedKey> {

201

let registration = get_rkpd_registration(security_level)

202

.await

203

.context(ks_err!("Trying to get to IRegistration service."))?;

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

204

get_rkpd_attestation_key_from_registration_async(&registration, caller_uid).await

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

205

}

206

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

207

struct StoreUpgradedKeyCallback {

208

completer: SafeSender<Result<()>>,

209

}

210

211

impl StoreUpgradedKeyCallback {

212

pub fn new_native_binder(

213

completer: oneshot::Sender<Result<()>>,

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

214

) -> Strong<dyn IStoreUpgradedKeyCallback> {

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

215

let result: Self = StoreUpgradedKeyCallback { completer: SafeSender::new(completer) };

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

216

BnStoreUpgradedKeyCallback::new_binder(result, BinderFeatures::default())

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

}

}

impl Interface for StoreUpgradedKeyCallback {}

221

222

impl IStoreUpgradedKeyCallback for StoreUpgradedKeyCallback {

223

fn onSuccess(&self) -> binder::Result<()> {

224

let _wp = wd::watch_millis("IGetRegistrationCallback::onSuccess", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

225

self.completer.send(Ok(()));

226

Ok(())

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

227

}

228

229

fn onError(&self, error: &str) -> binder::Result<()> {

230

let _wp = wd::watch_millis("IGetRegistrationCallback::onError", 500);

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

231

log::error!("IGetRegistrationCallback failed: {error}");

232

self.completer.send(

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

233

Err(Error::Rc(ResponseCode::SYSTEM_ERROR))

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

234

.context(ks_err!("Failed to store upgraded key: {:?}", error)),

235

);

236

Ok(())

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

}

}

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

240

async fn store_rkpd_attestation_key_with_registration_async(

241

registration: &Strong<dyn IRegistration>,

242

key_blob: &[u8],

243

upgraded_blob: &[u8],

244

) -> Result<()> {

245

let (tx, rx) = oneshot::channel();

246

let cb = StoreUpgradedKeyCallback::new_native_binder(tx);

247

248

registration

249

.storeUpgradedKeyAsync(key_blob, upgraded_blob, &cb)

250

.context(ks_err!("Failed to store upgraded blob with RKPD."))?;

251

252

match timeout(RKPD_TIMEOUT, rx).await {

253

Err(e) => Err(Error::Rc(ResponseCode::SYSTEM_ERROR))

254

.context(ks_err!("Waiting for RKPD to complete storing key: {:?}", e)),

Ok(v) => v.unwrap(),

}

}

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

259

async fn store_rkpd_attestation_key_async(

260

security_level: &SecurityLevel,

261

key_blob: &[u8],

262

upgraded_blob: &[u8],

263

) -> Result<()> {

264

let registration = get_rkpd_registration(security_level)

265

.await

266

.context(ks_err!("Trying to get to IRegistration service."))?;

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

267

store_rkpd_attestation_key_with_registration_async(&registration, key_blob, upgraded_blob).await

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

268

}

269

270

/// Get attestation key from RKPD.

271

pub fn get_rkpd_attestation_key(

272

security_level: &SecurityLevel,

273

caller_uid: u32,

274

) -> Result<RemotelyProvisionedKey> {

275

let _wp = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

276

tokio_rt().block_on(get_rkpd_attestation_key_async(security_level, caller_uid))

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

277

}

278

279

/// Store attestation key in RKPD.

280

pub fn store_rkpd_attestation_key(

281

security_level: &SecurityLevel,

282

key_blob: &[u8],

283

upgraded_blob: &[u8],

284

) -> Result<()> {

285

let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

286

tokio_rt().block_on(store_rkpd_attestation_key_async(security_level, key_blob, upgraded_blob))

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

}

#[cfg(test)]

mod tests {

use super::*;

Tri Vo

30268da

2023-01-24 15:35:45 -0800

[diff] [blame]

292

use crate::error::map_km_error;

293

use crate::globals::get_keymint_device;

294

use crate::utils::upgrade_keyblob_if_required_with;

295

use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{

296

Algorithm::Algorithm, AttestationKey::AttestationKey, KeyParameter::KeyParameter,

297

KeyParameterValue::KeyParameterValue, Tag::Tag,

298

};

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

299

use android_security_rkp_aidl::aidl::android::security::rkp::IRegistration::BnRegistration;

Tri Vo

30268da

2023-01-24 15:35:45 -0800

[diff] [blame]

300

use keystore2_crypto::parse_subject_from_certificate;

Tri Vo

2023-01-23 13:05:35 -0800

[diff] [blame]

301

use std::sync::atomic::{AtomicU32, Ordering};

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

302

303

#[derive(Default)]

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

304

struct MockRegistration {

305

key: RemotelyProvisionedKey,

306

latency: Option<Duration>,

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

307

}

308

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

309

impl MockRegistration {

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

310

pub fn new_native_binder(

311

key: &RemotelyProvisionedKey,

312

latency: Option<Duration>,

313

) -> Strong<dyn IRegistration> {

314

let result = Self {

315

key: RemotelyProvisionedKey {

316

keyBlob: key.keyBlob.clone(),

317

encodedCertChain: key.encodedCertChain.clone(),

318

},

319

latency,

320

};

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

321

BnRegistration::new_binder(result, BinderFeatures::default())

}

}

impl Interface for MockRegistration {}

326

327

impl IRegistration for MockRegistration {

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

328

fn getKey(&self, _: i32, cb: &Strong<dyn IGetKeyCallback>) -> binder::Result<()> {

329

let key = RemotelyProvisionedKey {

330

keyBlob: self.key.keyBlob.clone(),

331

encodedCertChain: self.key.encodedCertChain.clone(),

332

};

333

let latency = self.latency;

334

let get_key_cb = cb.clone();

335

336

// Need a separate thread to trigger timeout in the caller.

337

std::thread::spawn(move || {

338

if let Some(duration) = latency {

339

std::thread::sleep(duration);

340

}

341

get_key_cb.onSuccess(&key).unwrap();

342

});

343

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

344

}

345

346

fn cancelGetKey(&self, _: &Strong<dyn IGetKeyCallback>) -> binder::Result<()> {

todo!()

}

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

350

fn storeUpgradedKeyAsync(

351

&self,

352

_: &[u8],

353

_: &[u8],

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

354

cb: &Strong<dyn IStoreUpgradedKeyCallback>,

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

355

) -> binder::Result<()> {

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

356

// We are primarily concerned with timing out correctly. Storing the key in this mock

357

// registration isn't particularly interesting, so skip that part.

358

let store_cb = cb.clone();

359

let latency = self.latency;

360

361

std::thread::spawn(move || {

362

if let Some(duration) = latency {

363

std::thread::sleep(duration);

364

}

365

store_cb.onSuccess().unwrap();

366

});

367

Ok(())

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

}

}

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

371

fn get_mock_registration(

372

key: &RemotelyProvisionedKey,

373

latency: Option<Duration>,

374

) -> Result<binder::Strong<dyn IRegistration>> {

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

375

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

376

let cb = GetRegistrationCallback::new_native_binder(tx);

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

377

let mock_registration = MockRegistration::new_native_binder(key, latency);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

378

379

assert!(cb.onSuccess(&mock_registration).is_ok());

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

380

tokio_rt().block_on(rx).unwrap()

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

381

}

382

Tri Vo

2023-01-23 13:05:35 -0800

[diff] [blame]

383

// Using the same key ID makes test cases race with each other. So, we use separate key IDs for

384

// different test cases.

385

fn get_next_key_id() -> u32 {

386

static ID: AtomicU32 = AtomicU32::new(0);

387

ID.fetch_add(1, Ordering::Relaxed)

388

}

389

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

390

#[test]

391

fn test_get_registration_cb_success() {

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

392

let key: RemotelyProvisionedKey = Default::default();

393

let registration = get_mock_registration(&key, /*latency=*/ None);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

394

assert!(registration.is_ok());

}

#[test]

fn test_get_registration_cb_cancel() {

399

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

400

let cb = GetRegistrationCallback::new_native_binder(tx);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

401

assert!(cb.onCancel().is_ok());

402

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

403

let result = tokio_rt().block_on(rx).unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

404

assert_eq!(

405

result.unwrap_err().downcast::<Error>().unwrap(),

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

406

Error::Rc(ResponseCode::OUT_OF_KEYS)

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

);

}

#[test]

fn test_get_registration_cb_error() {

412

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

413

let cb = GetRegistrationCallback::new_native_binder(tx);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

414

assert!(cb.onError("error").is_ok());

415

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

416

let result = tokio_rt().block_on(rx).unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

417

assert_eq!(

418

result.unwrap_err().downcast::<Error>().unwrap(),

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

419

Error::Rc(ResponseCode::OUT_OF_KEYS)

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

);

}

#[test]

fn test_get_key_cb_success() {

425

let mock_key =

426

RemotelyProvisionedKey { keyBlob: vec![1, 2, 3], encodedCertChain: vec![4, 5, 6] };

427

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

428

let cb = GetKeyCallback::new_native_binder(tx);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

429

assert!(cb.onSuccess(&mock_key).is_ok());

430

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

431

let key = tokio_rt().block_on(rx).unwrap().unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

432

assert_eq!(key, mock_key);

}

#[test]

fn test_get_key_cb_cancel() {

437

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

438

let cb = GetKeyCallback::new_native_binder(tx);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

439

assert!(cb.onCancel().is_ok());

440

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

441

let result = tokio_rt().block_on(rx).unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

442

assert_eq!(

443

result.unwrap_err().downcast::<Error>().unwrap(),

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

444

Error::Rc(ResponseCode::OUT_OF_KEYS)

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

);

}

#[test]

fn test_get_key_cb_error() {

450

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

451

let cb = GetKeyCallback::new_native_binder(tx);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

452

assert!(cb.onError("error").is_ok());

453

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

454

let result = tokio_rt().block_on(rx).unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

455

assert_eq!(

456

result.unwrap_err().downcast::<Error>().unwrap(),

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

457

Error::Rc(ResponseCode::OUT_OF_KEYS)

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

);

}

#[test]

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

462

fn test_store_upgraded_cb_success() {

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

463

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

464

let cb = StoreUpgradedKeyCallback::new_native_binder(tx);

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

465

assert!(cb.onSuccess().is_ok());

466

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

467

tokio_rt().block_on(rx).unwrap().unwrap();

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

}

#[test]

fn test_store_upgraded_key_cb_error() {

472

let (tx, rx) = oneshot::channel();

Seth Moore

2023-01-11 10:42:26 -0800

[diff] [blame]

473

let cb = StoreUpgradedKeyCallback::new_native_binder(tx);

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

474

assert!(cb.onError("oh no! it failed").is_ok());

475

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

476

let result = tokio_rt().block_on(rx).unwrap();

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

477

assert_eq!(

478

result.unwrap_err().downcast::<Error>().unwrap(),

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

479

Error::Rc(ResponseCode::SYSTEM_ERROR)

);

}

#[test]

fn test_get_mock_key_success() {

485

let mock_key =

486

RemotelyProvisionedKey { keyBlob: vec![1, 2, 3], encodedCertChain: vec![4, 5, 6] };

487

let registration = get_mock_registration(&mock_key, /*latency=*/ None).unwrap();

488

489

let key = tokio_rt()

490

.block_on(get_rkpd_attestation_key_from_registration_async(&registration, 0))

491

.unwrap();

492

assert_eq!(key, mock_key);

}

#[test]

fn test_get_mock_key_timeout() {

497

let mock_key =

498

RemotelyProvisionedKey { keyBlob: vec![1, 2, 3], encodedCertChain: vec![4, 5, 6] };

499

let latency = RKPD_TIMEOUT + Duration::from_secs(10);

500

let registration = get_mock_registration(&mock_key, Some(latency)).unwrap();

501

502

let result =

503

tokio_rt().block_on(get_rkpd_attestation_key_from_registration_async(&registration, 0));

504

assert_eq!(

505

result.unwrap_err().downcast::<Error>().unwrap(),

506

Error::Rc(ResponseCode::OUT_OF_KEYS)

);

}

#[test]

fn test_store_mock_key_success() {

512

let mock_key =

513

RemotelyProvisionedKey { keyBlob: vec![1, 2, 3], encodedCertChain: vec![4, 5, 6] };

514

let registration = get_mock_registration(&mock_key, /*latency=*/ None).unwrap();

515

tokio_rt()

516

.block_on(store_rkpd_attestation_key_with_registration_async(&registration, &[], &[]))

.unwrap();

}

#[test]

fn test_store_mock_key_timeout() {

522

let mock_key =

523

RemotelyProvisionedKey { keyBlob: vec![1, 2, 3], encodedCertChain: vec![4, 5, 6] };

524

let latency = RKPD_TIMEOUT + Duration::from_secs(10);

525

let registration = get_mock_registration(&mock_key, Some(latency)).unwrap();

526

527

let result = tokio_rt().block_on(store_rkpd_attestation_key_with_registration_async(

&registration,

&[],

&[],

));

assert_eq!(

result.unwrap_err().downcast::<Error>().unwrap(),

534

Error::Rc(ResponseCode::SYSTEM_ERROR)

Seth Moore

2023-01-10 13:07:31 -0800

[diff] [blame]

);

}

#[test]

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

539

fn test_get_rkpd_attestation_key() {

Seth Moore

2023-01-11 08:06:17 -0800

[diff] [blame]

540

binder::ProcessState::start_thread_pool();

Tri Vo

2023-01-18 16:43:49 -0800

[diff] [blame]

541

let key_id = get_next_key_id();

542

let key = get_rkpd_attestation_key(&SecurityLevel::TRUSTED_ENVIRONMENT, key_id).unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

543

assert!(!key.keyBlob.is_empty());

544

assert!(!key.encodedCertChain.is_empty());

545

}

546

547

#[test]

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

548

fn test_get_rkpd_attestation_key_same_caller() {

Seth Moore

2023-01-11 08:06:17 -0800

[diff] [blame]

549

binder::ProcessState::start_thread_pool();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

550

let sec_level = SecurityLevel::TRUSTED_ENVIRONMENT;

Tri Vo

2023-01-23 13:05:35 -0800

[diff] [blame]

551

let key_id = get_next_key_id();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

552

553

// Multiple calls should return the same key.

Tri Vo

2023-01-23 13:05:35 -0800

[diff] [blame]

554

let first_key = get_rkpd_attestation_key(&sec_level, key_id).unwrap();

555

let second_key = get_rkpd_attestation_key(&sec_level, key_id).unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

556

557

assert_eq!(first_key.keyBlob, second_key.keyBlob);

558

assert_eq!(first_key.encodedCertChain, second_key.encodedCertChain);

559

}

560

561

#[test]

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

562

fn test_get_rkpd_attestation_key_different_caller() {

Seth Moore

2023-01-11 08:06:17 -0800

[diff] [blame]

563

binder::ProcessState::start_thread_pool();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

564

let sec_level = SecurityLevel::TRUSTED_ENVIRONMENT;

Tri Vo

2023-01-23 13:05:35 -0800

[diff] [blame]

565

let first_key_id = get_next_key_id();

566

let second_key_id = get_next_key_id();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

567

568

// Different callers should be getting different keys.

Tri Vo

2023-01-23 13:05:35 -0800

[diff] [blame]

569

let first_key = get_rkpd_attestation_key(&sec_level, first_key_id).unwrap();

570

let second_key = get_rkpd_attestation_key(&sec_level, second_key_id).unwrap();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

571

572

assert_ne!(first_key.keyBlob, second_key.keyBlob);

573

assert_ne!(first_key.encodedCertChain, second_key.encodedCertChain);

574

}

575

576

#[test]

Tri Vo

bac3b52

2023-01-23 13:10:24 -0800

[diff] [blame]

577

// Couple of things to note:

578

// 1. This test must never run with UID of keystore. Otherwise, it can mess up keys stored by

579

// keystore.

580

// 2. Storing and reading the stored key is prone to race condition. So, we only do this in one

581

// test case.

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

582

fn test_store_rkpd_attestation_key() {

Seth Moore

2023-01-11 08:06:17 -0800

[diff] [blame]

583

binder::ProcessState::start_thread_pool();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

584

let sec_level = SecurityLevel::TRUSTED_ENVIRONMENT;

Tri Vo

2023-01-23 13:05:35 -0800

[diff] [blame]

585

let key_id = get_next_key_id();

586

let key = get_rkpd_attestation_key(&SecurityLevel::TRUSTED_ENVIRONMENT, key_id).unwrap();

Tri Vo

bac3b52

2023-01-23 13:10:24 -0800

[diff] [blame]

587

let new_blob: [u8; 8] = rand::random();

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

588

Tri Vo

bac3b52

2023-01-23 13:10:24 -0800

[diff] [blame]

589

assert!(store_rkpd_attestation_key(&sec_level, &key.keyBlob, &new_blob).is_ok());

590

591

let new_key =

592

get_rkpd_attestation_key(&SecurityLevel::TRUSTED_ENVIRONMENT, key_id).unwrap();

593

assert_eq!(new_key.keyBlob, new_blob);

Tri Vo

2022-12-21 08:53:56 -0800

[diff] [blame]

594

}

Tri Vo

30268da

2023-01-24 15:35:45 -0800

[diff] [blame]

595

596

#[test]

597

// This is a helper for a manual test. We want to check that after a system upgrade RKPD

598

// attestation keys can also be upgraded and stored again with RKPD. The steps are:

599

// 1. Run this test and check in stdout that no key upgrade happened.

600

// 2. Perform a system upgrade.

601

// 3. Run this test and check in stdout that key upgrade did happen.

602

//

603

// Note that this test must be run with that same UID every time. Running as root, i.e. UID 0,

604

// should do the trick. Also, use "--nocapture" flag to get stdout.

605

fn test_rkpd_attestation_key_upgrade() {

606

binder::ProcessState::start_thread_pool();

607

let security_level = SecurityLevel::TRUSTED_ENVIRONMENT;

608

let (keymint, _, _) = get_keymint_device(&security_level).unwrap();

609

let key_id = get_next_key_id();

610

let mut key_upgraded = false;

611

612

let key = get_rkpd_attestation_key(&security_level, key_id).unwrap();

613

assert!(!key.keyBlob.is_empty());

614

assert!(!key.encodedCertChain.is_empty());

615

616

upgrade_keyblob_if_required_with(

617

&*keymint,

618

&key.keyBlob,

619

/*upgrade_params=*/ &[],

/*km_op=*/

|blob| {

let params = vec![

KeyParameter {

tag: Tag::ALGORITHM,

value: KeyParameterValue::Algorithm(Algorithm::AES),

626

},

627

KeyParameter { tag: Tag::KEY_SIZE, value: KeyParameterValue::Integer(128) },

628

];

629

let attestation_key = AttestationKey {

630

keyBlob: blob.to_vec(),

631

attestKeyParams: vec![],

632

issuerSubjectName: parse_subject_from_certificate(&key.encodedCertChain)

.unwrap(),

};

map_km_error(keymint.generateKey(&params, Some(&attestation_key)))

637

},

638

/*new_blob_handler=*/

639

|new_blob| {

640

// This handler is only executed if a key upgrade was performed.

641

key_upgraded = true;

642

store_rkpd_attestation_key(&security_level, &key.keyBlob, new_blob).unwrap();

Ok(())

},

)

.unwrap();

if key_upgraded {

println!("RKPD key was upgraded and stored with RKPD.");

650

} else {

651

println!("RKPD key was NOT upgraded.");

652

}

653

}

Tri Vo

02f0fa4

2023-01-24 12:32:08 -0800

[diff] [blame^]

654

655

#[test]

656

#[ignore] // b/266607003

657

fn test_stress_get_rkpd_attestation_key() {

658

binder::ProcessState::start_thread_pool();

659

let key_id = get_next_key_id();

660

let mut threads = vec![];

661

const NTHREADS: u32 = 10;

662

const NCALLS: u32 = 1000;

663

664

for _ in 0..NTHREADS {

665

threads.push(std::thread::spawn(move || {

666

for _ in 0..NCALLS {

667

let key = get_rkpd_attestation_key(&SecurityLevel::TRUSTED_ENVIRONMENT, key_id)

668

.unwrap();

669

assert!(!key.keyBlob.is_empty());

670

assert!(!key.encodedCertChain.is_empty());

}

}));

}

for t in threads {

assert!(t.join().is_ok());

677

}

678

}

Tri Vo