1*4d7e907cSAndroid Build Coastguard Worker /*
2*4d7e907cSAndroid Build Coastguard Worker * Copyright (C) 2017 The Android Open Source Project
3*4d7e907cSAndroid Build Coastguard Worker *
4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*4d7e907cSAndroid Build Coastguard Worker *
8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*4d7e907cSAndroid Build Coastguard Worker *
10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License.
15*4d7e907cSAndroid Build Coastguard Worker */
16*4d7e907cSAndroid Build Coastguard Worker
17*4d7e907cSAndroid Build Coastguard Worker #include "KeymasterHidlTest.h"
18*4d7e907cSAndroid Build Coastguard Worker
19*4d7e907cSAndroid Build Coastguard Worker #include <chrono>
20*4d7e907cSAndroid Build Coastguard Worker #include <vector>
21*4d7e907cSAndroid Build Coastguard Worker
22*4d7e907cSAndroid Build Coastguard Worker #include <android-base/logging.h>
23*4d7e907cSAndroid Build Coastguard Worker #include <android/hidl/manager/1.0/IServiceManager.h>
24*4d7e907cSAndroid Build Coastguard Worker
25*4d7e907cSAndroid Build Coastguard Worker #include <keymasterV4_0/key_param_output.h>
26*4d7e907cSAndroid Build Coastguard Worker #include <keymasterV4_0/keymaster_utils.h>
27*4d7e907cSAndroid Build Coastguard Worker
28*4d7e907cSAndroid Build Coastguard Worker namespace android {
29*4d7e907cSAndroid Build Coastguard Worker namespace hardware {
30*4d7e907cSAndroid Build Coastguard Worker namespace keymaster {
31*4d7e907cSAndroid Build Coastguard Worker namespace V4_0 {
32*4d7e907cSAndroid Build Coastguard Worker
operator <<(::std::ostream & os,const AuthorizationSet & set)33*4d7e907cSAndroid Build Coastguard Worker ::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
34*4d7e907cSAndroid Build Coastguard Worker if (set.size() == 0)
35*4d7e907cSAndroid Build Coastguard Worker os << "(Empty)" << ::std::endl;
36*4d7e907cSAndroid Build Coastguard Worker else {
37*4d7e907cSAndroid Build Coastguard Worker os << "\n";
38*4d7e907cSAndroid Build Coastguard Worker for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl;
39*4d7e907cSAndroid Build Coastguard Worker }
40*4d7e907cSAndroid Build Coastguard Worker return os;
41*4d7e907cSAndroid Build Coastguard Worker }
42*4d7e907cSAndroid Build Coastguard Worker
43*4d7e907cSAndroid Build Coastguard Worker namespace test {
44*4d7e907cSAndroid Build Coastguard Worker
45*4d7e907cSAndroid Build Coastguard Worker using namespace std::literals::chrono_literals;
46*4d7e907cSAndroid Build Coastguard Worker
InitializeKeymaster(sp<IKeymasterDevice> keymaster)47*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::InitializeKeymaster(sp<IKeymasterDevice> keymaster) {
48*4d7e907cSAndroid Build Coastguard Worker ASSERT_NE(keymaster, nullptr);
49*4d7e907cSAndroid Build Coastguard Worker keymaster_ = keymaster;
50*4d7e907cSAndroid Build Coastguard Worker ASSERT_TRUE(keymaster_
51*4d7e907cSAndroid Build Coastguard Worker ->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& name,
52*4d7e907cSAndroid Build Coastguard Worker const hidl_string& author) {
53*4d7e907cSAndroid Build Coastguard Worker securityLevel_ = securityLevel;
54*4d7e907cSAndroid Build Coastguard Worker name_ = name;
55*4d7e907cSAndroid Build Coastguard Worker author_ = author;
56*4d7e907cSAndroid Build Coastguard Worker })
57*4d7e907cSAndroid Build Coastguard Worker .isOk());
58*4d7e907cSAndroid Build Coastguard Worker
59*4d7e907cSAndroid Build Coastguard Worker os_version_ = support::getOsVersion();
60*4d7e907cSAndroid Build Coastguard Worker os_patch_level_ = support::getOsPatchlevel();
61*4d7e907cSAndroid Build Coastguard Worker }
62*4d7e907cSAndroid Build Coastguard Worker
SetUp()63*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::SetUp() {
64*4d7e907cSAndroid Build Coastguard Worker InitializeKeymaster(IKeymasterDevice::getService(GetParam()));
65*4d7e907cSAndroid Build Coastguard Worker }
66*4d7e907cSAndroid Build Coastguard Worker
GenerateKey(const AuthorizationSet & key_desc,HidlBuf * key_blob,KeyCharacteristics * key_characteristics)67*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
68*4d7e907cSAndroid Build Coastguard Worker KeyCharacteristics* key_characteristics) {
69*4d7e907cSAndroid Build Coastguard Worker EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
70*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug.";
71*4d7e907cSAndroid Build Coastguard Worker EXPECT_NE(key_characteristics, nullptr)
72*4d7e907cSAndroid Build Coastguard Worker << "Previous characteristics not deleted before generating key. Test bug.";
73*4d7e907cSAndroid Build Coastguard Worker
74*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
75*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(keymaster_
76*4d7e907cSAndroid Build Coastguard Worker ->generateKey(key_desc.hidl_data(),
77*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
78*4d7e907cSAndroid Build Coastguard Worker const KeyCharacteristics& hidl_key_characteristics) {
79*4d7e907cSAndroid Build Coastguard Worker error = hidl_error;
80*4d7e907cSAndroid Build Coastguard Worker *key_blob = hidl_key_blob;
81*4d7e907cSAndroid Build Coastguard Worker *key_characteristics = hidl_key_characteristics;
82*4d7e907cSAndroid Build Coastguard Worker })
83*4d7e907cSAndroid Build Coastguard Worker .isOk());
84*4d7e907cSAndroid Build Coastguard Worker // On error, blob & characteristics should be empty.
85*4d7e907cSAndroid Build Coastguard Worker if (error != ErrorCode::OK) {
86*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, key_blob->size());
87*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
88*4d7e907cSAndroid Build Coastguard Worker key_characteristics->hardwareEnforced.size()));
89*4d7e907cSAndroid Build Coastguard Worker }
90*4d7e907cSAndroid Build Coastguard Worker return error;
91*4d7e907cSAndroid Build Coastguard Worker }
92*4d7e907cSAndroid Build Coastguard Worker
GenerateKey(const AuthorizationSet & key_desc)93*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc) {
94*4d7e907cSAndroid Build Coastguard Worker return GenerateKey(key_desc, &key_blob_, &key_characteristics_);
95*4d7e907cSAndroid Build Coastguard Worker }
96*4d7e907cSAndroid Build Coastguard Worker
ImportKey(const AuthorizationSet & key_desc,KeyFormat format,const string & key_material,HidlBuf * key_blob,KeyCharacteristics * key_characteristics)97*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
98*4d7e907cSAndroid Build Coastguard Worker const string& key_material, HidlBuf* key_blob,
99*4d7e907cSAndroid Build Coastguard Worker KeyCharacteristics* key_characteristics) {
100*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
101*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(keymaster_
102*4d7e907cSAndroid Build Coastguard Worker ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material),
103*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
104*4d7e907cSAndroid Build Coastguard Worker const KeyCharacteristics& hidl_key_characteristics) {
105*4d7e907cSAndroid Build Coastguard Worker error = hidl_error;
106*4d7e907cSAndroid Build Coastguard Worker *key_blob = hidl_key_blob;
107*4d7e907cSAndroid Build Coastguard Worker *key_characteristics = hidl_key_characteristics;
108*4d7e907cSAndroid Build Coastguard Worker })
109*4d7e907cSAndroid Build Coastguard Worker .isOk());
110*4d7e907cSAndroid Build Coastguard Worker // On error, blob & characteristics should be empty.
111*4d7e907cSAndroid Build Coastguard Worker if (error != ErrorCode::OK) {
112*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, key_blob->size());
113*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() +
114*4d7e907cSAndroid Build Coastguard Worker key_characteristics->hardwareEnforced.size()));
115*4d7e907cSAndroid Build Coastguard Worker }
116*4d7e907cSAndroid Build Coastguard Worker return error;
117*4d7e907cSAndroid Build Coastguard Worker }
118*4d7e907cSAndroid Build Coastguard Worker
ImportKey(const AuthorizationSet & key_desc,KeyFormat format,const string & key_material)119*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
120*4d7e907cSAndroid Build Coastguard Worker const string& key_material) {
121*4d7e907cSAndroid Build Coastguard Worker return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_);
122*4d7e907cSAndroid Build Coastguard Worker }
123*4d7e907cSAndroid Build Coastguard Worker
ImportWrappedKey(string wrapped_key,string wrapping_key,const AuthorizationSet & wrapping_key_desc,string masking_key,const AuthorizationSet & unwrapping_params)124*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
125*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& wrapping_key_desc,
126*4d7e907cSAndroid Build Coastguard Worker string masking_key,
127*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& unwrapping_params) {
128*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
129*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key));
130*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(keymaster_
131*4d7e907cSAndroid Build Coastguard Worker ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
132*4d7e907cSAndroid Build Coastguard Worker unwrapping_params.hidl_data(), 0 /* passwordSid */,
133*4d7e907cSAndroid Build Coastguard Worker 0 /* biometricSid */,
134*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
135*4d7e907cSAndroid Build Coastguard Worker const KeyCharacteristics& hidl_key_characteristics) {
136*4d7e907cSAndroid Build Coastguard Worker error = hidl_error;
137*4d7e907cSAndroid Build Coastguard Worker key_blob_ = hidl_key_blob;
138*4d7e907cSAndroid Build Coastguard Worker key_characteristics_ = hidl_key_characteristics;
139*4d7e907cSAndroid Build Coastguard Worker })
140*4d7e907cSAndroid Build Coastguard Worker .isOk());
141*4d7e907cSAndroid Build Coastguard Worker return error;
142*4d7e907cSAndroid Build Coastguard Worker }
143*4d7e907cSAndroid Build Coastguard Worker
ExportKey(KeyFormat format,const HidlBuf & key_blob,const HidlBuf & client_id,const HidlBuf & app_data,HidlBuf * key_material)144*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, const HidlBuf& key_blob,
145*4d7e907cSAndroid Build Coastguard Worker const HidlBuf& client_id, const HidlBuf& app_data,
146*4d7e907cSAndroid Build Coastguard Worker HidlBuf* key_material) {
147*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
148*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(keymaster_
149*4d7e907cSAndroid Build Coastguard Worker ->exportKey(format, key_blob, client_id, app_data,
150*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) {
151*4d7e907cSAndroid Build Coastguard Worker error = hidl_error_code;
152*4d7e907cSAndroid Build Coastguard Worker *key_material = hidl_key_material;
153*4d7e907cSAndroid Build Coastguard Worker })
154*4d7e907cSAndroid Build Coastguard Worker .isOk());
155*4d7e907cSAndroid Build Coastguard Worker // On error, blob should be empty.
156*4d7e907cSAndroid Build Coastguard Worker if (error != ErrorCode::OK) {
157*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, key_material->size());
158*4d7e907cSAndroid Build Coastguard Worker }
159*4d7e907cSAndroid Build Coastguard Worker return error;
160*4d7e907cSAndroid Build Coastguard Worker }
161*4d7e907cSAndroid Build Coastguard Worker
ExportKey(KeyFormat format,HidlBuf * key_material)162*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::ExportKey(KeyFormat format, HidlBuf* key_material) {
163*4d7e907cSAndroid Build Coastguard Worker HidlBuf client_id, app_data;
164*4d7e907cSAndroid Build Coastguard Worker return ExportKey(format, key_blob_, client_id, app_data, key_material);
165*4d7e907cSAndroid Build Coastguard Worker }
166*4d7e907cSAndroid Build Coastguard Worker
DeleteKey(HidlBuf * key_blob,bool keep_key_blob)167*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::DeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
168*4d7e907cSAndroid Build Coastguard Worker auto rc = keymaster_->deleteKey(*key_blob);
169*4d7e907cSAndroid Build Coastguard Worker if (!keep_key_blob) *key_blob = HidlBuf();
170*4d7e907cSAndroid Build Coastguard Worker if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
171*4d7e907cSAndroid Build Coastguard Worker return rc;
172*4d7e907cSAndroid Build Coastguard Worker }
173*4d7e907cSAndroid Build Coastguard Worker
DeleteKey(bool keep_key_blob)174*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::DeleteKey(bool keep_key_blob) {
175*4d7e907cSAndroid Build Coastguard Worker return DeleteKey(&key_blob_, keep_key_blob);
176*4d7e907cSAndroid Build Coastguard Worker }
177*4d7e907cSAndroid Build Coastguard Worker
DeleteAllKeys()178*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::DeleteAllKeys() {
179*4d7e907cSAndroid Build Coastguard Worker ErrorCode error = keymaster_->deleteAllKeys();
180*4d7e907cSAndroid Build Coastguard Worker return error;
181*4d7e907cSAndroid Build Coastguard Worker }
182*4d7e907cSAndroid Build Coastguard Worker
CheckedDeleteKey(HidlBuf * key_blob,bool keep_key_blob)183*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob) {
184*4d7e907cSAndroid Build Coastguard Worker auto rc = DeleteKey(key_blob, keep_key_blob);
185*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
186*4d7e907cSAndroid Build Coastguard Worker }
187*4d7e907cSAndroid Build Coastguard Worker
CheckedDeleteKey()188*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::CheckedDeleteKey() {
189*4d7e907cSAndroid Build Coastguard Worker CheckedDeleteKey(&key_blob_);
190*4d7e907cSAndroid Build Coastguard Worker }
191*4d7e907cSAndroid Build Coastguard Worker
CheckGetCharacteristics(const HidlBuf & key_blob,const HidlBuf & client_id,const HidlBuf & app_data,KeyCharacteristics * key_characteristics)192*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
193*4d7e907cSAndroid Build Coastguard Worker const HidlBuf& app_data,
194*4d7e907cSAndroid Build Coastguard Worker KeyCharacteristics* key_characteristics) {
195*4d7e907cSAndroid Build Coastguard Worker HidlBuf empty_buf = {};
196*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK,
197*4d7e907cSAndroid Build Coastguard Worker GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
198*4d7e907cSAndroid Build Coastguard Worker if (SecLevel() != SecurityLevel::SOFTWARE) {
199*4d7e907cSAndroid Build Coastguard Worker EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
200*4d7e907cSAndroid Build Coastguard Worker }
201*4d7e907cSAndroid Build Coastguard Worker EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
202*4d7e907cSAndroid Build Coastguard Worker
203*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
204*4d7e907cSAndroid Build Coastguard Worker GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
205*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
206*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
207*4d7e907cSAndroid Build Coastguard Worker
208*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
209*4d7e907cSAndroid Build Coastguard Worker GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
210*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
211*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
212*4d7e907cSAndroid Build Coastguard Worker
213*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
214*4d7e907cSAndroid Build Coastguard Worker GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
215*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
216*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
217*4d7e907cSAndroid Build Coastguard Worker }
218*4d7e907cSAndroid Build Coastguard Worker
GetCharacteristics(const HidlBuf & key_blob,const HidlBuf & client_id,const HidlBuf & app_data,KeyCharacteristics * key_characteristics)219*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
220*4d7e907cSAndroid Build Coastguard Worker const HidlBuf& app_data,
221*4d7e907cSAndroid Build Coastguard Worker KeyCharacteristics* key_characteristics) {
222*4d7e907cSAndroid Build Coastguard Worker ErrorCode error = ErrorCode::UNKNOWN_ERROR;
223*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(
224*4d7e907cSAndroid Build Coastguard Worker keymaster_
225*4d7e907cSAndroid Build Coastguard Worker ->getKeyCharacteristics(
226*4d7e907cSAndroid Build Coastguard Worker key_blob, client_id, app_data,
227*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) {
228*4d7e907cSAndroid Build Coastguard Worker error = hidl_error, *key_characteristics = hidl_key_characteristics;
229*4d7e907cSAndroid Build Coastguard Worker })
230*4d7e907cSAndroid Build Coastguard Worker .isOk());
231*4d7e907cSAndroid Build Coastguard Worker return error;
232*4d7e907cSAndroid Build Coastguard Worker }
233*4d7e907cSAndroid Build Coastguard Worker
GetCharacteristics(const HidlBuf & key_blob,KeyCharacteristics * key_characteristics)234*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob,
235*4d7e907cSAndroid Build Coastguard Worker KeyCharacteristics* key_characteristics) {
236*4d7e907cSAndroid Build Coastguard Worker HidlBuf client_id, app_data;
237*4d7e907cSAndroid Build Coastguard Worker return GetCharacteristics(key_blob, client_id, app_data, key_characteristics);
238*4d7e907cSAndroid Build Coastguard Worker }
239*4d7e907cSAndroid Build Coastguard Worker
GetDebugInfo(DebugInfo * debug_info)240*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::GetDebugInfo(DebugInfo* debug_info) {
241*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(keymaster_->getDebugInfo([&](const DebugInfo& hidl_debug_info) {
242*4d7e907cSAndroid Build Coastguard Worker *debug_info = hidl_debug_info;
243*4d7e907cSAndroid Build Coastguard Worker }).isOk());
244*4d7e907cSAndroid Build Coastguard Worker return ErrorCode::OK;
245*4d7e907cSAndroid Build Coastguard Worker }
246*4d7e907cSAndroid Build Coastguard Worker
Begin(KeyPurpose purpose,const HidlBuf & key_blob,const AuthorizationSet & in_params,AuthorizationSet * out_params,OperationHandle * op_handle)247*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const HidlBuf& key_blob,
248*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& in_params, AuthorizationSet* out_params,
249*4d7e907cSAndroid Build Coastguard Worker OperationHandle* op_handle) {
250*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Begin");
251*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
252*4d7e907cSAndroid Build Coastguard Worker OperationHandle saved_handle = *op_handle;
253*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(keymaster_
254*4d7e907cSAndroid Build Coastguard Worker ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(),
255*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
256*4d7e907cSAndroid Build Coastguard Worker uint64_t hidl_op_handle) {
257*4d7e907cSAndroid Build Coastguard Worker error = hidl_error;
258*4d7e907cSAndroid Build Coastguard Worker *out_params = hidl_out_params;
259*4d7e907cSAndroid Build Coastguard Worker *op_handle = hidl_op_handle;
260*4d7e907cSAndroid Build Coastguard Worker })
261*4d7e907cSAndroid Build Coastguard Worker .isOk());
262*4d7e907cSAndroid Build Coastguard Worker if (error != ErrorCode::OK) {
263*4d7e907cSAndroid Build Coastguard Worker // Some implementations may modify *op_handle on error.
264*4d7e907cSAndroid Build Coastguard Worker *op_handle = saved_handle;
265*4d7e907cSAndroid Build Coastguard Worker }
266*4d7e907cSAndroid Build Coastguard Worker return error;
267*4d7e907cSAndroid Build Coastguard Worker }
268*4d7e907cSAndroid Build Coastguard Worker
Begin(KeyPurpose purpose,const AuthorizationSet & in_params,AuthorizationSet * out_params)269*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
270*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet* out_params) {
271*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Begin");
272*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(kOpHandleSentinel, op_handle_);
273*4d7e907cSAndroid Build Coastguard Worker return Begin(purpose, key_blob_, in_params, out_params, &op_handle_);
274*4d7e907cSAndroid Build Coastguard Worker }
275*4d7e907cSAndroid Build Coastguard Worker
Begin(KeyPurpose purpose,const AuthorizationSet & in_params)276*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Begin(KeyPurpose purpose, const AuthorizationSet& in_params) {
277*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Begin");
278*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
279*4d7e907cSAndroid Build Coastguard Worker ErrorCode error = Begin(purpose, in_params, &out_params);
280*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(out_params.empty());
281*4d7e907cSAndroid Build Coastguard Worker return error;
282*4d7e907cSAndroid Build Coastguard Worker }
283*4d7e907cSAndroid Build Coastguard Worker
Update(OperationHandle op_handle,const AuthorizationSet & in_params,const string & input,AuthorizationSet * out_params,string * output,size_t * input_consumed)284*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Update(OperationHandle op_handle, const AuthorizationSet& in_params,
285*4d7e907cSAndroid Build Coastguard Worker const string& input, AuthorizationSet* out_params,
286*4d7e907cSAndroid Build Coastguard Worker string* output, size_t* input_consumed) {
287*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Update");
288*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
289*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(keymaster_
290*4d7e907cSAndroid Build Coastguard Worker ->update(op_handle, in_params.hidl_data(), HidlBuf(input), HardwareAuthToken(),
291*4d7e907cSAndroid Build Coastguard Worker VerificationToken(),
292*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, uint32_t hidl_input_consumed,
293*4d7e907cSAndroid Build Coastguard Worker const hidl_vec<KeyParameter>& hidl_out_params,
294*4d7e907cSAndroid Build Coastguard Worker const HidlBuf& hidl_output) {
295*4d7e907cSAndroid Build Coastguard Worker error = hidl_error;
296*4d7e907cSAndroid Build Coastguard Worker out_params->push_back(AuthorizationSet(hidl_out_params));
297*4d7e907cSAndroid Build Coastguard Worker output->append(hidl_output.to_string());
298*4d7e907cSAndroid Build Coastguard Worker *input_consumed = hidl_input_consumed;
299*4d7e907cSAndroid Build Coastguard Worker })
300*4d7e907cSAndroid Build Coastguard Worker .isOk());
301*4d7e907cSAndroid Build Coastguard Worker return error;
302*4d7e907cSAndroid Build Coastguard Worker }
303*4d7e907cSAndroid Build Coastguard Worker
Update(const string & input,string * out,size_t * input_consumed)304*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Update(const string& input, string* out, size_t* input_consumed) {
305*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Update");
306*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
307*4d7e907cSAndroid Build Coastguard Worker ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params,
308*4d7e907cSAndroid Build Coastguard Worker out, input_consumed);
309*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(out_params.empty());
310*4d7e907cSAndroid Build Coastguard Worker return error;
311*4d7e907cSAndroid Build Coastguard Worker }
312*4d7e907cSAndroid Build Coastguard Worker
Finish(OperationHandle op_handle,const AuthorizationSet & in_params,const string & input,const string & signature,AuthorizationSet * out_params,string * output)313*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Finish(OperationHandle op_handle, const AuthorizationSet& in_params,
314*4d7e907cSAndroid Build Coastguard Worker const string& input, const string& signature,
315*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet* out_params, string* output) {
316*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Finish");
317*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
318*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(
319*4d7e907cSAndroid Build Coastguard Worker keymaster_
320*4d7e907cSAndroid Build Coastguard Worker ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature),
321*4d7e907cSAndroid Build Coastguard Worker HardwareAuthToken(), VerificationToken(),
322*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params,
323*4d7e907cSAndroid Build Coastguard Worker const HidlBuf& hidl_output) {
324*4d7e907cSAndroid Build Coastguard Worker error = hidl_error;
325*4d7e907cSAndroid Build Coastguard Worker *out_params = hidl_out_params;
326*4d7e907cSAndroid Build Coastguard Worker output->append(hidl_output.to_string());
327*4d7e907cSAndroid Build Coastguard Worker })
328*4d7e907cSAndroid Build Coastguard Worker .isOk());
329*4d7e907cSAndroid Build Coastguard Worker op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
330*4d7e907cSAndroid Build Coastguard Worker return error;
331*4d7e907cSAndroid Build Coastguard Worker }
332*4d7e907cSAndroid Build Coastguard Worker
Finish(const string & message,string * output)333*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Finish(const string& message, string* output) {
334*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Finish");
335*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
336*4d7e907cSAndroid Build Coastguard Worker string finish_output;
337*4d7e907cSAndroid Build Coastguard Worker ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message,
338*4d7e907cSAndroid Build Coastguard Worker "" /* signature */, &out_params, output);
339*4d7e907cSAndroid Build Coastguard Worker if (error != ErrorCode::OK) {
340*4d7e907cSAndroid Build Coastguard Worker return error;
341*4d7e907cSAndroid Build Coastguard Worker }
342*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, out_params.size());
343*4d7e907cSAndroid Build Coastguard Worker return error;
344*4d7e907cSAndroid Build Coastguard Worker }
345*4d7e907cSAndroid Build Coastguard Worker
Finish(const string & message,const string & signature,string * output)346*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Finish(const string& message, const string& signature,
347*4d7e907cSAndroid Build Coastguard Worker string* output) {
348*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Finish");
349*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
350*4d7e907cSAndroid Build Coastguard Worker ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature,
351*4d7e907cSAndroid Build Coastguard Worker &out_params, output);
352*4d7e907cSAndroid Build Coastguard Worker op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort().
353*4d7e907cSAndroid Build Coastguard Worker if (error != ErrorCode::OK) {
354*4d7e907cSAndroid Build Coastguard Worker return error;
355*4d7e907cSAndroid Build Coastguard Worker }
356*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, out_params.size());
357*4d7e907cSAndroid Build Coastguard Worker return error;
358*4d7e907cSAndroid Build Coastguard Worker }
359*4d7e907cSAndroid Build Coastguard Worker
Abort(OperationHandle op_handle)360*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::Abort(OperationHandle op_handle) {
361*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("Abort");
362*4d7e907cSAndroid Build Coastguard Worker auto retval = keymaster_->abort(op_handle);
363*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(retval.isOk());
364*4d7e907cSAndroid Build Coastguard Worker return retval;
365*4d7e907cSAndroid Build Coastguard Worker }
366*4d7e907cSAndroid Build Coastguard Worker
AbortIfNeeded()367*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::AbortIfNeeded() {
368*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("AbortIfNeeded");
369*4d7e907cSAndroid Build Coastguard Worker if (op_handle_ != kOpHandleSentinel) {
370*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Abort(op_handle_));
371*4d7e907cSAndroid Build Coastguard Worker op_handle_ = kOpHandleSentinel;
372*4d7e907cSAndroid Build Coastguard Worker }
373*4d7e907cSAndroid Build Coastguard Worker }
374*4d7e907cSAndroid Build Coastguard Worker
AttestKey(const HidlBuf & key_blob,const AuthorizationSet & attest_params,hidl_vec<hidl_vec<uint8_t>> * cert_chain)375*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::AttestKey(const HidlBuf& key_blob,
376*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& attest_params,
377*4d7e907cSAndroid Build Coastguard Worker hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
378*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("AttestKey");
379*4d7e907cSAndroid Build Coastguard Worker ErrorCode error;
380*4d7e907cSAndroid Build Coastguard Worker auto rc = keymaster_->attestKey(
381*4d7e907cSAndroid Build Coastguard Worker key_blob, attest_params.hidl_data(),
382*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) {
383*4d7e907cSAndroid Build Coastguard Worker error = hidl_error;
384*4d7e907cSAndroid Build Coastguard Worker *cert_chain = hidl_cert_chain;
385*4d7e907cSAndroid Build Coastguard Worker });
386*4d7e907cSAndroid Build Coastguard Worker
387*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(rc.isOk()) << rc.description();
388*4d7e907cSAndroid Build Coastguard Worker if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR;
389*4d7e907cSAndroid Build Coastguard Worker
390*4d7e907cSAndroid Build Coastguard Worker return error;
391*4d7e907cSAndroid Build Coastguard Worker }
392*4d7e907cSAndroid Build Coastguard Worker
AttestKey(const AuthorizationSet & attest_params,hidl_vec<hidl_vec<uint8_t>> * cert_chain)393*4d7e907cSAndroid Build Coastguard Worker ErrorCode KeymasterHidlTest::AttestKey(const AuthorizationSet& attest_params,
394*4d7e907cSAndroid Build Coastguard Worker hidl_vec<hidl_vec<uint8_t>>* cert_chain) {
395*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("AttestKey");
396*4d7e907cSAndroid Build Coastguard Worker return AttestKey(key_blob_, attest_params, cert_chain);
397*4d7e907cSAndroid Build Coastguard Worker }
398*4d7e907cSAndroid Build Coastguard Worker
ProcessMessage(const HidlBuf & key_blob,KeyPurpose operation,const string & message,const AuthorizationSet & in_params,AuthorizationSet * out_params)399*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation,
400*4d7e907cSAndroid Build Coastguard Worker const string& message, const AuthorizationSet& in_params,
401*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet* out_params) {
402*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("ProcessMessage");
403*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet begin_out_params;
404*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
405*4d7e907cSAndroid Build Coastguard Worker
406*4d7e907cSAndroid Build Coastguard Worker string output;
407*4d7e907cSAndroid Build Coastguard Worker size_t consumed = 0;
408*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet update_params;
409*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet update_out_params;
410*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK,
411*4d7e907cSAndroid Build Coastguard Worker Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
412*4d7e907cSAndroid Build Coastguard Worker
413*4d7e907cSAndroid Build Coastguard Worker string unused;
414*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet finish_params;
415*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet finish_out_params;
416*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
417*4d7e907cSAndroid Build Coastguard Worker &finish_out_params, &output));
418*4d7e907cSAndroid Build Coastguard Worker op_handle_ = kOpHandleSentinel;
419*4d7e907cSAndroid Build Coastguard Worker
420*4d7e907cSAndroid Build Coastguard Worker out_params->push_back(begin_out_params);
421*4d7e907cSAndroid Build Coastguard Worker out_params->push_back(finish_out_params);
422*4d7e907cSAndroid Build Coastguard Worker return output;
423*4d7e907cSAndroid Build Coastguard Worker }
424*4d7e907cSAndroid Build Coastguard Worker
SignMessage(const HidlBuf & key_blob,const string & message,const AuthorizationSet & params)425*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::SignMessage(const HidlBuf& key_blob, const string& message,
426*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& params) {
427*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("SignMessage");
428*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
429*4d7e907cSAndroid Build Coastguard Worker string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params);
430*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(out_params.empty());
431*4d7e907cSAndroid Build Coastguard Worker return signature;
432*4d7e907cSAndroid Build Coastguard Worker }
433*4d7e907cSAndroid Build Coastguard Worker
SignMessage(const string & message,const AuthorizationSet & params)434*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::SignMessage(const string& message, const AuthorizationSet& params) {
435*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("SignMessage");
436*4d7e907cSAndroid Build Coastguard Worker return SignMessage(key_blob_, message, params);
437*4d7e907cSAndroid Build Coastguard Worker }
438*4d7e907cSAndroid Build Coastguard Worker
MacMessage(const string & message,Digest digest,size_t mac_length)439*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_t mac_length) {
440*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("MacMessage");
441*4d7e907cSAndroid Build Coastguard Worker return SignMessage(
442*4d7e907cSAndroid Build Coastguard Worker key_blob_, message,
443*4d7e907cSAndroid Build Coastguard Worker AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length));
444*4d7e907cSAndroid Build Coastguard Worker }
445*4d7e907cSAndroid Build Coastguard Worker
CheckAesIncrementalEncryptOperation(BlockMode block_mode,int message_size)446*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::CheckAesIncrementalEncryptOperation(BlockMode block_mode,
447*4d7e907cSAndroid Build Coastguard Worker int message_size) {
448*4d7e907cSAndroid Build Coastguard Worker auto builder = AuthorizationSetBuilder()
449*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NO_AUTH_REQUIRED)
450*4d7e907cSAndroid Build Coastguard Worker .AesEncryptionKey(128)
451*4d7e907cSAndroid Build Coastguard Worker .BlockMode(block_mode)
452*4d7e907cSAndroid Build Coastguard Worker .Padding(PaddingMode::NONE);
453*4d7e907cSAndroid Build Coastguard Worker if (block_mode == BlockMode::GCM) {
454*4d7e907cSAndroid Build Coastguard Worker builder.Authorization(TAG_MIN_MAC_LENGTH, 128);
455*4d7e907cSAndroid Build Coastguard Worker }
456*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));
457*4d7e907cSAndroid Build Coastguard Worker
458*4d7e907cSAndroid Build Coastguard Worker for (int increment = 1; increment <= message_size; ++increment) {
459*4d7e907cSAndroid Build Coastguard Worker string message(message_size, 'a');
460*4d7e907cSAndroid Build Coastguard Worker auto params = AuthorizationSetBuilder()
461*4d7e907cSAndroid Build Coastguard Worker .BlockMode(block_mode)
462*4d7e907cSAndroid Build Coastguard Worker .Padding(PaddingMode::NONE)
463*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_MAC_LENGTH, 128) /* for GCM */;
464*4d7e907cSAndroid Build Coastguard Worker
465*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet output_params;
466*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &output_params));
467*4d7e907cSAndroid Build Coastguard Worker
468*4d7e907cSAndroid Build Coastguard Worker string ciphertext;
469*4d7e907cSAndroid Build Coastguard Worker size_t input_consumed;
470*4d7e907cSAndroid Build Coastguard Worker string to_send;
471*4d7e907cSAndroid Build Coastguard Worker for (size_t i = 0; i < message.size(); i += increment) {
472*4d7e907cSAndroid Build Coastguard Worker to_send.append(message.substr(i, increment));
473*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Update(to_send, &ciphertext, &input_consumed));
474*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(to_send.length(), input_consumed);
475*4d7e907cSAndroid Build Coastguard Worker to_send = to_send.substr(input_consumed);
476*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, to_send.length());
477*4d7e907cSAndroid Build Coastguard Worker
478*4d7e907cSAndroid Build Coastguard Worker switch (block_mode) {
479*4d7e907cSAndroid Build Coastguard Worker case BlockMode::ECB:
480*4d7e907cSAndroid Build Coastguard Worker case BlockMode::CBC:
481*4d7e907cSAndroid Build Coastguard Worker // Implementations must take as many blocks as possible, leaving less than
482*4d7e907cSAndroid Build Coastguard Worker // a block.
483*4d7e907cSAndroid Build Coastguard Worker EXPECT_LE(to_send.length(), 16U);
484*4d7e907cSAndroid Build Coastguard Worker break;
485*4d7e907cSAndroid Build Coastguard Worker case BlockMode::GCM:
486*4d7e907cSAndroid Build Coastguard Worker case BlockMode::CTR:
487*4d7e907cSAndroid Build Coastguard Worker // Implementations must always take all the data.
488*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(0U, to_send.length());
489*4d7e907cSAndroid Build Coastguard Worker break;
490*4d7e907cSAndroid Build Coastguard Worker }
491*4d7e907cSAndroid Build Coastguard Worker }
492*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext)) << "Error sending " << to_send;
493*4d7e907cSAndroid Build Coastguard Worker
494*4d7e907cSAndroid Build Coastguard Worker switch (block_mode) {
495*4d7e907cSAndroid Build Coastguard Worker case BlockMode::GCM:
496*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(message.size() + 16, ciphertext.size());
497*4d7e907cSAndroid Build Coastguard Worker break;
498*4d7e907cSAndroid Build Coastguard Worker case BlockMode::CTR:
499*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(message.size(), ciphertext.size());
500*4d7e907cSAndroid Build Coastguard Worker break;
501*4d7e907cSAndroid Build Coastguard Worker case BlockMode::CBC:
502*4d7e907cSAndroid Build Coastguard Worker case BlockMode::ECB:
503*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(message.size() + message.size() % 16, ciphertext.size());
504*4d7e907cSAndroid Build Coastguard Worker break;
505*4d7e907cSAndroid Build Coastguard Worker }
506*4d7e907cSAndroid Build Coastguard Worker
507*4d7e907cSAndroid Build Coastguard Worker auto iv = output_params.GetTagValue(TAG_NONCE);
508*4d7e907cSAndroid Build Coastguard Worker switch (block_mode) {
509*4d7e907cSAndroid Build Coastguard Worker case BlockMode::CBC:
510*4d7e907cSAndroid Build Coastguard Worker case BlockMode::GCM:
511*4d7e907cSAndroid Build Coastguard Worker case BlockMode::CTR:
512*4d7e907cSAndroid Build Coastguard Worker ASSERT_TRUE(iv.isOk()) << "No IV for block mode " << block_mode;
513*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(block_mode == BlockMode::GCM ? 12U : 16U, iv.value().size());
514*4d7e907cSAndroid Build Coastguard Worker params.push_back(TAG_NONCE, iv.value());
515*4d7e907cSAndroid Build Coastguard Worker break;
516*4d7e907cSAndroid Build Coastguard Worker
517*4d7e907cSAndroid Build Coastguard Worker case BlockMode::ECB:
518*4d7e907cSAndroid Build Coastguard Worker EXPECT_FALSE(iv.isOk()) << "ECB mode should not generate IV";
519*4d7e907cSAndroid Build Coastguard Worker break;
520*4d7e907cSAndroid Build Coastguard Worker }
521*4d7e907cSAndroid Build Coastguard Worker
522*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params))
523*4d7e907cSAndroid Build Coastguard Worker << "Decrypt begin() failed for block mode " << block_mode;
524*4d7e907cSAndroid Build Coastguard Worker
525*4d7e907cSAndroid Build Coastguard Worker string plaintext;
526*4d7e907cSAndroid Build Coastguard Worker for (size_t i = 0; i < ciphertext.size(); i += increment) {
527*4d7e907cSAndroid Build Coastguard Worker to_send.append(ciphertext.substr(i, increment));
528*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Update(to_send, &plaintext, &input_consumed));
529*4d7e907cSAndroid Build Coastguard Worker to_send = to_send.substr(input_consumed);
530*4d7e907cSAndroid Build Coastguard Worker }
531*4d7e907cSAndroid Build Coastguard Worker ErrorCode error = Finish(to_send, &plaintext);
532*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(ErrorCode::OK, error) << "Decryption failed for block mode " << block_mode
533*4d7e907cSAndroid Build Coastguard Worker << " and increment " << increment;
534*4d7e907cSAndroid Build Coastguard Worker if (error == ErrorCode::OK) {
535*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(message, plaintext) << "Decryption didn't match for block mode " << block_mode
536*4d7e907cSAndroid Build Coastguard Worker << " and increment " << increment;
537*4d7e907cSAndroid Build Coastguard Worker }
538*4d7e907cSAndroid Build Coastguard Worker }
539*4d7e907cSAndroid Build Coastguard Worker }
540*4d7e907cSAndroid Build Coastguard Worker
CheckHmacTestVector(const string & key,const string & message,Digest digest,const string & expected_mac)541*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::CheckHmacTestVector(const string& key, const string& message, Digest digest,
542*4d7e907cSAndroid Build Coastguard Worker const string& expected_mac) {
543*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("CheckHmacTestVector");
544*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(ErrorCode::OK,
545*4d7e907cSAndroid Build Coastguard Worker ImportKey(AuthorizationSetBuilder()
546*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NO_AUTH_REQUIRED)
547*4d7e907cSAndroid Build Coastguard Worker .HmacKey(key.size() * 8)
548*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
549*4d7e907cSAndroid Build Coastguard Worker .Digest(digest),
550*4d7e907cSAndroid Build Coastguard Worker KeyFormat::RAW, key));
551*4d7e907cSAndroid Build Coastguard Worker string signature = MacMessage(message, digest, expected_mac.size() * 8);
552*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(expected_mac, signature)
553*4d7e907cSAndroid Build Coastguard Worker << "Test vector didn't match for key of size " << key.size() << " message of size "
554*4d7e907cSAndroid Build Coastguard Worker << message.size() << " and digest " << digest;
555*4d7e907cSAndroid Build Coastguard Worker CheckedDeleteKey();
556*4d7e907cSAndroid Build Coastguard Worker }
557*4d7e907cSAndroid Build Coastguard Worker
CheckAesCtrTestVector(const string & key,const string & nonce,const string & message,const string & expected_ciphertext)558*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::CheckAesCtrTestVector(const string& key, const string& nonce,
559*4d7e907cSAndroid Build Coastguard Worker const string& message,
560*4d7e907cSAndroid Build Coastguard Worker const string& expected_ciphertext) {
561*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("CheckAesCtrTestVector");
562*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
563*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NO_AUTH_REQUIRED)
564*4d7e907cSAndroid Build Coastguard Worker .AesEncryptionKey(key.size() * 8)
565*4d7e907cSAndroid Build Coastguard Worker .BlockMode(BlockMode::CTR)
566*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_CALLER_NONCE)
567*4d7e907cSAndroid Build Coastguard Worker .Padding(PaddingMode::NONE),
568*4d7e907cSAndroid Build Coastguard Worker KeyFormat::RAW, key));
569*4d7e907cSAndroid Build Coastguard Worker
570*4d7e907cSAndroid Build Coastguard Worker auto params = AuthorizationSetBuilder()
571*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NONCE, nonce.data(), nonce.size())
572*4d7e907cSAndroid Build Coastguard Worker .BlockMode(BlockMode::CTR)
573*4d7e907cSAndroid Build Coastguard Worker .Padding(PaddingMode::NONE);
574*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
575*4d7e907cSAndroid Build Coastguard Worker string ciphertext = EncryptMessage(key_blob_, message, params, &out_params);
576*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(expected_ciphertext, ciphertext);
577*4d7e907cSAndroid Build Coastguard Worker }
578*4d7e907cSAndroid Build Coastguard Worker
CheckTripleDesTestVector(KeyPurpose purpose,BlockMode block_mode,PaddingMode padding_mode,const string & key,const string & iv,const string & input,const string & expected_output)579*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
580*4d7e907cSAndroid Build Coastguard Worker PaddingMode padding_mode, const string& key,
581*4d7e907cSAndroid Build Coastguard Worker const string& iv, const string& input,
582*4d7e907cSAndroid Build Coastguard Worker const string& expected_output) {
583*4d7e907cSAndroid Build Coastguard Worker auto authset = AuthorizationSetBuilder()
584*4d7e907cSAndroid Build Coastguard Worker .TripleDesEncryptionKey(key.size() * 7)
585*4d7e907cSAndroid Build Coastguard Worker .BlockMode(block_mode)
586*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NO_AUTH_REQUIRED)
587*4d7e907cSAndroid Build Coastguard Worker .Padding(padding_mode);
588*4d7e907cSAndroid Build Coastguard Worker if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
589*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key));
590*4d7e907cSAndroid Build Coastguard Worker auto begin_params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
591*4d7e907cSAndroid Build Coastguard Worker if (iv.size()) begin_params.Authorization(TAG_NONCE, iv.data(), iv.size());
592*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet output_params;
593*4d7e907cSAndroid Build Coastguard Worker string output = ProcessMessage(key_blob_, purpose, input, begin_params, &output_params);
594*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(expected_output, output);
595*4d7e907cSAndroid Build Coastguard Worker }
596*4d7e907cSAndroid Build Coastguard Worker
VerifyMessage(const HidlBuf & key_blob,const string & message,const string & signature,const AuthorizationSet & params)597*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& message,
598*4d7e907cSAndroid Build Coastguard Worker const string& signature, const AuthorizationSet& params) {
599*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("VerifyMessage");
600*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet begin_out_params;
601*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(ErrorCode::OK,
602*4d7e907cSAndroid Build Coastguard Worker Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
603*4d7e907cSAndroid Build Coastguard Worker
604*4d7e907cSAndroid Build Coastguard Worker string output;
605*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet update_params;
606*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet update_out_params;
607*4d7e907cSAndroid Build Coastguard Worker size_t consumed;
608*4d7e907cSAndroid Build Coastguard Worker ASSERT_EQ(ErrorCode::OK,
609*4d7e907cSAndroid Build Coastguard Worker Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
610*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(output.empty());
611*4d7e907cSAndroid Build Coastguard Worker EXPECT_GT(consumed, 0U);
612*4d7e907cSAndroid Build Coastguard Worker
613*4d7e907cSAndroid Build Coastguard Worker string unused;
614*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet finish_params;
615*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet finish_out_params;
616*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
617*4d7e907cSAndroid Build Coastguard Worker &finish_out_params, &output));
618*4d7e907cSAndroid Build Coastguard Worker op_handle_ = kOpHandleSentinel;
619*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(output.empty());
620*4d7e907cSAndroid Build Coastguard Worker }
621*4d7e907cSAndroid Build Coastguard Worker
VerifyMessage(const string & message,const string & signature,const AuthorizationSet & params)622*4d7e907cSAndroid Build Coastguard Worker void KeymasterHidlTest::VerifyMessage(const string& message, const string& signature,
623*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& params) {
624*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("VerifyMessage");
625*4d7e907cSAndroid Build Coastguard Worker VerifyMessage(key_blob_, message, signature, params);
626*4d7e907cSAndroid Build Coastguard Worker }
627*4d7e907cSAndroid Build Coastguard Worker
EncryptMessage(const HidlBuf & key_blob,const string & message,const AuthorizationSet & in_params,AuthorizationSet * out_params)628*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::EncryptMessage(const HidlBuf& key_blob, const string& message,
629*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& in_params,
630*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet* out_params) {
631*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("EncryptMessage");
632*4d7e907cSAndroid Build Coastguard Worker return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params);
633*4d7e907cSAndroid Build Coastguard Worker }
634*4d7e907cSAndroid Build Coastguard Worker
EncryptMessage(const string & message,const AuthorizationSet & params,AuthorizationSet * out_params)635*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params,
636*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet* out_params) {
637*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("EncryptMessage");
638*4d7e907cSAndroid Build Coastguard Worker return EncryptMessage(key_blob_, message, params, out_params);
639*4d7e907cSAndroid Build Coastguard Worker }
640*4d7e907cSAndroid Build Coastguard Worker
EncryptMessage(const string & message,const AuthorizationSet & params)641*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::EncryptMessage(const string& message, const AuthorizationSet& params) {
642*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("EncryptMessage");
643*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
644*4d7e907cSAndroid Build Coastguard Worker string ciphertext = EncryptMessage(message, params, &out_params);
645*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
646*4d7e907cSAndroid Build Coastguard Worker return ciphertext;
647*4d7e907cSAndroid Build Coastguard Worker }
648*4d7e907cSAndroid Build Coastguard Worker
EncryptMessage(const string & message,BlockMode block_mode,PaddingMode padding)649*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
650*4d7e907cSAndroid Build Coastguard Worker PaddingMode padding) {
651*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("EncryptMessage");
652*4d7e907cSAndroid Build Coastguard Worker auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
653*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
654*4d7e907cSAndroid Build Coastguard Worker string ciphertext = EncryptMessage(message, params, &out_params);
655*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(out_params.empty()) << "Output params should be empty. Contained: " << out_params;
656*4d7e907cSAndroid Build Coastguard Worker return ciphertext;
657*4d7e907cSAndroid Build Coastguard Worker }
658*4d7e907cSAndroid Build Coastguard Worker
EncryptMessage(const string & message,BlockMode block_mode,PaddingMode padding,HidlBuf * iv_out)659*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
660*4d7e907cSAndroid Build Coastguard Worker PaddingMode padding, HidlBuf* iv_out) {
661*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("EncryptMessage");
662*4d7e907cSAndroid Build Coastguard Worker auto params = AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding);
663*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
664*4d7e907cSAndroid Build Coastguard Worker string ciphertext = EncryptMessage(message, params, &out_params);
665*4d7e907cSAndroid Build Coastguard Worker EXPECT_EQ(1U, out_params.size());
666*4d7e907cSAndroid Build Coastguard Worker auto ivVal = out_params.GetTagValue(TAG_NONCE);
667*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(ivVal.isOk());
668*4d7e907cSAndroid Build Coastguard Worker if (ivVal.isOk()) *iv_out = ivVal.value();
669*4d7e907cSAndroid Build Coastguard Worker return ciphertext;
670*4d7e907cSAndroid Build Coastguard Worker }
671*4d7e907cSAndroid Build Coastguard Worker
EncryptMessage(const string & message,BlockMode block_mode,PaddingMode padding,const HidlBuf & iv_in)672*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
673*4d7e907cSAndroid Build Coastguard Worker PaddingMode padding, const HidlBuf& iv_in) {
674*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("EncryptMessage");
675*4d7e907cSAndroid Build Coastguard Worker auto params = AuthorizationSetBuilder()
676*4d7e907cSAndroid Build Coastguard Worker .BlockMode(block_mode)
677*4d7e907cSAndroid Build Coastguard Worker .Padding(padding)
678*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NONCE, iv_in);
679*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
680*4d7e907cSAndroid Build Coastguard Worker string ciphertext = EncryptMessage(message, params, &out_params);
681*4d7e907cSAndroid Build Coastguard Worker return ciphertext;
682*4d7e907cSAndroid Build Coastguard Worker }
683*4d7e907cSAndroid Build Coastguard Worker
EncryptMessage(const string & message,BlockMode block_mode,PaddingMode padding,uint8_t mac_length_bits,const HidlBuf & iv_in)684*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_mode,
685*4d7e907cSAndroid Build Coastguard Worker PaddingMode padding, uint8_t mac_length_bits,
686*4d7e907cSAndroid Build Coastguard Worker const HidlBuf& iv_in) {
687*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("EncryptMessage");
688*4d7e907cSAndroid Build Coastguard Worker auto params = AuthorizationSetBuilder()
689*4d7e907cSAndroid Build Coastguard Worker .BlockMode(block_mode)
690*4d7e907cSAndroid Build Coastguard Worker .Padding(padding)
691*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_MAC_LENGTH, mac_length_bits)
692*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NONCE, iv_in);
693*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
694*4d7e907cSAndroid Build Coastguard Worker string ciphertext = EncryptMessage(message, params, &out_params);
695*4d7e907cSAndroid Build Coastguard Worker return ciphertext;
696*4d7e907cSAndroid Build Coastguard Worker }
697*4d7e907cSAndroid Build Coastguard Worker
DecryptMessage(const HidlBuf & key_blob,const string & ciphertext,const AuthorizationSet & params)698*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::DecryptMessage(const HidlBuf& key_blob, const string& ciphertext,
699*4d7e907cSAndroid Build Coastguard Worker const AuthorizationSet& params) {
700*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("DecryptMessage");
701*4d7e907cSAndroid Build Coastguard Worker AuthorizationSet out_params;
702*4d7e907cSAndroid Build Coastguard Worker string plaintext =
703*4d7e907cSAndroid Build Coastguard Worker ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params);
704*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(out_params.empty());
705*4d7e907cSAndroid Build Coastguard Worker return plaintext;
706*4d7e907cSAndroid Build Coastguard Worker }
707*4d7e907cSAndroid Build Coastguard Worker
DecryptMessage(const string & ciphertext,const AuthorizationSet & params)708*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::DecryptMessage(const string& ciphertext, const AuthorizationSet& params) {
709*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("DecryptMessage");
710*4d7e907cSAndroid Build Coastguard Worker return DecryptMessage(key_blob_, ciphertext, params);
711*4d7e907cSAndroid Build Coastguard Worker }
712*4d7e907cSAndroid Build Coastguard Worker
DecryptMessage(const string & ciphertext,BlockMode block_mode,PaddingMode padding_mode,const HidlBuf & iv)713*4d7e907cSAndroid Build Coastguard Worker string KeymasterHidlTest::DecryptMessage(const string& ciphertext, BlockMode block_mode,
714*4d7e907cSAndroid Build Coastguard Worker PaddingMode padding_mode, const HidlBuf& iv) {
715*4d7e907cSAndroid Build Coastguard Worker SCOPED_TRACE("DecryptMessage");
716*4d7e907cSAndroid Build Coastguard Worker auto params = AuthorizationSetBuilder()
717*4d7e907cSAndroid Build Coastguard Worker .BlockMode(block_mode)
718*4d7e907cSAndroid Build Coastguard Worker .Padding(padding_mode)
719*4d7e907cSAndroid Build Coastguard Worker .Authorization(TAG_NONCE, iv);
720*4d7e907cSAndroid Build Coastguard Worker return DecryptMessage(key_blob_, ciphertext, params);
721*4d7e907cSAndroid Build Coastguard Worker }
722*4d7e907cSAndroid Build Coastguard Worker
UpgradeKey(const HidlBuf & key_blob)723*4d7e907cSAndroid Build Coastguard Worker std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_blob) {
724*4d7e907cSAndroid Build Coastguard Worker std::pair<ErrorCode, HidlBuf> retval;
725*4d7e907cSAndroid Build Coastguard Worker keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(),
726*4d7e907cSAndroid Build Coastguard Worker [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) {
727*4d7e907cSAndroid Build Coastguard Worker retval = std::tie(error, upgraded_blob);
728*4d7e907cSAndroid Build Coastguard Worker });
729*4d7e907cSAndroid Build Coastguard Worker return retval;
730*4d7e907cSAndroid Build Coastguard Worker }
ValidKeySizes(Algorithm algorithm)731*4d7e907cSAndroid Build Coastguard Worker std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
732*4d7e907cSAndroid Build Coastguard Worker switch (algorithm) {
733*4d7e907cSAndroid Build Coastguard Worker case Algorithm::RSA:
734*4d7e907cSAndroid Build Coastguard Worker switch (SecLevel()) {
735*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::SOFTWARE:
736*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::TRUSTED_ENVIRONMENT:
737*4d7e907cSAndroid Build Coastguard Worker return {2048, 3072, 4096};
738*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::STRONGBOX:
739*4d7e907cSAndroid Build Coastguard Worker return {2048};
740*4d7e907cSAndroid Build Coastguard Worker default:
741*4d7e907cSAndroid Build Coastguard Worker ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
742*4d7e907cSAndroid Build Coastguard Worker break;
743*4d7e907cSAndroid Build Coastguard Worker }
744*4d7e907cSAndroid Build Coastguard Worker break;
745*4d7e907cSAndroid Build Coastguard Worker case Algorithm::EC:
746*4d7e907cSAndroid Build Coastguard Worker switch (SecLevel()) {
747*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::SOFTWARE:
748*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::TRUSTED_ENVIRONMENT:
749*4d7e907cSAndroid Build Coastguard Worker return {224, 256, 384, 521};
750*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::STRONGBOX:
751*4d7e907cSAndroid Build Coastguard Worker return {256};
752*4d7e907cSAndroid Build Coastguard Worker default:
753*4d7e907cSAndroid Build Coastguard Worker ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
754*4d7e907cSAndroid Build Coastguard Worker break;
755*4d7e907cSAndroid Build Coastguard Worker }
756*4d7e907cSAndroid Build Coastguard Worker break;
757*4d7e907cSAndroid Build Coastguard Worker case Algorithm::AES:
758*4d7e907cSAndroid Build Coastguard Worker return {128, 256};
759*4d7e907cSAndroid Build Coastguard Worker case Algorithm::TRIPLE_DES:
760*4d7e907cSAndroid Build Coastguard Worker return {168};
761*4d7e907cSAndroid Build Coastguard Worker case Algorithm::HMAC: {
762*4d7e907cSAndroid Build Coastguard Worker std::vector<uint32_t> retval((512 - 64) / 8 + 1);
763*4d7e907cSAndroid Build Coastguard Worker uint32_t size = 64 - 8;
764*4d7e907cSAndroid Build Coastguard Worker std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
765*4d7e907cSAndroid Build Coastguard Worker return retval;
766*4d7e907cSAndroid Build Coastguard Worker }
767*4d7e907cSAndroid Build Coastguard Worker default:
768*4d7e907cSAndroid Build Coastguard Worker ADD_FAILURE() << "Invalid Algorithm: " << algorithm;
769*4d7e907cSAndroid Build Coastguard Worker return {};
770*4d7e907cSAndroid Build Coastguard Worker }
771*4d7e907cSAndroid Build Coastguard Worker ADD_FAILURE() << "Should be impossible to get here";
772*4d7e907cSAndroid Build Coastguard Worker return {};
773*4d7e907cSAndroid Build Coastguard Worker }
774*4d7e907cSAndroid Build Coastguard Worker
InvalidKeySizes(Algorithm algorithm)775*4d7e907cSAndroid Build Coastguard Worker std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
776*4d7e907cSAndroid Build Coastguard Worker if (SecLevel() == SecurityLevel::STRONGBOX) {
777*4d7e907cSAndroid Build Coastguard Worker switch (algorithm) {
778*4d7e907cSAndroid Build Coastguard Worker case Algorithm::RSA:
779*4d7e907cSAndroid Build Coastguard Worker return {3072, 4096};
780*4d7e907cSAndroid Build Coastguard Worker case Algorithm::EC:
781*4d7e907cSAndroid Build Coastguard Worker return {224, 384, 521};
782*4d7e907cSAndroid Build Coastguard Worker case Algorithm::AES:
783*4d7e907cSAndroid Build Coastguard Worker return {192};
784*4d7e907cSAndroid Build Coastguard Worker default:
785*4d7e907cSAndroid Build Coastguard Worker return {};
786*4d7e907cSAndroid Build Coastguard Worker }
787*4d7e907cSAndroid Build Coastguard Worker }
788*4d7e907cSAndroid Build Coastguard Worker return {};
789*4d7e907cSAndroid Build Coastguard Worker }
790*4d7e907cSAndroid Build Coastguard Worker
ValidCurves()791*4d7e907cSAndroid Build Coastguard Worker std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
792*4d7e907cSAndroid Build Coastguard Worker if (securityLevel_ == SecurityLevel::STRONGBOX) {
793*4d7e907cSAndroid Build Coastguard Worker return {EcCurve::P_256};
794*4d7e907cSAndroid Build Coastguard Worker } else {
795*4d7e907cSAndroid Build Coastguard Worker return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
796*4d7e907cSAndroid Build Coastguard Worker }
797*4d7e907cSAndroid Build Coastguard Worker }
798*4d7e907cSAndroid Build Coastguard Worker
InvalidCurves()799*4d7e907cSAndroid Build Coastguard Worker std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
800*4d7e907cSAndroid Build Coastguard Worker if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
801*4d7e907cSAndroid Build Coastguard Worker CHECK(SecLevel() == SecurityLevel::STRONGBOX);
802*4d7e907cSAndroid Build Coastguard Worker return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
803*4d7e907cSAndroid Build Coastguard Worker }
804*4d7e907cSAndroid Build Coastguard Worker
ValidDigests(bool withNone,bool withMD5)805*4d7e907cSAndroid Build Coastguard Worker std::vector<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
806*4d7e907cSAndroid Build Coastguard Worker switch (SecLevel()) {
807*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::SOFTWARE:
808*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::TRUSTED_ENVIRONMENT:
809*4d7e907cSAndroid Build Coastguard Worker if (withNone) {
810*4d7e907cSAndroid Build Coastguard Worker if (withMD5)
811*4d7e907cSAndroid Build Coastguard Worker return {Digest::NONE, Digest::MD5, Digest::SHA1,
812*4d7e907cSAndroid Build Coastguard Worker Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
813*4d7e907cSAndroid Build Coastguard Worker Digest::SHA_2_512};
814*4d7e907cSAndroid Build Coastguard Worker else
815*4d7e907cSAndroid Build Coastguard Worker return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
816*4d7e907cSAndroid Build Coastguard Worker Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
817*4d7e907cSAndroid Build Coastguard Worker } else {
818*4d7e907cSAndroid Build Coastguard Worker if (withMD5)
819*4d7e907cSAndroid Build Coastguard Worker return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
820*4d7e907cSAndroid Build Coastguard Worker Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
821*4d7e907cSAndroid Build Coastguard Worker else
822*4d7e907cSAndroid Build Coastguard Worker return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
823*4d7e907cSAndroid Build Coastguard Worker Digest::SHA_2_512};
824*4d7e907cSAndroid Build Coastguard Worker }
825*4d7e907cSAndroid Build Coastguard Worker break;
826*4d7e907cSAndroid Build Coastguard Worker case SecurityLevel::STRONGBOX:
827*4d7e907cSAndroid Build Coastguard Worker if (withNone)
828*4d7e907cSAndroid Build Coastguard Worker return {Digest::NONE, Digest::SHA_2_256};
829*4d7e907cSAndroid Build Coastguard Worker else
830*4d7e907cSAndroid Build Coastguard Worker return {Digest::SHA_2_256};
831*4d7e907cSAndroid Build Coastguard Worker break;
832*4d7e907cSAndroid Build Coastguard Worker default:
833*4d7e907cSAndroid Build Coastguard Worker ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
834*4d7e907cSAndroid Build Coastguard Worker break;
835*4d7e907cSAndroid Build Coastguard Worker }
836*4d7e907cSAndroid Build Coastguard Worker ADD_FAILURE() << "Should be impossible to get here";
837*4d7e907cSAndroid Build Coastguard Worker return {};
838*4d7e907cSAndroid Build Coastguard Worker }
839*4d7e907cSAndroid Build Coastguard Worker
InvalidDigests()840*4d7e907cSAndroid Build Coastguard Worker std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
841*4d7e907cSAndroid Build Coastguard Worker return {};
842*4d7e907cSAndroid Build Coastguard Worker }
843*4d7e907cSAndroid Build Coastguard Worker
parse_cert_blob(const hidl_vec<uint8_t> & blob)844*4d7e907cSAndroid Build Coastguard Worker X509* parse_cert_blob(const hidl_vec<uint8_t>& blob) {
845*4d7e907cSAndroid Build Coastguard Worker const uint8_t* p = blob.data();
846*4d7e907cSAndroid Build Coastguard Worker return d2i_X509(nullptr, &p, blob.size());
847*4d7e907cSAndroid Build Coastguard Worker }
848*4d7e907cSAndroid Build Coastguard Worker
get_attestation_record(X509 * certificate)849*4d7e907cSAndroid Build Coastguard Worker ASN1_OCTET_STRING* get_attestation_record(X509* certificate) {
850*4d7e907cSAndroid Build Coastguard Worker ASN1_OBJECT_Ptr oid(OBJ_txt2obj(kAttestionRecordOid, 1 /* dotted string format */));
851*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(!!oid.get());
852*4d7e907cSAndroid Build Coastguard Worker if (!oid.get()) return nullptr;
853*4d7e907cSAndroid Build Coastguard Worker
854*4d7e907cSAndroid Build Coastguard Worker int location = X509_get_ext_by_OBJ(certificate, oid.get(), -1 /* search from beginning */);
855*4d7e907cSAndroid Build Coastguard Worker EXPECT_NE(-1, location) << "Attestation extension not found in certificate";
856*4d7e907cSAndroid Build Coastguard Worker if (location == -1) return nullptr;
857*4d7e907cSAndroid Build Coastguard Worker
858*4d7e907cSAndroid Build Coastguard Worker X509_EXTENSION* attest_rec_ext = X509_get_ext(certificate, location);
859*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(!!attest_rec_ext)
860*4d7e907cSAndroid Build Coastguard Worker << "Found attestation extension but couldn't retrieve it? Probably a BoringSSL bug.";
861*4d7e907cSAndroid Build Coastguard Worker if (!attest_rec_ext) return nullptr;
862*4d7e907cSAndroid Build Coastguard Worker
863*4d7e907cSAndroid Build Coastguard Worker ASN1_OCTET_STRING* attest_rec = X509_EXTENSION_get_data(attest_rec_ext);
864*4d7e907cSAndroid Build Coastguard Worker EXPECT_TRUE(!!attest_rec) << "Attestation extension contained no data";
865*4d7e907cSAndroid Build Coastguard Worker return attest_rec;
866*4d7e907cSAndroid Build Coastguard Worker }
867*4d7e907cSAndroid Build Coastguard Worker
868*4d7e907cSAndroid Build Coastguard Worker } // namespace test
869*4d7e907cSAndroid Build Coastguard Worker } // namespace V4_0
870*4d7e907cSAndroid Build Coastguard Worker } // namespace keymaster
871*4d7e907cSAndroid Build Coastguard Worker } // namespace hardware
872*4d7e907cSAndroid Build Coastguard Worker } // namespace android
873