vts/functional/VerificationTokenTest.cpp

*4d7e907cSAndroid Build Coastguard Worker/*
*4d7e907cSAndroid Build Coastguard Worker * Copyright (C) 2017 The Android Open Source Project
*4d7e907cSAndroid Build Coastguard Worker *
*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at
*4d7e907cSAndroid Build Coastguard Worker *
*4d7e907cSAndroid Build Coastguard Worker *      http://www.apache.org/licenses/LICENSE-2.0
*4d7e907cSAndroid Build Coastguard Worker *
*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
*4d7e907cSAndroid Build Coastguard Worker * limitations under the License.
*4d7e907cSAndroid Build Coastguard Worker */
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker#include "KeymasterHidlTest.h"
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Workernamespace android {
*4d7e907cSAndroid Build Coastguard Workernamespace hardware {
*4d7e907cSAndroid Build Coastguard Workernamespace keymaster {
*4d7e907cSAndroid Build Coastguard Workernamespace V4_0 {
*4d7e907cSAndroid Build Coastguard Workernamespace test {
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Workerclass VerificationTokenTest : public KeymasterHidlTest {
*4d7e907cSAndroid Build Coastguard Worker   protected:
*4d7e907cSAndroid Build Coastguard Worker    struct VerifyAuthorizationResult {
*4d7e907cSAndroid Build Coastguard Worker        bool callSuccessful;
*4d7e907cSAndroid Build Coastguard Worker        ErrorCode error;
*4d7e907cSAndroid Build Coastguard Worker        VerificationToken token;
*4d7e907cSAndroid Build Coastguard Worker    };
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    VerifyAuthorizationResult verifyAuthorization(uint64_t operationHandle,
*4d7e907cSAndroid Build Coastguard Worker                                                  const AuthorizationSet& paramsToVerify,
*4d7e907cSAndroid Build Coastguard Worker                                                  const HardwareAuthToken& authToken) {
*4d7e907cSAndroid Build Coastguard Worker        VerifyAuthorizationResult result;
*4d7e907cSAndroid Build Coastguard Worker        result.callSuccessful =
*4d7e907cSAndroid Build Coastguard Worker            keymaster()
*4d7e907cSAndroid Build Coastguard Worker                .verifyAuthorization(operationHandle, paramsToVerify.hidl_data(), authToken,
*4d7e907cSAndroid Build Coastguard Worker                                     [&](auto error, auto token) {
*4d7e907cSAndroid Build Coastguard Worker                                         result.error = error;
*4d7e907cSAndroid Build Coastguard Worker                                         result.token = token;
*4d7e907cSAndroid Build Coastguard Worker                                     })
*4d7e907cSAndroid Build Coastguard Worker                .isOk();
*4d7e907cSAndroid Build Coastguard Worker        return result;
*4d7e907cSAndroid Build Coastguard Worker    }
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    uint64_t getTime() {
*4d7e907cSAndroid Build Coastguard Worker        struct timespec timespec;
*4d7e907cSAndroid Build Coastguard Worker        EXPECT_EQ(0, clock_gettime(CLOCK_BOOTTIME, &timespec));
*4d7e907cSAndroid Build Coastguard Worker        return timespec.tv_sec * 1000 + timespec.tv_nsec / 1000000;
*4d7e907cSAndroid Build Coastguard Worker    }
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    int sleep_ms(uint32_t milliseconds) {
*4d7e907cSAndroid Build Coastguard Worker        struct timespec sleep_time = {static_cast<time_t>(milliseconds / 1000),
*4d7e907cSAndroid Build Coastguard Worker                                      static_cast<long>(milliseconds % 1000) * 1000000};
*4d7e907cSAndroid Build Coastguard Worker        while (sleep_time.tv_sec || sleep_time.tv_nsec) {
*4d7e907cSAndroid Build Coastguard Worker            if (nanosleep(&sleep_time /* to wait */,
*4d7e907cSAndroid Build Coastguard Worker                          &sleep_time /* remaining (on interrruption) */) == 0) {
*4d7e907cSAndroid Build Coastguard Worker                sleep_time = {};
*4d7e907cSAndroid Build Coastguard Worker            } else {
*4d7e907cSAndroid Build Coastguard Worker                if (errno != EINTR) return errno;
*4d7e907cSAndroid Build Coastguard Worker            }
*4d7e907cSAndroid Build Coastguard Worker        }
*4d7e907cSAndroid Build Coastguard Worker        return 0;
*4d7e907cSAndroid Build Coastguard Worker    }
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker};  // namespace test
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker/*
*4d7e907cSAndroid Build Coastguard Worker * VerificationTokens exist to facilitate cross-Keymaster verification of requirements.  As
*4d7e907cSAndroid Build Coastguard Worker * such, the precise capabilities required will vary depending on the specific vendor
*4d7e907cSAndroid Build Coastguard Worker * implementations. Essentially, VerificationTokens are a "hook" to enable vendor
*4d7e907cSAndroid Build Coastguard Worker * implementations to communicate, so the precise usage is defined by those vendors.  The only
*4d7e907cSAndroid Build Coastguard Worker * thing we really can test is that tokens can be created by TEE keymasters, and that the
*4d7e907cSAndroid Build Coastguard Worker * timestamps increase as expected.
*4d7e907cSAndroid Build Coastguard Worker */
*4d7e907cSAndroid Build Coastguard WorkerTEST_P(VerificationTokenTest, TestCreation) {
*4d7e907cSAndroid Build Coastguard Worker    auto result1 = verifyAuthorization(
*4d7e907cSAndroid Build Coastguard Worker        1 /* operation handle */, AuthorizationSet() /* paramtersToVerify */, HardwareAuthToken());
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_TRUE(result1.callSuccessful);
*4d7e907cSAndroid Build Coastguard Worker    auto result1_time = getTime();
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    if (SecLevel() == SecurityLevel::STRONGBOX) {
*4d7e907cSAndroid Build Coastguard Worker        // StrongBox should not implement verifyAuthorization.
*4d7e907cSAndroid Build Coastguard Worker        EXPECT_EQ(ErrorCode::UNIMPLEMENTED, result1.error);
*4d7e907cSAndroid Build Coastguard Worker        return;
*4d7e907cSAndroid Build Coastguard Worker    }
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(ErrorCode::OK, result1.error);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(1U, result1.token.challenge);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(SecLevel(), result1.token.securityLevel);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(0U, result1.token.parametersVerified.size())
*4d7e907cSAndroid Build Coastguard Worker        << "We didn't supply any parameters to verify";
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_GT(result1.token.timestamp, 0U);
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    constexpr uint32_t time_to_sleep = 200;
*4d7e907cSAndroid Build Coastguard Worker    sleep_ms(time_to_sleep);
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    auto result2 = verifyAuthorization(
*4d7e907cSAndroid Build Coastguard Worker        2 /* operation handle */, AuthorizationSet() /* paramtersToVerify */, HardwareAuthToken());
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_TRUE(result2.callSuccessful);
*4d7e907cSAndroid Build Coastguard Worker    auto result2_time = getTime();
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(ErrorCode::OK, result2.error);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(2U, result2.token.challenge);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(SecLevel(), result2.token.securityLevel);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(0U, result2.token.parametersVerified.size())
*4d7e907cSAndroid Build Coastguard Worker        << "We didn't supply any parameters to verify";
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    auto host_time_delta = result2_time - result1_time;
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_GE(host_time_delta, time_to_sleep)
*4d7e907cSAndroid Build Coastguard Worker        << "We slept for " << time_to_sleep << " ms, the clock must have advanced by that much";
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_LE(host_time_delta, time_to_sleep + 100)
*4d7e907cSAndroid Build Coastguard Worker        << "The verifyAuthorization call took " << (host_time_delta - time_to_sleep)
*4d7e907cSAndroid Build Coastguard Worker        << " ms?  That's awful!";
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    auto km_time_delta = result2.token.timestamp - result1.token.timestamp;
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    // If not too much else is going on on the system, the time delta should be quite close.  Allow
*4d7e907cSAndroid Build Coastguard Worker    // 20 ms of slop just to avoid test flakiness.
*4d7e907cSAndroid Build Coastguard Worker    //
*4d7e907cSAndroid Build Coastguard Worker    // TODO(swillden): see if we can output values so they can be gathered across many runs and
*4d7e907cSAndroid Build Coastguard Worker    // report if times aren't nearly always <1ms apart.
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_LE(host_time_delta, km_time_delta + 20);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_LE(km_time_delta, host_time_delta + 20);
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_EQ(result1.token.mac.size(), result2.token.mac.size());
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_NE(0,
*4d7e907cSAndroid Build Coastguard Worker              memcmp(result1.token.mac.data(), result2.token.mac.data(), result1.token.mac.size()));
*4d7e907cSAndroid Build Coastguard Worker}
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker/*
*4d7e907cSAndroid Build Coastguard Worker * Test that the mac changes when the time stamp changes. This is does not guarantee that the time
*4d7e907cSAndroid Build Coastguard Worker * stamp is included in the mac but on failure we know that it is not. Other than in the test
*4d7e907cSAndroid Build Coastguard Worker * case above we call verifyAuthorization with the exact same set of parameters.
*4d7e907cSAndroid Build Coastguard Worker */
*4d7e907cSAndroid Build Coastguard WorkerTEST_P(VerificationTokenTest, MacChangesOnChangingTimestamp) {
*4d7e907cSAndroid Build Coastguard Worker    auto result1 =
*4d7e907cSAndroid Build Coastguard Worker            verifyAuthorization(0 /* operation handle */,
*4d7e907cSAndroid Build Coastguard Worker                                AuthorizationSet() /* paramtersToVerify */, HardwareAuthToken());
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_TRUE(result1.callSuccessful);
*4d7e907cSAndroid Build Coastguard Worker    auto result1_time = getTime();
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    if (SecLevel() == SecurityLevel::STRONGBOX) {
*4d7e907cSAndroid Build Coastguard Worker        // StrongBox should not implement verifyAuthorization.
*4d7e907cSAndroid Build Coastguard Worker        EXPECT_EQ(ErrorCode::UNIMPLEMENTED, result1.error);
*4d7e907cSAndroid Build Coastguard Worker        return;
*4d7e907cSAndroid Build Coastguard Worker    }
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(ErrorCode::OK, result1.error);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(0U, result1.token.challenge);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(SecLevel(), result1.token.securityLevel);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(0U, result1.token.parametersVerified.size())
*4d7e907cSAndroid Build Coastguard Worker            << "We didn't supply any parameters to verify";
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_GT(result1.token.timestamp, 0U);
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    constexpr uint32_t time_to_sleep = 200;
*4d7e907cSAndroid Build Coastguard Worker    sleep_ms(time_to_sleep);
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    auto result2 =
*4d7e907cSAndroid Build Coastguard Worker            verifyAuthorization(0 /* operation handle */,
*4d7e907cSAndroid Build Coastguard Worker                                AuthorizationSet() /* paramtersToVerify */, HardwareAuthToken());
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_TRUE(result2.callSuccessful);
*4d7e907cSAndroid Build Coastguard Worker    auto result2_time = getTime();
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(ErrorCode::OK, result2.error);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(0U, result2.token.challenge);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(SecLevel(), result2.token.securityLevel);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_EQ(0U, result2.token.parametersVerified.size())
*4d7e907cSAndroid Build Coastguard Worker            << "We didn't supply any parameters to verify";
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    auto host_time_delta = result2_time - result1_time;
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_GE(host_time_delta, time_to_sleep)
*4d7e907cSAndroid Build Coastguard Worker            << "We slept for " << time_to_sleep << " ms, the clock must have advanced by that much";
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_LE(host_time_delta, time_to_sleep + 100)
*4d7e907cSAndroid Build Coastguard Worker            << "The verifyAuthorization call took " << (host_time_delta - time_to_sleep)
*4d7e907cSAndroid Build Coastguard Worker            << " ms?  That's awful!";
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    auto km_time_delta = result2.token.timestamp - result1.token.timestamp;
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_LE(host_time_delta, km_time_delta + 20);
*4d7e907cSAndroid Build Coastguard Worker    EXPECT_LE(km_time_delta, host_time_delta + 20);
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_EQ(result1.token.mac.size(), result2.token.mac.size());
*4d7e907cSAndroid Build Coastguard Worker    ASSERT_NE(0,
*4d7e907cSAndroid Build Coastguard Worker              memcmp(result1.token.mac.data(), result2.token.mac.data(), result1.token.mac.size()));
*4d7e907cSAndroid Build Coastguard Worker}
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard WorkerINSTANTIATE_KEYMASTER_HIDL_TEST(VerificationTokenTest);
*4d7e907cSAndroid Build Coastguard Worker
*4d7e907cSAndroid Build Coastguard Worker}  // namespace test
*4d7e907cSAndroid Build Coastguard Worker}  // namespace V4_0
*4d7e907cSAndroid Build Coastguard Worker}  // namespace keymaster
*4d7e907cSAndroid Build Coastguard Worker}  // namespace hardware
*4d7e907cSAndroid Build Coastguard Worker}  // namespace android