1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <android/hardware/keymaster/4.1/IKeymasterDevice.h>
20
21 #include <KeymasterHidlTest.h>
22 #include <keymasterV4_1/authorization_set.h>
23
24 namespace android::hardware::keymaster::V4_1::test {
25
26 using V4_0::test::HidlBuf;
27
28 class Keymaster4_1HidlTest : public V4_0::test::KeymasterHidlTest {
29 public:
30 using super = V4_0::test::KeymasterHidlTest;
31
convert(V4_0::ErrorCode error_code)32 ErrorCode convert(V4_0::ErrorCode error_code) { return static_cast<ErrorCode>(error_code); }
33
34 // These methods hide the base class versions.
35 void SetUp();
keymaster()36 IKeymasterDevice& keymaster() { return *keymaster41_; };
37
38 struct KeyData {
39 HidlBuf blob;
40 KeyCharacteristics characteristics;
41 };
42
GenerateKeyData(const AuthorizationSet & keyDescription)43 std::tuple<ErrorCode, KeyData> GenerateKeyData(const AuthorizationSet& keyDescription) {
44 KeyData keyData;
45 ErrorCode errorCode = convert(
46 super::GenerateKey(keyDescription, &keyData.blob, &keyData.characteristics));
47 return {errorCode, keyData};
48 }
49
CheckedDeleteKeyData(KeyData * keyData)50 void CheckedDeleteKeyData(KeyData* keyData) { CheckedDeleteKey(&keyData->blob); }
51
52 template <typename TagType>
53 std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
54 KeyData /* ecdsaKey */>
CreateTestKeys(TagType tagToTest,ErrorCode expectedReturn)55 CreateTestKeys(TagType tagToTest, ErrorCode expectedReturn) {
56 ErrorCode errorCode;
57
58 /* AES */
59 KeyData aesKeyData;
60 std::tie(errorCode, aesKeyData) =
61 GenerateKeyData(AuthorizationSetBuilder()
62 .AesEncryptionKey(128)
63 .Authorization(tagToTest)
64 .BlockMode(BlockMode::ECB)
65 .Padding(PaddingMode::NONE)
66 .Authorization(TAG_NO_AUTH_REQUIRED));
67 EXPECT_EQ(expectedReturn, errorCode);
68
69 /* HMAC */
70 KeyData hmacKeyData;
71 std::tie(errorCode, hmacKeyData) =
72 GenerateKeyData(AuthorizationSetBuilder()
73 .HmacKey(128)
74 .Authorization(tagToTest)
75 .Digest(Digest::SHA_2_256)
76 .Authorization(TAG_MIN_MAC_LENGTH, 128)
77 .Authorization(TAG_NO_AUTH_REQUIRED));
78 EXPECT_EQ(expectedReturn, errorCode);
79
80 /* RSA */
81 KeyData rsaKeyData;
82 std::tie(errorCode, rsaKeyData) =
83 GenerateKeyData(AuthorizationSetBuilder()
84 .RsaSigningKey(2048, 65537)
85 .Authorization(tagToTest)
86 .Digest(Digest::NONE)
87 .Padding(PaddingMode::NONE)
88 .Authorization(TAG_NO_AUTH_REQUIRED));
89 EXPECT_EQ(expectedReturn, errorCode);
90
91 /* ECDSA */
92 KeyData ecdsaKeyData;
93 std::tie(errorCode, ecdsaKeyData) =
94 GenerateKeyData(AuthorizationSetBuilder()
95 .EcdsaSigningKey(256)
96 .Authorization(tagToTest)
97 .Digest(Digest::SHA_2_256)
98 .Authorization(TAG_NO_AUTH_REQUIRED));
99 EXPECT_EQ(expectedReturn, errorCode);
100
101 return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
102 }
103
104 std::tuple<ErrorCode, std::string /* processedMessage */, AuthorizationSet /* out_params */>
105 ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation, const std::string& message,
106 const AuthorizationSet& in_params);
107
UseAesKey(const HidlBuf & aesKeyBlob)108 ErrorCode UseAesKey(const HidlBuf& aesKeyBlob) {
109 auto [result, ciphertext, out_params] = ProcessMessage(
110 aesKeyBlob, KeyPurpose::ENCRYPT, "1234567890123456",
111 AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE));
112 return result;
113 }
114
UseHmacKey(const HidlBuf & hmacKeyBlob)115 ErrorCode UseHmacKey(const HidlBuf& hmacKeyBlob) {
116 auto [result, mac, out_params] =
117 ProcessMessage(hmacKeyBlob, KeyPurpose::SIGN, "1234567890123456",
118 AuthorizationSetBuilder()
119 .Authorization(TAG_MAC_LENGTH, 128)
120 .Digest(Digest::SHA_2_256));
121 return result;
122 }
123
UseRsaKey(const HidlBuf & rsaKeyBlob)124 ErrorCode UseRsaKey(const HidlBuf& rsaKeyBlob) {
125 std::string message(2048 / 8, 'a');
126 auto [result, signature, out_params] = ProcessMessage(
127 rsaKeyBlob, KeyPurpose::SIGN, message,
128 AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
129 return result;
130 }
131
UseEcdsaKey(const HidlBuf & ecdsaKeyBlob)132 ErrorCode UseEcdsaKey(const HidlBuf& ecdsaKeyBlob) {
133 auto [result, signature, out_params] =
134 ProcessMessage(ecdsaKeyBlob, KeyPurpose::SIGN, "a",
135 AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
136 return result;
137 }
138
build_params()139 static std::vector<std::string> build_params() {
140 auto params = android::hardware::getAllHalInstanceNames(IKeymasterDevice::descriptor);
141 return params;
142 }
143
144 private:
145 sp<IKeymasterDevice> keymaster41_;
146 };
147
148 template <typename TypedTag>
contains(hidl_vec<KeyParameter> & set,TypedTag typedTag)149 bool contains(hidl_vec<KeyParameter>& set, TypedTag typedTag) {
150 return std::find_if(set.begin(), set.end(), [&](const KeyParameter& param) {
151 return param.tag == static_cast<V4_0::Tag>(typedTag);
152 }) != set.end();
153 }
154
155 #define INSTANTIATE_KEYMASTER_4_1_HIDL_TEST(name) \
156 INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
157 testing::ValuesIn(Keymaster4_1HidlTest::build_params()), \
158 android::hardware::PrintInstanceNameToString)
159
160 } // namespace android::hardware::keymaster::V4_1::test
161