blob: 69ca470f780cc2b6ebee99ea47abca7010db5c11 [file] [log] [blame]
Shawn Willden76364712014-08-11 17:48:04 -06001/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willdenb6837e72015-05-16 09:20:59 -060017#include "android_keymaster_test_utils.h"
Shawn Willden76364712014-08-11 17:48:04 -060018
Shawn Willden95dda362015-02-27 10:58:37 -070019#include <algorithm>
20
21#include <openssl/rand.h>
22
Shawn Willdenb6837e72015-05-16 09:20:59 -060023#include <keymaster/android_keymaster_messages.h>
24#include <keymaster/android_keymaster_utils.h>
Shawn Willden95dda362015-02-27 10:58:37 -070025
26using std::is_permutation;
27using std::ostream;
28using std::string;
29using std::vector;
30
Shawn Willden76364712014-08-11 17:48:04 -060031std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
32 os << "Tag: " << keymaster_tag_mask_type(param.tag);
33 switch (keymaster_tag_get_type(param.tag)) {
34 case KM_INVALID:
35 os << " Invalid";
36 break;
37 case KM_INT_REP:
38 os << " (Rep)";
39 /* Falls through */
40 case KM_INT:
41 os << " Int: " << param.integer;
42 break;
43 case KM_ENUM_REP:
44 os << " (Rep)";
45 /* Falls through */
46 case KM_ENUM:
47 os << " Enum: " << param.enumerated;
48 break;
Shawn Willdeneb63b972015-03-14 08:01:12 -060049 case KM_LONG_REP:
50 os << " (Rep)";
51 /* Falls through */
Shawn Willden76364712014-08-11 17:48:04 -060052 case KM_LONG:
53 os << " Long: " << param.long_integer;
54 break;
55 case KM_DATE:
56 os << " Date: " << param.date_time;
57 break;
58 case KM_BOOL:
59 os << " Bool: " << param.boolean;
60 break;
61 case KM_BIGNUM:
62 os << " Bignum: ";
63 break;
64 case KM_BYTES:
65 os << " Bytes: ";
66 break;
67 }
68 return os;
69}
70
71bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) {
72 if (a.tag != b.tag) {
73 return false;
74 }
75
76 switch (keymaster_tag_get_type(a.tag)) {
Shawn Willden76364712014-08-11 17:48:04 -060077 case KM_INVALID:
78 return true;
79 case KM_INT_REP:
80 case KM_INT:
81 return a.integer == b.integer;
82 case KM_ENUM_REP:
83 case KM_ENUM:
84 return a.enumerated == b.enumerated;
85 case KM_LONG:
Shawn Willden82114e72015-04-16 15:47:50 -060086 case KM_LONG_REP:
Shawn Willden76364712014-08-11 17:48:04 -060087 return a.long_integer == b.long_integer;
88 case KM_DATE:
89 return a.date_time == b.date_time;
90 case KM_BOOL:
91 return a.boolean == b.boolean;
92 case KM_BIGNUM:
93 case KM_BYTES:
94 if ((a.blob.data == NULL || b.blob.data == NULL) && a.blob.data != b.blob.data)
95 return false;
96 return a.blob.data_length == b.blob.data_length &&
97 (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0);
98 }
Shawn Willden82114e72015-04-16 15:47:50 -060099
100 return false;
Shawn Willden76364712014-08-11 17:48:04 -0600101}
102
Thai Duong7689ed62015-03-20 16:50:18 -0700103static char hex_value[256] = {
Thai Duong20d725d2015-03-24 17:49:58 -0700104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
106 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9'
Thai Duong7689ed62015-03-20 16:50:18 -0700107 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F'
Thai Duong20d725d2015-03-24 17:49:58 -0700108 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0,
109 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f'
110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
112 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
114 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
115 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
Thai Duong7689ed62015-03-20 16:50:18 -0700116
117string hex2str(string a) {
118 string b;
Thai Duong20d725d2015-03-24 17:49:58 -0700119 size_t num = a.size() / 2;
Thai Duong7689ed62015-03-20 16:50:18 -0700120 b.resize(num);
121 for (size_t i = 0; i < num; i++) {
122 b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
123 }
124 return b;
125}
126
Shawn Willden76364712014-08-11 17:48:04 -0600127namespace keymaster {
128
129bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
130 if (a.size() != b.size())
131 return false;
132
133 for (size_t i = 0; i < a.size(); ++i)
134 if (!(a[i] == b[i]))
135 return false;
136 return true;
137}
138
Shawn Willden2c242002015-02-27 07:01:02 -0700139bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b) {
140 return !(a == b);
141}
142
Shawn Willden76364712014-08-11 17:48:04 -0600143std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set) {
144 if (set.size() == 0)
145 os << "(Empty)" << std::endl;
146 for (size_t i = 0; i < set.size(); ++i) {
147 os << set[i] << std::endl;
148 }
149 return os;
150}
151
Shawn Willden95dda362015-02-27 10:58:37 -0700152namespace test {
153
Shawn Willden58427c42015-05-20 13:00:42 -0600154Keymaster1Test::Keymaster1Test() : op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
Shawn Willden95dda362015-02-27 10:58:37 -0700155 blob_.key_material = NULL;
156 RAND_seed("foobar", 6);
157 blob_.key_material = 0;
Shawn Willden58427c42015-05-20 13:00:42 -0600158 device_ = GetParam()->CreateDevice();
Shawn Willden95dda362015-02-27 10:58:37 -0700159}
160
161Keymaster1Test::~Keymaster1Test() {
162 FreeCharacteristics();
163 FreeKeyBlob();
164 device_->common.close(reinterpret_cast<hw_device_t*>(device_));
165}
166
167keymaster1_device_t* Keymaster1Test::device() {
168 return device_;
169}
170
171keymaster_error_t Keymaster1Test::GenerateKey(const AuthorizationSetBuilder& builder) {
172 AuthorizationSet params(builder.build());
173 params.push_back(UserAuthParams());
174 params.push_back(ClientParams());
175
176 FreeKeyBlob();
177 FreeCharacteristics();
Shawn Willden0e2ee442015-06-01 14:42:16 -0600178 return device()->generate_key(device(), &params, &blob_, &characteristics_);
Shawn Willden95dda362015-02-27 10:58:37 -0700179}
180
181keymaster_error_t Keymaster1Test::ImportKey(const AuthorizationSetBuilder& builder,
182 keymaster_key_format_t format,
183 const string& key_material) {
184 AuthorizationSet params(builder.build());
185 params.push_back(UserAuthParams());
186 params.push_back(ClientParams());
187
188 FreeKeyBlob();
189 FreeCharacteristics();
Shawn Willden0e2ee442015-06-01 14:42:16 -0600190 keymaster_blob_t key = {reinterpret_cast<const uint8_t*>(key_material.c_str()),
191 key_material.length()};
192 return device()->import_key(device(), &params, format, &key, &blob_, &characteristics_);
Shawn Willden95dda362015-02-27 10:58:37 -0700193}
194
195AuthorizationSet Keymaster1Test::UserAuthParams() {
196 AuthorizationSet set;
197 set.push_back(TAG_USER_ID, 7);
Shawn Willdeneb63b972015-03-14 08:01:12 -0600198 set.push_back(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD);
Shawn Willden95dda362015-02-27 10:58:37 -0700199 set.push_back(TAG_AUTH_TIMEOUT, 300);
200 return set;
201}
202
203AuthorizationSet Keymaster1Test::ClientParams() {
204 AuthorizationSet set;
205 set.push_back(TAG_APPLICATION_ID, "app_id", 6);
206 return set;
207}
208
209keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600210 AuthorizationSet in_params(client_params());
211 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700212 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600213 device()->begin(device(), purpose, &blob_, &in_params, &out_params, &op_handle_);
214 EXPECT_EQ(0U, out_params.length);
215 EXPECT_TRUE(out_params.params == nullptr);
Shawn Willden95dda362015-02-27 10:58:37 -0700216 return error;
217}
218
219keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose,
220 const AuthorizationSet& input_set,
Shawn Willden09f25272015-04-15 13:49:49 -0600221 AuthorizationSet* output_set) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600222 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700223 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600224 device()->begin(device(), purpose, &blob_, &input_set, &out_params, &op_handle_);
Shawn Willden95dda362015-02-27 10:58:37 -0700225 if (error == KM_ERROR_OK) {
226 if (output_set) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600227 output_set->Reinitialize(out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700228 } else {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600229 EXPECT_EQ(0U, out_params.length);
230 EXPECT_TRUE(out_params.params == nullptr);
Shawn Willden95dda362015-02-27 10:58:37 -0700231 }
Shawn Willden0e2ee442015-06-01 14:42:16 -0600232 keymaster_free_param_set(&out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700233 }
234 return error;
235}
236
237keymaster_error_t Keymaster1Test::UpdateOperation(const string& message, string* output,
238 size_t* input_consumed) {
Shawn Willden95dda362015-02-27 10:58:37 -0700239 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
Shawn Willden0e2ee442015-06-01 14:42:16 -0600240 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
241 keymaster_blob_t out_tmp;
242 keymaster_key_param_set_t out_params;
243 keymaster_error_t error = device()->update(device(), op_handle_, nullptr /* params */, &input,
244 input_consumed, &out_params, &out_tmp);
245 if (error == KM_ERROR_OK && out_tmp.data)
246 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
247 free(const_cast<uint8_t*>(out_tmp.data));
Shawn Willden95dda362015-02-27 10:58:37 -0700248 return error;
249}
250
251keymaster_error_t Keymaster1Test::UpdateOperation(const AuthorizationSet& additional_params,
Shawn Willden0f392562015-06-02 09:00:52 -0600252 const string& message,
253 AuthorizationSet* output_params, string* output,
Shawn Willden95dda362015-02-27 10:58:37 -0700254 size_t* input_consumed) {
Shawn Willden95dda362015-02-27 10:58:37 -0700255 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
Shawn Willden0e2ee442015-06-01 14:42:16 -0600256 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
257 keymaster_blob_t out_tmp;
258 keymaster_key_param_set_t out_params;
259 keymaster_error_t error = device()->update(device(), op_handle_, &additional_params, &input,
260 input_consumed, &out_params, &out_tmp);
261 if (error == KM_ERROR_OK && out_tmp.data)
262 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
263 free((void*)out_tmp.data);
Shawn Willden0f392562015-06-02 09:00:52 -0600264 if (output_params)
265 output_params->Reinitialize(out_params);
266 keymaster_free_param_set(&out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700267 return error;
268}
269
270keymaster_error_t Keymaster1Test::FinishOperation(string* output) {
271 return FinishOperation("", output);
272}
273
274keymaster_error_t Keymaster1Test::FinishOperation(const string& signature, string* output) {
275 AuthorizationSet additional_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600276 AuthorizationSet output_params;
277 return FinishOperation(additional_params, signature, &output_params, output);
Shawn Willden95dda362015-02-27 10:58:37 -0700278}
279
280keymaster_error_t Keymaster1Test::FinishOperation(const AuthorizationSet& additional_params,
Shawn Willden0f392562015-06-02 09:00:52 -0600281 const string& signature,
282 AuthorizationSet* output_params, string* output) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600283 keymaster_blob_t sig = {reinterpret_cast<const uint8_t*>(signature.c_str()),
284 signature.length()};
285 keymaster_blob_t out_tmp;
286 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700287 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600288 device()->finish(device(), op_handle_, &additional_params, &sig, &out_params, &out_tmp);
289 if (error != KM_ERROR_OK) {
290 EXPECT_TRUE(out_tmp.data == nullptr);
291 EXPECT_TRUE(out_params.params == nullptr);
292 return error;
293 }
294
295 if (out_tmp.data)
296 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
297 free((void*)out_tmp.data);
Shawn Willden0f392562015-06-02 09:00:52 -0600298 if (output_params)
299 output_params->Reinitialize(out_params);
300 keymaster_free_param_set(&out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700301 return error;
302}
303
304keymaster_error_t Keymaster1Test::AbortOperation() {
305 return device()->abort(device(), op_handle_);
306}
307
Shawn Willden226746b2015-05-08 11:36:56 -0600308string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) {
309 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700310
311 string result;
312 size_t input_consumed;
313 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
314 EXPECT_EQ(message.size(), input_consumed);
315 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
316 return result;
317}
318
319string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
320 const AuthorizationSet& begin_params,
321 const AuthorizationSet& update_params,
Shawn Willden0f392562015-06-02 09:00:52 -0600322 AuthorizationSet* begin_out_params) {
323 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, begin_out_params));
Shawn Willden95dda362015-02-27 10:58:37 -0700324
325 string result;
326 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600327 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, nullptr /* output_params */,
328 &result, &input_consumed));
Shawn Willden95dda362015-02-27 10:58:37 -0700329 EXPECT_EQ(message.size(), input_consumed);
330 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result));
331 return result;
332}
333
334string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
Shawn Willden226746b2015-05-08 11:36:56 -0600335 const string& signature, const AuthorizationSet& begin_params,
336 const AuthorizationSet& update_params,
337 AuthorizationSet* output_params) {
338 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
339
340 string result;
341 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600342 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, nullptr /* output_params */,
343 &result, &input_consumed));
Shawn Willden226746b2015-05-08 11:36:56 -0600344 EXPECT_EQ(message.size(), input_consumed);
345 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, signature, &result));
346 return result;
347}
348
349string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
350 const string& signature) {
351 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700352
353 string result;
354 size_t input_consumed;
355 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
356 EXPECT_EQ(message.size(), input_consumed);
357 EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
358 return result;
359}
360
Shawn Willden226746b2015-05-08 11:36:56 -0600361void Keymaster1Test::SignMessage(const string& message, string* signature,
362 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700363 SCOPED_TRACE("SignMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600364 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
365 input_params.push_back(TAG_DIGEST, digest);
366 AuthorizationSet update_params;
367 AuthorizationSet output_params;
368 *signature =
369 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600370 EXPECT_GT(signature->size(), 0U);
Shawn Willden95dda362015-02-27 10:58:37 -0700371}
372
Shawn Willden3ad5f052015-05-08 14:05:13 -0600373void Keymaster1Test::SignMessage(const string& message, string* signature,
374 keymaster_digest_t digest, keymaster_padding_t padding) {
375 SCOPED_TRACE("SignMessage");
376 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
377 input_params.push_back(TAG_DIGEST, digest);
378 input_params.push_back(TAG_PADDING, padding);
379 AuthorizationSet update_params;
380 AuthorizationSet output_params;
381 *signature =
382 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
383 EXPECT_GT(signature->size(), 0U);
384}
385
Shawn Willden226746b2015-05-08 11:36:56 -0600386void Keymaster1Test::MacMessage(const string& message, string* signature, keymaster_digest_t digest,
387 size_t mac_length) {
Shawn Willden09f25272015-04-15 13:49:49 -0600388 SCOPED_TRACE("SignMessage");
389 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
390 input_params.push_back(TAG_MAC_LENGTH, mac_length);
Shawn Willden226746b2015-05-08 11:36:56 -0600391 input_params.push_back(TAG_DIGEST, digest);
Shawn Willden09f25272015-04-15 13:49:49 -0600392 AuthorizationSet update_params;
393 AuthorizationSet output_params;
394 *signature =
395 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
396 EXPECT_GT(signature->size(), 0U);
397}
398
Shawn Willdend7a5c712015-04-09 16:33:52 -0600399void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
Shawn Willden226746b2015-05-08 11:36:56 -0600400 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700401 SCOPED_TRACE("VerifyMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600402 AuthorizationSet input_params(client_params());
403 input_params.push_back(TAG_DIGEST, digest);
404 AuthorizationSet update_params;
405 AuthorizationSet output_params;
406 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
407 &output_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700408}
409
Shawn Willden3ad5f052015-05-08 14:05:13 -0600410void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
411 keymaster_digest_t digest, keymaster_padding_t padding) {
412 SCOPED_TRACE("VerifyMessage");
413 AuthorizationSet input_params(client_params());
414 input_params.push_back(TAG_DIGEST, digest);
415 input_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700416 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600417 AuthorizationSet output_params;
418 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
419 &output_params);
420}
421
422string Keymaster1Test::EncryptMessage(const string& message, keymaster_padding_t padding,
423 string* generated_nonce) {
424 AuthorizationSet update_params;
425 return EncryptMessage(update_params, message, padding, generated_nonce);
Shawn Willden95dda362015-02-27 10:58:37 -0700426}
427
Shawn Willden31e063f2015-05-08 14:31:22 -0600428string Keymaster1Test::EncryptMessage(const string& message, keymaster_block_mode_t block_mode,
429 keymaster_padding_t padding, string* generated_nonce) {
430 AuthorizationSet update_params;
431 return EncryptMessage(update_params, message, block_mode, padding, generated_nonce);
432}
433
Shawn Willden95dda362015-02-27 10:58:37 -0700434string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
Shawn Willden3ad5f052015-05-08 14:05:13 -0600435 keymaster_padding_t padding, string* generated_nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700436 SCOPED_TRACE("EncryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600437 AuthorizationSet begin_params(client_params()), output_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600438 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700439 string ciphertext =
440 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
441 if (generated_nonce) {
442 keymaster_blob_t nonce_blob;
443 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
444 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
445 } else {
446 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
447 }
448 return ciphertext;
449}
450
Shawn Willden31e063f2015-05-08 14:31:22 -0600451string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
452 keymaster_block_mode_t block_mode,
453 keymaster_padding_t padding, string* generated_nonce) {
454 SCOPED_TRACE("EncryptMessage");
455 AuthorizationSet begin_params(client_params()), output_params;
456 begin_params.push_back(TAG_PADDING, padding);
457 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
458 string ciphertext =
459 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
460 if (generated_nonce) {
461 keymaster_blob_t nonce_blob;
462 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
463 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
464 } else {
465 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
466 }
467 return ciphertext;
468}
469
Shawn Willden95dda362015-02-27 10:58:37 -0700470string Keymaster1Test::EncryptMessageWithParams(const string& message,
471 const AuthorizationSet& begin_params,
472 const AuthorizationSet& update_params,
473 AuthorizationSet* output_params) {
474 SCOPED_TRACE("EncryptMessageWithParams");
475 return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params);
476}
477
Shawn Willden3ad5f052015-05-08 14:05:13 -0600478string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding) {
Shawn Willden95dda362015-02-27 10:58:37 -0700479 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600480 AuthorizationSet begin_params(client_params());
481 begin_params.push_back(TAG_PADDING, padding);
482 AuthorizationSet update_params;
483 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700484}
485
Shawn Willden31e063f2015-05-08 14:31:22 -0600486string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
487 keymaster_padding_t padding) {
488 SCOPED_TRACE("DecryptMessage");
489 AuthorizationSet begin_params(client_params());
490 begin_params.push_back(TAG_PADDING, padding);
491 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
492 AuthorizationSet update_params;
493 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
494}
495
Shawn Willden3ad5f052015-05-08 14:05:13 -0600496string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding,
497 const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700498 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600499 AuthorizationSet begin_params(client_params());
500 begin_params.push_back(TAG_PADDING, padding);
501 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden95dda362015-02-27 10:58:37 -0700502 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600503 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700504}
505
Shawn Willden31e063f2015-05-08 14:31:22 -0600506string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
507 keymaster_padding_t padding, const string& nonce) {
508 SCOPED_TRACE("DecryptMessage");
509 AuthorizationSet begin_params(client_params());
510 begin_params.push_back(TAG_PADDING, padding);
511 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
512 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
513 AuthorizationSet update_params;
514 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
515}
516
Shawn Willden95dda362015-02-27 10:58:37 -0700517string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params,
Shawn Willden3ad5f052015-05-08 14:05:13 -0600518 const string& ciphertext, keymaster_padding_t padding,
519 const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700520 SCOPED_TRACE("DecryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600521 AuthorizationSet begin_params(client_params());
Shawn Willden3ad5f052015-05-08 14:05:13 -0600522 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700523 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
524 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
525}
526
527keymaster_error_t Keymaster1Test::GetCharacteristics() {
528 FreeCharacteristics();
529 return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
530 &characteristics_);
531}
532
533keymaster_error_t Keymaster1Test::ExportKey(keymaster_key_format_t format, string* export_data) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600534 keymaster_blob_t export_tmp;
535 keymaster_error_t error = device()->export_key(device(), format, &blob_, &client_id_,
536 NULL /* app_data */, &export_tmp);
Shawn Willden95dda362015-02-27 10:58:37 -0700537
538 if (error != KM_ERROR_OK)
539 return error;
540
Shawn Willden0e2ee442015-06-01 14:42:16 -0600541 *export_data = string(reinterpret_cast<const char*>(export_tmp.data), export_tmp.data_length);
542 free((void*)export_tmp.data);
Shawn Willden95dda362015-02-27 10:58:37 -0700543 return error;
544}
545
Shawn Willden95dda362015-02-27 10:58:37 -0700546void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
547 string expected_mac) {
Shawn Willden09f25272015-04-15 13:49:49 -0600548 ASSERT_EQ(KM_ERROR_OK,
549 ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8).Digest(digest),
550 KM_KEY_FORMAT_RAW, key));
Shawn Willden95dda362015-02-27 10:58:37 -0700551 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600552 MacMessage(message, &signature, digest, expected_mac.size() * 8);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600553 EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest;
Shawn Willden95dda362015-02-27 10:58:37 -0700554}
555
Thai Duong20d725d2015-03-24 17:49:58 -0700556void Keymaster1Test::CheckAesCtrTestVector(const string& key, const string& nonce,
557 const string& message,
558 const string& expected_ciphertext) {
559 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
560 .AesEncryptionKey(key.size() * 8)
561 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600562 .Authorization(TAG_CALLER_NONCE)
563 .Padding(KM_PAD_NONE),
Thai Duong20d725d2015-03-24 17:49:58 -0700564 KM_KEY_FORMAT_RAW, key));
565
Shawn Willden09f25272015-04-15 13:49:49 -0600566 AuthorizationSet begin_params(client_params()), update_params, output_params;
Thai Duong20d725d2015-03-24 17:49:58 -0700567 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600568 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600569 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700570 string ciphertext =
571 EncryptMessageWithParams(message, begin_params, update_params, &output_params);
572 EXPECT_EQ(expected_ciphertext, ciphertext);
573}
574
Shawn Willden95dda362015-02-27 10:58:37 -0700575AuthorizationSet Keymaster1Test::hw_enforced() {
576 EXPECT_TRUE(characteristics_ != NULL);
577 return AuthorizationSet(characteristics_->hw_enforced);
578}
579
580AuthorizationSet Keymaster1Test::sw_enforced() {
581 EXPECT_TRUE(characteristics_ != NULL);
582 return AuthorizationSet(characteristics_->sw_enforced);
583}
584
585void Keymaster1Test::FreeCharacteristics() {
586 keymaster_free_characteristics(characteristics_);
587 free(characteristics_);
588 characteristics_ = NULL;
589}
590
591void Keymaster1Test::FreeKeyBlob() {
592 free(const_cast<uint8_t*>(blob_.key_material));
593 blob_.key_material = NULL;
594}
595
596void Keymaster1Test::corrupt_key_blob() {
597 assert(blob_.key_material);
598 uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
599 ++tmp[blob_.key_material_size / 2];
600}
601
602} // namespace test
Shawn Willden76364712014-08-11 17:48:04 -0600603} // namespace keymaster