Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 33ab0389e908b98702806c746e7babc0d46eb452 / . / android_keymaster_test_utils.cpp
blob: dacc413bd888cc795ff68bf8529221c4ea493186 [file] [log] [blame]
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]17#include "android_keymaster_test_utils.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]18
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]19#include <algorithm>
20
21#include <openssl/rand.h>
22
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]23#include <keymaster/android_keymaster_messages.h>
24#include <keymaster/android_keymaster_utils.h>
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]25
26using std::is_permutation;
27using std::ostream;
28using std::string;
29using std::vector;
30
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]31std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
32 os << "Tag: " << keymaster_tag_mask_type(param.tag);
33 switch (keymaster_tag_get_type(param.tag)) {
34 case KM_INVALID:
35 os << " Invalid";
36 break;
Shawn Willdenc3ac84f2015-06-24 12:25:37 -0700[diff] [blame]37 case KM_UINT_REP:
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]38 os << " (Rep)";
39 /* Falls through */
Shawn Willdenc3ac84f2015-06-24 12:25:37 -0700[diff] [blame]40 case KM_UINT:
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]41 os << " Int: " << param.integer;
42 break;
43 case KM_ENUM_REP:
44 os << " (Rep)";
45 /* Falls through */
46 case KM_ENUM:
47 os << " Enum: " << param.enumerated;
48 break;
Shawn Willdenc3ac84f2015-06-24 12:25:37 -0700[diff] [blame]49 case KM_ULONG_REP:
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]50 os << " (Rep)";
51 /* Falls through */
Shawn Willdenc3ac84f2015-06-24 12:25:37 -0700[diff] [blame]52 case KM_ULONG:
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]53 os << " Long: " << param.long_integer;
54 break;
55 case KM_DATE:
56 os << " Date: " << param.date_time;
57 break;
58 case KM_BOOL:
59 os << " Bool: " << param.boolean;
60 break;
61 case KM_BIGNUM:
62 os << " Bignum: ";
63 break;
64 case KM_BYTES:
65 os << " Bytes: ";
66 break;
67 }
68 return os;
69}
70
71bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) {
72 if (a.tag != b.tag) {
73 return false;
74 }
75
76 switch (keymaster_tag_get_type(a.tag)) {
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]77 case KM_INVALID:
78 return true;
Shawn Willdenc3ac84f2015-06-24 12:25:37 -0700[diff] [blame]79 case KM_UINT_REP:
80 case KM_UINT:
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]81 return a.integer == b.integer;
82 case KM_ENUM_REP:
83 case KM_ENUM:
84 return a.enumerated == b.enumerated;
Shawn Willdenc3ac84f2015-06-24 12:25:37 -0700[diff] [blame]85 case KM_ULONG:
86 case KM_ULONG_REP:
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]87 return a.long_integer == b.long_integer;
88 case KM_DATE:
89 return a.date_time == b.date_time;
90 case KM_BOOL:
91 return a.boolean == b.boolean;
92 case KM_BIGNUM:
93 case KM_BYTES:
94 if ((a.blob.data == NULL || b.blob.data == NULL) && a.blob.data != b.blob.data)
95 return false;
96 return a.blob.data_length == b.blob.data_length &&
97 (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0);
98 }
Shawn Willden82114e72015-04-16 15:47:50 -0600[diff] [blame]99
100 return false;
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]101}
102
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]103static char hex_value[256] = {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
106 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9'
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]107 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F'
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]108 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0,
109 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f'
110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
112 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
114 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
115 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]116
117string hex2str(string a) {
118 string b;
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]119 size_t num = a.size() / 2;
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]120 b.resize(num);
121 for (size_t i = 0; i < num; i++) {
122 b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
123 }
124 return b;
125}
126
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]127namespace keymaster {
128
129bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
130 if (a.size() != b.size())
131 return false;
132
133 for (size_t i = 0; i < a.size(); ++i)
134 if (!(a[i] == b[i]))
135 return false;
136 return true;
137}
138
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]139bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b) {
140 return !(a == b);
141}
142
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]143std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set) {
144 if (set.size() == 0)
145 os << "(Empty)" << std::endl;
146 for (size_t i = 0; i < set.size(); ++i) {
147 os << set[i] << std::endl;
148 }
149 return os;
150}
151
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]152namespace test {
153
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]154Keymaster1Test::Keymaster1Test() : op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]155 blob_.key_material = NULL;
156 RAND_seed("foobar", 6);
157 blob_.key_material = 0;
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]158 device_ = GetParam()->CreateDevice();
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]159}
160
161Keymaster1Test::~Keymaster1Test() {
162 FreeCharacteristics();
163 FreeKeyBlob();
164 device_->common.close(reinterpret_cast<hw_device_t*>(device_));
165}
166
167keymaster1_device_t* Keymaster1Test::device() {
168 return device_;
169}
170
171keymaster_error_t Keymaster1Test::GenerateKey(const AuthorizationSetBuilder& builder) {
172 AuthorizationSet params(builder.build());
173 params.push_back(UserAuthParams());
174 params.push_back(ClientParams());
175
176 FreeKeyBlob();
177 FreeCharacteristics();
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]178 return device()->generate_key(device(), &params, &blob_, &characteristics_);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]179}
180
181keymaster_error_t Keymaster1Test::ImportKey(const AuthorizationSetBuilder& builder,
182 keymaster_key_format_t format,
183 const string& key_material) {
184 AuthorizationSet params(builder.build());
185 params.push_back(UserAuthParams());
186 params.push_back(ClientParams());
187
188 FreeKeyBlob();
189 FreeCharacteristics();
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]190 keymaster_blob_t key = {reinterpret_cast<const uint8_t*>(key_material.c_str()),
191 key_material.length()};
192 return device()->import_key(device(), &params, format, &key, &blob_, &characteristics_);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]193}
194
195AuthorizationSet Keymaster1Test::UserAuthParams() {
196 AuthorizationSet set;
197 set.push_back(TAG_USER_ID, 7);
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]198 set.push_back(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]199 set.push_back(TAG_AUTH_TIMEOUT, 300);
200 return set;
201}
202
203AuthorizationSet Keymaster1Test::ClientParams() {
204 AuthorizationSet set;
205 set.push_back(TAG_APPLICATION_ID, "app_id", 6);
206 return set;
207}
208
209keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]210 AuthorizationSet in_params(client_params());
211 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]212 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]213 device()->begin(device(), purpose, &blob_, &in_params, &out_params, &op_handle_);
214 EXPECT_EQ(0U, out_params.length);
215 EXPECT_TRUE(out_params.params == nullptr);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]216 return error;
217}
218
219keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose,
220 const AuthorizationSet& input_set,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]221 AuthorizationSet* output_set) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]222 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]223 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]224 device()->begin(device(), purpose, &blob_, &input_set, &out_params, &op_handle_);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]225 if (error == KM_ERROR_OK) {
226 if (output_set) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]227 output_set->Reinitialize(out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]228 } else {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]229 EXPECT_EQ(0U, out_params.length);
230 EXPECT_TRUE(out_params.params == nullptr);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]231 }
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]232 keymaster_free_param_set(&out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]233 }
234 return error;
235}
236
237keymaster_error_t Keymaster1Test::UpdateOperation(const string& message, string* output,
238 size_t* input_consumed) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]239 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]240 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
241 keymaster_blob_t out_tmp;
242 keymaster_key_param_set_t out_params;
243 keymaster_error_t error = device()->update(device(), op_handle_, nullptr /* params */, &input,
244 input_consumed, &out_params, &out_tmp);
245 if (error == KM_ERROR_OK && out_tmp.data)
246 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
247 free(const_cast<uint8_t*>(out_tmp.data));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]248 return error;
249}
250
251keymaster_error_t Keymaster1Test::UpdateOperation(const AuthorizationSet& additional_params,
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]252 const string& message,
253 AuthorizationSet* output_params, string* output,
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]254 size_t* input_consumed) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]255 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]256 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
257 keymaster_blob_t out_tmp;
258 keymaster_key_param_set_t out_params;
259 keymaster_error_t error = device()->update(device(), op_handle_, &additional_params, &input,
260 input_consumed, &out_params, &out_tmp);
261 if (error == KM_ERROR_OK && out_tmp.data)
262 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
263 free((void*)out_tmp.data);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]264 if (output_params)
265 output_params->Reinitialize(out_params);
266 keymaster_free_param_set(&out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]267 return error;
268}
269
270keymaster_error_t Keymaster1Test::FinishOperation(string* output) {
271 return FinishOperation("", output);
272}
273
274keymaster_error_t Keymaster1Test::FinishOperation(const string& signature, string* output) {
275 AuthorizationSet additional_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]276 AuthorizationSet output_params;
277 return FinishOperation(additional_params, signature, &output_params, output);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]278}
279
280keymaster_error_t Keymaster1Test::FinishOperation(const AuthorizationSet& additional_params,
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]281 const string& signature,
282 AuthorizationSet* output_params, string* output) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]283 keymaster_blob_t sig = {reinterpret_cast<const uint8_t*>(signature.c_str()),
284 signature.length()};
285 keymaster_blob_t out_tmp;
286 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]287 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]288 device()->finish(device(), op_handle_, &additional_params, &sig, &out_params, &out_tmp);
289 if (error != KM_ERROR_OK) {
290 EXPECT_TRUE(out_tmp.data == nullptr);
291 EXPECT_TRUE(out_params.params == nullptr);
292 return error;
293 }
294
295 if (out_tmp.data)
296 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
297 free((void*)out_tmp.data);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]298 if (output_params)
299 output_params->Reinitialize(out_params);
300 keymaster_free_param_set(&out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]301 return error;
302}
303
304keymaster_error_t Keymaster1Test::AbortOperation() {
305 return device()->abort(device(), op_handle_);
306}
307
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]308string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) {
309 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]310
311 string result;
312 size_t input_consumed;
313 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
314 EXPECT_EQ(message.size(), input_consumed);
315 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
316 return result;
317}
318
319string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
320 const AuthorizationSet& begin_params,
321 const AuthorizationSet& update_params,
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]322 AuthorizationSet* begin_out_params) {
323 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, begin_out_params));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]324
325 string result;
326 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]327 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, nullptr /* output_params */,
328 &result, &input_consumed));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]329 EXPECT_EQ(message.size(), input_consumed);
330 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result));
331 return result;
332}
333
334string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]335 const string& signature, const AuthorizationSet& begin_params,
336 const AuthorizationSet& update_params,
337 AuthorizationSet* output_params) {
338 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
339
340 string result;
341 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]342 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, nullptr /* output_params */,
343 &result, &input_consumed));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]344 EXPECT_EQ(message.size(), input_consumed);
345 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, signature, &result));
346 return result;
347}
348
349string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
350 const string& signature) {
351 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]352
353 string result;
354 size_t input_consumed;
355 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
356 EXPECT_EQ(message.size(), input_consumed);
357 EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
358 return result;
359}
360
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]361void Keymaster1Test::SignMessage(const string& message, string* signature,
362 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]363 SCOPED_TRACE("SignMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]364 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
365 input_params.push_back(TAG_DIGEST, digest);
366 AuthorizationSet update_params;
367 AuthorizationSet output_params;
368 *signature =
369 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]370 EXPECT_GT(signature->size(), 0U);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]371}
372
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]373void Keymaster1Test::SignMessage(const string& message, string* signature,
374 keymaster_digest_t digest, keymaster_padding_t padding) {
375 SCOPED_TRACE("SignMessage");
376 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
377 input_params.push_back(TAG_DIGEST, digest);
378 input_params.push_back(TAG_PADDING, padding);
379 AuthorizationSet update_params;
380 AuthorizationSet output_params;
381 *signature =
382 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
383 EXPECT_GT(signature->size(), 0U);
384}
385
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]386void Keymaster1Test::MacMessage(const string& message, string* signature, size_t mac_length) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]387 SCOPED_TRACE("SignMessage");
388 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
389 input_params.push_back(TAG_MAC_LENGTH, mac_length);
390 AuthorizationSet update_params;
391 AuthorizationSet output_params;
392 *signature =
393 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
394 EXPECT_GT(signature->size(), 0U);
395}
396
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]397void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]398 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]399 SCOPED_TRACE("VerifyMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]400 AuthorizationSet input_params(client_params());
401 input_params.push_back(TAG_DIGEST, digest);
402 AuthorizationSet update_params;
403 AuthorizationSet output_params;
404 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
405 &output_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]406}
407
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]408void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
409 keymaster_digest_t digest, keymaster_padding_t padding) {
410 SCOPED_TRACE("VerifyMessage");
411 AuthorizationSet input_params(client_params());
412 input_params.push_back(TAG_DIGEST, digest);
413 input_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]414 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]415 AuthorizationSet output_params;
416 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
417 &output_params);
418}
419
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]420void Keymaster1Test::VerifyMac(const string& message, const string& signature) {
421 SCOPED_TRACE("VerifyMac");
422 ProcessMessage(KM_PURPOSE_VERIFY, message, signature);
423}
424
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]425string Keymaster1Test::EncryptMessage(const string& message, keymaster_padding_t padding,
426 string* generated_nonce) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]427 SCOPED_TRACE("EncryptMessage");
428 AuthorizationSet begin_params(client_params()), output_params;
429 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]430 AuthorizationSet update_params;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]431 string ciphertext =
432 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
433 if (generated_nonce) {
434 keymaster_blob_t nonce_blob;
435 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
436 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
437 } else {
438 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
439 }
440 return ciphertext;
441}
442
443string Keymaster1Test::EncryptMessage(const string& message, keymaster_digest_t digest,
444 keymaster_padding_t padding, string* generated_nonce) {
445 AuthorizationSet update_params;
446 return EncryptMessage(update_params, message, digest, padding, generated_nonce);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]447}
448
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]449string Keymaster1Test::EncryptMessage(const string& message, keymaster_block_mode_t block_mode,
450 keymaster_padding_t padding, string* generated_nonce) {
451 AuthorizationSet update_params;
452 return EncryptMessage(update_params, message, block_mode, padding, generated_nonce);
453}
454
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]455string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]456 keymaster_digest_t digest, keymaster_padding_t padding,
457 string* generated_nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]458 SCOPED_TRACE("EncryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]459 AuthorizationSet begin_params(client_params()), output_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]460 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]461 begin_params.push_back(TAG_DIGEST, digest);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]462 string ciphertext =
463 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
464 if (generated_nonce) {
465 keymaster_blob_t nonce_blob;
466 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
467 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
468 } else {
469 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
470 }
471 return ciphertext;
472}
473
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]474string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
475 keymaster_block_mode_t block_mode,
476 keymaster_padding_t padding, string* generated_nonce) {
477 SCOPED_TRACE("EncryptMessage");
478 AuthorizationSet begin_params(client_params()), output_params;
479 begin_params.push_back(TAG_PADDING, padding);
480 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
481 string ciphertext =
482 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
483 if (generated_nonce) {
484 keymaster_blob_t nonce_blob;
485 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
486 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
487 } else {
488 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
489 }
490 return ciphertext;
491}
492
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]493string Keymaster1Test::EncryptMessageWithParams(const string& message,
494 const AuthorizationSet& begin_params,
495 const AuthorizationSet& update_params,
496 AuthorizationSet* output_params) {
497 SCOPED_TRACE("EncryptMessageWithParams");
498 return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params);
499}
500
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]501string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]502 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]503 AuthorizationSet begin_params(client_params());
504 begin_params.push_back(TAG_PADDING, padding);
505 AuthorizationSet update_params;
506 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]507}
508
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]509string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_digest_t digest,
510 keymaster_padding_t padding) {
511 SCOPED_TRACE("DecryptMessage");
512 AuthorizationSet begin_params(client_params());
513 begin_params.push_back(TAG_PADDING, padding);
514 begin_params.push_back(TAG_DIGEST, digest);
515 AuthorizationSet update_params;
516 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
517}
518
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]519string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
520 keymaster_padding_t padding) {
521 SCOPED_TRACE("DecryptMessage");
522 AuthorizationSet begin_params(client_params());
523 begin_params.push_back(TAG_PADDING, padding);
524 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
525 AuthorizationSet update_params;
526 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
527}
528
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]529string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_digest_t digest,
530 keymaster_padding_t padding, const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]531 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]532 AuthorizationSet begin_params(client_params());
533 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]534 begin_params.push_back(TAG_DIGEST, digest);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]535 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]536 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]537 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]538}
539
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]540string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
541 keymaster_padding_t padding, const string& nonce) {
542 SCOPED_TRACE("DecryptMessage");
543 AuthorizationSet begin_params(client_params());
544 begin_params.push_back(TAG_PADDING, padding);
545 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
546 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
547 AuthorizationSet update_params;
548 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
549}
550
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]551string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params,
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]552 const string& ciphertext, keymaster_digest_t digest,
553 keymaster_padding_t padding, const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]554 SCOPED_TRACE("DecryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]555 AuthorizationSet begin_params(client_params());
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]556 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]557 begin_params.push_back(TAG_DIGEST, digest);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]558 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
559 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
560}
561
562keymaster_error_t Keymaster1Test::GetCharacteristics() {
563 FreeCharacteristics();
564 return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
565 &characteristics_);
566}
567
568keymaster_error_t Keymaster1Test::ExportKey(keymaster_key_format_t format, string* export_data) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]569 keymaster_blob_t export_tmp;
570 keymaster_error_t error = device()->export_key(device(), format, &blob_, &client_id_,
571 NULL /* app_data */, &export_tmp);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]572
573 if (error != KM_ERROR_OK)
574 return error;
575
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame]576 *export_data = string(reinterpret_cast<const char*>(export_tmp.data), export_tmp.data_length);
577 free((void*)export_tmp.data);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]578 return error;
579}
580
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]581void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
582 string expected_mac) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]583 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
584 .HmacKey(key.size() * 8)
585 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
586 .Digest(digest),
587 KM_KEY_FORMAT_RAW, key));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]588 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]589 MacMessage(message, &signature, expected_mac.size() * 8);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]590 EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]591}
592
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]593void Keymaster1Test::CheckAesCtrTestVector(const string& key, const string& nonce,
594 const string& message,
595 const string& expected_ciphertext) {
596 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
597 .AesEncryptionKey(key.size() * 8)
598 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]599 .Authorization(TAG_CALLER_NONCE)
600 .Padding(KM_PAD_NONE),
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]601 KM_KEY_FORMAT_RAW, key));
602
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]603 AuthorizationSet begin_params(client_params()), update_params, output_params;
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]604 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]605 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]606 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]607 string ciphertext =
608 EncryptMessageWithParams(message, begin_params, update_params, &output_params);
609 EXPECT_EQ(expected_ciphertext, ciphertext);
610}
611
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]612AuthorizationSet Keymaster1Test::hw_enforced() {
613 EXPECT_TRUE(characteristics_ != NULL);
614 return AuthorizationSet(characteristics_->hw_enforced);
615}
616
617AuthorizationSet Keymaster1Test::sw_enforced() {
618 EXPECT_TRUE(characteristics_ != NULL);
619 return AuthorizationSet(characteristics_->sw_enforced);
620}
621
622void Keymaster1Test::FreeCharacteristics() {
623 keymaster_free_characteristics(characteristics_);
624 free(characteristics_);
625 characteristics_ = NULL;
626}
627
628void Keymaster1Test::FreeKeyBlob() {
629 free(const_cast<uint8_t*>(blob_.key_material));
630 blob_.key_material = NULL;
631}
632
633void Keymaster1Test::corrupt_key_blob() {
634 assert(blob_.key_material);
635 uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
636 ++tmp[blob_.key_material_size / 2];
637}
638
639} // namespace test
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]640} // namespace keymaster