Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 7689ed6e95e5cb712c4983cb30ad383520cfaa33 / . / google_keymaster_test_utils.cpp
blob: 664e020d1f87b493e44069ba5d665633085a3088 [file] [log] [blame]
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "google_keymaster_test_utils.h"
18
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]19#include <algorithm>
20
21#include <openssl/rand.h>
22
23#include <keymaster/google_keymaster_messages.h>
24#include <keymaster/google_keymaster_utils.h>
25
26using std::is_permutation;
27using std::ostream;
28using std::string;
29using std::vector;
30
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]31std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
32 os << "Tag: " << keymaster_tag_mask_type(param.tag);
33 switch (keymaster_tag_get_type(param.tag)) {
34 case KM_INVALID:
35 os << " Invalid";
36 break;
37 case KM_INT_REP:
38 os << " (Rep)";
39 /* Falls through */
40 case KM_INT:
41 os << " Int: " << param.integer;
42 break;
43 case KM_ENUM_REP:
44 os << " (Rep)";
45 /* Falls through */
46 case KM_ENUM:
47 os << " Enum: " << param.enumerated;
48 break;
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]49 case KM_LONG_REP:
50 os << " (Rep)";
51 /* Falls through */
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]52 case KM_LONG:
53 os << " Long: " << param.long_integer;
54 break;
55 case KM_DATE:
56 os << " Date: " << param.date_time;
57 break;
58 case KM_BOOL:
59 os << " Bool: " << param.boolean;
60 break;
61 case KM_BIGNUM:
62 os << " Bignum: ";
63 break;
64 case KM_BYTES:
65 os << " Bytes: ";
66 break;
67 }
68 return os;
69}
70
71bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) {
72 if (a.tag != b.tag) {
73 return false;
74 }
75
76 switch (keymaster_tag_get_type(a.tag)) {
77 default:
78 return false;
79 case KM_INVALID:
80 return true;
81 case KM_INT_REP:
82 case KM_INT:
83 return a.integer == b.integer;
84 case KM_ENUM_REP:
85 case KM_ENUM:
86 return a.enumerated == b.enumerated;
87 case KM_LONG:
88 return a.long_integer == b.long_integer;
89 case KM_DATE:
90 return a.date_time == b.date_time;
91 case KM_BOOL:
92 return a.boolean == b.boolean;
93 case KM_BIGNUM:
94 case KM_BYTES:
95 if ((a.blob.data == NULL || b.blob.data == NULL) && a.blob.data != b.blob.data)
96 return false;
97 return a.blob.data_length == b.blob.data_length &&
98 (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0);
99 }
100}
101
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame^]102static char hex_value[256] = {
103 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
106 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9'
107 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F'
108 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
109 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f'
110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
112 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
114 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
115 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
116 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
117 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
118 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
119};
120
121string hex2str(string a) {
122 string b;
123 size_t num = a.size()/2;
124 b.resize(num);
125 for (size_t i = 0; i < num; i++) {
126 b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
127 }
128 return b;
129}
130
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]131namespace keymaster {
132
133bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
134 if (a.size() != b.size())
135 return false;
136
137 for (size_t i = 0; i < a.size(); ++i)
138 if (!(a[i] == b[i]))
139 return false;
140 return true;
141}
142
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]143bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b) {
144 return !(a == b);
145}
146
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]147std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set) {
148 if (set.size() == 0)
149 os << "(Empty)" << std::endl;
150 for (size_t i = 0; i < set.size(); ++i) {
151 os << set[i] << std::endl;
152 }
153 return os;
154}
155
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]156namespace test {
157
158Keymaster1Test::Keymaster1Test()
159 : device_(NULL), op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
160 blob_.key_material = NULL;
161 RAND_seed("foobar", 6);
162 blob_.key_material = 0;
163}
164
165Keymaster1Test::~Keymaster1Test() {
166 FreeCharacteristics();
167 FreeKeyBlob();
168 device_->common.close(reinterpret_cast<hw_device_t*>(device_));
169}
170
171keymaster1_device_t* Keymaster1Test::device() {
172 return device_;
173}
174
175keymaster_error_t Keymaster1Test::GenerateKey(const AuthorizationSetBuilder& builder) {
176 AuthorizationSet params(builder.build());
177 params.push_back(UserAuthParams());
178 params.push_back(ClientParams());
179
180 FreeKeyBlob();
181 FreeCharacteristics();
182 return device()->generate_key(device(), params.data(), params.size(), &blob_,
183 &characteristics_);
184}
185
186keymaster_error_t Keymaster1Test::ImportKey(const AuthorizationSetBuilder& builder,
187 keymaster_key_format_t format,
188 const string& key_material) {
189 AuthorizationSet params(builder.build());
190 params.push_back(UserAuthParams());
191 params.push_back(ClientParams());
192
193 FreeKeyBlob();
194 FreeCharacteristics();
195 return device()->import_key(device(), params.data(), params.size(), format,
196 reinterpret_cast<const uint8_t*>(key_material.c_str()),
197 key_material.length(), &blob_, &characteristics_);
198}
199
200AuthorizationSet Keymaster1Test::UserAuthParams() {
201 AuthorizationSet set;
202 set.push_back(TAG_USER_ID, 7);
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]203 set.push_back(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]204 set.push_back(TAG_AUTH_TIMEOUT, 300);
205 return set;
206}
207
208AuthorizationSet Keymaster1Test::ClientParams() {
209 AuthorizationSet set;
210 set.push_back(TAG_APPLICATION_ID, "app_id", 6);
211 return set;
212}
213
214keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose) {
215 keymaster_key_param_t* out_params = NULL;
216 size_t out_params_count = 0;
217 keymaster_error_t error =
218 device()->begin(device(), purpose, &blob_, client_params_, array_length(client_params_),
219 &out_params, &out_params_count, &op_handle_);
220 EXPECT_EQ(0, out_params_count);
221 EXPECT_TRUE(out_params == NULL);
222 return error;
223}
224
225keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose,
226 const AuthorizationSet& input_set,
227 AuthorizationSet* output_set) {
228 AuthorizationSet additional_params(client_params_, array_length(client_params_));
229 additional_params.push_back(input_set);
230
231 keymaster_key_param_t* out_params;
232 size_t out_params_count;
233 keymaster_error_t error =
234 device()->begin(device(), purpose, &blob_, additional_params.data(),
235 additional_params.size(), &out_params, &out_params_count, &op_handle_);
236 if (error == KM_ERROR_OK) {
237 if (output_set) {
238 output_set->Reinitialize(out_params, out_params_count);
239 } else {
240 EXPECT_EQ(0, out_params_count);
241 EXPECT_TRUE(out_params == NULL);
242 }
243 keymaster_free_param_values(out_params, out_params_count);
244 free(out_params);
245 }
246 return error;
247}
248
249keymaster_error_t Keymaster1Test::UpdateOperation(const string& message, string* output,
250 size_t* input_consumed) {
251 uint8_t* out_tmp = NULL;
252 size_t out_length;
253 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
254 keymaster_error_t error =
255 device()->update(device(), op_handle_, NULL /* params */, 0 /* params_count */,
256 reinterpret_cast<const uint8_t*>(message.c_str()), message.length(),
257 input_consumed, &out_tmp, &out_length);
258 if (error == KM_ERROR_OK && out_tmp)
259 output->append(reinterpret_cast<char*>(out_tmp), out_length);
260 free(out_tmp);
261 return error;
262}
263
264keymaster_error_t Keymaster1Test::UpdateOperation(const AuthorizationSet& additional_params,
265 const string& message, string* output,
266 size_t* input_consumed) {
267 uint8_t* out_tmp = NULL;
268 size_t out_length;
269 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
270 keymaster_error_t error =
271 device()->update(device(), op_handle_, additional_params.data(), additional_params.size(),
272 reinterpret_cast<const uint8_t*>(message.c_str()), message.length(),
273 input_consumed, &out_tmp, &out_length);
274 if (error == KM_ERROR_OK && out_tmp)
275 output->append(reinterpret_cast<char*>(out_tmp), out_length);
276 free(out_tmp);
277 return error;
278}
279
280keymaster_error_t Keymaster1Test::FinishOperation(string* output) {
281 return FinishOperation("", output);
282}
283
284keymaster_error_t Keymaster1Test::FinishOperation(const string& signature, string* output) {
285 AuthorizationSet additional_params;
286 return FinishOperation(additional_params, signature, output);
287}
288
289keymaster_error_t Keymaster1Test::FinishOperation(const AuthorizationSet& additional_params,
290 const string& signature, string* output) {
291 uint8_t* out_tmp = NULL;
292 size_t out_length;
293 keymaster_error_t error =
294 device()->finish(device(), op_handle_, additional_params.data(), additional_params.size(),
295 reinterpret_cast<const uint8_t*>(signature.c_str()), signature.length(),
296 &out_tmp, &out_length);
297 if (out_tmp)
298 output->append(reinterpret_cast<char*>(out_tmp), out_length);
299 free(out_tmp);
300 return error;
301}
302
303keymaster_error_t Keymaster1Test::AbortOperation() {
304 return device()->abort(device(), op_handle_);
305}
306
307string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) {
308 AuthorizationSet input_params;
309 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
310
311 string result;
312 size_t input_consumed;
313 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
314 EXPECT_EQ(message.size(), input_consumed);
315 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
316 return result;
317}
318
319string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
320 const AuthorizationSet& begin_params,
321 const AuthorizationSet& update_params,
322 AuthorizationSet* output_params) {
323 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
324
325 string result;
326 size_t input_consumed;
327 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &result, &input_consumed));
328 EXPECT_EQ(message.size(), input_consumed);
329 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result));
330 return result;
331}
332
333string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
334 const string& signature) {
335 AuthorizationSet input_params;
336 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
337
338 string result;
339 size_t input_consumed;
340 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
341 EXPECT_EQ(message.size(), input_consumed);
342 EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
343 return result;
344}
345
346void Keymaster1Test::SignMessage(const string& message, string* signature) {
347 SCOPED_TRACE("SignMessage");
348 *signature = ProcessMessage(KM_PURPOSE_SIGN, message);
349 EXPECT_GT(signature->size(), 0);
350}
351
352void Keymaster1Test::VerifyMessage(const string& message, const string& signature) {
353 SCOPED_TRACE("VerifyMessage");
354 ProcessMessage(KM_PURPOSE_VERIFY, message, signature);
355}
356
357string Keymaster1Test::EncryptMessage(const string& message, string* generated_nonce) {
358 AuthorizationSet update_params;
359 return EncryptMessage(update_params, message, generated_nonce);
360}
361
362string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
363 string* generated_nonce) {
364 SCOPED_TRACE("EncryptMessage");
365 AuthorizationSet begin_params, output_params;
366 string ciphertext =
367 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
368 if (generated_nonce) {
369 keymaster_blob_t nonce_blob;
370 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
371 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
372 } else {
373 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
374 }
375 return ciphertext;
376}
377
378string Keymaster1Test::EncryptMessageWithParams(const string& message,
379 const AuthorizationSet& begin_params,
380 const AuthorizationSet& update_params,
381 AuthorizationSet* output_params) {
382 SCOPED_TRACE("EncryptMessageWithParams");
383 return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params);
384}
385
386string Keymaster1Test::DecryptMessage(const string& ciphertext) {
387 SCOPED_TRACE("DecryptMessage");
388 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext);
389}
390
391string Keymaster1Test::DecryptMessage(const string& ciphertext, const string& nonce) {
392 SCOPED_TRACE("DecryptMessage");
393 AuthorizationSet update_params;
394 return DecryptMessage(update_params, ciphertext, nonce);
395}
396
397string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params,
398 const string& ciphertext, const string& nonce) {
399 SCOPED_TRACE("DecryptMessage");
400 AuthorizationSet begin_params;
401 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
402 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
403}
404
405keymaster_error_t Keymaster1Test::GetCharacteristics() {
406 FreeCharacteristics();
407 return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
408 &characteristics_);
409}
410
411keymaster_error_t Keymaster1Test::ExportKey(keymaster_key_format_t format, string* export_data) {
412 uint8_t* export_data_tmp;
413 size_t export_data_length;
414
415 keymaster_error_t error =
416 device()->export_key(device(), format, &blob_, &client_id_, NULL /* app_data */,
417 &export_data_tmp, &export_data_length);
418
419 if (error != KM_ERROR_OK)
420 return error;
421
422 *export_data = string(reinterpret_cast<char*>(export_data_tmp), export_data_length);
423 free(export_data_tmp);
424 return error;
425}
426
427keymaster_error_t
428Keymaster1Test::Rescope(const AuthorizationSet& new_params, keymaster_key_blob_t* rescoped_blob,
429 keymaster_key_characteristics_t** rescoped_characteristics) {
430 return device()->rescope(device(), new_params.data(), new_params.size(), &blob_, &client_id_,
431 NULL /* app data */, rescoped_blob, rescoped_characteristics);
432}
433
434void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
435 string expected_mac) {
436 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8, digest,
437 expected_mac.size()),
438 KM_KEY_FORMAT_RAW, key));
439 string signature;
440 SignMessage(message, &signature);
441 EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << digest;
442}
443
444void Keymaster1Test::CheckAesOcbTestVector(const string& key, const string& nonce,
445 const string& associated_data, const string& message,
446 const string& expected_ciphertext) {
447 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
448 .AesEncryptionKey(key.size() * 8)
449 .OcbMode(4096 /* chunk length */, 16 /* tag length */)
450 .Authorization(TAG_CALLER_NONCE),
451 KM_KEY_FORMAT_RAW, key));
452
453 AuthorizationSet begin_params, update_params, output_params;
454 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
455 update_params.push_back(TAG_ASSOCIATED_DATA, associated_data.data(), associated_data.size());
456 string ciphertext =
457 EncryptMessageWithParams(message, begin_params, update_params, &output_params);
458 EXPECT_EQ(expected_ciphertext, ciphertext);
459}
460
461AuthorizationSet Keymaster1Test::hw_enforced() {
462 EXPECT_TRUE(characteristics_ != NULL);
463 return AuthorizationSet(characteristics_->hw_enforced);
464}
465
466AuthorizationSet Keymaster1Test::sw_enforced() {
467 EXPECT_TRUE(characteristics_ != NULL);
468 return AuthorizationSet(characteristics_->sw_enforced);
469}
470
471void Keymaster1Test::FreeCharacteristics() {
472 keymaster_free_characteristics(characteristics_);
473 free(characteristics_);
474 characteristics_ = NULL;
475}
476
477void Keymaster1Test::FreeKeyBlob() {
478 free(const_cast<uint8_t*>(blob_.key_material));
479 blob_.key_material = NULL;
480}
481
482void Keymaster1Test::corrupt_key_blob() {
483 assert(blob_.key_material);
484 uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
485 ++tmp[blob_.key_material_size / 2];
486}
487
488} // namespace test
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]489} // namespace keymaster