Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / b6837e7a62a1192e33beef586282812239ee8b28 / . / android_keymaster_test_utils.cpp
blob: 591e8d744fdc6193e3d8b170596681cefd164e0f [file] [log] [blame]
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame^]17#include "android_keymaster_test_utils.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]18
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]19#include <algorithm>
20
21#include <openssl/rand.h>
22
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame^]23#include <keymaster/android_keymaster_messages.h>
24#include <keymaster/android_keymaster_utils.h>
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]25
26using std::is_permutation;
27using std::ostream;
28using std::string;
29using std::vector;
30
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]31std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
32 os << "Tag: " << keymaster_tag_mask_type(param.tag);
33 switch (keymaster_tag_get_type(param.tag)) {
34 case KM_INVALID:
35 os << " Invalid";
36 break;
37 case KM_INT_REP:
38 os << " (Rep)";
39 /* Falls through */
40 case KM_INT:
41 os << " Int: " << param.integer;
42 break;
43 case KM_ENUM_REP:
44 os << " (Rep)";
45 /* Falls through */
46 case KM_ENUM:
47 os << " Enum: " << param.enumerated;
48 break;
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]49 case KM_LONG_REP:
50 os << " (Rep)";
51 /* Falls through */
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]52 case KM_LONG:
53 os << " Long: " << param.long_integer;
54 break;
55 case KM_DATE:
56 os << " Date: " << param.date_time;
57 break;
58 case KM_BOOL:
59 os << " Bool: " << param.boolean;
60 break;
61 case KM_BIGNUM:
62 os << " Bignum: ";
63 break;
64 case KM_BYTES:
65 os << " Bytes: ";
66 break;
67 }
68 return os;
69}
70
71bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) {
72 if (a.tag != b.tag) {
73 return false;
74 }
75
76 switch (keymaster_tag_get_type(a.tag)) {
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]77 case KM_INVALID:
78 return true;
79 case KM_INT_REP:
80 case KM_INT:
81 return a.integer == b.integer;
82 case KM_ENUM_REP:
83 case KM_ENUM:
84 return a.enumerated == b.enumerated;
85 case KM_LONG:
Shawn Willden82114e72015-04-16 15:47:50 -0600[diff] [blame]86 case KM_LONG_REP:
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]87 return a.long_integer == b.long_integer;
88 case KM_DATE:
89 return a.date_time == b.date_time;
90 case KM_BOOL:
91 return a.boolean == b.boolean;
92 case KM_BIGNUM:
93 case KM_BYTES:
94 if ((a.blob.data == NULL || b.blob.data == NULL) && a.blob.data != b.blob.data)
95 return false;
96 return a.blob.data_length == b.blob.data_length &&
97 (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0);
98 }
Shawn Willden82114e72015-04-16 15:47:50 -0600[diff] [blame]99
100 return false;
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]101}
102
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]103static char hex_value[256] = {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
106 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9'
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]107 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F'
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]108 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0,
109 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f'
110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
112 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
114 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
115 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]116
117string hex2str(string a) {
118 string b;
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]119 size_t num = a.size() / 2;
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]120 b.resize(num);
121 for (size_t i = 0; i < num; i++) {
122 b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
123 }
124 return b;
125}
126
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]127namespace keymaster {
128
129bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
130 if (a.size() != b.size())
131 return false;
132
133 for (size_t i = 0; i < a.size(); ++i)
134 if (!(a[i] == b[i]))
135 return false;
136 return true;
137}
138
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]139bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b) {
140 return !(a == b);
141}
142
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]143std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set) {
144 if (set.size() == 0)
145 os << "(Empty)" << std::endl;
146 for (size_t i = 0; i < set.size(); ++i) {
147 os << set[i] << std::endl;
148 }
149 return os;
150}
151
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]152namespace test {
153
154Keymaster1Test::Keymaster1Test()
155 : device_(NULL), op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
156 blob_.key_material = NULL;
157 RAND_seed("foobar", 6);
158 blob_.key_material = 0;
159}
160
161Keymaster1Test::~Keymaster1Test() {
162 FreeCharacteristics();
163 FreeKeyBlob();
164 device_->common.close(reinterpret_cast<hw_device_t*>(device_));
165}
166
167keymaster1_device_t* Keymaster1Test::device() {
168 return device_;
169}
170
171keymaster_error_t Keymaster1Test::GenerateKey(const AuthorizationSetBuilder& builder) {
172 AuthorizationSet params(builder.build());
173 params.push_back(UserAuthParams());
174 params.push_back(ClientParams());
175
176 FreeKeyBlob();
177 FreeCharacteristics();
178 return device()->generate_key(device(), params.data(), params.size(), &blob_,
179 &characteristics_);
180}
181
182keymaster_error_t Keymaster1Test::ImportKey(const AuthorizationSetBuilder& builder,
183 keymaster_key_format_t format,
184 const string& key_material) {
185 AuthorizationSet params(builder.build());
186 params.push_back(UserAuthParams());
187 params.push_back(ClientParams());
188
189 FreeKeyBlob();
190 FreeCharacteristics();
191 return device()->import_key(device(), params.data(), params.size(), format,
192 reinterpret_cast<const uint8_t*>(key_material.c_str()),
193 key_material.length(), &blob_, &characteristics_);
194}
195
196AuthorizationSet Keymaster1Test::UserAuthParams() {
197 AuthorizationSet set;
198 set.push_back(TAG_USER_ID, 7);
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]199 set.push_back(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]200 set.push_back(TAG_AUTH_TIMEOUT, 300);
201 return set;
202}
203
204AuthorizationSet Keymaster1Test::ClientParams() {
205 AuthorizationSet set;
206 set.push_back(TAG_APPLICATION_ID, "app_id", 6);
207 return set;
208}
209
210keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose) {
211 keymaster_key_param_t* out_params = NULL;
212 size_t out_params_count = 0;
213 keymaster_error_t error =
214 device()->begin(device(), purpose, &blob_, client_params_, array_length(client_params_),
215 &out_params, &out_params_count, &op_handle_);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]216 EXPECT_EQ(0U, out_params_count);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]217 EXPECT_TRUE(out_params == NULL);
218 return error;
219}
220
221keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose,
222 const AuthorizationSet& input_set,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]223 AuthorizationSet* output_set) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]224 keymaster_key_param_t* out_params;
225 size_t out_params_count;
226 keymaster_error_t error =
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]227 device()->begin(device(), purpose, &blob_, input_set.data(), input_set.size(), &out_params,
228 &out_params_count, &op_handle_);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]229 if (error == KM_ERROR_OK) {
230 if (output_set) {
231 output_set->Reinitialize(out_params, out_params_count);
232 } else {
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]233 EXPECT_EQ(0U, out_params_count);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]234 EXPECT_TRUE(out_params == NULL);
235 }
236 keymaster_free_param_values(out_params, out_params_count);
237 free(out_params);
238 }
239 return error;
240}
241
242keymaster_error_t Keymaster1Test::UpdateOperation(const string& message, string* output,
243 size_t* input_consumed) {
244 uint8_t* out_tmp = NULL;
245 size_t out_length;
246 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
247 keymaster_error_t error =
248 device()->update(device(), op_handle_, NULL /* params */, 0 /* params_count */,
249 reinterpret_cast<const uint8_t*>(message.c_str()), message.length(),
250 input_consumed, &out_tmp, &out_length);
251 if (error == KM_ERROR_OK && out_tmp)
252 output->append(reinterpret_cast<char*>(out_tmp), out_length);
253 free(out_tmp);
254 return error;
255}
256
257keymaster_error_t Keymaster1Test::UpdateOperation(const AuthorizationSet& additional_params,
258 const string& message, string* output,
259 size_t* input_consumed) {
260 uint8_t* out_tmp = NULL;
261 size_t out_length;
262 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
263 keymaster_error_t error =
264 device()->update(device(), op_handle_, additional_params.data(), additional_params.size(),
265 reinterpret_cast<const uint8_t*>(message.c_str()), message.length(),
266 input_consumed, &out_tmp, &out_length);
267 if (error == KM_ERROR_OK && out_tmp)
268 output->append(reinterpret_cast<char*>(out_tmp), out_length);
269 free(out_tmp);
270 return error;
271}
272
273keymaster_error_t Keymaster1Test::FinishOperation(string* output) {
274 return FinishOperation("", output);
275}
276
277keymaster_error_t Keymaster1Test::FinishOperation(const string& signature, string* output) {
278 AuthorizationSet additional_params;
279 return FinishOperation(additional_params, signature, output);
280}
281
282keymaster_error_t Keymaster1Test::FinishOperation(const AuthorizationSet& additional_params,
283 const string& signature, string* output) {
284 uint8_t* out_tmp = NULL;
285 size_t out_length;
286 keymaster_error_t error =
287 device()->finish(device(), op_handle_, additional_params.data(), additional_params.size(),
288 reinterpret_cast<const uint8_t*>(signature.c_str()), signature.length(),
289 &out_tmp, &out_length);
290 if (out_tmp)
291 output->append(reinterpret_cast<char*>(out_tmp), out_length);
292 free(out_tmp);
293 return error;
294}
295
296keymaster_error_t Keymaster1Test::AbortOperation() {
297 return device()->abort(device(), op_handle_);
298}
299
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]300string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) {
301 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]302
303 string result;
304 size_t input_consumed;
305 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
306 EXPECT_EQ(message.size(), input_consumed);
307 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
308 return result;
309}
310
311string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
312 const AuthorizationSet& begin_params,
313 const AuthorizationSet& update_params,
314 AuthorizationSet* output_params) {
315 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
316
317 string result;
318 size_t input_consumed;
319 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &result, &input_consumed));
320 EXPECT_EQ(message.size(), input_consumed);
321 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result));
322 return result;
323}
324
325string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]326 const string& signature, const AuthorizationSet& begin_params,
327 const AuthorizationSet& update_params,
328 AuthorizationSet* output_params) {
329 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
330
331 string result;
332 size_t input_consumed;
333 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &result, &input_consumed));
334 EXPECT_EQ(message.size(), input_consumed);
335 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, signature, &result));
336 return result;
337}
338
339string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
340 const string& signature) {
341 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]342
343 string result;
344 size_t input_consumed;
345 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
346 EXPECT_EQ(message.size(), input_consumed);
347 EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
348 return result;
349}
350
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]351void Keymaster1Test::SignMessage(const string& message, string* signature,
352 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]353 SCOPED_TRACE("SignMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]354 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
355 input_params.push_back(TAG_DIGEST, digest);
356 AuthorizationSet update_params;
357 AuthorizationSet output_params;
358 *signature =
359 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]360 EXPECT_GT(signature->size(), 0U);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]361}
362
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]363void Keymaster1Test::SignMessage(const string& message, string* signature,
364 keymaster_digest_t digest, keymaster_padding_t padding) {
365 SCOPED_TRACE("SignMessage");
366 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
367 input_params.push_back(TAG_DIGEST, digest);
368 input_params.push_back(TAG_PADDING, padding);
369 AuthorizationSet update_params;
370 AuthorizationSet output_params;
371 *signature =
372 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
373 EXPECT_GT(signature->size(), 0U);
374}
375
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]376void Keymaster1Test::MacMessage(const string& message, string* signature, keymaster_digest_t digest,
377 size_t mac_length) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]378 SCOPED_TRACE("SignMessage");
379 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
380 input_params.push_back(TAG_MAC_LENGTH, mac_length);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]381 input_params.push_back(TAG_DIGEST, digest);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]382 AuthorizationSet update_params;
383 AuthorizationSet output_params;
384 *signature =
385 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
386 EXPECT_GT(signature->size(), 0U);
387}
388
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]389void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]390 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]391 SCOPED_TRACE("VerifyMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]392 AuthorizationSet input_params(client_params());
393 input_params.push_back(TAG_DIGEST, digest);
394 AuthorizationSet update_params;
395 AuthorizationSet output_params;
396 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
397 &output_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]398}
399
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]400void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
401 keymaster_digest_t digest, keymaster_padding_t padding) {
402 SCOPED_TRACE("VerifyMessage");
403 AuthorizationSet input_params(client_params());
404 input_params.push_back(TAG_DIGEST, digest);
405 input_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]406 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]407 AuthorizationSet output_params;
408 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
409 &output_params);
410}
411
412string Keymaster1Test::EncryptMessage(const string& message, keymaster_padding_t padding,
413 string* generated_nonce) {
414 AuthorizationSet update_params;
415 return EncryptMessage(update_params, message, padding, generated_nonce);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]416}
417
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]418string Keymaster1Test::EncryptMessage(const string& message, keymaster_block_mode_t block_mode,
419 keymaster_padding_t padding, string* generated_nonce) {
420 AuthorizationSet update_params;
421 return EncryptMessage(update_params, message, block_mode, padding, generated_nonce);
422}
423
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]424string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]425 keymaster_padding_t padding, string* generated_nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]426 SCOPED_TRACE("EncryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]427 AuthorizationSet begin_params(client_params()), output_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]428 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]429 string ciphertext =
430 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
431 if (generated_nonce) {
432 keymaster_blob_t nonce_blob;
433 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
434 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
435 } else {
436 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
437 }
438 return ciphertext;
439}
440
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]441string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
442 keymaster_block_mode_t block_mode,
443 keymaster_padding_t padding, string* generated_nonce) {
444 SCOPED_TRACE("EncryptMessage");
445 AuthorizationSet begin_params(client_params()), output_params;
446 begin_params.push_back(TAG_PADDING, padding);
447 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
448 string ciphertext =
449 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
450 if (generated_nonce) {
451 keymaster_blob_t nonce_blob;
452 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
453 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
454 } else {
455 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
456 }
457 return ciphertext;
458}
459
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]460string Keymaster1Test::EncryptMessageWithParams(const string& message,
461 const AuthorizationSet& begin_params,
462 const AuthorizationSet& update_params,
463 AuthorizationSet* output_params) {
464 SCOPED_TRACE("EncryptMessageWithParams");
465 return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params);
466}
467
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]468string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]469 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]470 AuthorizationSet begin_params(client_params());
471 begin_params.push_back(TAG_PADDING, padding);
472 AuthorizationSet update_params;
473 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]474}
475
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]476string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
477 keymaster_padding_t padding) {
478 SCOPED_TRACE("DecryptMessage");
479 AuthorizationSet begin_params(client_params());
480 begin_params.push_back(TAG_PADDING, padding);
481 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
482 AuthorizationSet update_params;
483 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
484}
485
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]486string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding,
487 const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]488 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]489 AuthorizationSet begin_params(client_params());
490 begin_params.push_back(TAG_PADDING, padding);
491 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]492 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]493 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]494}
495
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]496string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
497 keymaster_padding_t padding, const string& nonce) {
498 SCOPED_TRACE("DecryptMessage");
499 AuthorizationSet begin_params(client_params());
500 begin_params.push_back(TAG_PADDING, padding);
501 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
502 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
503 AuthorizationSet update_params;
504 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
505}
506
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]507string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params,
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]508 const string& ciphertext, keymaster_padding_t padding,
509 const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]510 SCOPED_TRACE("DecryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]511 AuthorizationSet begin_params(client_params());
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]512 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]513 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
514 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
515}
516
517keymaster_error_t Keymaster1Test::GetCharacteristics() {
518 FreeCharacteristics();
519 return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
520 &characteristics_);
521}
522
523keymaster_error_t Keymaster1Test::ExportKey(keymaster_key_format_t format, string* export_data) {
524 uint8_t* export_data_tmp;
525 size_t export_data_length;
526
527 keymaster_error_t error =
528 device()->export_key(device(), format, &blob_, &client_id_, NULL /* app_data */,
529 &export_data_tmp, &export_data_length);
530
531 if (error != KM_ERROR_OK)
532 return error;
533
534 *export_data = string(reinterpret_cast<char*>(export_data_tmp), export_data_length);
535 free(export_data_tmp);
536 return error;
537}
538
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]539void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
540 string expected_mac) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]541 ASSERT_EQ(KM_ERROR_OK,
542 ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8).Digest(digest),
543 KM_KEY_FORMAT_RAW, key));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]544 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]545 MacMessage(message, &signature, digest, expected_mac.size() * 8);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]546 EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]547}
548
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]549void Keymaster1Test::CheckAesCtrTestVector(const string& key, const string& nonce,
550 const string& message,
551 const string& expected_ciphertext) {
552 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
553 .AesEncryptionKey(key.size() * 8)
554 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]555 .Authorization(TAG_CALLER_NONCE)
556 .Padding(KM_PAD_NONE),
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]557 KM_KEY_FORMAT_RAW, key));
558
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]559 AuthorizationSet begin_params(client_params()), update_params, output_params;
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]560 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]561 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]562 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]563 string ciphertext =
564 EncryptMessageWithParams(message, begin_params, update_params, &output_params);
565 EXPECT_EQ(expected_ciphertext, ciphertext);
566}
567
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]568AuthorizationSet Keymaster1Test::hw_enforced() {
569 EXPECT_TRUE(characteristics_ != NULL);
570 return AuthorizationSet(characteristics_->hw_enforced);
571}
572
573AuthorizationSet Keymaster1Test::sw_enforced() {
574 EXPECT_TRUE(characteristics_ != NULL);
575 return AuthorizationSet(characteristics_->sw_enforced);
576}
577
578void Keymaster1Test::FreeCharacteristics() {
579 keymaster_free_characteristics(characteristics_);
580 free(characteristics_);
581 characteristics_ = NULL;
582}
583
584void Keymaster1Test::FreeKeyBlob() {
585 free(const_cast<uint8_t*>(blob_.key_material));
586 blob_.key_material = NULL;
587}
588
589void Keymaster1Test::corrupt_key_blob() {
590 assert(blob_.key_material);
591 uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
592 ++tmp[blob_.key_material_size / 2];
593}
594
595} // namespace test
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]596} // namespace keymaster