1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "android_keymaster_test_utils.h"
18
19 #include <algorithm>
20
21 #include <openssl/rand.h>
22
23 #include <keymaster/android_keymaster_messages.h>
24 #include <keymaster/android_keymaster_utils.h>
25
26 using std::copy_if;
27 using std::find_if;
28 using std::is_permutation;
29 using std::ostream;
30 using std::string;
31 using std::vector;
32
33 #ifndef KEYMASTER_NAME_TAGS
34 #error Keymaster test code requires that KEYMASTER_NAME_TAGS is defined
35 #endif
36
operator <<(std::ostream & os,const keymaster_key_param_t & param)37 std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
38 os << "Tag: " << keymaster::StringifyTag(param.tag);
39 switch (keymaster_tag_get_type(param.tag)) {
40 case KM_INVALID:
41 os << " Invalid";
42 break;
43 case KM_UINT_REP:
44 os << " (Rep)";
45 /* Falls through */
46 [[fallthrough]];
47 case KM_UINT:
48 os << " Int: " << param.integer;
49 break;
50 case KM_ENUM_REP:
51 os << " (Rep)";
52 /* Falls through */
53 [[fallthrough]];
54 case KM_ENUM:
55 os << " Enum: " << param.enumerated;
56 break;
57 case KM_ULONG_REP:
58 os << " (Rep)";
59 /* Falls through */
60 [[fallthrough]];
61 case KM_ULONG:
62 os << " Long: " << param.long_integer;
63 break;
64 case KM_DATE:
65 os << " Date: " << param.date_time;
66 break;
67 case KM_BOOL:
68 os << " Bool: " << param.boolean;
69 break;
70 case KM_BIGNUM:
71 os << " Bignum: ";
72 if (!param.blob.data)
73 os << "(null)";
74 else
75 for (size_t i = 0; i < param.blob.data_length; ++i)
76 os << std::hex << std::setw(2) << static_cast<int>(param.blob.data[i]) << std::dec;
77 break;
78 case KM_BYTES:
79 os << " Bytes: ";
80 if (!param.blob.data)
81 os << "(null)";
82 else
83 for (size_t i = 0; i < param.blob.data_length; ++i)
84 os << std::hex << std::setw(2) << static_cast<int>(param.blob.data[i]) << std::dec;
85 break;
86 }
87 return os;
88 }
89
operator ==(const keymaster_key_param_t & a,const keymaster_key_param_t & b)90 bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) {
91 if (a.tag != b.tag) {
92 return false;
93 }
94
95 switch (keymaster_tag_get_type(a.tag)) {
96 case KM_INVALID:
97 return true;
98 case KM_UINT_REP:
99 case KM_UINT:
100 return a.integer == b.integer;
101 case KM_ENUM_REP:
102 case KM_ENUM:
103 return a.enumerated == b.enumerated;
104 case KM_ULONG:
105 case KM_ULONG_REP:
106 return a.long_integer == b.long_integer;
107 case KM_DATE:
108 return a.date_time == b.date_time;
109 case KM_BOOL:
110 return a.boolean == b.boolean;
111 case KM_BIGNUM:
112 case KM_BYTES:
113 if ((a.blob.data == nullptr || b.blob.data == nullptr) && a.blob.data != b.blob.data)
114 return false;
115 return a.blob.data_length == b.blob.data_length &&
116 (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0);
117 }
118
119 return false;
120 }
121
122 static char hex_value[256] = {
123 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
124 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
125 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9'
126 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F'
127 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0,
128 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f'
129 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
130 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
131 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
132 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
133 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
134 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
135
hex2str(string a)136 string hex2str(string a) {
137 string b;
138 size_t num = a.size() / 2;
139 b.resize(num);
140 for (size_t i = 0; i < num; i++) {
141 b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
142 }
143 return b;
144 }
145
146 namespace keymaster {
147
operator ==(const AuthorizationSet & a,const AuthorizationSet & b)148 bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
149 if (a.size() != b.size()) return false;
150
151 for (size_t i = 0; i < a.size(); ++i)
152 if (!(a[i] == b[i])) return false;
153 return true;
154 }
155
operator !=(const AuthorizationSet & a,const AuthorizationSet & b)156 bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b) {
157 return !(a == b);
158 }
159
operator <<(std::ostream & os,const AuthorizationSet & set)160 std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set) {
161 if (set.size() == 0)
162 os << "(Empty)" << std::endl;
163 else {
164 os << "\n";
165 for (size_t i = 0; i < set.size(); ++i)
166 os << set[i] << std::endl;
167 }
168 return os;
169 }
170
171 namespace test {
172
operator <<(std::ostream & os,const InstanceCreatorPtr & instance_creator)173 std::ostream& operator<<(std::ostream& os, const InstanceCreatorPtr& instance_creator) {
174 return os << instance_creator->name();
175 }
176
Keymaster2Test()177 Keymaster2Test::Keymaster2Test() : op_handle_(OP_HANDLE_SENTINEL) {
178 memset(&characteristics_, 0, sizeof(characteristics_));
179 blob_.key_material = nullptr;
180 RAND_seed("foobar", 6);
181 blob_.key_material = 0;
182 device_ = GetParam()->CreateDevice();
183 }
184
~Keymaster2Test()185 Keymaster2Test::~Keymaster2Test() {
186 FreeCharacteristics();
187 FreeKeyBlob();
188 device_->common.close(reinterpret_cast<hw_device_t*>(device_));
189 }
190
device()191 keymaster2_device_t* Keymaster2Test::device() {
192 return device_;
193 }
194
GenerateKey(const AuthorizationSetBuilder & builder)195 keymaster_error_t Keymaster2Test::GenerateKey(const AuthorizationSetBuilder& builder) {
196 AuthorizationSet params(builder.build());
197 params.push_back(UserAuthParams());
198 params.push_back(ClientParams());
199
200 FreeKeyBlob();
201 FreeCharacteristics();
202 return device()->generate_key(device(), ¶ms, &blob_, &characteristics_);
203 }
204
DeleteKey()205 keymaster_error_t Keymaster2Test::DeleteKey() {
206 return device()->delete_key(device(), &blob_);
207 }
208
ImportKey(const AuthorizationSetBuilder & builder,keymaster_key_format_t format,const string & key_material)209 keymaster_error_t Keymaster2Test::ImportKey(const AuthorizationSetBuilder& builder,
210 keymaster_key_format_t format,
211 const string& key_material) {
212 AuthorizationSet params(builder.build());
213 params.push_back(UserAuthParams());
214 params.push_back(ClientParams());
215
216 FreeKeyBlob();
217 FreeCharacteristics();
218 keymaster_blob_t key = {reinterpret_cast<const uint8_t*>(key_material.c_str()),
219 key_material.length()};
220 return device()->import_key(device(), ¶ms, format, &key, &blob_, &characteristics_);
221 }
222
UserAuthParams()223 AuthorizationSet Keymaster2Test::UserAuthParams() {
224 AuthorizationSet set;
225 set.push_back(TAG_USER_ID, 7);
226 set.push_back(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD);
227 set.push_back(TAG_AUTH_TIMEOUT, 300);
228 return set;
229 }
230
ClientParams()231 AuthorizationSet Keymaster2Test::ClientParams() {
232 AuthorizationSet set;
233 set.push_back(TAG_APPLICATION_ID, "app_id", 6);
234 return set;
235 }
236
BeginOperation(keymaster_purpose_t purpose)237 keymaster_error_t Keymaster2Test::BeginOperation(keymaster_purpose_t purpose) {
238 AuthorizationSet in_params(client_params());
239 keymaster_key_param_set_t out_params;
240 keymaster_error_t error =
241 device()->begin(device(), purpose, &blob_, &in_params, &out_params, &op_handle_);
242 EXPECT_EQ(0U, out_params.length);
243 EXPECT_TRUE(out_params.params == nullptr);
244 return error;
245 }
246
BeginOperation(keymaster_purpose_t purpose,const AuthorizationSet & input_set,AuthorizationSet * output_set)247 keymaster_error_t Keymaster2Test::BeginOperation(keymaster_purpose_t purpose,
248 const AuthorizationSet& input_set,
249 AuthorizationSet* output_set) {
250 keymaster_key_param_set_t out_params;
251 keymaster_error_t error =
252 device()->begin(device(), purpose, &blob_, &input_set, &out_params, &op_handle_);
253 if (error == KM_ERROR_OK) {
254 if (output_set) {
255 output_set->Reinitialize(out_params);
256 } else {
257 EXPECT_EQ(0U, out_params.length);
258 EXPECT_TRUE(out_params.params == nullptr);
259 }
260 keymaster_free_param_set(&out_params);
261 }
262 return error;
263 }
264
UpdateOperation(const string & message,string * output,size_t * input_consumed)265 keymaster_error_t Keymaster2Test::UpdateOperation(const string& message, string* output,
266 size_t* input_consumed) {
267 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
268 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
269 keymaster_blob_t out_tmp;
270 keymaster_key_param_set_t out_params;
271 keymaster_error_t error = device()->update(device(), op_handle_, nullptr /* params */, &input,
272 input_consumed, &out_params, &out_tmp);
273 if (error == KM_ERROR_OK && out_tmp.data)
274 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
275 free(const_cast<uint8_t*>(out_tmp.data));
276 return error;
277 }
278
UpdateOperation(const AuthorizationSet & additional_params,const string & message,AuthorizationSet * output_params,string * output,size_t * input_consumed)279 keymaster_error_t Keymaster2Test::UpdateOperation(const AuthorizationSet& additional_params,
280 const string& message,
281 AuthorizationSet* output_params, string* output,
282 size_t* input_consumed) {
283 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
284 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
285 keymaster_blob_t out_tmp;
286 keymaster_key_param_set_t out_params;
287 keymaster_error_t error = device()->update(device(), op_handle_, &additional_params, &input,
288 input_consumed, &out_params, &out_tmp);
289 if (error == KM_ERROR_OK && out_tmp.data)
290 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
291 free((void*)out_tmp.data);
292 if (output_params) output_params->Reinitialize(out_params);
293 keymaster_free_param_set(&out_params);
294 return error;
295 }
296
FinishOperation(string * output)297 keymaster_error_t Keymaster2Test::FinishOperation(string* output) {
298 return FinishOperation("", "", output);
299 }
300
FinishOperation(const string & input,const string & signature,string * output)301 keymaster_error_t Keymaster2Test::FinishOperation(const string& input, const string& signature,
302 string* output) {
303 AuthorizationSet additional_params;
304 AuthorizationSet output_params;
305 return FinishOperation(additional_params, input, signature, &output_params, output);
306 }
307
FinishOperation(const AuthorizationSet & additional_params,const string & input,const string & signature,AuthorizationSet * output_params,string * output)308 keymaster_error_t Keymaster2Test::FinishOperation(const AuthorizationSet& additional_params,
309 const string& input, const string& signature,
310 AuthorizationSet* output_params, string* output) {
311 keymaster_blob_t inp = {reinterpret_cast<const uint8_t*>(input.c_str()), input.length()};
312 keymaster_blob_t sig = {reinterpret_cast<const uint8_t*>(signature.c_str()),
313 signature.length()};
314 keymaster_blob_t out_tmp;
315 keymaster_key_param_set_t out_params;
316 keymaster_error_t error = device()->finish(device(), op_handle_, &additional_params, &inp, &sig,
317 &out_params, &out_tmp);
318 if (error != KM_ERROR_OK) {
319 EXPECT_TRUE(out_tmp.data == nullptr);
320 EXPECT_TRUE(out_params.params == nullptr);
321 return error;
322 }
323
324 if (out_tmp.data)
325 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
326 free((void*)out_tmp.data);
327 if (output_params) output_params->Reinitialize(out_params);
328 keymaster_free_param_set(&out_params);
329 return error;
330 }
331
AbortOperation()332 keymaster_error_t Keymaster2Test::AbortOperation() {
333 return device()->abort(device(), op_handle_);
334 }
335
AttestKey(const string & attest_challenge,const string & attest_app_id,keymaster_cert_chain_t * cert_chain)336 keymaster_error_t Keymaster2Test::AttestKey(const string& attest_challenge,
337 const string& attest_app_id,
338 keymaster_cert_chain_t* cert_chain) {
339 AuthorizationSet attest_params;
340 attest_params.push_back(UserAuthParams());
341 attest_params.push_back(ClientParams());
342 attest_params.push_back(TAG_ATTESTATION_CHALLENGE, attest_challenge.data(),
343 attest_challenge.length());
344 attest_params.push_back(TAG_ATTESTATION_APPLICATION_ID, attest_app_id.data(),
345 attest_app_id.length());
346 return device()->attest_key(device(), &blob_, &attest_params, cert_chain);
347 }
348
UpgradeKey(const AuthorizationSet & upgrade_params)349 keymaster_error_t Keymaster2Test::UpgradeKey(const AuthorizationSet& upgrade_params) {
350 keymaster_key_blob_t upgraded_blob;
351 keymaster_error_t error =
352 device()->upgrade_key(device(), &blob_, &upgrade_params, &upgraded_blob);
353 if (error == KM_ERROR_OK) {
354 FreeKeyBlob();
355 blob_ = upgraded_blob;
356 }
357 return error;
358 }
359
ProcessMessage(keymaster_purpose_t purpose,const string & message)360 string Keymaster2Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) {
361 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), nullptr /* output_params */));
362
363 string result;
364 EXPECT_EQ(KM_ERROR_OK, FinishOperation(message, "" /* signature */, &result));
365 return result;
366 }
367
ProcessMessage(keymaster_purpose_t purpose,const string & message,const AuthorizationSet & begin_params,const AuthorizationSet & update_params,AuthorizationSet * begin_out_params)368 string Keymaster2Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
369 const AuthorizationSet& begin_params,
370 const AuthorizationSet& update_params,
371 AuthorizationSet* begin_out_params) {
372 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, begin_out_params));
373
374 string result;
375 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, message, "" /* signature */, &result));
376 return result;
377 }
378
ProcessMessage(keymaster_purpose_t purpose,const string & message,const string & signature,const AuthorizationSet & begin_params,const AuthorizationSet & update_params,AuthorizationSet * output_params)379 string Keymaster2Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
380 const string& signature, const AuthorizationSet& begin_params,
381 const AuthorizationSet& update_params,
382 AuthorizationSet* output_params) {
383 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
384
385 string result;
386 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, message, signature, &result));
387 return result;
388 }
389
ProcessMessage(keymaster_purpose_t purpose,const string & message,const string & signature)390 string Keymaster2Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
391 const string& signature) {
392 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), nullptr /* output_params */));
393
394 string result;
395 EXPECT_EQ(KM_ERROR_OK, FinishOperation(message, signature, &result));
396 return result;
397 }
398
SignMessage(const string & message,string * signature,keymaster_digest_t digest)399 void Keymaster2Test::SignMessage(const string& message, string* signature,
400 keymaster_digest_t digest) {
401 SCOPED_TRACE("SignMessage");
402 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
403 input_params.push_back(TAG_DIGEST, digest);
404 AuthorizationSet update_params;
405 AuthorizationSet output_params;
406 *signature =
407 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
408 EXPECT_GT(signature->size(), 0U);
409 }
410
SignMessage(const string & message,string * signature,keymaster_digest_t digest,keymaster_padding_t padding)411 void Keymaster2Test::SignMessage(const string& message, string* signature,
412 keymaster_digest_t digest, keymaster_padding_t padding) {
413 SCOPED_TRACE("SignMessage");
414 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
415 input_params.push_back(TAG_DIGEST, digest);
416 input_params.push_back(TAG_PADDING, padding);
417 AuthorizationSet update_params;
418 AuthorizationSet output_params;
419 *signature =
420 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
421 EXPECT_GT(signature->size(), 0U);
422 }
423
MacMessage(const string & message,string * signature,size_t mac_length)424 void Keymaster2Test::MacMessage(const string& message, string* signature, size_t mac_length) {
425 SCOPED_TRACE("SignMessage");
426 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
427 input_params.push_back(TAG_MAC_LENGTH, mac_length);
428 AuthorizationSet update_params;
429 AuthorizationSet output_params;
430 *signature =
431 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
432 EXPECT_GT(signature->size(), 0U);
433 }
434
VerifyMessage(const string & message,const string & signature,keymaster_digest_t digest)435 void Keymaster2Test::VerifyMessage(const string& message, const string& signature,
436 keymaster_digest_t digest) {
437 SCOPED_TRACE("VerifyMessage");
438 AuthorizationSet input_params(client_params());
439 input_params.push_back(TAG_DIGEST, digest);
440 AuthorizationSet update_params;
441 AuthorizationSet output_params;
442 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
443 &output_params);
444 }
445
VerifyMessage(const string & message,const string & signature,keymaster_digest_t digest,keymaster_padding_t padding)446 void Keymaster2Test::VerifyMessage(const string& message, const string& signature,
447 keymaster_digest_t digest, keymaster_padding_t padding) {
448 SCOPED_TRACE("VerifyMessage");
449 AuthorizationSet input_params(client_params());
450 input_params.push_back(TAG_DIGEST, digest);
451 input_params.push_back(TAG_PADDING, padding);
452 AuthorizationSet update_params;
453 AuthorizationSet output_params;
454 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
455 &output_params);
456 }
457
VerifyMac(const string & message,const string & signature)458 void Keymaster2Test::VerifyMac(const string& message, const string& signature) {
459 SCOPED_TRACE("VerifyMac");
460 ProcessMessage(KM_PURPOSE_VERIFY, message, signature);
461 }
462
EncryptMessage(const string & message,keymaster_padding_t padding,string * generated_nonce)463 string Keymaster2Test::EncryptMessage(const string& message, keymaster_padding_t padding,
464 string* generated_nonce) {
465 SCOPED_TRACE("EncryptMessage");
466 AuthorizationSet begin_params(client_params()), output_params;
467 begin_params.push_back(TAG_PADDING, padding);
468 AuthorizationSet update_params;
469 string ciphertext =
470 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
471 if (generated_nonce) {
472 keymaster_blob_t nonce_blob;
473 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
474 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
475 } else {
476 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
477 }
478 return ciphertext;
479 }
480
EncryptMessage(const string & message,keymaster_digest_t digest,keymaster_padding_t padding,string * generated_nonce)481 string Keymaster2Test::EncryptMessage(const string& message, keymaster_digest_t digest,
482 keymaster_padding_t padding, string* generated_nonce) {
483 AuthorizationSet update_params;
484 return EncryptMessage(update_params, message, digest, padding, generated_nonce);
485 }
486
EncryptMessage(const string & message,keymaster_digest_t digest,keymaster_digest_t mgf_digest,keymaster_padding_t padding,string * generated_nonce)487 string Keymaster2Test::EncryptMessage(const string& message, keymaster_digest_t digest,
488 keymaster_digest_t mgf_digest, keymaster_padding_t padding,
489 string* generated_nonce) {
490 AuthorizationSet update_params;
491 return EncryptMessage(update_params, message, digest, mgf_digest, padding, generated_nonce);
492 }
493
EncryptMessage(const string & message,keymaster_block_mode_t block_mode,keymaster_padding_t padding,string * generated_nonce)494 string Keymaster2Test::EncryptMessage(const string& message, keymaster_block_mode_t block_mode,
495 keymaster_padding_t padding, string* generated_nonce) {
496 AuthorizationSet update_params;
497 return EncryptMessage(update_params, message, block_mode, padding, generated_nonce);
498 }
499
EncryptMessage(const AuthorizationSet & update_params,const string & message,keymaster_digest_t digest,keymaster_digest_t mgf_digest,keymaster_padding_t padding,string * generated_nonce)500 string Keymaster2Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
501 keymaster_digest_t digest, keymaster_digest_t mgf_digest,
502 keymaster_padding_t padding, string* generated_nonce) {
503 SCOPED_TRACE("EncryptMessage");
504 AuthorizationSet begin_params(client_params()), output_params;
505 begin_params.push_back(TAG_PADDING, padding);
506 begin_params.push_back(TAG_DIGEST, digest);
507 begin_params.push_back(TAG_RSA_OAEP_MGF_DIGEST, mgf_digest);
508 string ciphertext =
509 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
510 if (generated_nonce) {
511 keymaster_blob_t nonce_blob;
512 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
513 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
514 } else {
515 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
516 }
517 return ciphertext;
518 }
519
EncryptMessage(const AuthorizationSet & update_params,const string & message,keymaster_digest_t digest,keymaster_padding_t padding,string * generated_nonce)520 string Keymaster2Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
521 keymaster_digest_t digest, keymaster_padding_t padding,
522 string* generated_nonce) {
523 SCOPED_TRACE("EncryptMessage");
524 AuthorizationSet begin_params(client_params()), output_params;
525 begin_params.push_back(TAG_PADDING, padding);
526 begin_params.push_back(TAG_DIGEST, digest);
527 string ciphertext =
528 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
529 if (generated_nonce) {
530 keymaster_blob_t nonce_blob;
531 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
532 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
533 } else {
534 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
535 }
536 return ciphertext;
537 }
538
EncryptMessage(const AuthorizationSet & update_params,const string & message,keymaster_block_mode_t block_mode,keymaster_padding_t padding,string * generated_nonce)539 string Keymaster2Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
540 keymaster_block_mode_t block_mode,
541 keymaster_padding_t padding, string* generated_nonce) {
542 SCOPED_TRACE("EncryptMessage");
543 AuthorizationSet begin_params(client_params()), output_params;
544 begin_params.push_back(TAG_PADDING, padding);
545 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
546 string ciphertext =
547 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
548 if (generated_nonce) {
549 keymaster_blob_t nonce_blob;
550 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
551 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
552 } else {
553 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
554 }
555 return ciphertext;
556 }
557
EncryptMessageWithParams(const string & message,const AuthorizationSet & begin_params,const AuthorizationSet & update_params,AuthorizationSet * output_params)558 string Keymaster2Test::EncryptMessageWithParams(const string& message,
559 const AuthorizationSet& begin_params,
560 const AuthorizationSet& update_params,
561 AuthorizationSet* output_params) {
562 SCOPED_TRACE("EncryptMessageWithParams");
563 return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params);
564 }
565
DecryptMessage(const string & ciphertext,keymaster_padding_t padding)566 string Keymaster2Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding) {
567 SCOPED_TRACE("DecryptMessage");
568 AuthorizationSet begin_params(client_params());
569 begin_params.push_back(TAG_PADDING, padding);
570 AuthorizationSet update_params;
571 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
572 }
573
DecryptMessage(const string & ciphertext,keymaster_digest_t digest,keymaster_padding_t padding)574 string Keymaster2Test::DecryptMessage(const string& ciphertext, keymaster_digest_t digest,
575 keymaster_padding_t padding) {
576 SCOPED_TRACE("DecryptMessage");
577 AuthorizationSet begin_params(client_params());
578 begin_params.push_back(TAG_PADDING, padding);
579 begin_params.push_back(TAG_DIGEST, digest);
580 AuthorizationSet update_params;
581 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
582 }
583
DecryptMessage(const string & ciphertext,keymaster_block_mode_t block_mode,keymaster_padding_t padding)584 string Keymaster2Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
585 keymaster_padding_t padding) {
586 SCOPED_TRACE("DecryptMessage");
587 AuthorizationSet begin_params(client_params());
588 begin_params.push_back(TAG_PADDING, padding);
589 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
590 AuthorizationSet update_params;
591 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
592 }
593
DecryptMessage(const string & ciphertext,keymaster_digest_t digest,keymaster_padding_t padding,const string & nonce)594 string Keymaster2Test::DecryptMessage(const string& ciphertext, keymaster_digest_t digest,
595 keymaster_padding_t padding, const string& nonce) {
596 SCOPED_TRACE("DecryptMessage");
597 AuthorizationSet begin_params(client_params());
598 begin_params.push_back(TAG_PADDING, padding);
599 begin_params.push_back(TAG_DIGEST, digest);
600 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
601 AuthorizationSet update_params;
602 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
603 }
604
DecryptMessage(const string & ciphertext,keymaster_block_mode_t block_mode,keymaster_padding_t padding,const string & nonce)605 string Keymaster2Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
606 keymaster_padding_t padding, const string& nonce) {
607 SCOPED_TRACE("DecryptMessage");
608 AuthorizationSet begin_params(client_params());
609 begin_params.push_back(TAG_PADDING, padding);
610 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
611 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
612 AuthorizationSet update_params;
613 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
614 }
615
DecryptMessage(const string & ciphertext,keymaster_digest_t digest,keymaster_digest_t mgf_digest,keymaster_padding_t padding)616 string Keymaster2Test::DecryptMessage(const string& ciphertext, keymaster_digest_t digest,
617 keymaster_digest_t mgf_digest, keymaster_padding_t padding) {
618 SCOPED_TRACE("DecryptMessage");
619 AuthorizationSet begin_params(client_params());
620 begin_params.push_back(TAG_PADDING, padding);
621 begin_params.push_back(TAG_DIGEST, digest);
622 begin_params.push_back(TAG_RSA_OAEP_MGF_DIGEST, mgf_digest);
623 AuthorizationSet update_params;
624 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
625 }
626
DecryptMessage(const AuthorizationSet & update_params,const string & ciphertext,keymaster_digest_t digest,keymaster_padding_t padding,const string & nonce)627 string Keymaster2Test::DecryptMessage(const AuthorizationSet& update_params,
628 const string& ciphertext, keymaster_digest_t digest,
629 keymaster_padding_t padding, const string& nonce) {
630 SCOPED_TRACE("DecryptMessage");
631 AuthorizationSet begin_params(client_params());
632 begin_params.push_back(TAG_PADDING, padding);
633 begin_params.push_back(TAG_DIGEST, digest);
634 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
635 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
636 }
637
DecryptMessageWithParams(const string & message,const AuthorizationSet & begin_params,const AuthorizationSet & update_params,AuthorizationSet * output_params)638 string Keymaster2Test::DecryptMessageWithParams(const string& message,
639 const AuthorizationSet& begin_params,
640 const AuthorizationSet& update_params,
641 AuthorizationSet* output_params) {
642 SCOPED_TRACE("DecryptMessageWithParams");
643 return ProcessMessage(KM_PURPOSE_DECRYPT, message, begin_params, update_params, output_params);
644 }
645
GetCharacteristics()646 keymaster_error_t Keymaster2Test::GetCharacteristics() {
647 FreeCharacteristics();
648 return device()->get_key_characteristics(device(), &blob_, &client_id_, nullptr /* app_data */,
649 &characteristics_);
650 }
651
ExportKey(keymaster_key_format_t format,string * export_data)652 keymaster_error_t Keymaster2Test::ExportKey(keymaster_key_format_t format, string* export_data) {
653 keymaster_blob_t export_tmp;
654 keymaster_error_t error = device()->export_key(device(), format, &blob_, &client_id_,
655 nullptr /* app_data */, &export_tmp);
656
657 if (error != KM_ERROR_OK) return error;
658
659 *export_data = string(reinterpret_cast<const char*>(export_tmp.data), export_tmp.data_length);
660 free((void*)export_tmp.data);
661 return error;
662 }
663
CheckHmacTestVector(const string & key,const string & message,keymaster_digest_t digest,string expected_mac)664 void Keymaster2Test::CheckHmacTestVector(const string& key, const string& message,
665 keymaster_digest_t digest, string expected_mac) {
666 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
667 .HmacKey(key.size() * 8)
668 .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8)
669 .Digest(digest),
670 KM_KEY_FORMAT_RAW, key));
671 string signature;
672 MacMessage(message, &signature, expected_mac.size() * 8);
673 EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest;
674 }
675
CheckAesCtrTestVector(const string & key,const string & nonce,const string & message,const string & expected_ciphertext)676 void Keymaster2Test::CheckAesCtrTestVector(const string& key, const string& nonce,
677 const string& message,
678 const string& expected_ciphertext) {
679 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
680 .AesEncryptionKey(key.size() * 8)
681 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
682 .Authorization(TAG_CALLER_NONCE)
683 .Padding(KM_PAD_NONE),
684 KM_KEY_FORMAT_RAW, key));
685
686 AuthorizationSet begin_params(client_params()), update_params, output_params;
687 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
688 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
689 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
690 string ciphertext =
691 EncryptMessageWithParams(message, begin_params, update_params, &output_params);
692 EXPECT_EQ(expected_ciphertext, ciphertext);
693 }
694
CheckTripleDesTestVector(keymaster_purpose_t purpose,keymaster_block_mode_t block_mode,keymaster_padding_t padding_mode,const string & key,const string & iv,const string & input,const string & expected_output)695 void Keymaster2Test::CheckTripleDesTestVector(keymaster_purpose_t purpose,
696 keymaster_block_mode_t block_mode,
697 keymaster_padding_t padding_mode, const string& key,
698 const string& iv, const string& input,
699 const string& expected_output) {
700 auto authset = AuthorizationSetBuilder()
701 .TripleDesEncryptionKey(key.size() * 7)
702 .Authorization(TAG_BLOCK_MODE, block_mode)
703 .Padding(padding_mode);
704 if (iv.size()) authset.Authorization(TAG_CALLER_NONCE);
705
706 ASSERT_EQ(KM_ERROR_OK, ImportKey(authset, KM_KEY_FORMAT_RAW, key));
707
708 AuthorizationSet begin_params(client_params()), update_params, output_params;
709 if (iv.size()) begin_params.push_back(TAG_NONCE, iv.data(), iv.size());
710 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
711 begin_params.push_back(TAG_PADDING, padding_mode);
712 string output = ProcessMessage(purpose, input, begin_params, update_params, &output_params);
713 EXPECT_EQ(expected_output, output);
714 }
715
hw_enforced()716 AuthorizationSet Keymaster2Test::hw_enforced() {
717 return AuthorizationSet(characteristics_.hw_enforced);
718 }
719
sw_enforced()720 AuthorizationSet Keymaster2Test::sw_enforced() {
721 return AuthorizationSet(characteristics_.sw_enforced);
722 }
723
FreeCharacteristics()724 void Keymaster2Test::FreeCharacteristics() {
725 keymaster_free_characteristics(&characteristics_);
726 }
727
FreeKeyBlob()728 void Keymaster2Test::FreeKeyBlob() {
729 free(const_cast<uint8_t*>(blob_.key_material));
730 blob_.key_material = nullptr;
731 }
732
corrupt_key_blob()733 void Keymaster2Test::corrupt_key_blob() {
734 assert(blob_.key_material);
735 uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
736 ++tmp[blob_.key_material_size / 2];
737 }
738
739 class Sha256OnlyWrapper {
740 public:
Sha256OnlyWrapper(const keymaster1_device_t * wrapped_device)741 explicit Sha256OnlyWrapper(const keymaster1_device_t* wrapped_device)
742 : wrapped_device_(wrapped_device) {
743
744 new_module = *wrapped_device_->common.module;
745 new_module_name = std::string("SHA 256-only ") + wrapped_device_->common.module->name;
746 new_module.name = new_module_name.c_str();
747
748 memset(&device_, 0, sizeof(device_));
749 device_.common.module = &new_module;
750
751 device_.common.close = close_device;
752 device_.get_supported_algorithms = get_supported_algorithms;
753 device_.get_supported_block_modes = get_supported_block_modes;
754 device_.get_supported_padding_modes = get_supported_padding_modes;
755 device_.get_supported_digests = get_supported_digests;
756 device_.get_supported_import_formats = get_supported_import_formats;
757 device_.get_supported_export_formats = get_supported_export_formats;
758 device_.add_rng_entropy = add_rng_entropy;
759 device_.generate_key = generate_key;
760 device_.get_key_characteristics = get_key_characteristics;
761 device_.import_key = import_key;
762 device_.export_key = export_key;
763 device_.begin = begin;
764 device_.update = update;
765 device_.finish = finish;
766 device_.abort = abort;
767 }
768
keymaster_device()769 keymaster1_device_t* keymaster_device() { return &device_; }
770
is_supported(keymaster_digest_t digest)771 static bool is_supported(keymaster_digest_t digest) {
772 return digest == KM_DIGEST_NONE || digest == KM_DIGEST_SHA_2_256;
773 }
774
all_digests_supported(const keymaster_key_param_set_t * params)775 static bool all_digests_supported(const keymaster_key_param_set_t* params) {
776 for (size_t i = 0; i < params->length; ++i)
777 if (params->params[i].tag == TAG_DIGEST)
778 if (!is_supported(static_cast<keymaster_digest_t>(params->params[i].enumerated)))
779 return false;
780 return true;
781 }
782
783 static const keymaster_key_param_t*
get_algorithm_param(const keymaster_key_param_set_t * params)784 get_algorithm_param(const keymaster_key_param_set_t* params) {
785 keymaster_key_param_t* end = params->params + params->length;
786 auto alg_ptr = std::find_if(params->params, end, [](keymaster_key_param_t& p) {
787 return p.tag == KM_TAG_ALGORITHM;
788 });
789 if (alg_ptr == end) return nullptr;
790 return alg_ptr;
791 }
792
close_device(hw_device_t * dev)793 static int close_device(hw_device_t* dev) {
794 Sha256OnlyWrapper* wrapper = reinterpret_cast<Sha256OnlyWrapper*>(dev);
795 const keymaster1_device_t* wrapped_device = wrapper->wrapped_device_;
796 delete wrapper;
797 return wrapped_device->common.close(const_cast<hw_device_t*>(&wrapped_device->common));
798 }
799
unwrap(const keymaster1_device_t * dev)800 static const keymaster1_device_t* unwrap(const keymaster1_device_t* dev) {
801 return reinterpret_cast<const Sha256OnlyWrapper*>(dev)->wrapped_device_;
802 }
803
get_supported_algorithms(const struct keymaster1_device * dev,keymaster_algorithm_t ** algorithms,size_t * algorithms_length)804 static keymaster_error_t get_supported_algorithms(const struct keymaster1_device* dev,
805 keymaster_algorithm_t** algorithms,
806 size_t* algorithms_length) {
807 return unwrap(dev)->get_supported_algorithms(unwrap(dev), algorithms, algorithms_length);
808 }
get_supported_block_modes(const struct keymaster1_device * dev,keymaster_algorithm_t algorithm,keymaster_purpose_t purpose,keymaster_block_mode_t ** modes,size_t * modes_length)809 static keymaster_error_t get_supported_block_modes(const struct keymaster1_device* dev,
810 keymaster_algorithm_t algorithm,
811 keymaster_purpose_t purpose,
812 keymaster_block_mode_t** modes,
813 size_t* modes_length) {
814 return unwrap(dev)->get_supported_block_modes(unwrap(dev), algorithm, purpose, modes,
815 modes_length);
816 }
get_supported_padding_modes(const struct keymaster1_device * dev,keymaster_algorithm_t algorithm,keymaster_purpose_t purpose,keymaster_padding_t ** modes,size_t * modes_length)817 static keymaster_error_t get_supported_padding_modes(const struct keymaster1_device* dev,
818 keymaster_algorithm_t algorithm,
819 keymaster_purpose_t purpose,
820 keymaster_padding_t** modes,
821 size_t* modes_length) {
822 return unwrap(dev)->get_supported_padding_modes(unwrap(dev), algorithm, purpose, modes,
823 modes_length);
824 }
825
get_supported_digests(const keymaster1_device_t * dev,keymaster_algorithm_t algorithm,keymaster_purpose_t purpose,keymaster_digest_t ** digests,size_t * digests_length)826 static keymaster_error_t get_supported_digests(const keymaster1_device_t* dev,
827 keymaster_algorithm_t algorithm,
828 keymaster_purpose_t purpose,
829 keymaster_digest_t** digests,
830 size_t* digests_length) {
831 keymaster_error_t error = unwrap(dev)->get_supported_digests(
832 unwrap(dev), algorithm, purpose, digests, digests_length);
833 if (error != KM_ERROR_OK) return error;
834
835 std::vector<keymaster_digest_t> filtered_digests;
836 std::copy_if(*digests, *digests + *digests_length, std::back_inserter(filtered_digests),
837 [](keymaster_digest_t digest) { return is_supported(digest); });
838
839 free(*digests);
840 *digests_length = filtered_digests.size();
841 *digests = reinterpret_cast<keymaster_digest_t*>(
842 malloc(*digests_length * sizeof(keymaster_digest_t)));
843 std::copy(filtered_digests.begin(), filtered_digests.end(), *digests);
844
845 return KM_ERROR_OK;
846 }
847
get_supported_import_formats(const struct keymaster1_device * dev,keymaster_algorithm_t algorithm,keymaster_key_format_t ** formats,size_t * formats_length)848 static keymaster_error_t get_supported_import_formats(const struct keymaster1_device* dev,
849 keymaster_algorithm_t algorithm,
850 keymaster_key_format_t** formats,
851 size_t* formats_length) {
852 return unwrap(dev)->get_supported_import_formats(unwrap(dev), algorithm, formats,
853 formats_length);
854 }
get_supported_export_formats(const struct keymaster1_device * dev,keymaster_algorithm_t algorithm,keymaster_key_format_t ** formats,size_t * formats_length)855 static keymaster_error_t get_supported_export_formats(const struct keymaster1_device* dev,
856 keymaster_algorithm_t algorithm,
857 keymaster_key_format_t** formats,
858 size_t* formats_length) {
859 return unwrap(dev)->get_supported_export_formats(unwrap(dev), algorithm, formats,
860 formats_length);
861 }
add_rng_entropy(const struct keymaster1_device * dev,const uint8_t * data,size_t data_length)862 static keymaster_error_t add_rng_entropy(const struct keymaster1_device* dev,
863 const uint8_t* data, size_t data_length) {
864 return unwrap(dev)->add_rng_entropy(unwrap(dev), data, data_length);
865 }
866
generate_key(const keymaster1_device_t * dev,const keymaster_key_param_set_t * params,keymaster_key_blob_t * key_blob,keymaster_key_characteristics_t ** characteristics)867 static keymaster_error_t generate_key(const keymaster1_device_t* dev,
868 const keymaster_key_param_set_t* params,
869 keymaster_key_blob_t* key_blob,
870 keymaster_key_characteristics_t** characteristics) {
871 auto alg_ptr = get_algorithm_param(params);
872 if (!alg_ptr) return KM_ERROR_UNSUPPORTED_ALGORITHM;
873 if (alg_ptr->enumerated == KM_ALGORITHM_HMAC && !all_digests_supported(params))
874 return KM_ERROR_UNSUPPORTED_DIGEST;
875
876 return unwrap(dev)->generate_key(unwrap(dev), params, key_blob, characteristics);
877 }
878
879 static keymaster_error_t
get_key_characteristics(const struct keymaster1_device * dev,const keymaster_key_blob_t * key_blob,const keymaster_blob_t * client_id,const keymaster_blob_t * app_data,keymaster_key_characteristics_t ** characteristics)880 get_key_characteristics(const struct keymaster1_device* dev,
881 const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id,
882 const keymaster_blob_t* app_data,
883 keymaster_key_characteristics_t** characteristics) {
884 return unwrap(dev)->get_key_characteristics(unwrap(dev), key_blob, client_id, app_data,
885 characteristics);
886 }
887
888 static keymaster_error_t
import_key(const keymaster1_device_t * dev,const keymaster_key_param_set_t * params,keymaster_key_format_t key_format,const keymaster_blob_t * key_data,keymaster_key_blob_t * key_blob,keymaster_key_characteristics_t ** characteristics)889 import_key(const keymaster1_device_t* dev, const keymaster_key_param_set_t* params,
890 keymaster_key_format_t key_format, const keymaster_blob_t* key_data,
891 keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t** characteristics) {
892 auto alg_ptr = get_algorithm_param(params);
893 if (!alg_ptr) return KM_ERROR_UNSUPPORTED_ALGORITHM;
894 if (alg_ptr->enumerated == KM_ALGORITHM_HMAC && !all_digests_supported(params))
895 return KM_ERROR_UNSUPPORTED_DIGEST;
896
897 return unwrap(dev)->import_key(unwrap(dev), params, key_format, key_data, key_blob,
898 characteristics);
899 }
900
export_key(const struct keymaster1_device * dev,keymaster_key_format_t export_format,const keymaster_key_blob_t * key_to_export,const keymaster_blob_t * client_id,const keymaster_blob_t * app_data,keymaster_blob_t * export_data)901 static keymaster_error_t export_key(const struct keymaster1_device* dev, //
902 keymaster_key_format_t export_format,
903 const keymaster_key_blob_t* key_to_export,
904 const keymaster_blob_t* client_id,
905 const keymaster_blob_t* app_data,
906 keymaster_blob_t* export_data) {
907 return unwrap(dev)->export_key(unwrap(dev), export_format, key_to_export, client_id,
908 app_data, export_data);
909 }
910
begin(const keymaster1_device_t * dev,keymaster_purpose_t purpose,const keymaster_key_blob_t * key,const keymaster_key_param_set_t * in_params,keymaster_key_param_set_t * out_params,keymaster_operation_handle_t * operation_handle)911 static keymaster_error_t begin(const keymaster1_device_t* dev, //
912 keymaster_purpose_t purpose, const keymaster_key_blob_t* key,
913 const keymaster_key_param_set_t* in_params,
914 keymaster_key_param_set_t* out_params,
915 keymaster_operation_handle_t* operation_handle) {
916 if (!all_digests_supported(in_params)) return KM_ERROR_UNSUPPORTED_DIGEST;
917 return unwrap(dev)->begin(unwrap(dev), purpose, key, in_params, out_params,
918 operation_handle);
919 }
920
update(const keymaster1_device_t * dev,keymaster_operation_handle_t operation_handle,const keymaster_key_param_set_t * in_params,const keymaster_blob_t * input,size_t * input_consumed,keymaster_key_param_set_t * out_params,keymaster_blob_t * output)921 static keymaster_error_t update(const keymaster1_device_t* dev,
922 keymaster_operation_handle_t operation_handle,
923 const keymaster_key_param_set_t* in_params,
924 const keymaster_blob_t* input, size_t* input_consumed,
925 keymaster_key_param_set_t* out_params,
926 keymaster_blob_t* output) {
927 return unwrap(dev)->update(unwrap(dev), operation_handle, in_params, input, input_consumed,
928 out_params, output);
929 }
930
finish(const struct keymaster1_device * dev,keymaster_operation_handle_t operation_handle,const keymaster_key_param_set_t * in_params,const keymaster_blob_t * signature,keymaster_key_param_set_t * out_params,keymaster_blob_t * output)931 static keymaster_error_t finish(const struct keymaster1_device* dev, //
932 keymaster_operation_handle_t operation_handle,
933 const keymaster_key_param_set_t* in_params,
934 const keymaster_blob_t* signature,
935 keymaster_key_param_set_t* out_params,
936 keymaster_blob_t* output) {
937 return unwrap(dev)->finish(unwrap(dev), operation_handle, in_params, signature, out_params,
938 output);
939 }
940
abort(const struct keymaster1_device * dev,keymaster_operation_handle_t operation_handle)941 static keymaster_error_t abort(const struct keymaster1_device* dev,
942 keymaster_operation_handle_t operation_handle) {
943 return unwrap(dev)->abort(unwrap(dev), operation_handle);
944 }
945
946 private:
947 keymaster1_device_t device_;
948 const keymaster1_device_t* wrapped_device_;
949 hw_module_t new_module;
950 string new_module_name;
951 };
952
make_device_sha256_only(keymaster1_device_t * device)953 keymaster1_device_t* make_device_sha256_only(keymaster1_device_t* device) {
954 return (new Sha256OnlyWrapper(device))->keymaster_device();
955 }
956
957 } // namespace test
958 } // namespace keymaster
959