1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <functional>
20 #include <string_view>
21
22 #include <aidl/Gtest.h>
23 #include <aidl/Vintf.h>
24 #include <android-base/properties.h>
25 #include <binder/IServiceManager.h>
26 #include <binder/ProcessState.h>
27 #include <gtest/gtest.h>
28 #include <openssl/x509.h>
29
30 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
31 #include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
32 #include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
33
34 #include <keymint_support/attestation_record.h>
35 #include <keymint_support/authorization_set.h>
36 #include <keymint_support/openssl_utils.h>
37
38 namespace aidl::android::hardware::security::keymint {
39
40 ::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set);
41
42 inline bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
43 return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
44 }
45
46 namespace test {
47
48 using ::android::sp;
49 using Status = ::ndk::ScopedAStatus;
50 using ::std::optional;
51 using ::std::shared_ptr;
52 using ::std::string;
53 using ::std::vector;
54
55 constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF;
56
57 class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
58 public:
59 struct KeyData {
60 vector<uint8_t> blob;
61 vector<KeyCharacteristics> characteristics;
62 };
63
64 static bool arm_deleteAllKeys;
65 static bool dump_Attestations;
66
67 void SetUp() override;
TearDown()68 void TearDown() override {
69 if (key_blob_.size()) {
70 CheckedDeleteKey();
71 }
72 AbortIfNeeded();
73 }
74
75 void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
keyMint()76 IKeyMintDevice& keyMint() { return *keymint_; }
77 int32_t AidlVersion();
os_version()78 uint32_t os_version() { return os_version_; }
os_patch_level()79 uint32_t os_patch_level() { return os_patch_level_; }
vendor_patch_level()80 uint32_t vendor_patch_level() { return vendor_patch_level_; }
81 uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);
82 uint32_t boot_patch_level();
83 bool isDeviceIdAttestationRequired();
84
85 bool Curve25519Supported();
86
87 ErrorCode GetReturnErrorCode(const Status& result);
88
GenerateKey(const AuthorizationSet & key_desc,vector<uint8_t> * key_blob,vector<KeyCharacteristics> * key_characteristics)89 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
90 vector<KeyCharacteristics>* key_characteristics) {
91 return GenerateKey(key_desc, std::nullopt /* attest_key */, key_blob, key_characteristics,
92 &cert_chain_);
93 }
94 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
95 const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob,
96 vector<KeyCharacteristics>* key_characteristics,
97 vector<Certificate>* cert_chain);
98 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
99 const optional<AttestationKey>& attest_key = std::nullopt);
100
101 // Generate key for implementations which do not support factory attestation.
102 ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
103 const AuthorizationSet& key_desc,
104 vector<uint8_t>* key_blob,
105 vector<KeyCharacteristics>* key_characteristics,
106 vector<Certificate>* cert_chain);
107
GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet & attest_key_desc,const AuthorizationSet & key_desc,vector<uint8_t> * key_blob,vector<KeyCharacteristics> * key_characteristics)108 ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
109 const AuthorizationSet& key_desc,
110 vector<uint8_t>* key_blob,
111 vector<KeyCharacteristics>* key_characteristics) {
112 return GenerateKeyWithSelfSignedAttestKey(attest_key_desc, key_desc, key_blob,
113 key_characteristics, &cert_chain_);
114 }
115
116 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
117 const string& key_material, vector<uint8_t>* key_blob,
118 vector<KeyCharacteristics>* key_characteristics);
119 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
120 const string& key_material);
121
122 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
123 const AuthorizationSet& wrapping_key_desc, string masking_key,
124 const AuthorizationSet& unwrapping_params, int64_t password_sid,
125 int64_t biometric_sid);
ImportWrappedKey(string wrapped_key,string wrapping_key,const AuthorizationSet & wrapping_key_desc,string masking_key,const AuthorizationSet & unwrapping_params)126 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
127 const AuthorizationSet& wrapping_key_desc, string masking_key,
128 const AuthorizationSet& unwrapping_params) {
129 return ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, masking_key,
130 unwrapping_params, 0 /* password_sid */, 0 /* biometric_sid */);
131 }
132
133 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob, const vector<uint8_t>& app_id,
134 const vector<uint8_t>& app_data,
135 vector<KeyCharacteristics>* key_characteristics);
136 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob,
137 vector<KeyCharacteristics>* key_characteristics);
138
139 void CheckCharacteristics(const vector<uint8_t>& key_blob,
140 const vector<KeyCharacteristics>& generate_characteristics);
141 void CheckAppIdCharacteristics(const vector<uint8_t>& key_blob, std::string_view app_id_string,
142 std::string_view app_data_string,
143 const vector<KeyCharacteristics>& generate_characteristics);
144
145 ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
146 ErrorCode DeleteKey(bool keep_key_blob = false);
147
148 ErrorCode DeleteAllKeys();
149
150 ErrorCode DestroyAttestationIds();
151
152 void CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
153 void CheckedDeleteKey();
154
155 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
156 const AuthorizationSet& in_params, AuthorizationSet* out_params,
157 std::shared_ptr<IKeyMintOperation>& op);
158 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
159 const AuthorizationSet& in_params, AuthorizationSet* out_params);
160 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
161 AuthorizationSet* out_params);
162 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
163
164 ErrorCode UpdateAad(const string& input);
165 ErrorCode Update(const string& input, string* output);
166
167 ErrorCode Finish(const string& message, const string& signature, string* output);
Finish(const string & message,string * output)168 ErrorCode Finish(const string& message, string* output) {
169 return Finish(message, {} /* signature */, output);
170 }
Finish(string * output)171 ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
172
173 ErrorCode Abort();
174 ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
175 void AbortIfNeeded();
176
177 string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
178 const string& message, const AuthorizationSet& in_params,
179 AuthorizationSet* out_params);
180 std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
181 const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
182 const AuthorizationSet& in_params);
183 string SignMessage(const vector<uint8_t>& key_blob, const string& message,
184 const AuthorizationSet& params);
185 string SignMessage(const string& message, const AuthorizationSet& params);
186
187 string MacMessage(const string& message, Digest digest, size_t mac_length);
188
189 void CheckAesIncrementalEncryptOperation(BlockMode block_mode, int message_size);
190
191 void CheckHmacTestVector(const string& key, const string& message, Digest digest,
192 const string& expected_mac);
193
194 void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message,
195 const string& expected_ciphertext);
196
197 void CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
198 PaddingMode padding_mode, const string& key, const string& iv,
199 const string& input, const string& expected_output);
200
201 void VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
202 const string& signature, const AuthorizationSet& params);
203 void VerifyMessage(const string& message, const string& signature,
204 const AuthorizationSet& params);
205 void LocalVerifyMessage(const string& message, const string& signature,
206 const AuthorizationSet& params);
207
208 string LocalRsaEncryptMessage(const string& message, const AuthorizationSet& params);
209 string EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
210 const AuthorizationSet& in_params, AuthorizationSet* out_params);
211 string EncryptMessage(const string& message, const AuthorizationSet& params,
212 AuthorizationSet* out_params);
213 string EncryptMessage(const string& message, const AuthorizationSet& params);
214 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding);
215 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
216 vector<uint8_t>* iv_out);
217 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
218 const vector<uint8_t>& iv_in);
219 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
220 uint8_t mac_length_bits, const vector<uint8_t>& iv_in);
221 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
222 uint8_t mac_length_bits);
223
224 string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext,
225 const AuthorizationSet& params);
226 string DecryptMessage(const string& ciphertext, const AuthorizationSet& params);
227 string DecryptMessage(const string& ciphertext, BlockMode block_mode, PaddingMode padding_mode,
228 const vector<uint8_t>& iv);
229
230 std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob);
231
232 template <typename TagType>
233 std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
234 KeyData /* ecdsaKey */>
235 CreateTestKeys(
236 TagType tagToTest, ErrorCode expectedReturn,
237 std::function<void(AuthorizationSetBuilder*)> tagModifier =
238 [](AuthorizationSetBuilder*) {}) {
239 /* AES */
240 KeyData aesKeyData;
241 AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder()
242 .AesEncryptionKey(128)
243 .Authorization(tagToTest)
244 .BlockMode(BlockMode::ECB)
245 .Padding(PaddingMode::NONE)
246 .Authorization(TAG_NO_AUTH_REQUIRED);
247 tagModifier(&aesBuilder);
248 ErrorCode errorCode =
249 GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics);
250 EXPECT_EQ(expectedReturn, errorCode);
251
252 /* HMAC */
253 KeyData hmacKeyData;
254 AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder()
255 .HmacKey(128)
256 .Authorization(tagToTest)
257 .Digest(Digest::SHA_2_256)
258 .Authorization(TAG_MIN_MAC_LENGTH, 128)
259 .Authorization(TAG_NO_AUTH_REQUIRED);
260 tagModifier(&hmacBuilder);
261 errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics);
262 EXPECT_EQ(expectedReturn, errorCode);
263
264 /* RSA */
265 KeyData rsaKeyData;
266 AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder()
267 .RsaSigningKey(2048, 65537)
268 .Authorization(tagToTest)
269 .Digest(Digest::NONE)
270 .Padding(PaddingMode::NONE)
271 .Authorization(TAG_NO_AUTH_REQUIRED)
272 .SetDefaultValidity();
273 tagModifier(&rsaBuilder);
274 errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
275 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
276 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
277 EXPECT_EQ(expectedReturn, errorCode);
278 }
279
280 /* ECDSA */
281 KeyData ecdsaKeyData;
282 AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder()
283 .EcdsaSigningKey(EcCurve::P_256)
284 .Authorization(tagToTest)
285 .Digest(Digest::SHA_2_256)
286 .Authorization(TAG_NO_AUTH_REQUIRED)
287 .SetDefaultValidity();
288 tagModifier(&ecdsaBuilder);
289 errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
290 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
291 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
292 EXPECT_EQ(expectedReturn, errorCode);
293 }
294 return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
295 }
IsSecure()296 bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
SecLevel()297 SecurityLevel SecLevel() const { return securityLevel_; }
298
299 vector<uint32_t> ValidKeySizes(Algorithm algorithm);
300 vector<uint32_t> InvalidKeySizes(Algorithm algorithm);
301
302 vector<BlockMode> ValidBlockModes(Algorithm algorithm);
303 vector<PaddingMode> ValidPaddingModes(Algorithm algorithm, BlockMode blockMode);
304 vector<PaddingMode> InvalidPaddingModes(Algorithm algorithm, BlockMode blockMode);
305
306 vector<EcCurve> ValidCurves();
307 vector<EcCurve> InvalidCurves();
308
309 vector<Digest> ValidDigests(bool withNone, bool withMD5);
310 vector<uint64_t> ValidExponents();
311
build_params()312 static vector<string> build_params() {
313 auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
314 return params;
315 }
316
317 std::shared_ptr<IKeyMintOperation> op_;
318 vector<Certificate> cert_chain_;
319 vector<uint8_t> key_blob_;
320 vector<KeyCharacteristics> key_characteristics_;
321
322 const vector<KeyParameter>& SecLevelAuthorizations(
323 const vector<KeyCharacteristics>& key_characteristics);
SecLevelAuthorizations()324 inline const vector<KeyParameter>& SecLevelAuthorizations() {
325 return SecLevelAuthorizations(key_characteristics_);
326 }
327 const vector<KeyParameter>& SecLevelAuthorizations(
328 const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel);
329
330 ErrorCode UseAesKey(const vector<uint8_t>& aesKeyBlob);
331 ErrorCode UseHmacKey(const vector<uint8_t>& hmacKeyBlob);
332 ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
333 ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
334
335 protected:
336 std::shared_ptr<IKeyMintDevice> keymint_;
337 uint32_t os_version_;
338 uint32_t os_patch_level_;
339 uint32_t vendor_patch_level_;
340 bool timestamp_token_required_;
341
342 SecurityLevel securityLevel_;
343 string name_;
344 string author_;
345 long challenge_;
346 };
347
348 // If the given property is available, add it to the tag set under the given tag ID.
349 template <Tag tag>
add_tag_from_prop(AuthorizationSetBuilder * tags,TypedTag<TagType::BYTES,tag> ttag,const char * prop)350 void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
351 const char* prop) {
352 std::string prop_value = ::android::base::GetProperty(prop, /* default= */ "");
353 if (!prop_value.empty()) {
354 tags->Authorization(ttag, prop_value.data(), prop_value.size());
355 }
356 }
357
358 // Return the VSR API level for this device.
359 int get_vsr_api_level();
360
361 // Indicate whether the test is running on a GSI image.
362 bool is_gsi_image();
363
364 vector<uint8_t> build_serial_blob(const uint64_t serial_int);
365 void verify_subject(const X509* cert, const string& subject, bool self_signed);
366 void verify_serial(X509* cert, const uint64_t expected_serial);
367 void verify_subject_and_serial(const Certificate& certificate, //
368 const uint64_t expected_serial, //
369 const string& subject, bool self_signed);
370 void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, //
371 bool device_locked, //
372 VerifiedBoot verified_boot_state, //
373 const vector<uint8_t>& verified_boot_hash);
374 bool verify_attestation_record(int aidl_version, //
375 const string& challenge, //
376 const string& app_id, //
377 AuthorizationSet expected_sw_enforced, //
378 AuthorizationSet expected_hw_enforced, //
379 SecurityLevel security_level,
380 const vector<uint8_t>& attestation_cert,
381 vector<uint8_t>* unique_id = nullptr);
382
383 string bin2hex(const vector<uint8_t>& data);
384 X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
385 vector<uint8_t> make_name_from_str(const string& name);
386 void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
387 vector<uint8_t>* payload_value);
388 void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
389 bool check_feature(const std::string& name);
390
391 AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
392 AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
393 ::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain,
394 bool strict_issuer_check = true);
395
396 #define INSTANTIATE_KEYMINT_AIDL_TEST(name) \
397 INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
398 testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
399 ::android::PrintInstanceNameToString); \
400 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
401
402 } // namespace test
403
404 } // namespace aidl::android::hardware::security::keymint
405