1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <functional>
20 #include <string_view>
21
22 #include <aidl/Gtest.h>
23 #include <aidl/Vintf.h>
24 #include <android-base/properties.h>
25 #include <binder/IServiceManager.h>
26 #include <binder/ProcessState.h>
27 #include <gtest/gtest.h>
28 #include <openssl/x509.h>
29
30 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
31 #include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
32 #include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
33
34 #include <keymint_support/attestation_record.h>
35 #include <keymint_support/authorization_set.h>
36 #include <keymint_support/openssl_utils.h>
37
38 namespace aidl::android::hardware::security::keymint {
39
40 ::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set);
41
42 inline bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
43 return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
44 }
45
46 namespace test {
47
48 using ::android::sp;
49 using Status = ::ndk::ScopedAStatus;
50 using ::std::optional;
51 using ::std::shared_ptr;
52 using ::std::string;
53 using ::std::vector;
54
55 constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF;
56
57 const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
58 const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
59
60 class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
61 public:
62 struct KeyData {
63 vector<uint8_t> blob;
64 vector<KeyCharacteristics> characteristics;
65 };
66
67 static bool arm_deleteAllKeys;
68 static bool dump_Attestations;
69
70 // Directory to store/retrieve keyblobs, using subdirectories named for the
71 // KeyMint instance in question (e.g. "./default/", "./strongbox/").
72 static std::string keyblob_dir;
73
74 void SetUp() override;
TearDown()75 void TearDown() override {
76 if (key_blob_.size()) {
77 CheckedDeleteKey();
78 }
79 AbortIfNeeded();
80 }
81
82 void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
keyMint()83 IKeyMintDevice& keyMint() { return *keymint_; }
84 int32_t AidlVersion();
os_version()85 uint32_t os_version() { return os_version_; }
os_patch_level()86 uint32_t os_patch_level() { return os_patch_level_; }
vendor_patch_level()87 uint32_t vendor_patch_level() { return vendor_patch_level_; }
88 uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);
89 uint32_t boot_patch_level();
90 bool isDeviceIdAttestationRequired();
91 bool isSecondImeiIdAttestationRequired();
92
93 bool Curve25519Supported();
94
95 ErrorCode GetReturnErrorCode(const Status& result);
96
GenerateKey(const AuthorizationSet & key_desc,vector<uint8_t> * key_blob,vector<KeyCharacteristics> * key_characteristics)97 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
98 vector<KeyCharacteristics>* key_characteristics) {
99 return GenerateKey(key_desc, std::nullopt /* attest_key */, key_blob, key_characteristics,
100 &cert_chain_);
101 }
102 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
103 const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob,
104 vector<KeyCharacteristics>* key_characteristics,
105 vector<Certificate>* cert_chain);
106 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
107 const optional<AttestationKey>& attest_key = std::nullopt);
108
109 // Generate key for implementations which do not support factory attestation.
110 ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
111 const AuthorizationSet& key_desc,
112 vector<uint8_t>* key_blob,
113 vector<KeyCharacteristics>* key_characteristics,
114 vector<Certificate>* cert_chain);
115
GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet & attest_key_desc,const AuthorizationSet & key_desc,vector<uint8_t> * key_blob,vector<KeyCharacteristics> * key_characteristics)116 ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
117 const AuthorizationSet& key_desc,
118 vector<uint8_t>* key_blob,
119 vector<KeyCharacteristics>* key_characteristics) {
120 return GenerateKeyWithSelfSignedAttestKey(attest_key_desc, key_desc, key_blob,
121 key_characteristics, &cert_chain_);
122 }
123
124 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
125 const string& key_material, vector<uint8_t>* key_blob,
126 vector<KeyCharacteristics>* key_characteristics);
127 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
128 const string& key_material);
129
130 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
131 const AuthorizationSet& wrapping_key_desc, string masking_key,
132 const AuthorizationSet& unwrapping_params, int64_t password_sid,
133 int64_t biometric_sid);
ImportWrappedKey(string wrapped_key,string wrapping_key,const AuthorizationSet & wrapping_key_desc,string masking_key,const AuthorizationSet & unwrapping_params)134 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
135 const AuthorizationSet& wrapping_key_desc, string masking_key,
136 const AuthorizationSet& unwrapping_params) {
137 return ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, masking_key,
138 unwrapping_params, 0 /* password_sid */, 0 /* biometric_sid */);
139 }
140
141 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob, const vector<uint8_t>& app_id,
142 const vector<uint8_t>& app_data,
143 vector<KeyCharacteristics>* key_characteristics);
144 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob,
145 vector<KeyCharacteristics>* key_characteristics);
146
147 void CheckCharacteristics(const vector<uint8_t>& key_blob,
148 const vector<KeyCharacteristics>& generate_characteristics);
149 void CheckAppIdCharacteristics(const vector<uint8_t>& key_blob, std::string_view app_id_string,
150 std::string_view app_data_string,
151 const vector<KeyCharacteristics>& generate_characteristics);
152
153 ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
154 ErrorCode DeleteKey(bool keep_key_blob = false);
155
156 ErrorCode DeleteAllKeys();
157
158 ErrorCode DestroyAttestationIds();
159
160 void CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
161 void CheckedDeleteKey();
162
163 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
164 const AuthorizationSet& in_params, AuthorizationSet* out_params,
165 std::shared_ptr<IKeyMintOperation>& op);
166 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
167 const AuthorizationSet& in_params, AuthorizationSet* out_params,
168 std::optional<HardwareAuthToken> hat = std::nullopt);
169 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
170 AuthorizationSet* out_params);
171 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
172
173 ErrorCode UpdateAad(const string& input);
174 ErrorCode Update(const string& input, string* output);
175
176 ErrorCode Finish(const string& message, const string& signature, string* output,
177 std::optional<HardwareAuthToken> hat = std::nullopt,
178 std::optional<secureclock::TimeStampToken> time_token = std::nullopt);
Finish(const string & message,string * output)179 ErrorCode Finish(const string& message, string* output) {
180 return Finish(message, {} /* signature */, output);
181 }
Finish(string * output)182 ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
183
184 ErrorCode Abort();
185 ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
186 void AbortIfNeeded();
187
188 string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
189 const string& message, const AuthorizationSet& in_params,
190 AuthorizationSet* out_params);
191 std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
192 const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
193 const AuthorizationSet& in_params);
194 string SignMessage(const vector<uint8_t>& key_blob, const string& message,
195 const AuthorizationSet& params);
196 string SignMessage(const string& message, const AuthorizationSet& params);
197
198 string MacMessage(const string& message, Digest digest, size_t mac_length);
199
200 void CheckAesIncrementalEncryptOperation(BlockMode block_mode, int message_size);
201
202 void AesCheckEncryptOneByteAtATime(const string& key, BlockMode block_mode,
203 PaddingMode padding_mode, const string& iv,
204 const string& plaintext, const string& exp_cipher_text);
205
206 void CheckHmacTestVector(const string& key, const string& message, Digest digest,
207 const string& expected_mac);
208
209 void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message,
210 const string& expected_ciphertext);
211
212 void CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
213 PaddingMode padding_mode, const string& key, const string& iv,
214 const string& input, const string& expected_output);
215
216 void VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
217 const string& signature, const AuthorizationSet& params);
218 void VerifyMessage(const string& message, const string& signature,
219 const AuthorizationSet& params);
220 void LocalVerifyMessage(const vector<uint8_t>& der_cert, const string& message,
221 const string& signature, const AuthorizationSet& params);
222 void LocalVerifyMessage(const string& message, const string& signature,
223 const AuthorizationSet& params);
224
225 string LocalRsaEncryptMessage(const string& message, const AuthorizationSet& params);
226 string EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
227 const AuthorizationSet& in_params, AuthorizationSet* out_params);
228 string EncryptMessage(const string& message, const AuthorizationSet& params,
229 AuthorizationSet* out_params);
230 string EncryptMessage(const string& message, const AuthorizationSet& params);
231 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding);
232 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
233 vector<uint8_t>* iv_out);
234 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
235 const vector<uint8_t>& iv_in);
236 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
237 uint8_t mac_length_bits, const vector<uint8_t>& iv_in);
238 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
239 uint8_t mac_length_bits);
240
241 string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext,
242 const AuthorizationSet& params);
243 string DecryptMessage(const string& ciphertext, const AuthorizationSet& params);
244 string DecryptMessage(const string& ciphertext, BlockMode block_mode, PaddingMode padding_mode,
245 const vector<uint8_t>& iv);
246
247 std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob);
248
249 template <typename TagType>
250 std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
251 KeyData /* ecdsaKey */>
252 CreateTestKeys(
253 TagType tagToTest, ErrorCode expectedReturn,
254 std::function<void(AuthorizationSetBuilder*)> tagModifier =
255 [](AuthorizationSetBuilder*) {}) {
256 /* AES */
257 KeyData aesKeyData;
258 AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder()
259 .AesEncryptionKey(128)
260 .Authorization(tagToTest)
261 .BlockMode(BlockMode::ECB)
262 .Padding(PaddingMode::NONE)
263 .Authorization(TAG_NO_AUTH_REQUIRED);
264 tagModifier(&aesBuilder);
265 ErrorCode errorCode =
266 GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics);
267 EXPECT_EQ(expectedReturn, errorCode);
268
269 /* HMAC */
270 KeyData hmacKeyData;
271 AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder()
272 .HmacKey(128)
273 .Authorization(tagToTest)
274 .Digest(Digest::SHA_2_256)
275 .Authorization(TAG_MIN_MAC_LENGTH, 128)
276 .Authorization(TAG_NO_AUTH_REQUIRED);
277 tagModifier(&hmacBuilder);
278 errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics);
279 EXPECT_EQ(expectedReturn, errorCode);
280
281 /* RSA */
282 KeyData rsaKeyData;
283 AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder()
284 .RsaSigningKey(2048, 65537)
285 .Authorization(tagToTest)
286 .Digest(Digest::NONE)
287 .Padding(PaddingMode::NONE)
288 .Authorization(TAG_NO_AUTH_REQUIRED)
289 .SetDefaultValidity();
290 tagModifier(&rsaBuilder);
291 errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
292 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
293 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
294 EXPECT_EQ(expectedReturn, errorCode);
295 }
296
297 /* ECDSA */
298 KeyData ecdsaKeyData;
299 AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder()
300 .EcdsaSigningKey(EcCurve::P_256)
301 .Authorization(tagToTest)
302 .Digest(Digest::SHA_2_256)
303 .Authorization(TAG_NO_AUTH_REQUIRED)
304 .SetDefaultValidity();
305 tagModifier(&ecdsaBuilder);
306 errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
307 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
308 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
309 EXPECT_EQ(expectedReturn, errorCode);
310 }
311 return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
312 }
IsSecure()313 bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
SecLevel()314 SecurityLevel SecLevel() const { return securityLevel_; }
315 bool IsRkpSupportRequired() const;
316
317 vector<uint32_t> ValidKeySizes(Algorithm algorithm);
318 vector<uint32_t> InvalidKeySizes(Algorithm algorithm);
319
320 vector<BlockMode> ValidBlockModes(Algorithm algorithm);
321 vector<PaddingMode> ValidPaddingModes(Algorithm algorithm, BlockMode blockMode);
322 vector<PaddingMode> InvalidPaddingModes(Algorithm algorithm, BlockMode blockMode);
323
324 vector<EcCurve> ValidCurves();
325 vector<EcCurve> InvalidCurves();
326
327 vector<Digest> ValidDigests(bool withNone, bool withMD5);
328 vector<uint64_t> ValidExponents();
329
build_params()330 static vector<string> build_params() {
331 auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
332 return params;
333 }
334
335 std::shared_ptr<IKeyMintOperation> op_;
336 vector<Certificate> cert_chain_;
337 vector<uint8_t> key_blob_;
338 vector<KeyCharacteristics> key_characteristics_;
339
340 const vector<KeyParameter>& SecLevelAuthorizations(
341 const vector<KeyCharacteristics>& key_characteristics);
SecLevelAuthorizations()342 inline const vector<KeyParameter>& SecLevelAuthorizations() {
343 return SecLevelAuthorizations(key_characteristics_);
344 }
345 const vector<KeyParameter>& SecLevelAuthorizations(
346 const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel);
347
348 ErrorCode UseAesKey(const vector<uint8_t>& aesKeyBlob);
349 ErrorCode UseHmacKey(const vector<uint8_t>& hmacKeyBlob);
350 ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
351 ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
352
353 ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
354 const optional<AttestationKey>& attest_key,
355 vector<uint8_t>* key_blob,
356 vector<KeyCharacteristics>* key_characteristics,
357 vector<Certificate>* cert_chain);
358
359 bool is_attest_key_feature_disabled(void) const;
360 bool is_strongbox_enabled(void) const;
361 bool is_chipset_allowed_km4_strongbox(void) const;
362 bool shouldSkipAttestKeyTest(void) const;
363 void skipAttestKeyTest(void) const;
364
365 protected:
366 std::shared_ptr<IKeyMintDevice> keymint_;
367 uint32_t os_version_;
368 uint32_t os_patch_level_;
369 uint32_t vendor_patch_level_;
370 bool timestamp_token_required_;
371
372 SecurityLevel securityLevel_;
373 string name_;
374 string author_;
375 int64_t challenge_;
376
377 private:
378 void CheckEncryptOneByteAtATime(BlockMode block_mode, const int block_size,
379 PaddingMode padding_mode, const string& iv,
380 const string& plaintext, const string& exp_cipher_text);
381 };
382
383 // If the given property is available, add it to the tag set under the given tag ID.
384 template <Tag tag>
add_tag_from_prop(AuthorizationSetBuilder * tags,TypedTag<TagType::BYTES,tag> ttag,const char * prop)385 void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
386 const char* prop) {
387 std::string prop_value = ::android::base::GetProperty(prop, /* default= */ "");
388 if (!prop_value.empty()) {
389 tags->Authorization(ttag, prop_value.data(), prop_value.size());
390 }
391 }
392
393 // Return the VSR API level for this device.
394 int get_vsr_api_level();
395
396 // Indicate whether the test is running on a GSI image.
397 bool is_gsi_image();
398
399 vector<uint8_t> build_serial_blob(const uint64_t serial_int);
400 void verify_subject(const X509* cert, const string& subject, bool self_signed);
401 void verify_serial(X509* cert, const uint64_t expected_serial);
402 void verify_subject_and_serial(const Certificate& certificate, //
403 const uint64_t expected_serial, //
404 const string& subject, bool self_signed);
405 void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, //
406 bool device_locked, //
407 VerifiedBoot verified_boot_state, //
408 const vector<uint8_t>& verified_boot_hash);
409 bool verify_attestation_record(int aidl_version, //
410 const string& challenge, //
411 const string& app_id, //
412 AuthorizationSet expected_sw_enforced, //
413 AuthorizationSet expected_hw_enforced, //
414 SecurityLevel security_level,
415 const vector<uint8_t>& attestation_cert,
416 vector<uint8_t>* unique_id = nullptr);
417
418 string bin2hex(const vector<uint8_t>& data);
419 X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
420 ASN1_OCTET_STRING* get_attestation_record(X509* certificate);
421 vector<uint8_t> make_name_from_str(const string& name);
422 void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
423 vector<uint8_t>* payload_value);
424 void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
425 void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result);
426 bool check_feature(const std::string& name);
427
428 AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
429 AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
430 ::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain,
431 bool strict_issuer_check = true);
432
433 #define INSTANTIATE_KEYMINT_AIDL_TEST(name) \
434 INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
435 testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
436 ::android::PrintInstanceNameToString); \
437 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
438
439 } // namespace test
440
441 } // namespace aidl::android::hardware::security::keymint
442