1 /* 2 * Copyright (C) 2024 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #[cfg(test)] 17 mod tests { 18 use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::{ 19 IHwCryptoKey::{ 20 DerivedKey::DerivedKey, DerivedKeyParameters::DerivedKeyParameters, 21 DerivedKeyPolicy::DerivedKeyPolicy, DeviceKeyId::DeviceKeyId, 22 DiceBoundDerivationKey::DiceBoundDerivationKey, DiceBoundKeyResult::DiceBoundKeyResult, 23 DiceCurrentBoundKeyResult::DiceCurrentBoundKeyResult, IHwCryptoKey, 24 ClearKeyPolicy::ClearKeyPolicy, 25 }, 26 }; 27 use binder::{StatusCode, Strong}; 28 use rpcbinder::RpcSession; 29 use test::{expect, assert_ok}; 30 use trusty_std::ffi::{CString, FallibleCString}; 31 32 pub(crate) const RUST_DEVICE_KEY_SERVICE_PORT: &str = "com.android.trusty.rust.hwcryptohal.V1"; 33 34 pub(crate) const VERSION_0_DICE_POLICY: [u8; 126] = [ 35 0x83, 0x58, 0x36, 0xa4, 0x01, 0x03, 0x3a, 0x00, 0x01, 0x00, 0x02, 0x58, 0x20, 0x55, 0x51, 36 0xba, 0x39, 0x55, 0xfa, 0x6f, 0x92, 0xbb, 0xf9, 0xed, 0xe1, 0xc0, 0x91, 0x3f, 0x2b, 0xbf, 37 0xb5, 0xb3, 0x93, 0x8a, 0x08, 0x5f, 0x78, 0xa8, 0x00, 0xa2, 0xce, 0x09, 0x99, 0xa9, 0x5e, 38 0x3a, 0x00, 0x01, 0x00, 0x03, 0x01, 0x3a, 0x00, 0x01, 0x00, 0x04, 0x01, 0xa0, 0x58, 0x42, 39 0xda, 0x4f, 0xef, 0x97, 0xf4, 0x19, 0x90, 0xf3, 0x06, 0x1f, 0x06, 0xfe, 0x4d, 0xcb, 0x89, 40 0xcf, 0x6a, 0xa1, 0xd1, 0xf5, 0x34, 0x68, 0x47, 0x17, 0x2d, 0xa2, 0x0e, 0xec, 0xc1, 0xcb, 41 0xac, 0xa4, 0xe1, 0x36, 0x51, 0x88, 0xdb, 0x2e, 0x1c, 0x06, 0xeb, 0xe8, 0x0c, 0xde, 0x56, 42 0xc7, 0xed, 0x17, 0x03, 0x2a, 0x9c, 0x4e, 0x52, 0x65, 0xd6, 0x4e, 0xfb, 0xea, 0xf0, 0x9d, 43 0x49, 0x70, 0x3f, 0x37, 0xf3, 0x33, 44 ]; 45 46 pub(crate) const VERSION_0_CLEAR_KEY: [u8; 256] = [ 47 0xbb, 0x3c, 0xca, 0xca, 0x52, 0x68, 0x05, 0xae, 0xbe, 0xd9, 0x27, 0x98, 0xc8, 0x0e, 0xf0, 48 0xbd, 0xfb, 0x03, 0x77, 0x47, 0xe1, 0x68, 0x5b, 0x54, 0xad, 0x42, 0x80, 0x06, 0x83, 0x65, 49 0xeb, 0x69, 0x25, 0x22, 0x00, 0x5f, 0x7e, 0xa7, 0x56, 0xe8, 0xce, 0x44, 0x0b, 0xd0, 0x25, 50 0xcb, 0x29, 0x50, 0xf2, 0x4e, 0xda, 0x6a, 0xa3, 0x99, 0x47, 0x35, 0x14, 0x08, 0x3b, 0x57, 51 0x86, 0xb0, 0xfe, 0x58, 0xb8, 0x23, 0xe8, 0x7c, 0xee, 0x97, 0x84, 0x09, 0x57, 0xa9, 0xc2, 52 0xbe, 0xe1, 0xa2, 0xbb, 0xfe, 0xcb, 0x5d, 0xea, 0x01, 0xee, 0x93, 0x66, 0x71, 0xef, 0x5a, 53 0x02, 0x34, 0x9e, 0xb8, 0x38, 0xc1, 0x2d, 0xeb, 0x1b, 0xbe, 0x8e, 0x69, 0x6e, 0xbf, 0x82, 54 0x72, 0x4e, 0x28, 0x89, 0xda, 0x4a, 0x0c, 0xc4, 0xee, 0x6d, 0xd7, 0x3a, 0x1f, 0xb0, 0x3d, 55 0xcc, 0xff, 0x4a, 0x3b, 0x27, 0x49, 0xf3, 0x85, 0xd8, 0x67, 0xcb, 0x4b, 0x92, 0x5f, 0xce, 56 0xbb, 0xcb, 0xe1, 0xfe, 0x8a, 0xab, 0xc3, 0x54, 0xce, 0x44, 0xff, 0x36, 0xe1, 0x46, 0xce, 57 0x86, 0x25, 0xc0, 0x35, 0xe6, 0x7d, 0xdb, 0xab, 0x2d, 0xfc, 0x7e, 0xeb, 0xb0, 0x93, 0x79, 58 0x3d, 0x1b, 0x78, 0x64, 0x0d, 0x6f, 0x35, 0x40, 0xc1, 0xd2, 0x00, 0xfc, 0x2a, 0x14, 0xc3, 59 0xc2, 0x0f, 0x10, 0x56, 0x5b, 0x5c, 0xcb, 0xbe, 0x80, 0xdf, 0x08, 0x0d, 0x26, 0x18, 0x8f, 60 0xf6, 0x94, 0xf0, 0x8d, 0xb2, 0x29, 0x2e, 0xb9, 0x2d, 0xd0, 0x67, 0x57, 0xea, 0xed, 0x2f, 61 0xb0, 0x21, 0xfa, 0x67, 0x42, 0x4a, 0x6a, 0xae, 0xdd, 0x98, 0xc5, 0x1a, 0x6e, 0xf8, 0xfa, 62 0xf6, 0x44, 0x7f, 0x2f, 0x88, 0x6f, 0xe1, 0x60, 0x70, 0xa6, 0x08, 0xdf, 0xdf, 0xc1, 0x3f, 63 0x8c, 0xed, 0x42, 0x99, 0x15, 0x3b, 0xc7, 0x97, 0x61, 0xcd, 0xf6, 0x65, 0x77, 0xc6, 0x8e, 64 0x8d, 65 ]; 66 connect() -> Result<Strong<dyn IHwCryptoKey>, StatusCode>67 fn connect() -> Result<Strong<dyn IHwCryptoKey>, StatusCode> { 68 let port = 69 CString::try_new(RUST_DEVICE_KEY_SERVICE_PORT).expect("Failed to allocate port name"); 70 RpcSession::new().setup_trusty_client(port.as_c_str()) 71 } 72 keys_are_sufficiently_distinct(key1: Vec<u8>, key2: Vec<u8>) -> bool73 fn keys_are_sufficiently_distinct(key1: Vec<u8>, key2: Vec<u8>) -> bool { 74 let differing_bytes = key1.iter().zip(key2.iter()).filter(|(&x1, &x2)| x1 != x2).count(); 75 76 std::cmp::min(key1.len(), key2.len()) - differing_bytes <= 4 77 } 78 79 #[test] generate_new_policy_and_clear_key()80 fn generate_new_policy_and_clear_key() { 81 let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); 82 83 // Get the device bound key 84 let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); 85 86 // Generate the current derivation key and policy 87 let key_and_policy = 88 assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); 89 let DiceCurrentBoundKeyResult { 90 diceBoundKey: derivation_key1, 91 dicePolicyForKeyVersion: dice_policy, 92 } = key_and_policy; 93 94 expect!(derivation_key1.is_some(), "should have received a key"); 95 expect!(dice_policy.len() > 0, "should have received a DICE policy"); 96 97 // Derive a clear key from returned current policy and derivation key 98 let mut params = DerivedKeyParameters { 99 derivationKey: derivation_key1, 100 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 101 context: "context".as_bytes().to_vec(), 102 }; 103 104 let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms)); 105 106 // Check key type and length 107 let derived_key1 = match derived_key1 { 108 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 109 DerivedKey::ExplicitKey(k) => k, 110 }; 111 112 assert_eq!(derived_key1.len() as i32, 256, "wrong key length"); 113 114 // Use dice policy to request same key 115 let key_and_policy = 116 assert_ok!(hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &dice_policy)); 117 let DiceBoundKeyResult { 118 diceBoundKey: derivation_key2, 119 dicePolicyWasCurrent: dice_policy_current, 120 } = key_and_policy; 121 122 expect!(derivation_key2.is_some(), "should have received a key"); 123 expect!(dice_policy_current, "policy should have been current"); 124 125 // generate derived key 2 and compare to key 1 126 params.derivationKey = derivation_key2; 127 128 let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms)); 129 130 // Check key type and length 131 let derived_key2 = match derived_key2 { 132 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 133 DerivedKey::ExplicitKey(k) => k, 134 }; 135 136 assert_eq!(derived_key2.len() as i32, 256, "wrong key length"); 137 138 // Make sure both derived keys match 139 assert_eq!(derived_key2, derived_key1, "key mismatch"); 140 141 // If we request current dice policy again, we expect the same key, but different 142 // encryption of the returned policy. Note underlying policy is the same (latest), 143 // but encrypted byte array returned will be different 144 145 // Generate the current derivation key and policy again 146 let key_and_policy = 147 assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); 148 let DiceCurrentBoundKeyResult { 149 diceBoundKey: derivation_key3, 150 dicePolicyForKeyVersion: dice_policy3, 151 } = key_and_policy; 152 153 // We expect the dice policy to appear different due to encruption 154 assert_ne!( 155 dice_policy, dice_policy3, 156 "expected dice policies to appear different due to encryption" 157 ); 158 159 // Ensure derived key from this policy matches previously generated derived key 160 params.derivationKey = derivation_key3; 161 162 let derived_key3 = assert_ok!(hw_device_key.deriveKey(¶ms)); 163 164 // Check key type and length 165 let derived_key3 = match derived_key3 { 166 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 167 DerivedKey::ExplicitKey(k) => k, 168 }; 169 170 assert_eq!(derived_key3.len() as i32, 256, "wrong key length"); 171 172 // Make sure both derived keys match 173 assert_eq!(derived_key3, derived_key1, "key mismatch"); 174 } 175 176 #[test] old_dice_generates_old_clear_key_and_new_policy()177 fn old_dice_generates_old_clear_key_and_new_policy() { 178 let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); 179 180 // Get the device bound key 181 let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); 182 183 // Generate a derived key from version 0 dice policy 184 let key_and_policy = assert_ok!( 185 hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &VERSION_0_DICE_POLICY) 186 ); 187 let DiceBoundKeyResult { 188 diceBoundKey: derivation_key, 189 dicePolicyWasCurrent: dice_policy_current, 190 } = key_and_policy; 191 192 // We expect version 0 should not be current 193 expect!(!dice_policy_current, "policy not expected to be current"); 194 195 // Derive clear key from derivation key 196 let params = DerivedKeyParameters { 197 derivationKey: derivation_key, 198 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 199 context: "context".as_bytes().to_vec(), 200 }; 201 202 let derived_key = assert_ok!(hw_device_key.deriveKey(¶ms)); 203 204 // Check key type and length 205 let derived_key = match derived_key { 206 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 207 DerivedKey::ExplicitKey(k) => k, 208 }; 209 210 assert_eq!(derived_key.len() as i32, 256, "wrong key length"); 211 212 // Check we got the old key and a new policy 213 assert_eq!(derived_key, VERSION_0_CLEAR_KEY.to_vec(), "Retrieved version 0 key mismatch"); 214 } 215 216 #[test] dice_updates_are_unique()217 fn dice_updates_are_unique() { 218 let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); 219 220 // Get the device bound key 221 let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); 222 223 // Generate a derived key from version 0 dice policy 224 let key_and_policy = assert_ok!( 225 hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &VERSION_0_DICE_POLICY) 226 ); 227 let DiceBoundKeyResult { 228 diceBoundKey: _derivation_key, 229 dicePolicyWasCurrent: dice_policy_current, 230 } = key_and_policy; 231 232 // We expect version 0 should not be current 233 expect!(!dice_policy_current, "policy not expected to be current"); 234 235 // Get current dice policy multiple times 236 let key_and_policy = 237 assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); 238 let DiceCurrentBoundKeyResult { 239 diceBoundKey: derivation_key1, 240 dicePolicyForKeyVersion: dice_policy1, 241 } = key_and_policy; 242 243 let key_and_policy = 244 assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); 245 let DiceCurrentBoundKeyResult { 246 diceBoundKey: derivation_key2, 247 dicePolicyForKeyVersion: dice_policy2, 248 } = key_and_policy; 249 250 // policies should appear different due to encryption and not be zero length 251 expect!(dice_policy1.len() > 0, "should have received a DICE policy"); 252 expect!(dice_policy2.len() > 0, "should have received a DICE policy"); 253 assert_ne!(dice_policy1, dice_policy2, "expected policies to be different"); 254 255 expect!(derivation_key1.is_some(), "should have received a key"); 256 expect!(derivation_key2.is_some(), "should have received a key"); 257 258 // Generate derived clear keys from returned derivation keys 259 let params = DerivedKeyParameters { 260 derivationKey: derivation_key1, 261 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 262 context: "context".as_bytes().to_vec(), 263 }; 264 265 let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms)); 266 267 let params = DerivedKeyParameters { 268 derivationKey: derivation_key2, 269 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 270 context: "context".as_bytes().to_vec(), 271 }; 272 273 let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms)); 274 275 // Check derived keys 276 let derived_key1 = match derived_key1 { 277 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 278 DerivedKey::ExplicitKey(k) => k, 279 }; 280 281 let derived_key2 = match derived_key2 { 282 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 283 DerivedKey::ExplicitKey(k) => k, 284 }; 285 286 // Check that generated keys match 287 assert_eq!(derived_key1, derived_key2, "key mismatch"); 288 289 // Check that both dice policies are considered current 290 let key_and_policy = 291 assert_ok!(hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &dice_policy1)); 292 let DiceBoundKeyResult { diceBoundKey: _, dicePolicyWasCurrent: dice_policy1_current } = 293 key_and_policy; 294 295 expect!(dice_policy1_current, "policy expected to be current"); 296 297 let key_and_policy = 298 assert_ok!(hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &dice_policy2)); 299 let DiceBoundKeyResult { diceBoundKey: _, dicePolicyWasCurrent: dice_policy2_current } = 300 key_and_policy; 301 302 expect!(dice_policy2_current, "policy expected to be current"); 303 } 304 305 #[test] explicit_keys_unique_by_context()306 fn explicit_keys_unique_by_context() { 307 let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); 308 309 // Get the device bound key 310 let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); 311 312 // Generate the current derivation key and policy 313 let key_and_policy = 314 assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); 315 let DiceCurrentBoundKeyResult { 316 diceBoundKey: derivation_key, 317 dicePolicyForKeyVersion: dice_policy, 318 } = key_and_policy; 319 320 expect!(derivation_key.is_some(), "should have received a key"); 321 expect!(dice_policy.len() > 0, "should have received a DICE policy"); 322 323 // Define two different contexts and get clear derived keys for each 324 let context1 = "context1"; 325 let context2 = "context2"; 326 327 let params1 = DerivedKeyParameters { 328 derivationKey: derivation_key.clone(), 329 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 330 context: context1.as_bytes().to_vec(), 331 }; 332 333 let params2 = DerivedKeyParameters { 334 derivationKey: derivation_key.clone(), 335 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 336 context: context2.as_bytes().to_vec(), 337 }; 338 339 let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms1)); 340 let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms2)); 341 342 // Check key2 type and length 343 let derived_key1 = match derived_key1 { 344 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 345 DerivedKey::ExplicitKey(k) => k, 346 }; 347 348 let derived_key2 = match derived_key2 { 349 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 350 DerivedKey::ExplicitKey(k) => k, 351 }; 352 353 assert_eq!(derived_key1.len() as i32, 256, "wrong key length"); 354 assert_eq!(derived_key2.len() as i32, 256, "wrong key length"); 355 356 // Ensure keys are different 357 assert_ne!(derived_key2, derived_key1, "returned keys are same"); 358 assert!( 359 keys_are_sufficiently_distinct(derived_key2, derived_key1), 360 "derived keys share too many bytes" 361 ); 362 } 363 364 #[test] invalid_key_sizes()365 fn invalid_key_sizes() { 366 let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); 367 368 // Get the device bound key 369 let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); 370 371 // Generate the current derivation key and policy 372 let key_and_policy = 373 assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); 374 let DiceCurrentBoundKeyResult { 375 diceBoundKey: derivation_key, 376 dicePolicyForKeyVersion: dice_policy, 377 } = key_and_policy; 378 379 expect!(derivation_key.is_some(), "should have received a key"); 380 expect!(dice_policy.len() > 0, "should have received a DICE policy"); 381 382 // Request a zero length key 383 let params = DerivedKeyParameters { 384 derivationKey: derivation_key.clone(), 385 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 0 }), 386 context: "context".as_bytes().to_vec(), 387 }; 388 389 let derived_key = hw_device_key.deriveKey(¶ms); 390 expect!(derived_key.is_err(), "expected error on bad key size"); 391 392 // Request a negative length key 393 let params = DerivedKeyParameters { 394 derivationKey: derivation_key.clone(), 395 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: -256 }), 396 context: "context".as_bytes().to_vec(), 397 }; 398 399 let derived_key = hw_device_key.deriveKey(¶ms); 400 expect!(derived_key.is_err(), "expected error on bad key size"); 401 } 402 403 #[test] large_context()404 fn large_context() { 405 let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); 406 407 // Get the device bound key 408 let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); 409 410 // Generate the current derivation key and policy 411 let key_and_policy = 412 assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); 413 let DiceCurrentBoundKeyResult { 414 diceBoundKey: derivation_key, 415 dicePolicyForKeyVersion: dice_policy, 416 } = key_and_policy; 417 418 expect!(derivation_key.is_some(), "should have received a key"); 419 expect!(dice_policy.len() > 0, "should have received a DICE policy"); 420 421 // Pick a reasonable large context size 422 const PAYLOAD_LEN: usize = 512; 423 424 let mut context = vec![42; PAYLOAD_LEN]; 425 426 // Get a derived key based on large context 427 let params = DerivedKeyParameters { 428 derivationKey: derivation_key.clone(), 429 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 430 context: context.clone(), 431 }; 432 433 let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms)); 434 435 // Check key type and length 436 let derived_key1 = match derived_key1 { 437 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 438 DerivedKey::ExplicitKey(k) => k, 439 }; 440 441 assert_eq!(derived_key1.len() as i32, 256, "wrong key length"); 442 443 // Make a minor change to last byte of context and request another key 444 context[PAYLOAD_LEN - 1] = 43; 445 446 let params = DerivedKeyParameters { 447 derivationKey: derivation_key.clone(), 448 keyPolicy: DerivedKeyPolicy::ClearKeyPolicy(ClearKeyPolicy { keySizeBytes: 256 }), 449 context: context.clone(), 450 }; 451 452 let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms)); 453 454 // Check key type and length 455 let derived_key2 = match derived_key2 { 456 DerivedKey::Opaque(_) => panic!("wrong type of key received"), 457 DerivedKey::ExplicitKey(k) => k, 458 }; 459 460 assert_eq!(derived_key2.len() as i32, 256, "wrong key length"); 461 462 //Ensure keys are different 463 assert_ne!(derived_key1, derived_key2, "keys expected to differ"); 464 assert!( 465 keys_are_sufficiently_distinct(derived_key1, derived_key2), 466 "derived keys share too many bytes" 467 ); 468 } 469 } 470