/* * Copyright 2014 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once /* * Utilities used to help with testing. Not used in production code. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param); bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b); std::string hex2str(std::string); namespace keymaster { bool operator==(const AuthorizationSet& a, const AuthorizationSet& b); bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b); std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set); namespace test { template bool contains(const AuthorizationSet& set, TypedEnumTag tag, KeymasterEnum val) { int pos = set.find(tag); return pos != -1 && static_cast(set[pos].enumerated) == val; } template bool contains(const AuthorizationSet& set, TypedEnumTag tag, KeymasterEnum val) { int pos = -1; while ((pos = set.find(tag, pos)) != -1) if (static_cast(set[pos].enumerated) == val) return true; return false; } template bool contains(const AuthorizationSet& set, TypedTag tag, uint32_t val) { int pos = set.find(tag); return pos != -1 && set[pos].integer == val; } template bool contains(const AuthorizationSet& set, TypedTag tag, uint32_t val) { int pos = -1; while ((pos = set.find(tag, pos)) != -1) if (set[pos].integer == val) return true; return false; } template bool contains(const AuthorizationSet& set, TypedTag tag, uint64_t val) { int pos = set.find(tag); return pos != -1 && set[pos].long_integer == val; } template bool contains(const AuthorizationSet& set, TypedTag tag, const std::string& val) { int pos = set.find(tag); return pos != -1 && std::string(reinterpret_cast(set[pos].blob.data), set[pos].blob.data_length) == val; } template bool contains(const AuthorizationSet& set, TypedTag tag, const std::string& val) { int pos = set.find(tag); return pos != -1 && std::string(reinterpret_cast(set[pos].blob.data), set[pos].blob.data_length) == val; } inline bool contains(const AuthorizationSet& set, keymaster_tag_t tag) { return set.find(tag) != -1; } class StdoutLogger : public Logger { public: StdoutLogger() { set_instance(this); } int log_msg(LogLevel level, const char* fmt, va_list args) const { int output_len = 0; switch (level) { case DEBUG_LVL: output_len = printf("DEBUG: "); break; case INFO_LVL: output_len = printf("INFO: "); break; case WARNING_LVL: output_len = printf("WARNING: "); break; case ERROR_LVL: output_len = printf("ERROR: "); break; case SEVERE_LVL: output_len = printf("SEVERE: "); break; } output_len += vprintf(fmt, args); output_len += printf("\n"); return output_len; } }; inline std::string make_string(const uint8_t* data, size_t length) { return std::string(reinterpret_cast(data), length); } template std::string make_string(const uint8_t (&a)[N]) { return make_string(a, N); } /** * Keymaster2TestInstance is used to parameterize Keymaster2Tests. Its main function is to create a * keymaster2_device_t to which test calls can be directed. It also provides a place to specify * various bits of alternative behavior, in cases where different devices are expected to behave * differently (any such cases are a potential bug, but sometimes they may make sense). */ class Keymaster2TestInstanceCreator { public: virtual ~Keymaster2TestInstanceCreator(){}; virtual keymaster2_device_t* CreateDevice() const = 0; virtual int minimal_digest_set() const { return false; } virtual bool is_keymaster1_hw() const = 0; virtual bool is_keymint() const { return false; } virtual KeymasterContext* keymaster_context() const = 0; virtual KmVersion km_version() const = 0; virtual std::string name() const = 0; }; // Use a shared_ptr because it's copyable. typedef std::shared_ptr InstanceCreatorPtr; std::ostream& operator<<(std::ostream& os, const InstanceCreatorPtr& instance_creator); const uint64_t OP_HANDLE_SENTINEL = 0xFFFFFFFFFFFFFFFF; class Keymaster2Test : public testing::TestWithParam { protected: Keymaster2Test(); ~Keymaster2Test(); keymaster2_device_t* device(); keymaster_error_t GenerateKey(const AuthorizationSetBuilder& builder); keymaster_error_t DeleteKey(); keymaster_error_t ImportKey(const AuthorizationSetBuilder& builder, keymaster_key_format_t format, const std::string& key_material); keymaster_error_t ExportKey(keymaster_key_format_t format, std::string* export_data); keymaster_error_t GetCharacteristics(); keymaster_error_t BeginOperation(keymaster_purpose_t purpose); keymaster_error_t BeginOperation(keymaster_purpose_t purpose, const AuthorizationSet& input_set, AuthorizationSet* output_set = nullptr); keymaster_error_t UpdateOperation(const std::string& message, std::string* output, size_t* input_consumed); keymaster_error_t UpdateOperation(const AuthorizationSet& additional_params, const std::string& message, AuthorizationSet* output_params, std::string* output, size_t* input_consumed); keymaster_error_t FinishOperation(std::string* output); keymaster_error_t FinishOperation(const std::string& input, const std::string& signature, std::string* output); keymaster_error_t FinishOperation(const AuthorizationSet& additional_params, const std::string& input, const std::string& signature, std::string* output) { return FinishOperation(additional_params, input, signature, nullptr /* output_params */, output); } keymaster_error_t FinishOperation(const AuthorizationSet& additional_params, const std::string& input, const std::string& signature, AuthorizationSet* output_params, std::string* output); keymaster_error_t AbortOperation(); keymaster_error_t AttestKey(const std::string& attest_challenge, const std::string& attest_app_id, keymaster_cert_chain_t* chain); keymaster_error_t UpgradeKey(const AuthorizationSet& upgrade_params); keymaster_error_t GetVersion(uint8_t* major, uint8_t* minor, uint8_t* subminor); std::string ProcessMessage(keymaster_purpose_t purpose, const std::string& message); std::string ProcessMessage(keymaster_purpose_t purpose, const std::string& message, const AuthorizationSet& begin_params, const AuthorizationSet& update_params, AuthorizationSet* output_params = nullptr); std::string ProcessMessage(keymaster_purpose_t purpose, const std::string& message, const std::string& signature, const AuthorizationSet& begin_params, const AuthorizationSet& update_params, AuthorizationSet* output_params = nullptr); std::string ProcessMessage(keymaster_purpose_t purpose, const std::string& message, const std::string& signature); void SignMessage(const std::string& message, std::string* signature, keymaster_digest_t digest); void SignMessage(const std::string& message, std::string* signature, keymaster_digest_t digest, keymaster_padding_t padding); void MacMessage(const std::string& message, std::string* signature, size_t mac_length); void VerifyMessage(const std::string& message, const std::string& signature, keymaster_digest_t digest); void VerifyMessage(const std::string& message, const std::string& signature, keymaster_digest_t digest, keymaster_padding_t padding); void VerifyMac(const std::string& message, const std::string& signature); std::string EncryptMessage(const std::string& message, keymaster_padding_t padding, std::string* generated_nonce = nullptr); std::string EncryptMessage(const std::string& message, keymaster_digest_t digest, keymaster_digest_t mgf_digest, keymaster_padding_t padding, std::string* generated_nonce = nullptr); std::string EncryptMessage(const std::string& message, keymaster_digest_t digest, keymaster_padding_t padding, std::string* generated_nonce = nullptr); std::string EncryptMessage(const std::string& message, keymaster_block_mode_t block_mode, keymaster_padding_t padding, std::string* generated_nonce = nullptr); std::string EncryptMessage(const AuthorizationSet& update_params, const std::string& message, keymaster_digest_t digest, keymaster_digest_t mgf_digest, keymaster_padding_t padding, std::string* generated_nonce = nullptr); std::string EncryptMessage(const AuthorizationSet& update_params, const std::string& message, keymaster_digest_t digest, keymaster_padding_t padding, std::string* generated_nonce = nullptr); std::string EncryptMessage(const AuthorizationSet& update_params, const std::string& message, keymaster_block_mode_t block_mode, keymaster_padding_t padding, std::string* generated_nonce = nullptr); std::string EncryptMessageWithParams(const std::string& message, const AuthorizationSet& begin_params, const AuthorizationSet& update_params, AuthorizationSet* output_params); std::string DecryptMessage(const std::string& ciphertext, keymaster_padding_t padding); std::string DecryptMessage(const std::string& ciphertext, keymaster_digest_t digest, keymaster_padding_t padding); std::string DecryptMessage(const std::string& ciphertext, keymaster_block_mode_t block_mode, keymaster_padding_t padding); std::string DecryptMessage(const std::string& ciphertext, keymaster_digest_t digest, keymaster_padding_t padding, const std::string& nonce); std::string DecryptMessage(const std::string& ciphertext, keymaster_digest_t digest, keymaster_digest_t mgf_digest, keymaster_padding_t padding); std::string DecryptMessage(const std::string& ciphertext, keymaster_block_mode_t block_mode, keymaster_padding_t padding, const std::string& nonce); std::string DecryptMessage(const AuthorizationSet& update_params, const std::string& ciphertext, keymaster_digest_t digest, keymaster_padding_t padding, const std::string& nonce); std::string DecryptMessage(const AuthorizationSet& update_params, const std::string& ciphertext, keymaster_block_mode_t block_mode, keymaster_padding_t padding, const std::string& nonce); std::string DecryptMessageWithParams(const std::string& message, const AuthorizationSet& begin_params, const AuthorizationSet& update_params, AuthorizationSet* output_params); void CheckHmacTestVector(const std::string& key, const std::string& message, keymaster_digest_t digest, std::string expected_mac); void CheckAesOcbTestVector(const std::string& key, const std::string& nonce, const std::string& associated_data, const std::string& message, const std::string& expected_ciphertext); void CheckAesCtrTestVector(const std::string& key, const std::string& nonce, const std::string& message, const std::string& expected_ciphertext); void CheckTripleDesTestVector(keymaster_purpose_t purpose, keymaster_block_mode_t mode, keymaster_padding_t padding, const std::string& key, const std::string& iv, const std::string& message, const std::string& expected_ciphertext); AuthorizationSet UserAuthParams(); AuthorizationSet ClientParams(); template bool ResponseContains(const std::vector& expected, const T* values, size_t len) { return expected.size() == len && std::is_permutation(values, values + len, expected.begin()); } template bool ResponseContains(T expected, const T* values, size_t len) { return (len == 1 && *values == expected); } AuthorizationSet hw_enforced(); AuthorizationSet sw_enforced(); void FreeCharacteristics(); void FreeKeyBlob(); void corrupt_key_blob(); void set_key_blob(const uint8_t* key, size_t key_length) { FreeKeyBlob(); blob_.key_material = key; blob_.key_material_size = key_length; } void set_key_blob(KeymasterKeyBlob blob) { blob_ = blob.release(); } void set_key_characteristics(const AuthorizationSet& hw_enforced, const AuthorizationSet& sw_enforced) { FreeCharacteristics(); hw_enforced.CopyToParamSet(&characteristics_.hw_enforced); sw_enforced.CopyToParamSet(&characteristics_.sw_enforced); } AuthorizationSet client_params() { return AuthorizationSet(client_params_, sizeof(client_params_) / sizeof(client_params_[0])); } private: keymaster2_device_t* device_; keymaster_blob_t client_id_ = {.data = reinterpret_cast("app_id"), .data_length = 6}; keymaster_key_param_t client_params_[1] = { Authorization(TAG_APPLICATION_ID, client_id_.data, client_id_.data_length)}; uint64_t op_handle_; keymaster_key_blob_t blob_; keymaster_key_characteristics_t characteristics_; }; /** * This function takes a keymaster1_device_t and wraps it in an adapter that supports only * KM_DIGEST_SHA_2_256. */ keymaster1_device_t* make_device_sha256_only(keymaster1_device_t* device); } // namespace test } // namespace keymaster