Move keymaster test fixture to utils, so we can reuse it. Change-Id: I7e080326a97712bc1b6810e7231ecf78b7d4e28f

commit: 95dda36620149d1b8de57d175df9ba34a64e895d [log] [tgz]
author: Shawn Willden <swillden@google.com> Fri Feb 27 10:58:37 2015 -0700
committer: Shawn Willden <swillden@google.com> Tue Mar 17 16:52:06 2015 -0600
tree: 40c1c5585a552d380d271e95180aedc3101ac005
parent: 84b8da52a242c42d9a6a8cc8f128fb4c8baa6f8f [diff] [blame]
diff --git a/google_keymaster_test_utils.cpp b/google_keymaster_test_utils.cpp
index ce14330..7cda08a 100644
--- a/google_keymaster_test_utils.cpp
+++ b/google_keymaster_test_utils.cpp

@@ -16,6 +16,18 @@
 
 #include "google_keymaster_test_utils.h"
 
+#include <algorithm>
+
+#include <openssl/rand.h>
+
+#include <keymaster/google_keymaster_messages.h>
+#include <keymaster/google_keymaster_utils.h>
+
+using std::is_permutation;
+using std::ostream;
+using std::string;
+using std::vector;
+
 std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
     os << "Tag: " << keymaster_tag_mask_type(param.tag);
     switch (keymaster_tag_get_type(param.tag)) {
@@ -109,4 +121,337 @@
     return os;
 }
 
+namespace test {
+
+Keymaster1Test::Keymaster1Test()
+    : device_(NULL), op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
+    blob_.key_material = NULL;
+    RAND_seed("foobar", 6);
+    blob_.key_material = 0;
+}
+
+Keymaster1Test::~Keymaster1Test() {
+    FreeCharacteristics();
+    FreeKeyBlob();
+    device_->common.close(reinterpret_cast<hw_device_t*>(device_));
+}
+
+keymaster1_device_t* Keymaster1Test::device() {
+    return device_;
+}
+
+keymaster_error_t Keymaster1Test::GenerateKey(const AuthorizationSetBuilder& builder) {
+    AuthorizationSet params(builder.build());
+    params.push_back(UserAuthParams());
+    params.push_back(ClientParams());
+
+    FreeKeyBlob();
+    FreeCharacteristics();
+    return device()->generate_key(device(), params.data(), params.size(), &blob_,
+                                  &characteristics_);
+}
+
+keymaster_error_t Keymaster1Test::ImportKey(const AuthorizationSetBuilder& builder,
+                                            keymaster_key_format_t format,
+                                            const string& key_material) {
+    AuthorizationSet params(builder.build());
+    params.push_back(UserAuthParams());
+    params.push_back(ClientParams());
+
+    FreeKeyBlob();
+    FreeCharacteristics();
+    return device()->import_key(device(), params.data(), params.size(), format,
+                                reinterpret_cast<const uint8_t*>(key_material.c_str()),
+                                key_material.length(), &blob_, &characteristics_);
+}
+
+AuthorizationSet Keymaster1Test::UserAuthParams() {
+    AuthorizationSet set;
+    set.push_back(TAG_USER_ID, 7);
+    set.push_back(TAG_USER_AUTH_ID, 8);
+    set.push_back(TAG_AUTH_TIMEOUT, 300);
+    return set;
+}
+
+AuthorizationSet Keymaster1Test::ClientParams() {
+    AuthorizationSet set;
+    set.push_back(TAG_APPLICATION_ID, "app_id", 6);
+    return set;
+}
+
+keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose) {
+    keymaster_key_param_t* out_params = NULL;
+    size_t out_params_count = 0;
+    keymaster_error_t error =
+        device()->begin(device(), purpose, &blob_, client_params_, array_length(client_params_),
+                        &out_params, &out_params_count, &op_handle_);
+    EXPECT_EQ(0, out_params_count);
+    EXPECT_TRUE(out_params == NULL);
+    return error;
+}
+
+keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose,
+                                                 const AuthorizationSet& input_set,
+                                                 AuthorizationSet* output_set) {
+    AuthorizationSet additional_params(client_params_, array_length(client_params_));
+    additional_params.push_back(input_set);
+
+    keymaster_key_param_t* out_params;
+    size_t out_params_count;
+    keymaster_error_t error =
+        device()->begin(device(), purpose, &blob_, additional_params.data(),
+                        additional_params.size(), &out_params, &out_params_count, &op_handle_);
+    if (error == KM_ERROR_OK) {
+        if (output_set) {
+            output_set->Reinitialize(out_params, out_params_count);
+        } else {
+            EXPECT_EQ(0, out_params_count);
+            EXPECT_TRUE(out_params == NULL);
+        }
+        keymaster_free_param_values(out_params, out_params_count);
+        free(out_params);
+    }
+    return error;
+}
+
+keymaster_error_t Keymaster1Test::UpdateOperation(const string& message, string* output,
+                                                  size_t* input_consumed) {
+    uint8_t* out_tmp = NULL;
+    size_t out_length;
+    EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
+    keymaster_error_t error =
+        device()->update(device(), op_handle_, NULL /* params */, 0 /* params_count */,
+                         reinterpret_cast<const uint8_t*>(message.c_str()), message.length(),
+                         input_consumed, &out_tmp, &out_length);
+    if (error == KM_ERROR_OK && out_tmp)
+        output->append(reinterpret_cast<char*>(out_tmp), out_length);
+    free(out_tmp);
+    return error;
+}
+
+keymaster_error_t Keymaster1Test::UpdateOperation(const AuthorizationSet& additional_params,
+                                                  const string& message, string* output,
+                                                  size_t* input_consumed) {
+    uint8_t* out_tmp = NULL;
+    size_t out_length;
+    EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
+    keymaster_error_t error =
+        device()->update(device(), op_handle_, additional_params.data(), additional_params.size(),
+                         reinterpret_cast<const uint8_t*>(message.c_str()), message.length(),
+                         input_consumed, &out_tmp, &out_length);
+    if (error == KM_ERROR_OK && out_tmp)
+        output->append(reinterpret_cast<char*>(out_tmp), out_length);
+    free(out_tmp);
+    return error;
+}
+
+keymaster_error_t Keymaster1Test::FinishOperation(string* output) {
+    return FinishOperation("", output);
+}
+
+keymaster_error_t Keymaster1Test::FinishOperation(const string& signature, string* output) {
+    AuthorizationSet additional_params;
+    return FinishOperation(additional_params, signature, output);
+}
+
+keymaster_error_t Keymaster1Test::FinishOperation(const AuthorizationSet& additional_params,
+                                                  const string& signature, string* output) {
+    uint8_t* out_tmp = NULL;
+    size_t out_length;
+    keymaster_error_t error =
+        device()->finish(device(), op_handle_, additional_params.data(), additional_params.size(),
+                         reinterpret_cast<const uint8_t*>(signature.c_str()), signature.length(),
+                         &out_tmp, &out_length);
+    if (out_tmp)
+        output->append(reinterpret_cast<char*>(out_tmp), out_length);
+    free(out_tmp);
+    return error;
+}
+
+keymaster_error_t Keymaster1Test::AbortOperation() {
+    return device()->abort(device(), op_handle_);
+}
+
+string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) {
+    AuthorizationSet input_params;
+    EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
+
+    string result;
+    size_t input_consumed;
+    EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
+    EXPECT_EQ(message.size(), input_consumed);
+    EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
+    return result;
+}
+
+string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
+                                      const AuthorizationSet& begin_params,
+                                      const AuthorizationSet& update_params,
+                                      AuthorizationSet* output_params) {
+    EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
+
+    string result;
+    size_t input_consumed;
+    EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &result, &input_consumed));
+    EXPECT_EQ(message.size(), input_consumed);
+    EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result));
+    return result;
+}
+
+string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
+                                      const string& signature) {
+    AuthorizationSet input_params;
+    EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
+
+    string result;
+    size_t input_consumed;
+    EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
+    EXPECT_EQ(message.size(), input_consumed);
+    EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
+    return result;
+}
+
+void Keymaster1Test::SignMessage(const string& message, string* signature) {
+    SCOPED_TRACE("SignMessage");
+    *signature = ProcessMessage(KM_PURPOSE_SIGN, message);
+    EXPECT_GT(signature->size(), 0);
+}
+
+void Keymaster1Test::VerifyMessage(const string& message, const string& signature) {
+    SCOPED_TRACE("VerifyMessage");
+    ProcessMessage(KM_PURPOSE_VERIFY, message, signature);
+}
+
+string Keymaster1Test::EncryptMessage(const string& message, string* generated_nonce) {
+    AuthorizationSet update_params;
+    return EncryptMessage(update_params, message, generated_nonce);
+}
+
+string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
+                                      string* generated_nonce) {
+    SCOPED_TRACE("EncryptMessage");
+    AuthorizationSet begin_params, output_params;
+    string ciphertext =
+        ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
+    if (generated_nonce) {
+        keymaster_blob_t nonce_blob;
+        EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
+        *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
+    } else {
+        EXPECT_EQ(-1, output_params.find(TAG_NONCE));
+    }
+    return ciphertext;
+}
+
+string Keymaster1Test::EncryptMessageWithParams(const string& message,
+                                                const AuthorizationSet& begin_params,
+                                                const AuthorizationSet& update_params,
+                                                AuthorizationSet* output_params) {
+    SCOPED_TRACE("EncryptMessageWithParams");
+    return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params);
+}
+
+string Keymaster1Test::DecryptMessage(const string& ciphertext) {
+    SCOPED_TRACE("DecryptMessage");
+    return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext);
+}
+
+string Keymaster1Test::DecryptMessage(const string& ciphertext, const string& nonce) {
+    SCOPED_TRACE("DecryptMessage");
+    AuthorizationSet update_params;
+    return DecryptMessage(update_params, ciphertext, nonce);
+}
+
+string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params,
+                                      const string& ciphertext, const string& nonce) {
+    SCOPED_TRACE("DecryptMessage");
+    AuthorizationSet begin_params;
+    begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
+    return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
+}
+
+keymaster_error_t Keymaster1Test::GetCharacteristics() {
+    FreeCharacteristics();
+    return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
+                                             &characteristics_);
+}
+
+keymaster_error_t Keymaster1Test::ExportKey(keymaster_key_format_t format, string* export_data) {
+    uint8_t* export_data_tmp;
+    size_t export_data_length;
+
+    keymaster_error_t error =
+        device()->export_key(device(), format, &blob_, &client_id_, NULL /* app_data */,
+                             &export_data_tmp, &export_data_length);
+
+    if (error != KM_ERROR_OK)
+        return error;
+
+    *export_data = string(reinterpret_cast<char*>(export_data_tmp), export_data_length);
+    free(export_data_tmp);
+    return error;
+}
+
+keymaster_error_t
+Keymaster1Test::Rescope(const AuthorizationSet& new_params, keymaster_key_blob_t* rescoped_blob,
+                        keymaster_key_characteristics_t** rescoped_characteristics) {
+    return device()->rescope(device(), new_params.data(), new_params.size(), &blob_, &client_id_,
+                             NULL /* app data */, rescoped_blob, rescoped_characteristics);
+}
+
+void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
+                                         string expected_mac) {
+    ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8, digest,
+                                                                       expected_mac.size()),
+                                     KM_KEY_FORMAT_RAW, key));
+    string signature;
+    SignMessage(message, &signature);
+    EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << digest;
+}
+
+void Keymaster1Test::CheckAesOcbTestVector(const string& key, const string& nonce,
+                                           const string& associated_data, const string& message,
+                                           const string& expected_ciphertext) {
+    ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
+                                         .AesEncryptionKey(key.size() * 8)
+                                         .OcbMode(4096 /* chunk length */, 16 /* tag length */)
+                                         .Authorization(TAG_CALLER_NONCE),
+                                     KM_KEY_FORMAT_RAW, key));
+
+    AuthorizationSet begin_params, update_params, output_params;
+    begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
+    update_params.push_back(TAG_ASSOCIATED_DATA, associated_data.data(), associated_data.size());
+    string ciphertext =
+        EncryptMessageWithParams(message, begin_params, update_params, &output_params);
+    EXPECT_EQ(expected_ciphertext, ciphertext);
+}
+
+AuthorizationSet Keymaster1Test::hw_enforced() {
+    EXPECT_TRUE(characteristics_ != NULL);
+    return AuthorizationSet(characteristics_->hw_enforced);
+}
+
+AuthorizationSet Keymaster1Test::sw_enforced() {
+    EXPECT_TRUE(characteristics_ != NULL);
+    return AuthorizationSet(characteristics_->sw_enforced);
+}
+
+void Keymaster1Test::FreeCharacteristics() {
+    keymaster_free_characteristics(characteristics_);
+    free(characteristics_);
+    characteristics_ = NULL;
+}
+
+void Keymaster1Test::FreeKeyBlob() {
+    free(const_cast<uint8_t*>(blob_.key_material));
+    blob_.key_material = NULL;
+}
+
+void Keymaster1Test::corrupt_key_blob() {
+    assert(blob_.key_material);
+    uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
+    ++tmp[blob_.key_material_size / 2];
+}
+
+}  // namespace test
 }  // namespace keymaster
commit	95dda36620149d1b8de57d175df9ba34a64e895d	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Fri Feb 27 10:58:37 2015 -0700
committer	Shawn Willden <swillden@google.com>	Tue Mar 17 16:52:06 2015 -0600
tree	40c1c5585a552d380d271e95180aedc3101ac005
parent	84b8da52a242c42d9a6a8cc8f128fb4c8baa6f8f [diff] [blame]