Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 0e2ee44913880a582488a9cb7e1ffe0711111891 / . / android_keymaster_test_utils.cpp
blob: 80f6822425a56d57d0b445b91776b059389199bc [file] [log] [blame]
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]17#include "android_keymaster_test_utils.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]18
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]19#include <algorithm>
20
21#include <openssl/rand.h>
22
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]23#include <keymaster/android_keymaster_messages.h>
24#include <keymaster/android_keymaster_utils.h>
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]25
26using std::is_permutation;
27using std::ostream;
28using std::string;
29using std::vector;
30
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]31std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) {
32 os << "Tag: " << keymaster_tag_mask_type(param.tag);
33 switch (keymaster_tag_get_type(param.tag)) {
34 case KM_INVALID:
35 os << " Invalid";
36 break;
37 case KM_INT_REP:
38 os << " (Rep)";
39 /* Falls through */
40 case KM_INT:
41 os << " Int: " << param.integer;
42 break;
43 case KM_ENUM_REP:
44 os << " (Rep)";
45 /* Falls through */
46 case KM_ENUM:
47 os << " Enum: " << param.enumerated;
48 break;
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]49 case KM_LONG_REP:
50 os << " (Rep)";
51 /* Falls through */
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]52 case KM_LONG:
53 os << " Long: " << param.long_integer;
54 break;
55 case KM_DATE:
56 os << " Date: " << param.date_time;
57 break;
58 case KM_BOOL:
59 os << " Bool: " << param.boolean;
60 break;
61 case KM_BIGNUM:
62 os << " Bignum: ";
63 break;
64 case KM_BYTES:
65 os << " Bytes: ";
66 break;
67 }
68 return os;
69}
70
71bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) {
72 if (a.tag != b.tag) {
73 return false;
74 }
75
76 switch (keymaster_tag_get_type(a.tag)) {
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]77 case KM_INVALID:
78 return true;
79 case KM_INT_REP:
80 case KM_INT:
81 return a.integer == b.integer;
82 case KM_ENUM_REP:
83 case KM_ENUM:
84 return a.enumerated == b.enumerated;
85 case KM_LONG:
Shawn Willden82114e72015-04-16 15:47:50 -0600[diff] [blame]86 case KM_LONG_REP:
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]87 return a.long_integer == b.long_integer;
88 case KM_DATE:
89 return a.date_time == b.date_time;
90 case KM_BOOL:
91 return a.boolean == b.boolean;
92 case KM_BIGNUM:
93 case KM_BYTES:
94 if ((a.blob.data == NULL || b.blob.data == NULL) && a.blob.data != b.blob.data)
95 return false;
96 return a.blob.data_length == b.blob.data_length &&
97 (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0);
98 }
Shawn Willden82114e72015-04-16 15:47:50 -0600[diff] [blame]99
100 return false;
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]101}
102
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]103static char hex_value[256] = {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
106 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9'
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]107 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F'
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]108 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0,
109 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f'
110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
112 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
114 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
115 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]116
117string hex2str(string a) {
118 string b;
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]119 size_t num = a.size() / 2;
Thai Duong7689ed62015-03-20 16:50:18 -0700[diff] [blame]120 b.resize(num);
121 for (size_t i = 0; i < num; i++) {
122 b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]);
123 }
124 return b;
125}
126
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]127namespace keymaster {
128
129bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
130 if (a.size() != b.size())
131 return false;
132
133 for (size_t i = 0; i < a.size(); ++i)
134 if (!(a[i] == b[i]))
135 return false;
136 return true;
137}
138
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]139bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b) {
140 return !(a == b);
141}
142
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]143std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set) {
144 if (set.size() == 0)
145 os << "(Empty)" << std::endl;
146 for (size_t i = 0; i < set.size(); ++i) {
147 os << set[i] << std::endl;
148 }
149 return os;
150}
151
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]152namespace test {
153
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]154Keymaster1Test::Keymaster1Test() : op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]155 blob_.key_material = NULL;
156 RAND_seed("foobar", 6);
157 blob_.key_material = 0;
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]158 device_ = GetParam()->CreateDevice();
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]159}
160
161Keymaster1Test::~Keymaster1Test() {
162 FreeCharacteristics();
163 FreeKeyBlob();
164 device_->common.close(reinterpret_cast<hw_device_t*>(device_));
165}
166
167keymaster1_device_t* Keymaster1Test::device() {
168 return device_;
169}
170
171keymaster_error_t Keymaster1Test::GenerateKey(const AuthorizationSetBuilder& builder) {
172 AuthorizationSet params(builder.build());
173 params.push_back(UserAuthParams());
174 params.push_back(ClientParams());
175
176 FreeKeyBlob();
177 FreeCharacteristics();
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]178 return device()->generate_key(device(), &params, &blob_, &characteristics_);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]179}
180
181keymaster_error_t Keymaster1Test::ImportKey(const AuthorizationSetBuilder& builder,
182 keymaster_key_format_t format,
183 const string& key_material) {
184 AuthorizationSet params(builder.build());
185 params.push_back(UserAuthParams());
186 params.push_back(ClientParams());
187
188 FreeKeyBlob();
189 FreeCharacteristics();
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]190 keymaster_blob_t key = {reinterpret_cast<const uint8_t*>(key_material.c_str()),
191 key_material.length()};
192 return device()->import_key(device(), &params, format, &key, &blob_, &characteristics_);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]193}
194
195AuthorizationSet Keymaster1Test::UserAuthParams() {
196 AuthorizationSet set;
197 set.push_back(TAG_USER_ID, 7);
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]198 set.push_back(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]199 set.push_back(TAG_AUTH_TIMEOUT, 300);
200 return set;
201}
202
203AuthorizationSet Keymaster1Test::ClientParams() {
204 AuthorizationSet set;
205 set.push_back(TAG_APPLICATION_ID, "app_id", 6);
206 return set;
207}
208
209keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]210 AuthorizationSet in_params(client_params());
211 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]212 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]213 device()->begin(device(), purpose, &blob_, &in_params, &out_params, &op_handle_);
214 EXPECT_EQ(0U, out_params.length);
215 EXPECT_TRUE(out_params.params == nullptr);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]216 return error;
217}
218
219keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose,
220 const AuthorizationSet& input_set,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]221 AuthorizationSet* output_set) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]222 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]223 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]224 device()->begin(device(), purpose, &blob_, &input_set, &out_params, &op_handle_);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]225 if (error == KM_ERROR_OK) {
226 if (output_set) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]227 output_set->Reinitialize(out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]228 } else {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]229 EXPECT_EQ(0U, out_params.length);
230 EXPECT_TRUE(out_params.params == nullptr);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]231 }
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]232 keymaster_free_param_set(&out_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]233 }
234 return error;
235}
236
237keymaster_error_t Keymaster1Test::UpdateOperation(const string& message, string* output,
238 size_t* input_consumed) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]239 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]240 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
241 keymaster_blob_t out_tmp;
242 keymaster_key_param_set_t out_params;
243 keymaster_error_t error = device()->update(device(), op_handle_, nullptr /* params */, &input,
244 input_consumed, &out_params, &out_tmp);
245 if (error == KM_ERROR_OK && out_tmp.data)
246 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
247 free(const_cast<uint8_t*>(out_tmp.data));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]248 return error;
249}
250
251keymaster_error_t Keymaster1Test::UpdateOperation(const AuthorizationSet& additional_params,
252 const string& message, string* output,
253 size_t* input_consumed) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]254 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]255 keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()};
256 keymaster_blob_t out_tmp;
257 keymaster_key_param_set_t out_params;
258 keymaster_error_t error = device()->update(device(), op_handle_, &additional_params, &input,
259 input_consumed, &out_params, &out_tmp);
260 if (error == KM_ERROR_OK && out_tmp.data)
261 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
262 free((void*)out_tmp.data);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]263 return error;
264}
265
266keymaster_error_t Keymaster1Test::FinishOperation(string* output) {
267 return FinishOperation("", output);
268}
269
270keymaster_error_t Keymaster1Test::FinishOperation(const string& signature, string* output) {
271 AuthorizationSet additional_params;
272 return FinishOperation(additional_params, signature, output);
273}
274
275keymaster_error_t Keymaster1Test::FinishOperation(const AuthorizationSet& additional_params,
276 const string& signature, string* output) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]277 keymaster_blob_t sig = {reinterpret_cast<const uint8_t*>(signature.c_str()),
278 signature.length()};
279 keymaster_blob_t out_tmp;
280 keymaster_key_param_set_t out_params;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]281 keymaster_error_t error =
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]282 device()->finish(device(), op_handle_, &additional_params, &sig, &out_params, &out_tmp);
283 if (error != KM_ERROR_OK) {
284 EXPECT_TRUE(out_tmp.data == nullptr);
285 EXPECT_TRUE(out_params.params == nullptr);
286 return error;
287 }
288
289 if (out_tmp.data)
290 output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length);
291 free((void*)out_tmp.data);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]292 return error;
293}
294
295keymaster_error_t Keymaster1Test::AbortOperation() {
296 return device()->abort(device(), op_handle_);
297}
298
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]299string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) {
300 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]301
302 string result;
303 size_t input_consumed;
304 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
305 EXPECT_EQ(message.size(), input_consumed);
306 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
307 return result;
308}
309
310string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
311 const AuthorizationSet& begin_params,
312 const AuthorizationSet& update_params,
313 AuthorizationSet* output_params) {
314 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
315
316 string result;
317 size_t input_consumed;
318 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &result, &input_consumed));
319 EXPECT_EQ(message.size(), input_consumed);
320 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result));
321 return result;
322}
323
324string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]325 const string& signature, const AuthorizationSet& begin_params,
326 const AuthorizationSet& update_params,
327 AuthorizationSet* output_params) {
328 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params));
329
330 string result;
331 size_t input_consumed;
332 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &result, &input_consumed));
333 EXPECT_EQ(message.size(), input_consumed);
334 EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, signature, &result));
335 return result;
336}
337
338string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
339 const string& signature) {
340 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]341
342 string result;
343 size_t input_consumed;
344 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
345 EXPECT_EQ(message.size(), input_consumed);
346 EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
347 return result;
348}
349
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]350void Keymaster1Test::SignMessage(const string& message, string* signature,
351 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]352 SCOPED_TRACE("SignMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]353 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
354 input_params.push_back(TAG_DIGEST, digest);
355 AuthorizationSet update_params;
356 AuthorizationSet output_params;
357 *signature =
358 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]359 EXPECT_GT(signature->size(), 0U);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]360}
361
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]362void Keymaster1Test::SignMessage(const string& message, string* signature,
363 keymaster_digest_t digest, keymaster_padding_t padding) {
364 SCOPED_TRACE("SignMessage");
365 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
366 input_params.push_back(TAG_DIGEST, digest);
367 input_params.push_back(TAG_PADDING, padding);
368 AuthorizationSet update_params;
369 AuthorizationSet output_params;
370 *signature =
371 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
372 EXPECT_GT(signature->size(), 0U);
373}
374
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]375void Keymaster1Test::MacMessage(const string& message, string* signature, keymaster_digest_t digest,
376 size_t mac_length) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]377 SCOPED_TRACE("SignMessage");
378 AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
379 input_params.push_back(TAG_MAC_LENGTH, mac_length);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]380 input_params.push_back(TAG_DIGEST, digest);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]381 AuthorizationSet update_params;
382 AuthorizationSet output_params;
383 *signature =
384 ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
385 EXPECT_GT(signature->size(), 0U);
386}
387
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]388void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]389 keymaster_digest_t digest) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]390 SCOPED_TRACE("VerifyMessage");
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]391 AuthorizationSet input_params(client_params());
392 input_params.push_back(TAG_DIGEST, digest);
393 AuthorizationSet update_params;
394 AuthorizationSet output_params;
395 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
396 &output_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]397}
398
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]399void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
400 keymaster_digest_t digest, keymaster_padding_t padding) {
401 SCOPED_TRACE("VerifyMessage");
402 AuthorizationSet input_params(client_params());
403 input_params.push_back(TAG_DIGEST, digest);
404 input_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]405 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]406 AuthorizationSet output_params;
407 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params,
408 &output_params);
409}
410
411string Keymaster1Test::EncryptMessage(const string& message, keymaster_padding_t padding,
412 string* generated_nonce) {
413 AuthorizationSet update_params;
414 return EncryptMessage(update_params, message, padding, generated_nonce);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]415}
416
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]417string Keymaster1Test::EncryptMessage(const string& message, keymaster_block_mode_t block_mode,
418 keymaster_padding_t padding, string* generated_nonce) {
419 AuthorizationSet update_params;
420 return EncryptMessage(update_params, message, block_mode, padding, generated_nonce);
421}
422
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]423string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]424 keymaster_padding_t padding, string* generated_nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]425 SCOPED_TRACE("EncryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]426 AuthorizationSet begin_params(client_params()), output_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]427 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]428 string ciphertext =
429 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
430 if (generated_nonce) {
431 keymaster_blob_t nonce_blob;
432 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
433 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
434 } else {
435 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
436 }
437 return ciphertext;
438}
439
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]440string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
441 keymaster_block_mode_t block_mode,
442 keymaster_padding_t padding, string* generated_nonce) {
443 SCOPED_TRACE("EncryptMessage");
444 AuthorizationSet begin_params(client_params()), output_params;
445 begin_params.push_back(TAG_PADDING, padding);
446 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
447 string ciphertext =
448 ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
449 if (generated_nonce) {
450 keymaster_blob_t nonce_blob;
451 EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob));
452 *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length);
453 } else {
454 EXPECT_EQ(-1, output_params.find(TAG_NONCE));
455 }
456 return ciphertext;
457}
458
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]459string Keymaster1Test::EncryptMessageWithParams(const string& message,
460 const AuthorizationSet& begin_params,
461 const AuthorizationSet& update_params,
462 AuthorizationSet* output_params) {
463 SCOPED_TRACE("EncryptMessageWithParams");
464 return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params);
465}
466
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]467string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]468 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]469 AuthorizationSet begin_params(client_params());
470 begin_params.push_back(TAG_PADDING, padding);
471 AuthorizationSet update_params;
472 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]473}
474
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]475string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
476 keymaster_padding_t padding) {
477 SCOPED_TRACE("DecryptMessage");
478 AuthorizationSet begin_params(client_params());
479 begin_params.push_back(TAG_PADDING, padding);
480 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
481 AuthorizationSet update_params;
482 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
483}
484
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]485string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding,
486 const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]487 SCOPED_TRACE("DecryptMessage");
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]488 AuthorizationSet begin_params(client_params());
489 begin_params.push_back(TAG_PADDING, padding);
490 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]491 AuthorizationSet update_params;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]492 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]493}
494
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]495string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode,
496 keymaster_padding_t padding, const string& nonce) {
497 SCOPED_TRACE("DecryptMessage");
498 AuthorizationSet begin_params(client_params());
499 begin_params.push_back(TAG_PADDING, padding);
500 begin_params.push_back(TAG_BLOCK_MODE, block_mode);
501 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
502 AuthorizationSet update_params;
503 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
504}
505
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]506string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params,
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]507 const string& ciphertext, keymaster_padding_t padding,
508 const string& nonce) {
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]509 SCOPED_TRACE("DecryptMessage");
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]510 AuthorizationSet begin_params(client_params());
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]511 begin_params.push_back(TAG_PADDING, padding);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]512 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
513 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
514}
515
516keymaster_error_t Keymaster1Test::GetCharacteristics() {
517 FreeCharacteristics();
518 return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
519 &characteristics_);
520}
521
522keymaster_error_t Keymaster1Test::ExportKey(keymaster_key_format_t format, string* export_data) {
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]523 keymaster_blob_t export_tmp;
524 keymaster_error_t error = device()->export_key(device(), format, &blob_, &client_id_,
525 NULL /* app_data */, &export_tmp);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]526
527 if (error != KM_ERROR_OK)
528 return error;
529
Shawn Willden0e2ee442015-06-01 14:42:16 -0600[diff] [blame^]530 *export_data = string(reinterpret_cast<const char*>(export_tmp.data), export_tmp.data_length);
531 free((void*)export_tmp.data);
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]532 return error;
533}
534
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]535void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
536 string expected_mac) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]537 ASSERT_EQ(KM_ERROR_OK,
538 ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8).Digest(digest),
539 KM_KEY_FORMAT_RAW, key));
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]540 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]541 MacMessage(message, &signature, digest, expected_mac.size() * 8);
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]542 EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]543}
544
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]545void Keymaster1Test::CheckAesCtrTestVector(const string& key, const string& nonce,
546 const string& message,
547 const string& expected_ciphertext) {
548 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
549 .AesEncryptionKey(key.size() * 8)
550 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]551 .Authorization(TAG_CALLER_NONCE)
552 .Padding(KM_PAD_NONE),
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]553 KM_KEY_FORMAT_RAW, key));
554
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]555 AuthorizationSet begin_params(client_params()), update_params, output_params;
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]556 begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]557 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]558 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]559 string ciphertext =
560 EncryptMessageWithParams(message, begin_params, update_params, &output_params);
561 EXPECT_EQ(expected_ciphertext, ciphertext);
562}
563
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]564AuthorizationSet Keymaster1Test::hw_enforced() {
565 EXPECT_TRUE(characteristics_ != NULL);
566 return AuthorizationSet(characteristics_->hw_enforced);
567}
568
569AuthorizationSet Keymaster1Test::sw_enforced() {
570 EXPECT_TRUE(characteristics_ != NULL);
571 return AuthorizationSet(characteristics_->sw_enforced);
572}
573
574void Keymaster1Test::FreeCharacteristics() {
575 keymaster_free_characteristics(characteristics_);
576 free(characteristics_);
577 characteristics_ = NULL;
578}
579
580void Keymaster1Test::FreeKeyBlob() {
581 free(const_cast<uint8_t*>(blob_.key_material));
582 blob_.key_material = NULL;
583}
584
585void Keymaster1Test::corrupt_key_blob() {
586 assert(blob_.key_material);
587 uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
588 ++tmp[blob_.key_material_size / 2];
589}
590
591} // namespace test
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]592} // namespace keymaster