services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStorageImplTest.java

/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.server.locksettings.recoverablekeystore;

import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;

import android.security.keystore.KeyProperties;
import android.security.keystore.KeyProtection;
import android.support.test.filters.SmallTest;
import android.support.test.runner.AndroidJUnit4;

import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.util.Random;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

@SmallTest
@RunWith(AndroidJUnit4.class)
public class RecoverableKeyStorageImplTest {
    private static final String KEY_ALGORITHM = "AES";
    private static final int GCM_TAG_LENGTH_BYTES = 16;
    private static final int BITS_PER_BYTE = 8;
    private static final int GCM_TAG_LENGTH_BITS = GCM_TAG_LENGTH_BYTES * BITS_PER_BYTE;
    private static final int GCM_NONCE_LENGTH_BYTES = 12;
    private static final String TEST_KEY_ALIAS = "RecoverableKeyStorageImplTestKey";
    private static final int KEYSTORE_UID_SELF = -1;

    private RecoverableKeyStorageImpl mRecoverableKeyStorage;

    @Before
    public void setUp() throws Exception {
        mRecoverableKeyStorage = RecoverableKeyStorageImpl.newInstance(
                /*userId=*/ KEYSTORE_UID_SELF);
    }

    @After
    public void tearDown() {
        try {
            mRecoverableKeyStorage.removeFromAndroidKeyStore(TEST_KEY_ALIAS);
        } catch (KeyStoreException e) {
            // Do nothing.
        }
    }

    @Test
    public void loadFromAndroidKeyStore_loadsAKeyThatWasImported() throws Exception {
        SecretKey key = generateKey();
        mRecoverableKeyStorage.importIntoAndroidKeyStore(
                TEST_KEY_ALIAS,
                key,
                getKeyProperties());

        assertKeysAreEquivalent(
                key, mRecoverableKeyStorage.loadFromAndroidKeyStore(TEST_KEY_ALIAS));
    }

    @Test
    public void importIntoAndroidKeyStore_importsWithKeyProperties() throws Exception {
        mRecoverableKeyStorage.importIntoAndroidKeyStore(
                TEST_KEY_ALIAS,
                generateKey(),
                getKeyProperties());

        SecretKey key = mRecoverableKeyStorage.loadFromAndroidKeyStore(TEST_KEY_ALIAS);

        Mac mac = Mac.getInstance("HmacSHA256");
        try {
            // Fails because missing PURPOSE_SIGN or PURPOSE_VERIFY
            mac.init(key);
            fail("Was able to initialize Mac with an ENCRYPT/DECRYPT-only key.");
        } catch (InvalidKeyException e) {
            // expect exception
        }
    }

    @Test
    public void removeFromAndroidKeyStore_removesAnEntry() throws Exception {
        mRecoverableKeyStorage.importIntoAndroidKeyStore(
                TEST_KEY_ALIAS,
                generateKey(),
                getKeyProperties());

        mRecoverableKeyStorage.removeFromAndroidKeyStore(TEST_KEY_ALIAS);

        assertNull(mRecoverableKeyStorage.loadFromAndroidKeyStore(TEST_KEY_ALIAS));
    }

    private static KeyProtection getKeyProperties() {
        return new KeyProtection.Builder(
                KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                .build();
    }

    /**
     * Asserts that {@code b} key can decrypt data encrypted with {@code a} key. Otherwise throws.
     */
    private static void assertKeysAreEquivalent(SecretKey a, SecretKey b) throws Exception {
        byte[] plaintext = "doge".getBytes(StandardCharsets.UTF_8);
        byte[] nonce = generateGcmNonce();

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, a, new GCMParameterSpec(GCM_TAG_LENGTH_BITS, nonce));
        byte[] encrypted = cipher.doFinal(plaintext);

        cipher.init(Cipher.DECRYPT_MODE, b, new GCMParameterSpec(GCM_TAG_LENGTH_BITS, nonce));
        byte[] decrypted = cipher.doFinal(encrypted);

        assertArrayEquals(decrypted, plaintext);
    }

    /**
     * Returns a new random GCM nonce.
     */
    private static byte[] generateGcmNonce() {
        Random random = new Random();
        byte[] nonce = new byte[GCM_NONCE_LENGTH_BYTES];
        random.nextBytes(nonce);
        return nonce;
    }

    private static SecretKey generateKey() throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
        keyGenerator.init(/*keySize=*/ 256);
        return keyGenerator.generateKey();
    }
}