1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <functional>
20 #include <optional>
21 #include <string_view>
22
23 #include <aidl/Gtest.h>
24 #include <aidl/Vintf.h>
25 #include <android-base/properties.h>
26 #include <binder/IServiceManager.h>
27 #include <binder/ProcessState.h>
28 #include <gtest/gtest.h>
29 #include <openssl/x509.h>
30
31 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
32 #include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
33 #include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
34
35 #include <keymint_support/attestation_record.h>
36 #include <keymint_support/authorization_set.h>
37 #include <keymint_support/openssl_utils.h>
38
39 namespace aidl::android::hardware::security::keymint {
40
41 ::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set);
42
43 inline bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
44 return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
45 }
46
47 namespace test {
48
49 using ::android::sp;
50 using Status = ::ndk::ScopedAStatus;
51 using ::std::optional;
52 using ::std::shared_ptr;
53 using ::std::string;
54 using ::std::vector;
55
56 constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF;
57
58 const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
59 const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
60 const string FEATURE_HARDWARE_KEYSTORE = "android.hardware.hardware_keystore";
61
62 // RAII class to ensure that a keyblob is deleted regardless of how a test exits.
63 class KeyBlobDeleter {
64 public:
KeyBlobDeleter(const shared_ptr<IKeyMintDevice> & keymint,const vector<uint8_t> & key_blob)65 KeyBlobDeleter(const shared_ptr<IKeyMintDevice>& keymint, const vector<uint8_t>& key_blob)
66 : keymint_(keymint), key_blob_(key_blob) {}
67 ~KeyBlobDeleter();
68
69 private:
70 shared_ptr<IKeyMintDevice> keymint_;
71 vector<uint8_t> key_blob_;
72 };
73
74 class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
75 public:
76 struct KeyData {
77 vector<uint8_t> blob;
78 vector<KeyCharacteristics> characteristics;
79 };
80
81 static bool arm_deleteAllKeys;
82 static bool dump_Attestations;
83
84 // Directory to store/retrieve keyblobs, using subdirectories named for the
85 // KeyMint instance in question (e.g. "./default/", "./strongbox/").
86 static std::string keyblob_dir;
87 // To specify if users expect an upgrade on the keyBlobs.
88 static std::optional<bool> expect_upgrade;
89
90 void SetUp() override;
TearDown()91 void TearDown() override {
92 if (key_blob_.size()) {
93 CheckedDeleteKey();
94 }
95 AbortIfNeeded();
96 }
97
98 void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
keyMint()99 IKeyMintDevice& keyMint() { return *keymint_; }
100 int32_t AidlVersion() const;
os_version()101 uint32_t os_version() { return os_version_; }
os_patch_level()102 uint32_t os_patch_level() { return os_patch_level_; }
vendor_patch_level()103 uint32_t vendor_patch_level() { return vendor_patch_level_; }
104 uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);
105 uint32_t boot_patch_level();
106 std::optional<vector<uint8_t>> getModuleHash();
107 bool isDeviceIdAttestationRequired();
108 bool isSecondImeiIdAttestationRequired();
109 std::optional<bool> isRkpOnly();
110
111 bool Curve25519Supported();
112
113 ErrorCode GenerateKey(const AuthorizationSet& key_desc);
114
115 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
116 vector<KeyCharacteristics>* key_characteristics);
117
118 ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
119 vector<KeyCharacteristics>* key_characteristics,
120 vector<Certificate>* cert_chain);
121
122 ErrorCode GenerateKey(const AuthorizationSet& key_desc,
123 const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob,
124 vector<KeyCharacteristics>* key_characteristics,
125 vector<Certificate>* cert_chain);
126
127 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
128 const string& key_material, vector<uint8_t>* key_blob,
129 vector<KeyCharacteristics>* key_characteristics);
130 ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
131 const string& key_material);
132
133 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
134 const AuthorizationSet& wrapping_key_desc, string masking_key,
135 const AuthorizationSet& unwrapping_params, int64_t password_sid,
136 int64_t biometric_sid);
ImportWrappedKey(string wrapped_key,string wrapping_key,const AuthorizationSet & wrapping_key_desc,string masking_key,const AuthorizationSet & unwrapping_params)137 ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
138 const AuthorizationSet& wrapping_key_desc, string masking_key,
139 const AuthorizationSet& unwrapping_params) {
140 return ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, masking_key,
141 unwrapping_params, 0 /* password_sid */, 0 /* biometric_sid */);
142 }
143
144 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob, const vector<uint8_t>& app_id,
145 const vector<uint8_t>& app_data,
146 vector<KeyCharacteristics>* key_characteristics);
147 ErrorCode GetCharacteristics(const vector<uint8_t>& key_blob,
148 vector<KeyCharacteristics>* key_characteristics);
149
150 void CheckCharacteristics(const vector<uint8_t>& key_blob,
151 const vector<KeyCharacteristics>& generate_characteristics);
152 void CheckAppIdCharacteristics(const vector<uint8_t>& key_blob, std::string_view app_id_string,
153 std::string_view app_data_string,
154 const vector<KeyCharacteristics>& generate_characteristics);
155
156 ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
157 ErrorCode DeleteKey(bool keep_key_blob = false);
158
159 ErrorCode DeleteAllKeys();
160
161 ErrorCode DestroyAttestationIds();
162
163 void CheckedDeleteKey();
164
165 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
166 const AuthorizationSet& in_params, AuthorizationSet* out_params,
167 std::shared_ptr<IKeyMintOperation>& op);
168 ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
169 const AuthorizationSet& in_params, AuthorizationSet* out_params,
170 std::optional<HardwareAuthToken> hat = std::nullopt);
171 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
172 AuthorizationSet* out_params);
173 ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
174
175 ErrorCode UpdateAad(const string& input);
176 ErrorCode Update(const string& input, string* output);
177
178 ErrorCode Finish(const string& message, const string& signature, string* output,
179 std::optional<HardwareAuthToken> hat = std::nullopt,
180 std::optional<secureclock::TimeStampToken> time_token = std::nullopt);
Finish(const string & message,string * output)181 ErrorCode Finish(const string& message, string* output) {
182 return Finish(message, {} /* signature */, output);
183 }
Finish(string * output)184 ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
185
186 ErrorCode Abort();
187 ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
188 void AbortIfNeeded();
189
190 string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
191 const string& message, const AuthorizationSet& in_params,
192 AuthorizationSet* out_params);
193 std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
194 const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
195 const AuthorizationSet& in_params);
196 string SignMessage(const vector<uint8_t>& key_blob, const string& message,
197 const AuthorizationSet& params);
198 string SignMessage(const string& message, const AuthorizationSet& params);
199
200 string MacMessage(const string& message, Digest digest, size_t mac_length);
201
202 void CheckAesIncrementalEncryptOperation(BlockMode block_mode, int message_size);
203
204 void AesCheckEncryptOneByteAtATime(const string& key, BlockMode block_mode,
205 PaddingMode padding_mode, const string& iv,
206 const string& plaintext, const string& exp_cipher_text);
207
208 void CheckHmacTestVector(const string& key, const string& message, Digest digest,
209 const string& expected_mac);
210
211 void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message,
212 const string& expected_ciphertext);
213
214 void CheckTripleDesTestVector(KeyPurpose purpose, BlockMode block_mode,
215 PaddingMode padding_mode, const string& key, const string& iv,
216 const string& input, const string& expected_output);
217
218 void VerifyMessage(const vector<uint8_t>& key_blob, const string& message,
219 const string& signature, const AuthorizationSet& params);
220 void VerifyMessage(const string& message, const string& signature,
221 const AuthorizationSet& params);
222 void LocalVerifyMessage(const vector<uint8_t>& der_cert, const string& message,
223 const string& signature, const AuthorizationSet& params);
224 void LocalVerifyMessage(const string& message, const string& signature,
225 const AuthorizationSet& params);
226
227 string LocalRsaEncryptMessage(const string& message, const AuthorizationSet& params);
228 string EncryptMessage(const vector<uint8_t>& key_blob, const string& message,
229 const AuthorizationSet& in_params, AuthorizationSet* out_params);
230 string EncryptMessage(const string& message, const AuthorizationSet& params,
231 AuthorizationSet* out_params);
232 string EncryptMessage(const string& message, const AuthorizationSet& params);
233 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding);
234 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
235 vector<uint8_t>* iv_out);
236 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
237 const vector<uint8_t>& iv_in);
238 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
239 uint8_t mac_length_bits, const vector<uint8_t>& iv_in);
240 string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
241 uint8_t mac_length_bits);
242
243 string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext,
244 const AuthorizationSet& params);
245 string DecryptMessage(const string& ciphertext, const AuthorizationSet& params);
246 string DecryptMessage(const string& ciphertext, BlockMode block_mode, PaddingMode padding_mode,
247 const vector<uint8_t>& iv);
248
249 std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob);
250
251 template <typename TagType>
252 std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
253 KeyData /* ecdsaKey */>
254 CreateTestKeys(
255 TagType tagToTest, ErrorCode expectedReturn,
256 std::function<void(AuthorizationSetBuilder*)> tagModifier =
257 [](AuthorizationSetBuilder*) {}) {
258 /* AES */
259 KeyData aesKeyData;
260 AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder()
261 .AesEncryptionKey(128)
262 .Authorization(tagToTest)
263 .BlockMode(BlockMode::ECB)
264 .Padding(PaddingMode::NONE)
265 .Authorization(TAG_NO_AUTH_REQUIRED);
266 tagModifier(&aesBuilder);
267 ErrorCode errorCode =
268 GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics);
269 EXPECT_EQ(expectedReturn, errorCode);
270
271 /* HMAC */
272 KeyData hmacKeyData;
273 AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder()
274 .HmacKey(128)
275 .Authorization(tagToTest)
276 .Digest(Digest::SHA_2_256)
277 .Authorization(TAG_MIN_MAC_LENGTH, 128)
278 .Authorization(TAG_NO_AUTH_REQUIRED);
279 tagModifier(&hmacBuilder);
280 errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics);
281 EXPECT_EQ(expectedReturn, errorCode);
282
283 /* RSA */
284 KeyData rsaKeyData;
285 AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder()
286 .RsaSigningKey(2048, 65537)
287 .Authorization(tagToTest)
288 .Digest(Digest::NONE)
289 .Padding(PaddingMode::NONE)
290 .Authorization(TAG_NO_AUTH_REQUIRED)
291 .SetDefaultValidity();
292 tagModifier(&rsaBuilder);
293 errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
294 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
295 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
296 EXPECT_EQ(expectedReturn, errorCode);
297 }
298
299 /* ECDSA */
300 KeyData ecdsaKeyData;
301 AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder()
302 .EcdsaSigningKey(EcCurve::P_256)
303 .Authorization(tagToTest)
304 .Digest(Digest::SHA_2_256)
305 .Authorization(TAG_NO_AUTH_REQUIRED)
306 .SetDefaultValidity();
307 tagModifier(&ecdsaBuilder);
308 errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
309 if (!(SecLevel() == SecurityLevel::STRONGBOX &&
310 ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
311 EXPECT_EQ(expectedReturn, errorCode);
312 }
313 return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
314 }
IsSecure()315 bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
SecLevel()316 SecurityLevel SecLevel() const { return securityLevel_; }
317 bool IsRkpSupportRequired() const;
318
319 vector<uint32_t> ValidKeySizes(Algorithm algorithm);
320 vector<uint32_t> InvalidKeySizes(Algorithm algorithm);
321
322 vector<BlockMode> ValidBlockModes(Algorithm algorithm);
323 vector<PaddingMode> ValidPaddingModes(Algorithm algorithm, BlockMode blockMode);
324 vector<PaddingMode> InvalidPaddingModes(Algorithm algorithm, BlockMode blockMode);
325
326 vector<EcCurve> ValidCurves();
327 vector<EcCurve> InvalidCurves();
328
329 vector<Digest> ValidDigests(bool withNone, bool withMD5);
330 vector<uint64_t> ValidExponents();
331
build_params()332 static vector<string> build_params() {
333 auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
334 return params;
335 }
336
337 std::shared_ptr<IKeyMintOperation> op_;
338 vector<Certificate> cert_chain_;
339 vector<uint8_t> key_blob_;
340 vector<KeyCharacteristics> key_characteristics_;
341
342 const vector<KeyParameter>& SecLevelAuthorizations(
343 const vector<KeyCharacteristics>& key_characteristics);
SecLevelAuthorizations()344 inline const vector<KeyParameter>& SecLevelAuthorizations() {
345 return SecLevelAuthorizations(key_characteristics_);
346 }
347 const vector<KeyParameter>& SecLevelAuthorizations(
348 const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel);
349
350 ErrorCode UseAesKey(const vector<uint8_t>& aesKeyBlob);
351 ErrorCode UseHmacKey(const vector<uint8_t>& hmacKeyBlob);
352 ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
353 ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
354
355 ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
356 const optional<AttestationKey>& attest_key,
357 vector<uint8_t>* key_blob,
358 vector<KeyCharacteristics>* key_characteristics,
359 vector<Certificate>* cert_chain);
360
361 bool is_attest_key_feature_disabled(void) const;
362 bool is_strongbox_enabled(void) const;
363 bool is_chipset_allowed_km4_strongbox(void) const;
364 bool shouldSkipAttestKeyTest(void) const;
365
366 void assert_mgf_digests_present_or_not_in_key_characteristics(
367 const vector<KeyCharacteristics>& key_characteristics,
368 std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
369 bool is_mgf_digest_expected) const;
370
371 void assert_mgf_digests_present_or_not_in_key_characteristics(
372 std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
373 bool is_mgf_digest_expected) const;
374
375 protected:
376 std::shared_ptr<IKeyMintDevice> keymint_;
377 uint32_t os_version_;
378 uint32_t os_patch_level_;
379 uint32_t vendor_patch_level_;
380 bool timestamp_token_required_;
381
382 SecurityLevel securityLevel_;
383 string name_;
384 string author_;
385 int64_t challenge_;
386
387 private:
388 void CheckEncryptOneByteAtATime(BlockMode block_mode, const int block_size,
389 PaddingMode padding_mode, const string& iv,
390 const string& plaintext, const string& exp_cipher_text);
391 };
392
393 // If the given string is non-empty, add it to the tag set under the given tag ID.
394 template <Tag tag>
add_tag(AuthorizationSetBuilder * tags,TypedTag<TagType::BYTES,tag> ttag,const std::string & prop_value)395 void add_tag(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
396 const std::string& prop_value) {
397 if (!prop_value.empty()) {
398 tags->Authorization(ttag, prop_value.data(), prop_value.size());
399 }
400 }
401
402 // If the given property is available, add it to the tag set under the given tag ID.
403 template <Tag tag>
add_tag_from_prop(AuthorizationSetBuilder * tags,TypedTag<TagType::BYTES,tag> ttag,const char * prop)404 void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
405 const char* prop) {
406 add_tag(tags, ttag, ::android::base::GetProperty(prop, /* default= */ ""));
407 }
408
409 // Return the VSR API level for this device.
410 int get_vsr_api_level();
411
412 // Indicate whether the test is running on a GSI image.
413 bool is_gsi_image();
414
415 vector<uint8_t> build_serial_blob(const uint64_t serial_int);
416 void verify_subject(const X509* cert, const string& subject, bool self_signed);
417 void verify_serial(X509* cert, const uint64_t expected_serial);
418 void verify_subject_and_serial(const Certificate& certificate, //
419 const uint64_t expected_serial, //
420 const string& subject, bool self_signed);
421 void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, //
422 bool device_locked, //
423 VerifiedBoot verified_boot_state, //
424 const vector<uint8_t>& verified_boot_hash);
425 bool verify_attestation_record(int aidl_version, //
426 const string& challenge, //
427 const string& app_id, //
428 AuthorizationSet expected_sw_enforced, //
429 AuthorizationSet expected_hw_enforced, //
430 SecurityLevel security_level,
431 const vector<uint8_t>& attestation_cert,
432 vector<uint8_t>* unique_id = nullptr);
433
434 string bin2hex(const vector<uint8_t>& data);
435 X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
436 ASN1_OCTET_STRING* get_attestation_record(X509* certificate);
437 vector<uint8_t> make_name_from_str(const string& name);
438 void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
439 vector<uint8_t>* payload_value);
440 void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
441 void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result);
442 bool check_feature(const std::string& name);
443 std::optional<int32_t> keymint_feature_value(bool strongbox);
444 std::string get_imei(int slot);
445
446 // Retrieve a device ID property value, to match what is expected in attestations.
447 std::optional<std::string> get_attestation_id(const char* prop);
448
449 // Add the appropriate attestation device ID tag value to the provided `AuthorizationSetBuilder`,
450 // if found.
451 template <Tag tag>
add_attestation_id(AuthorizationSetBuilder * attestation_id_tags,TypedTag<TagType::BYTES,tag> tag_type,const char * prop)452 void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
453 TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
454 auto prop_value = get_attestation_id(prop);
455 if (prop_value.has_value()) {
456 add_tag(attestation_id_tags, tag_type, prop_value.value());
457 }
458 }
459
460 AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
461 AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
462 ::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain,
463 bool strict_issuer_check = true);
464
465 ErrorCode GetReturnErrorCode(const Status& result);
466
467 #define INSTANTIATE_KEYMINT_AIDL_TEST(name) \
468 INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
469 testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
470 ::android::PrintInstanceNameToString); \
471 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
472
473 } // namespace test
474
475 } // namespace aidl::android::hardware::security::keymint
476