1*4d7e907cSAndroid Build Coastguard Worker /* 2*4d7e907cSAndroid Build Coastguard Worker * Copyright 2019, The Android Open Source Project 3*4d7e907cSAndroid Build Coastguard Worker * 4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*4d7e907cSAndroid Build Coastguard Worker * 8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*4d7e907cSAndroid Build Coastguard Worker * 10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License. 15*4d7e907cSAndroid Build Coastguard Worker */ 16*4d7e907cSAndroid Build Coastguard Worker 17*4d7e907cSAndroid Build Coastguard Worker #ifndef VTS_IDENTITY_TEST_UTILS_H 18*4d7e907cSAndroid Build Coastguard Worker #define VTS_IDENTITY_TEST_UTILS_H 19*4d7e907cSAndroid Build Coastguard Worker 20*4d7e907cSAndroid Build Coastguard Worker #include <android/hardware/identity/IIdentityCredentialStore.h> 21*4d7e907cSAndroid Build Coastguard Worker #include <android/hardware/identity/support/IdentityCredentialSupport.h> 22*4d7e907cSAndroid Build Coastguard Worker #include <android/hardware/security/keymint/MacedPublicKey.h> 23*4d7e907cSAndroid Build Coastguard Worker #include <cppbor.h> 24*4d7e907cSAndroid Build Coastguard Worker #include <cppbor_parse.h> 25*4d7e907cSAndroid Build Coastguard Worker #include <gtest/gtest.h> 26*4d7e907cSAndroid Build Coastguard Worker 27*4d7e907cSAndroid Build Coastguard Worker namespace android::hardware::identity::test_utils { 28*4d7e907cSAndroid Build Coastguard Worker 29*4d7e907cSAndroid Build Coastguard Worker using ::std::map; 30*4d7e907cSAndroid Build Coastguard Worker using ::std::optional; 31*4d7e907cSAndroid Build Coastguard Worker using ::std::string; 32*4d7e907cSAndroid Build Coastguard Worker using ::std::vector; 33*4d7e907cSAndroid Build Coastguard Worker 34*4d7e907cSAndroid Build Coastguard Worker using ::android::sp; 35*4d7e907cSAndroid Build Coastguard Worker using ::android::binder::Status; 36*4d7e907cSAndroid Build Coastguard Worker 37*4d7e907cSAndroid Build Coastguard Worker struct AttestationData { AttestationDataAttestationData38*4d7e907cSAndroid Build Coastguard Worker AttestationData(sp<IWritableIdentityCredential>& writableCredential, string challenge, 39*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> attestationAppId) 40*4d7e907cSAndroid Build Coastguard Worker : attestationApplicationId(attestationAppId) { 41*4d7e907cSAndroid Build Coastguard Worker // ASSERT_NE(writableCredential, nullptr); 42*4d7e907cSAndroid Build Coastguard Worker 43*4d7e907cSAndroid Build Coastguard Worker if (!challenge.empty()) { 44*4d7e907cSAndroid Build Coastguard Worker attestationChallenge.assign(challenge.begin(), challenge.end()); 45*4d7e907cSAndroid Build Coastguard Worker } 46*4d7e907cSAndroid Build Coastguard Worker 47*4d7e907cSAndroid Build Coastguard Worker result = writableCredential->getAttestationCertificate( 48*4d7e907cSAndroid Build Coastguard Worker attestationApplicationId, attestationChallenge, &attestationCertificate); 49*4d7e907cSAndroid Build Coastguard Worker } 50*4d7e907cSAndroid Build Coastguard Worker AttestationDataAttestationData51*4d7e907cSAndroid Build Coastguard Worker AttestationData() {} 52*4d7e907cSAndroid Build Coastguard Worker 53*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> attestationChallenge; 54*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> attestationApplicationId; 55*4d7e907cSAndroid Build Coastguard Worker vector<Certificate> attestationCertificate; 56*4d7e907cSAndroid Build Coastguard Worker Status result; 57*4d7e907cSAndroid Build Coastguard Worker }; 58*4d7e907cSAndroid Build Coastguard Worker 59*4d7e907cSAndroid Build Coastguard Worker struct TestEntryData { TestEntryDataTestEntryData60*4d7e907cSAndroid Build Coastguard Worker TestEntryData(string nameSpace, string name, vector<int32_t> profileIds) 61*4d7e907cSAndroid Build Coastguard Worker : nameSpace(nameSpace), name(name), profileIds(profileIds) {} 62*4d7e907cSAndroid Build Coastguard Worker TestEntryDataTestEntryData63*4d7e907cSAndroid Build Coastguard Worker TestEntryData(string nameSpace, string name, const string& value, vector<int32_t> profileIds) 64*4d7e907cSAndroid Build Coastguard Worker : TestEntryData(nameSpace, name, profileIds) { 65*4d7e907cSAndroid Build Coastguard Worker valueCbor = cppbor::Tstr(((const char*)value.data())).encode(); 66*4d7e907cSAndroid Build Coastguard Worker } TestEntryDataTestEntryData67*4d7e907cSAndroid Build Coastguard Worker TestEntryData(string nameSpace, string name, const vector<uint8_t>& value, 68*4d7e907cSAndroid Build Coastguard Worker vector<int32_t> profileIds) 69*4d7e907cSAndroid Build Coastguard Worker : TestEntryData(nameSpace, name, profileIds) { 70*4d7e907cSAndroid Build Coastguard Worker valueCbor = cppbor::Bstr(value).encode(); 71*4d7e907cSAndroid Build Coastguard Worker } TestEntryDataTestEntryData72*4d7e907cSAndroid Build Coastguard Worker TestEntryData(string nameSpace, string name, bool value, vector<int32_t> profileIds) 73*4d7e907cSAndroid Build Coastguard Worker : TestEntryData(nameSpace, name, profileIds) { 74*4d7e907cSAndroid Build Coastguard Worker valueCbor = cppbor::Bool(value).encode(); 75*4d7e907cSAndroid Build Coastguard Worker } TestEntryDataTestEntryData76*4d7e907cSAndroid Build Coastguard Worker TestEntryData(string nameSpace, string name, int64_t value, vector<int32_t> profileIds) 77*4d7e907cSAndroid Build Coastguard Worker : TestEntryData(nameSpace, name, profileIds) { 78*4d7e907cSAndroid Build Coastguard Worker if (value >= 0) { 79*4d7e907cSAndroid Build Coastguard Worker valueCbor = cppbor::Uint(value).encode(); 80*4d7e907cSAndroid Build Coastguard Worker } else { 81*4d7e907cSAndroid Build Coastguard Worker valueCbor = cppbor::Nint(-value).encode(); 82*4d7e907cSAndroid Build Coastguard Worker } 83*4d7e907cSAndroid Build Coastguard Worker } 84*4d7e907cSAndroid Build Coastguard Worker 85*4d7e907cSAndroid Build Coastguard Worker string nameSpace; 86*4d7e907cSAndroid Build Coastguard Worker string name; 87*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> valueCbor; 88*4d7e907cSAndroid Build Coastguard Worker vector<int32_t> profileIds; 89*4d7e907cSAndroid Build Coastguard Worker }; 90*4d7e907cSAndroid Build Coastguard Worker 91*4d7e907cSAndroid Build Coastguard Worker struct TestProfile { 92*4d7e907cSAndroid Build Coastguard Worker uint16_t id; 93*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> readerCertificate; 94*4d7e907cSAndroid Build Coastguard Worker bool userAuthenticationRequired; 95*4d7e907cSAndroid Build Coastguard Worker uint64_t timeoutMillis; 96*4d7e907cSAndroid Build Coastguard Worker }; 97*4d7e907cSAndroid Build Coastguard Worker 98*4d7e907cSAndroid Build Coastguard Worker bool setupWritableCredential(sp<IWritableIdentityCredential>& writableCredential, 99*4d7e907cSAndroid Build Coastguard Worker sp<IIdentityCredentialStore>& credentialStore, bool testCredential); 100*4d7e907cSAndroid Build Coastguard Worker 101*4d7e907cSAndroid Build Coastguard Worker optional<vector<vector<uint8_t>>> createFakeRemotelyProvisionedCertificateChain( 102*4d7e907cSAndroid Build Coastguard Worker const ::android::hardware::security::keymint::MacedPublicKey& macedPublicKey); 103*4d7e907cSAndroid Build Coastguard Worker 104*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal); 105*4d7e907cSAndroid Build Coastguard Worker 106*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal, 107*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t>* outReaderPrivateKey); 108*4d7e907cSAndroid Build Coastguard Worker 109*4d7e907cSAndroid Build Coastguard Worker optional<vector<SecureAccessControlProfile>> addAccessControlProfiles( 110*4d7e907cSAndroid Build Coastguard Worker sp<IWritableIdentityCredential>& writableCredential, 111*4d7e907cSAndroid Build Coastguard Worker const vector<TestProfile>& testProfiles); 112*4d7e907cSAndroid Build Coastguard Worker 113*4d7e907cSAndroid Build Coastguard Worker bool addEntry(sp<IWritableIdentityCredential>& writableCredential, const TestEntryData& entry, 114*4d7e907cSAndroid Build Coastguard Worker int dataChunkSize, map<const TestEntryData*, vector<vector<uint8_t>>>& encryptedBlobs, 115*4d7e907cSAndroid Build Coastguard Worker bool expectSuccess); 116*4d7e907cSAndroid Build Coastguard Worker 117*4d7e907cSAndroid Build Coastguard Worker void setImageData(vector<uint8_t>& image); 118*4d7e907cSAndroid Build Coastguard Worker 119*4d7e907cSAndroid Build Coastguard Worker void validateAttestationCertificate(const vector<Certificate>& credentialKeyCertChain, 120*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& expectedChallenge, 121*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& expectedAppId, bool isTestCredential); 122*4d7e907cSAndroid Build Coastguard Worker 123*4d7e907cSAndroid Build Coastguard Worker vector<RequestNamespace> buildRequestNamespaces(const vector<TestEntryData> entries); 124*4d7e907cSAndroid Build Coastguard Worker 125*4d7e907cSAndroid Build Coastguard Worker // Verifies that the X.509 certificate for a just created authentication key 126*4d7e907cSAndroid Build Coastguard Worker // is valid. 127*4d7e907cSAndroid Build Coastguard Worker // 128*4d7e907cSAndroid Build Coastguard Worker void verifyAuthKeyCertificate(const vector<uint8_t>& authKeyCertChain); 129*4d7e907cSAndroid Build Coastguard Worker 130*4d7e907cSAndroid Build Coastguard Worker } // namespace android::hardware::identity::test_utils 131*4d7e907cSAndroid Build Coastguard Worker 132*4d7e907cSAndroid Build Coastguard Worker #endif // VTS_IDENTITY_TEST_UTILS_H 133