blob: 1cf8630da0e95ee5b3e3acbd22e002582bb0c639
1 | /* |
2 | * Copyright 2016 The Android Open Source Project |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | */ |
16 | |
17 | #include <fstream> |
18 | |
19 | #include <gtest/gtest.h> |
20 | |
21 | #include <keymaster/keymaster_context.h> |
22 | |
23 | #include "android_keymaster_test_utils.h" |
24 | #include "attestation_record.h" |
25 | |
26 | #include <keymaster/keymaster_context.h> |
27 | |
28 | namespace keymaster { |
29 | namespace test { |
30 | |
31 | class TestContext : public KeymasterContext { |
32 | public: |
33 | keymaster_security_level_t GetSecurityLevel() const override { |
34 | return KM_SECURITY_LEVEL_SOFTWARE; |
35 | } |
36 | keymaster_error_t SetSystemVersion(uint32_t /* os_version */, |
37 | uint32_t /* os_patchlevel */) override { |
38 | return KM_ERROR_UNIMPLEMENTED; |
39 | } |
40 | void GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const override { |
41 | *os_version = 0; |
42 | *os_patchlevel = 0; |
43 | } |
44 | KeyFactory* GetKeyFactory(keymaster_algorithm_t /* algorithm */) const override { |
45 | return nullptr; |
46 | } |
47 | OperationFactory* GetOperationFactory(keymaster_algorithm_t /* algorithm */, |
48 | keymaster_purpose_t /* purpose */) const override { |
49 | return nullptr; |
50 | } |
51 | keymaster_algorithm_t* GetSupportedAlgorithms(size_t* /* algorithms_count */) const override { |
52 | return nullptr; |
53 | } |
54 | keymaster_error_t CreateKeyBlob(const AuthorizationSet& /* key_description */, |
55 | keymaster_key_origin_t /* origin */, |
56 | const KeymasterKeyBlob& /* key_material */, |
57 | KeymasterKeyBlob* /* blob */, |
58 | AuthorizationSet* /* hw_enforced */, |
59 | AuthorizationSet* /* sw_enforced */) const override { |
60 | return KM_ERROR_UNIMPLEMENTED; |
61 | } |
62 | keymaster_error_t UpgradeKeyBlob(const KeymasterKeyBlob& /* key_to_upgrade */, |
63 | const AuthorizationSet& /* upgrade_params */, |
64 | KeymasterKeyBlob* /* upgraded_key */) const override { |
65 | return KM_ERROR_UNIMPLEMENTED; |
66 | } |
67 | keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& /* blob */, |
68 | const AuthorizationSet& /* additional_params */, |
69 | KeymasterKeyBlob* /* key_material */, |
70 | AuthorizationSet* /* hw_enforced */, |
71 | AuthorizationSet* /* sw_enforced */) const override { |
72 | return KM_ERROR_UNIMPLEMENTED; |
73 | } |
74 | keymaster_error_t AddRngEntropy(const uint8_t* /* buf */, size_t /* length */) const override { |
75 | return KM_ERROR_UNIMPLEMENTED; |
76 | } |
77 | keymaster_error_t GenerateRandom(uint8_t* /* buf */, size_t /* length */) const override { |
78 | return KM_ERROR_UNIMPLEMENTED; |
79 | } |
80 | KeymasterEnforcement* enforcement_policy() { return nullptr; } |
81 | EVP_PKEY* AttestationKey(keymaster_algorithm_t /* algorithm */, |
82 | keymaster_error_t* /* error */) const override { |
83 | return nullptr; |
84 | } |
85 | keymaster_cert_chain_t* AttestationChain(keymaster_algorithm_t /* algorithm */, |
86 | keymaster_error_t* /* error */) const override { |
87 | return nullptr; |
88 | } |
89 | keymaster_error_t GenerateUniqueId(uint64_t /* creation_date_time */, |
90 | const keymaster_blob_t& /* application_id */, |
91 | bool /* reset_since_rotation */, Buffer* unique_id) const { |
92 | // Finally, the reason for defining this class: |
93 | unique_id->Reinitialize("foo", 3); |
94 | return KM_ERROR_OK; |
95 | } |
96 | }; |
97 | |
98 | TEST(AttestTest, Simple) { |
99 | AuthorizationSet hw_set(AuthorizationSetBuilder() |
100 | .RsaSigningKey(512, 3) |
101 | .Digest(KM_DIGEST_SHA_2_256) |
102 | .Digest(KM_DIGEST_SHA_2_384) |
103 | .Authorization(TAG_OS_VERSION, 60000) |
104 | .Authorization(TAG_OS_PATCHLEVEL, 201512) |
105 | .Authorization(TAG_APPLICATION_ID, "bar", 3)); |
106 | AuthorizationSet sw_set(AuthorizationSetBuilder().Authorization(TAG_ACTIVE_DATETIME, 10)); |
107 | |
108 | UniquePtr<uint8_t[]> asn1; |
109 | size_t asn1_len; |
110 | AuthorizationSet attest_params( |
111 | AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, "hello", 5)); |
112 | EXPECT_EQ(KM_ERROR_OK, build_attestation_record(attest_params, sw_set, hw_set, TestContext(), |
113 | &asn1, &asn1_len)); |
114 | EXPECT_GT(asn1_len, 0U); |
115 | |
116 | std::ofstream output("attest.der", |
117 | std::ofstream::out | std::ofstream::binary | std::ofstream::trunc); |
118 | if (output) |
119 | output.write(reinterpret_cast<const char*>(asn1.get()), asn1_len); |
120 | output.close(); |
121 | |
122 | AuthorizationSet parsed_hw_set; |
123 | AuthorizationSet parsed_sw_set; |
124 | uint32_t attestation_version; |
125 | uint32_t keymaster_version; |
126 | keymaster_security_level_t attestation_security_level; |
127 | keymaster_security_level_t keymaster_security_level; |
128 | keymaster_blob_t attestation_challenge = {}; |
129 | keymaster_blob_t unique_id = {}; |
130 | EXPECT_EQ(KM_ERROR_OK, |
131 | parse_attestation_record(asn1.get(), asn1_len, &attestation_version, |
132 | &attestation_security_level, &keymaster_version, |
133 | &keymaster_security_level, &attestation_challenge, |
134 | &parsed_sw_set, &parsed_hw_set, &unique_id)); |
135 | |
136 | hw_set.Sort(); |
137 | sw_set.Sort(); |
138 | parsed_hw_set.Sort(); |
139 | parsed_sw_set.Sort(); |
140 | EXPECT_EQ(hw_set, parsed_hw_set); |
141 | EXPECT_EQ(sw_set, parsed_sw_set); |
142 | } |
143 | |
144 | } // namespace test |
145 | } // namespace keymaster |
146 |