1 /*
2  * Copyright 2019, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef VTS_IDENTITY_TEST_UTILS_H
18 #define VTS_IDENTITY_TEST_UTILS_H
19 
20 #include <android/hardware/identity/IIdentityCredentialStore.h>
21 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
22 #include <cppbor.h>
23 #include <cppbor_parse.h>
24 #include <gtest/gtest.h>
25 
26 namespace android::hardware::identity::test_utils {
27 
28 using ::std::map;
29 using ::std::optional;
30 using ::std::string;
31 using ::std::vector;
32 
33 using ::android::sp;
34 using ::android::binder::Status;
35 
36 struct AttestationData {
AttestationDataAttestationData37     AttestationData(sp<IWritableIdentityCredential>& writableCredential, string challenge,
38                     vector<uint8_t> attestationAppId)
39         : attestationApplicationId(attestationAppId) {
40         // ASSERT_NE(writableCredential, nullptr);
41 
42         if (!challenge.empty()) {
43             attestationChallenge.assign(challenge.begin(), challenge.end());
44         }
45 
46         result = writableCredential->getAttestationCertificate(
47                 attestationApplicationId, attestationChallenge, &attestationCertificate);
48     }
49 
AttestationDataAttestationData50     AttestationData() {}
51 
52     vector<uint8_t> attestationChallenge;
53     vector<uint8_t> attestationApplicationId;
54     vector<Certificate> attestationCertificate;
55     Status result;
56 };
57 
58 struct TestEntryData {
TestEntryDataTestEntryData59     TestEntryData(string nameSpace, string name, vector<int32_t> profileIds)
60         : nameSpace(nameSpace), name(name), profileIds(profileIds) {}
61 
TestEntryDataTestEntryData62     TestEntryData(string nameSpace, string name, const string& value, vector<int32_t> profileIds)
63         : TestEntryData(nameSpace, name, profileIds) {
64         valueCbor = cppbor::Tstr(((const char*)value.data())).encode();
65     }
TestEntryDataTestEntryData66     TestEntryData(string nameSpace, string name, const vector<uint8_t>& value,
67                   vector<int32_t> profileIds)
68         : TestEntryData(nameSpace, name, profileIds) {
69         valueCbor = cppbor::Bstr(value).encode();
70     }
TestEntryDataTestEntryData71     TestEntryData(string nameSpace, string name, bool value, vector<int32_t> profileIds)
72         : TestEntryData(nameSpace, name, profileIds) {
73         valueCbor = cppbor::Bool(value).encode();
74     }
TestEntryDataTestEntryData75     TestEntryData(string nameSpace, string name, int64_t value, vector<int32_t> profileIds)
76         : TestEntryData(nameSpace, name, profileIds) {
77         if (value >= 0) {
78             valueCbor = cppbor::Uint(value).encode();
79         } else {
80             valueCbor = cppbor::Nint(-value).encode();
81         }
82     }
83 
84     string nameSpace;
85     string name;
86     vector<uint8_t> valueCbor;
87     vector<int32_t> profileIds;
88 };
89 
90 struct TestProfile {
91     uint16_t id;
92     vector<uint8_t> readerCertificate;
93     bool userAuthenticationRequired;
94     uint64_t timeoutMillis;
95 };
96 
97 bool setupWritableCredential(sp<IWritableIdentityCredential>& writableCredential,
98                              sp<IIdentityCredentialStore>& credentialStore, bool testCredential);
99 
100 optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal);
101 
102 optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal,
103                                                     vector<uint8_t>* outReaderPrivateKey);
104 
105 optional<vector<SecureAccessControlProfile>> addAccessControlProfiles(
106         sp<IWritableIdentityCredential>& writableCredential,
107         const vector<TestProfile>& testProfiles);
108 
109 bool addEntry(sp<IWritableIdentityCredential>& writableCredential, const TestEntryData& entry,
110               int dataChunkSize, map<const TestEntryData*, vector<vector<uint8_t>>>& encryptedBlobs,
111               bool expectSuccess);
112 
113 void setImageData(vector<uint8_t>& image);
114 
115 void validateAttestationCertificate(const vector<Certificate>& credentialKeyCertChain,
116                                     const vector<uint8_t>& expectedChallenge,
117                                     const vector<uint8_t>& expectedAppId, bool isTestCredential);
118 
119 vector<RequestNamespace> buildRequestNamespaces(const vector<TestEntryData> entries);
120 
121 // Verifies that the X.509 certificate for a just created authentication key
122 // is valid.
123 //
124 void verifyAuthKeyCertificate(const vector<uint8_t>& authKeyCertChain);
125 
126 }  // namespace android::hardware::identity::test_utils
127 
128 #endif  // VTS_IDENTITY_TEST_UTILS_H
129