1 /*
2 * Copyright (C) 2024 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17 #ifndef __KEYMINT_COMMON_H__
18 #define __KEYMINT_COMMON_H__
19
20 #include <aidl/android/hardware/security/keymint/BlockMode.h>
21 #include <aidl/android/hardware/security/keymint/Digest.h>
22 #include <aidl/android/hardware/security/keymint/EcCurve.h>
23 #include <aidl/android/hardware/security/keymint/PaddingMode.h>
24 #include <fuzzer/FuzzedDataProvider.h>
25 #include <keymint_support/authorization_set.h>
26
27 namespace android::hardware::security::keymint_support::fuzzer {
28
29 using namespace aidl::android::hardware::security::keymint;
30
31 constexpr uint32_t kStringSize = 64;
32 constexpr uint32_t k3DesKeySize = 168;
33 constexpr uint32_t kSymmKeySize = 256;
34 constexpr uint32_t kRsaKeySize = 2048;
35 constexpr uint32_t kPublicExponent = 65537;
36
37 constexpr EcCurve kCurve[] = {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521,
38 EcCurve::CURVE_25519};
39
40 constexpr PaddingMode kPaddingMode[] = {
41 PaddingMode::NONE,
42 PaddingMode::RSA_OAEP,
43 PaddingMode::RSA_PSS,
44 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
45 PaddingMode::RSA_PKCS1_1_5_SIGN,
46 PaddingMode::PKCS7,
47 };
48
49 constexpr Digest kDigest[] = {
50 Digest::NONE, Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
51 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512,
52 };
53
54 constexpr BlockMode kBlockMode[] = {
55 BlockMode::ECB,
56 BlockMode::CBC,
57 BlockMode::CTR,
58 BlockMode::GCM,
59 };
60
61 enum AttestAuthSet : uint32_t {
62 RSA_ATTEST_KEY = 0u,
63 ECDSA_ATTEST_KEY,
64 };
65
66 enum AuthSet : uint32_t {
67 RSA_KEY = 0u,
68 RSA_SIGNING_KEY,
69 RSA_ENCRYPTION_KEY,
70 ECDSA_SIGNING_CURVE,
71 AES_ENCRYPTION_KEY,
72 TRIPLE_DES,
73 HMAC,
74 NO_DIGEST,
75 ECB_MODE,
76 GSM_MODE_MIN_MAC,
77 GSM_MODE_MAC,
78 BLOCK_MODE,
79 };
80
createAuthSetForAttestKey(FuzzedDataProvider * dataProvider)81 AuthorizationSet createAuthSetForAttestKey(FuzzedDataProvider* dataProvider) {
82 uint32_t attestAuthSet = dataProvider->ConsumeBool() ? AttestAuthSet::RSA_ATTEST_KEY
83 : AttestAuthSet::ECDSA_ATTEST_KEY;
84 uint64_t timestamp = dataProvider->ConsumeIntegral<uint64_t>();
85 Digest digest = dataProvider->PickValueInArray(kDigest);
86 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
87 std::string challenge = dataProvider->ConsumeRandomLengthString(kStringSize);
88 std::string id = dataProvider->ConsumeRandomLengthString(kStringSize);
89 switch (attestAuthSet) {
90 case RSA_ATTEST_KEY: {
91 return AuthorizationSetBuilder()
92 .Authorization(TAG_NO_AUTH_REQUIRED)
93 .RsaKey(kRsaKeySize, kPublicExponent)
94 .Digest(digest)
95 .Padding(padding)
96 .AttestKey()
97 .AttestationChallenge(challenge)
98 .AttestationApplicationId(id)
99 .SetDefaultValidity()
100 .Authorization(TAG_CREATION_DATETIME, timestamp)
101 .Authorization(TAG_INCLUDE_UNIQUE_ID)
102 .Authorization(TAG_PURPOSE, KeyPurpose::ATTEST_KEY);
103 } break;
104 case ECDSA_ATTEST_KEY: {
105 EcCurve ecCurve = dataProvider->PickValueInArray(kCurve);
106 return AuthorizationSetBuilder()
107 .Authorization(TAG_NO_AUTH_REQUIRED)
108 .EcdsaKey(ecCurve)
109 .AttestKey()
110 .Digest(digest)
111 .AttestationChallenge(challenge)
112 .AttestationApplicationId(id)
113 .SetDefaultValidity()
114 .Authorization(TAG_CREATION_DATETIME, timestamp)
115 .Authorization(TAG_INCLUDE_UNIQUE_ID)
116 .Authorization(TAG_PURPOSE, KeyPurpose::ATTEST_KEY);
117 } break;
118 default:
119 break;
120 };
121 return AuthorizationSetBuilder();
122 }
123
createAuthorizationSet(FuzzedDataProvider * dataProvider)124 AuthorizationSet createAuthorizationSet(FuzzedDataProvider* dataProvider) {
125 uint32_t authSet =
126 dataProvider->ConsumeIntegralInRange<uint32_t>(AuthSet::RSA_KEY, AuthSet::BLOCK_MODE);
127 uint64_t timestamp = dataProvider->ConsumeIntegral<uint64_t>();
128 Digest digest = dataProvider->PickValueInArray(kDigest);
129 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
130 std::string challenge = dataProvider->ConsumeRandomLengthString(kStringSize);
131 std::string id = dataProvider->ConsumeRandomLengthString(kStringSize);
132 switch (authSet) {
133 case RSA_KEY: {
134 return AuthorizationSetBuilder()
135 .Authorization(TAG_NO_AUTH_REQUIRED)
136 .RsaKey(kRsaKeySize, kPublicExponent)
137 .Digest(digest)
138 .Padding(padding)
139 .AttestKey()
140 .AttestationChallenge(challenge)
141 .AttestationApplicationId(id)
142 .SetDefaultValidity()
143 .Authorization(TAG_CREATION_DATETIME, timestamp)
144 .Authorization(TAG_INCLUDE_UNIQUE_ID);
145 } break;
146 case RSA_SIGNING_KEY: {
147 return AuthorizationSetBuilder()
148 .Authorization(TAG_NO_AUTH_REQUIRED)
149 .RsaSigningKey(kRsaKeySize, kPublicExponent)
150 .Digest(digest)
151 .Padding(padding)
152 .AttestationChallenge(challenge)
153 .AttestationApplicationId(id)
154 .SetDefaultValidity()
155 .Authorization(TAG_CREATION_DATETIME, timestamp)
156 .Authorization(TAG_INCLUDE_UNIQUE_ID);
157 } break;
158 case RSA_ENCRYPTION_KEY: {
159 return AuthorizationSetBuilder()
160 .Authorization(TAG_NO_AUTH_REQUIRED)
161 .RsaEncryptionKey(kRsaKeySize, kPublicExponent)
162 .Digest(digest)
163 .Padding(padding)
164 .AttestationChallenge(challenge)
165 .AttestationApplicationId(id)
166 .SetDefaultValidity()
167 .Authorization(TAG_CREATION_DATETIME, timestamp)
168 .Authorization(TAG_INCLUDE_UNIQUE_ID);
169 } break;
170 case ECDSA_SIGNING_CURVE: {
171 EcCurve ecCurve = dataProvider->PickValueInArray(kCurve);
172 return AuthorizationSetBuilder()
173 .Authorization(TAG_NO_AUTH_REQUIRED)
174 .EcdsaSigningKey(ecCurve)
175 .Digest(digest)
176 .AttestationChallenge(challenge)
177 .AttestationApplicationId(id)
178 .SetDefaultValidity()
179 .Authorization(TAG_CREATION_DATETIME, timestamp)
180 .Authorization(TAG_INCLUDE_UNIQUE_ID);
181 } break;
182 case AES_ENCRYPTION_KEY: {
183 BlockMode blockmode = dataProvider->PickValueInArray(kBlockMode);
184 return AuthorizationSetBuilder()
185 .Authorization(TAG_NO_AUTH_REQUIRED)
186 .AesEncryptionKey(kSymmKeySize)
187 .BlockMode(blockmode)
188 .Digest(digest)
189 .Padding(padding);
190 } break;
191 case TRIPLE_DES: {
192 BlockMode blockmode = dataProvider->PickValueInArray(kBlockMode);
193 return AuthorizationSetBuilder()
194 .Authorization(TAG_NO_AUTH_REQUIRED)
195 .TripleDesEncryptionKey(k3DesKeySize)
196 .BlockMode(blockmode)
197 .Digest(digest)
198 .Padding(padding)
199 .EcbMode()
200 .SetDefaultValidity();
201 } break;
202 case HMAC: {
203 return AuthorizationSetBuilder()
204 .Authorization(TAG_NO_AUTH_REQUIRED)
205 .HmacKey(kSymmKeySize)
206 .Digest(digest)
207 .Padding(padding);
208 } break;
209 case NO_DIGEST: {
210 return AuthorizationSetBuilder()
211 .Authorization(TAG_NO_AUTH_REQUIRED)
212 .AesEncryptionKey(kSymmKeySize)
213 .NoDigestOrPadding()
214 .Digest(digest)
215 .Padding(padding);
216 } break;
217 case ECB_MODE: {
218 return AuthorizationSetBuilder()
219 .Authorization(TAG_NO_AUTH_REQUIRED)
220 .AesEncryptionKey(kSymmKeySize)
221 .EcbMode()
222 .Digest(digest)
223 .Padding(padding);
224 } break;
225 case GSM_MODE_MIN_MAC: {
226 uint32_t minMacLength = dataProvider->ConsumeIntegral<uint32_t>();
227 return AuthorizationSetBuilder()
228 .Authorization(TAG_NO_AUTH_REQUIRED)
229 .AesEncryptionKey(kSymmKeySize)
230 .GcmModeMinMacLen(minMacLength)
231 .Digest(digest)
232 .Padding(padding);
233 } break;
234 case GSM_MODE_MAC: {
235 uint32_t macLength = dataProvider->ConsumeIntegral<uint32_t>();
236 return AuthorizationSetBuilder()
237 .Authorization(TAG_NO_AUTH_REQUIRED)
238 .AesEncryptionKey(kSymmKeySize)
239 .GcmModeMacLen(macLength)
240 .Digest(digest)
241 .Padding(padding);
242 } break;
243 case BLOCK_MODE: {
244 BlockMode blockmode = dataProvider->PickValueInArray(kBlockMode);
245 return AuthorizationSetBuilder()
246 .Authorization(TAG_NO_AUTH_REQUIRED)
247 .AesEncryptionKey(kSymmKeySize)
248 .BlockMode(blockmode)
249 .Digest(digest)
250 .Padding(padding);
251 } break;
252 default:
253 break;
254 };
255 return AuthorizationSetBuilder();
256 }
257
258 } // namespace android::hardware::security::keymint_support::fuzzer
259
260 #endif // __KEYMINT_COMMON_H__
261