1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define LOG_TAG "UserAuthTests"
18 
19 #include <aidl/Gtest.h>
20 #include <aidl/Vintf.h>
21 #include <aidl/android/hardware/keymaster/HardwareAuthToken.h>
22 #include <aidl/android/hardware/keymaster/VerificationToken.h>
23 #include <android-base/logging.h>
24 #include <android/hardware/identity/IIdentityCredentialStore.h>
25 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
26 #include <binder/IServiceManager.h>
27 #include <binder/ProcessState.h>
28 #include <cppbor.h>
29 #include <cppbor_parse.h>
30 #include <gtest/gtest.h>
31 #include <future>
32 #include <map>
33 #include <utility>
34 
35 #include "Util.h"
36 
37 namespace android::hardware::identity {
38 
39 using std::endl;
40 using std::make_pair;
41 using std::map;
42 using std::optional;
43 using std::pair;
44 using std::string;
45 using std::tie;
46 using std::vector;
47 
48 using ::android::sp;
49 using ::android::String16;
50 using ::android::binder::Status;
51 
52 using ::android::hardware::keymaster::HardwareAuthToken;
53 using ::android::hardware::keymaster::VerificationToken;
54 
55 class UserAuthTests : public testing::TestWithParam<string> {
56   public:
SetUp()57     virtual void SetUp() override {
58         credentialStore_ = android::waitForDeclaredService<IIdentityCredentialStore>(
59                 String16(GetParam().c_str()));
60         ASSERT_NE(credentialStore_, nullptr);
61     }
62 
63     void provisionData();
64     void setupRetrieveData();
65     pair<HardwareAuthToken, VerificationToken> mintTokens(uint64_t challengeForAuthToken,
66                                                           int64_t ageOfAuthTokenMilliSeconds);
67     void retrieveData(HardwareAuthToken authToken, VerificationToken verificationToken,
68                       bool expectSuccess, bool useSessionTranscript);
69 
70     // Set by provisionData
71     SecureAccessControlProfile sacp0_;
72     SecureAccessControlProfile sacp1_;
73     SecureAccessControlProfile sacp2_;
74 
75     vector<uint8_t> encContentUserAuthPerSession_;
76     vector<uint8_t> encContentUserAuthTimeout_;
77     vector<uint8_t> encContentAccessibleByAll_;
78     vector<uint8_t> encContentAccessibleByNone_;
79 
80     vector<uint8_t> credentialData_;
81 
82     // Set by setupRetrieveData().
83     int64_t authChallenge_;
84     cppbor::Map sessionTranscript_;
85     sp<IIdentityCredential> credential_;
86 
87     // Set by retrieveData()
88     bool canGetUserAuthPerSession_;
89     bool canGetUserAuthTimeout_;
90     bool canGetAccessibleByAll_;
91     bool canGetAccessibleByNone_;
92 
93     sp<IIdentityCredentialStore> credentialStore_;
94 };
95 
provisionData()96 void UserAuthTests::provisionData() {
97     string docType = "org.iso.18013-5.2019.mdl";
98     bool testCredential = true;
99     sp<IWritableIdentityCredential> wc;
100     ASSERT_TRUE(credentialStore_->createCredential(docType, testCredential, &wc).isOk());
101 
102     vector<uint8_t> attestationApplicationId = {};
103     vector<uint8_t> attestationChallenge = {1};
104     vector<Certificate> certChain;
105     ASSERT_TRUE(wc->getAttestationCertificate(attestationApplicationId, attestationChallenge,
106                                               &certChain)
107                         .isOk());
108 
109     size_t proofOfProvisioningSize = 381;
110     // Not in v1 HAL, may fail
111     wc->setExpectedProofOfProvisioningSize(proofOfProvisioningSize);
112 
113     ASSERT_TRUE(wc->startPersonalization(3 /* numAccessControlProfiles */,
114                                          {4} /* numDataElementsPerNamespace */)
115                         .isOk());
116 
117     // Access control profile 0: user auth every session (timeout = 0)
118     ASSERT_TRUE(wc->addAccessControlProfile(0, {}, true, 0, 65 /* secureUserId */, &sacp0_).isOk());
119 
120     // Access control profile 1: user auth, 60 seconds timeout
121     ASSERT_TRUE(
122             wc->addAccessControlProfile(1, {}, true, 60000, 65 /* secureUserId */, &sacp1_).isOk());
123 
124     // Access control profile 2: open access
125     ASSERT_TRUE(wc->addAccessControlProfile(2, {}, false, 0, 0, &sacp2_).isOk());
126 
127     // Data Element: "UserAuth Per Session"
128     ASSERT_TRUE(wc->beginAddEntry({0}, "ns", "UserAuth Per Session", 1).isOk());
129     ASSERT_TRUE(wc->addEntryValue({9}, &encContentUserAuthPerSession_).isOk());
130 
131     // Data Element: "UserAuth Timeout"
132     ASSERT_TRUE(wc->beginAddEntry({1}, "ns", "UserAuth Timeout", 1).isOk());
133     ASSERT_TRUE(wc->addEntryValue({9}, &encContentUserAuthTimeout_).isOk());
134 
135     // Data Element: "Accessible by All"
136     ASSERT_TRUE(wc->beginAddEntry({2}, "ns", "Accessible by All", 1).isOk());
137     ASSERT_TRUE(wc->addEntryValue({9}, &encContentAccessibleByAll_).isOk());
138 
139     // Data Element: "Accessible by None"
140     ASSERT_TRUE(wc->beginAddEntry({}, "ns", "Accessible by None", 1).isOk());
141     ASSERT_TRUE(wc->addEntryValue({9}, &encContentAccessibleByNone_).isOk());
142 
143     vector<uint8_t> proofOfProvisioningSignature;
144     Status status = wc->finishAddingEntries(&credentialData_, &proofOfProvisioningSignature);
145     EXPECT_TRUE(status.isOk()) << status.exceptionCode() << ": " << status.exceptionMessage();
146 }
147 
148 // From ReaderAuthTest.cpp - TODO: consolidate with Util.h
149 pair<vector<uint8_t>, vector<uint8_t>> generateReaderKey();
150 vector<uint8_t> generateReaderCert(const vector<uint8_t>& publicKey,
151                                    const vector<uint8_t>& signingKey);
152 RequestDataItem buildRequestDataItem(const string& name, size_t size,
153                                      vector<int32_t> accessControlProfileIds);
154 
calcSessionTranscript(const vector<uint8_t> & ePublicKey)155 cppbor::Map calcSessionTranscript(const vector<uint8_t>& ePublicKey) {
156     auto [getXYSuccess, ephX, ephY] = support::ecPublicKeyGetXandY(ePublicKey);
157     cppbor::Map deviceEngagement = cppbor::Map().add("ephX", ephX).add("ephY", ephY);
158     vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode();
159     vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode();
160     // Let SessionTranscript be a map here (it's an array in EndToEndTest) just
161     // to check that the implementation can deal with either.
162     cppbor::Map sessionTranscript;
163     sessionTranscript.add(42, cppbor::SemanticTag(24, deviceEngagementBytes));
164     sessionTranscript.add(43, cppbor::SemanticTag(24, eReaderPubBytes));
165     return sessionTranscript;
166 }
167 
setupRetrieveData()168 void UserAuthTests::setupRetrieveData() {
169     ASSERT_TRUE(credentialStore_
170                         ->getCredential(
171                                 CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256,
172                                 credentialData_, &credential_)
173                         .isOk());
174 
175     optional<vector<uint8_t>> readerEKeyPair = support::createEcKeyPair();
176     optional<vector<uint8_t>> readerEPublicKey =
177             support::ecKeyPairGetPublicKey(readerEKeyPair.value());
178     ASSERT_TRUE(credential_->setReaderEphemeralPublicKey(readerEPublicKey.value()).isOk());
179 
180     vector<uint8_t> eKeyPair;
181     ASSERT_TRUE(credential_->createEphemeralKeyPair(&eKeyPair).isOk());
182     optional<vector<uint8_t>> ePublicKey = support::ecKeyPairGetPublicKey(eKeyPair);
183     sessionTranscript_ = calcSessionTranscript(ePublicKey.value());
184 
185     Status status = credential_->createAuthChallenge(&authChallenge_);
186     EXPECT_TRUE(status.isOk()) << status.exceptionCode() << ": " << status.exceptionMessage();
187 }
188 
retrieveData(HardwareAuthToken authToken,VerificationToken verificationToken,bool expectSuccess,bool useSessionTranscript)189 void UserAuthTests::retrieveData(HardwareAuthToken authToken, VerificationToken verificationToken,
190                                  bool expectSuccess, bool useSessionTranscript) {
191     canGetUserAuthPerSession_ = false;
192     canGetUserAuthTimeout_ = false;
193     canGetAccessibleByAll_ = false;
194     canGetAccessibleByNone_ = false;
195 
196     vector<uint8_t> itemsRequestBytes;
197     vector<uint8_t> sessionTranscriptBytes;
198     if (useSessionTranscript) {
199         sessionTranscriptBytes = sessionTranscript_.encode();
200 
201         itemsRequestBytes =
202                 cppbor::Map("nameSpaces",
203                             cppbor::Map().add("ns", cppbor::Map()
204                                                             .add("UserAuth Per Session", false)
205                                                             .add("UserAuth Timeout", false)
206                                                             .add("Accessible by All", false)
207                                                             .add("Accessible by None", false)))
208                         .encode();
209         vector<uint8_t> dataToSign = cppbor::Array()
210                                              .add("ReaderAuthentication")
211                                              .add(sessionTranscript_.clone())
212                                              .add(cppbor::SemanticTag(24, itemsRequestBytes))
213                                              .encode();
214     }
215 
216     // Generate the key that will be used to sign AuthenticatedData.
217     vector<uint8_t> signingKeyBlob;
218     Certificate signingKeyCertificate;
219     ASSERT_TRUE(
220             credential_->generateSigningKeyPair(&signingKeyBlob, &signingKeyCertificate).isOk());
221 
222     RequestNamespace rns;
223     rns.namespaceName = "ns";
224     rns.items.push_back(buildRequestDataItem("UserAuth Per Session", 1, {0}));
225     rns.items.push_back(buildRequestDataItem("UserAuth Timeout", 1, {1}));
226     rns.items.push_back(buildRequestDataItem("Accessible by All", 1, {2}));
227     rns.items.push_back(buildRequestDataItem("Accessible by None", 1, {}));
228     // OK to fail, not available in v1 HAL
229     credential_->setRequestedNamespaces({rns}).isOk();
230 
231     // OK to fail, not available in v1 HAL
232     credential_->setVerificationToken(verificationToken);
233 
234     Status status = credential_->startRetrieval({sacp0_, sacp1_, sacp2_}, authToken,
235                                                 itemsRequestBytes, signingKeyBlob,
236                                                 sessionTranscriptBytes, {} /* readerSignature */,
237                                                 {4 /* numDataElementsPerNamespace */});
238     if (expectSuccess) {
239         ASSERT_TRUE(status.isOk());
240     } else {
241         ASSERT_FALSE(status.isOk());
242         return;
243     }
244 
245     vector<uint8_t> decrypted;
246 
247     status = credential_->startRetrieveEntryValue("ns", "UserAuth Per Session", 1, {0});
248     if (status.isOk()) {
249         canGetUserAuthPerSession_ = true;
250         ASSERT_TRUE(
251                 credential_->retrieveEntryValue(encContentUserAuthPerSession_, &decrypted).isOk());
252     }
253 
254     status = credential_->startRetrieveEntryValue("ns", "UserAuth Timeout", 1, {1});
255     if (status.isOk()) {
256         canGetUserAuthTimeout_ = true;
257         ASSERT_TRUE(credential_->retrieveEntryValue(encContentUserAuthTimeout_, &decrypted).isOk());
258     }
259 
260     status = credential_->startRetrieveEntryValue("ns", "Accessible by All", 1, {2});
261     if (status.isOk()) {
262         canGetAccessibleByAll_ = true;
263         ASSERT_TRUE(credential_->retrieveEntryValue(encContentAccessibleByAll_, &decrypted).isOk());
264     }
265 
266     status = credential_->startRetrieveEntryValue("ns", "Accessible by None", 1, {});
267     if (status.isOk()) {
268         canGetAccessibleByNone_ = true;
269         ASSERT_TRUE(
270                 credential_->retrieveEntryValue(encContentAccessibleByNone_, &decrypted).isOk());
271     }
272 
273     vector<uint8_t> mac;
274     vector<uint8_t> deviceNameSpaces;
275     ASSERT_TRUE(credential_->finishRetrieval(&mac, &deviceNameSpaces).isOk());
276 }
277 
mintTokens(uint64_t challengeForAuthToken,int64_t ageOfAuthTokenMilliSeconds)278 pair<HardwareAuthToken, VerificationToken> UserAuthTests::mintTokens(
279         uint64_t challengeForAuthToken, int64_t ageOfAuthTokenMilliSeconds) {
280     HardwareAuthToken authToken;
281     VerificationToken verificationToken;
282 
283     uint64_t epochMilliseconds = 1000ULL * 1000ULL * 1000ULL * 1000ULL;
284 
285     authToken.challenge = challengeForAuthToken;
286     authToken.userId = 65;
287     authToken.authenticatorId = 0;
288     authToken.authenticatorType = ::android::hardware::keymaster::HardwareAuthenticatorType::NONE;
289     authToken.timestamp.milliSeconds = epochMilliseconds - ageOfAuthTokenMilliSeconds;
290     authToken.mac.clear();
291     verificationToken.challenge = authChallenge_;
292     verificationToken.timestamp.milliSeconds = epochMilliseconds;
293     verificationToken.securityLevel =
294             ::android::hardware::keymaster::SecurityLevel::TRUSTED_ENVIRONMENT;
295     verificationToken.mac.clear();
296     return make_pair(authToken, verificationToken);
297 }
298 
TEST_P(UserAuthTests,GoodChallenge)299 TEST_P(UserAuthTests, GoodChallenge) {
300     provisionData();
301     setupRetrieveData();
302     auto [authToken, verificationToken] = mintTokens(authChallenge_,  // challengeForAuthToken
303                                                      0);              // ageOfAuthTokenMilliSeconds
304     retrieveData(authToken, verificationToken, true /* expectSuccess */,
305                  true /* useSessionTranscript */);
306     EXPECT_TRUE(canGetUserAuthPerSession_);
307     EXPECT_TRUE(canGetUserAuthTimeout_);
308     EXPECT_TRUE(canGetAccessibleByAll_);
309     EXPECT_FALSE(canGetAccessibleByNone_);
310 }
311 
TEST_P(UserAuthTests,OtherChallenge)312 TEST_P(UserAuthTests, OtherChallenge) {
313     provisionData();
314     setupRetrieveData();
315     uint64_t otherChallenge = authChallenge_ ^ 0x12345678;
316     auto [authToken, verificationToken] = mintTokens(otherChallenge,  // challengeForAuthToken
317                                                      0);              // ageOfAuthTokenMilliSeconds
318     retrieveData(authToken, verificationToken, true /* expectSuccess */,
319                  true /* useSessionTranscript */);
320     EXPECT_FALSE(canGetUserAuthPerSession_);
321     EXPECT_TRUE(canGetUserAuthTimeout_);
322     EXPECT_TRUE(canGetAccessibleByAll_);
323     EXPECT_FALSE(canGetAccessibleByNone_);
324 }
325 
TEST_P(UserAuthTests,NoChallenge)326 TEST_P(UserAuthTests, NoChallenge) {
327     provisionData();
328     setupRetrieveData();
329     auto [authToken, verificationToken] = mintTokens(0,   // challengeForAuthToken
330                                                      0);  // ageOfAuthTokenMilliSeconds
331     retrieveData(authToken, verificationToken, true /* expectSuccess */,
332                  true /* useSessionTranscript */);
333     EXPECT_FALSE(canGetUserAuthPerSession_);
334     EXPECT_TRUE(canGetUserAuthTimeout_);
335     EXPECT_TRUE(canGetAccessibleByAll_);
336     EXPECT_FALSE(canGetAccessibleByNone_);
337 }
338 
TEST_P(UserAuthTests,AuthTokenAgeZero)339 TEST_P(UserAuthTests, AuthTokenAgeZero) {
340     provisionData();
341     setupRetrieveData();
342     auto [authToken, verificationToken] = mintTokens(0,   // challengeForAuthToken
343                                                      0);  // ageOfAuthTokenMilliSeconds
344     retrieveData(authToken, verificationToken, true /* expectSuccess */,
345                  true /* useSessionTranscript */);
346     EXPECT_FALSE(canGetUserAuthPerSession_);
347     EXPECT_TRUE(canGetUserAuthTimeout_);
348     EXPECT_TRUE(canGetAccessibleByAll_);
349     EXPECT_FALSE(canGetAccessibleByNone_);
350 }
351 
TEST_P(UserAuthTests,AuthTokenFromTheFuture)352 TEST_P(UserAuthTests, AuthTokenFromTheFuture) {
353     provisionData();
354     setupRetrieveData();
355     auto [authToken, verificationToken] = mintTokens(0,           // challengeForAuthToken
356                                                      -1 * 1000);  // ageOfAuthTokenMilliSeconds
357     retrieveData(authToken, verificationToken, true /* expectSuccess */,
358                  true /* useSessionTranscript */);
359     EXPECT_FALSE(canGetUserAuthPerSession_);
360     EXPECT_FALSE(canGetUserAuthTimeout_);
361     EXPECT_TRUE(canGetAccessibleByAll_);
362     EXPECT_FALSE(canGetAccessibleByNone_);
363 }
364 
TEST_P(UserAuthTests,AuthTokenInsideTimeout)365 TEST_P(UserAuthTests, AuthTokenInsideTimeout) {
366     provisionData();
367     setupRetrieveData();
368     auto [authToken, verificationToken] = mintTokens(0,           // challengeForAuthToken
369                                                      30 * 1000);  // ageOfAuthTokenMilliSeconds
370     retrieveData(authToken, verificationToken, true /* expectSuccess */,
371                  true /* useSessionTranscript */);
372     EXPECT_FALSE(canGetUserAuthPerSession_);
373     EXPECT_TRUE(canGetUserAuthTimeout_);
374     EXPECT_TRUE(canGetAccessibleByAll_);
375     EXPECT_FALSE(canGetAccessibleByNone_);
376 }
377 
TEST_P(UserAuthTests,AuthTokenOutsideTimeout)378 TEST_P(UserAuthTests, AuthTokenOutsideTimeout) {
379     provisionData();
380     setupRetrieveData();
381     auto [authToken, verificationToken] = mintTokens(0,           // challengeForAuthToken
382                                                      61 * 1000);  // ageOfAuthTokenMilliSeconds
383     retrieveData(authToken, verificationToken, true /* expectSuccess */,
384                  true /* useSessionTranscript */);
385     EXPECT_FALSE(canGetUserAuthPerSession_);
386     EXPECT_FALSE(canGetUserAuthTimeout_);
387     EXPECT_TRUE(canGetAccessibleByAll_);
388     EXPECT_FALSE(canGetAccessibleByNone_);
389 }
390 
391 // The API works even when there's no SessionTranscript / itemsRequest.
392 // Verify that.
TEST_P(UserAuthTests,NoSessionTranscript)393 TEST_P(UserAuthTests, NoSessionTranscript) {
394     provisionData();
395     setupRetrieveData();
396     auto [authToken, verificationToken] = mintTokens(0,          // challengeForAuthToken
397                                                      1 * 1000);  // ageOfAuthTokenMilliSeconds
398     retrieveData(authToken, verificationToken, true /* expectSuccess */,
399                  false /* useSessionTranscript */);
400     EXPECT_FALSE(canGetUserAuthPerSession_);
401     EXPECT_TRUE(canGetUserAuthTimeout_);
402     EXPECT_TRUE(canGetAccessibleByAll_);
403     EXPECT_FALSE(canGetAccessibleByNone_);
404 }
405 
406 // This test verifies that it's possible to do multiple requests as long
407 // as the sessionTranscript doesn't change.
408 //
TEST_P(UserAuthTests,MultipleRequestsSameSessionTranscript)409 TEST_P(UserAuthTests, MultipleRequestsSameSessionTranscript) {
410     provisionData();
411     setupRetrieveData();
412 
413     // First we try with a stale authToken
414     //
415     auto [authToken, verificationToken] = mintTokens(0,           // challengeForAuthToken
416                                                      61 * 1000);  // ageOfAuthTokenMilliSeconds
417     retrieveData(authToken, verificationToken, true /* expectSuccess */,
418                  true /* useSessionTranscript */);
419     EXPECT_FALSE(canGetUserAuthPerSession_);
420     EXPECT_FALSE(canGetUserAuthTimeout_);
421     EXPECT_TRUE(canGetAccessibleByAll_);
422     EXPECT_FALSE(canGetAccessibleByNone_);
423 
424     // Then we get a new authToken and try again.
425     tie(authToken, verificationToken) = mintTokens(0,          // challengeForAuthToken
426                                                    5 * 1000);  // ageOfAuthTokenMilliSeconds
427     retrieveData(authToken, verificationToken, true /* expectSuccess */,
428                  true /* useSessionTranscript */);
429     EXPECT_FALSE(canGetUserAuthPerSession_);
430     EXPECT_TRUE(canGetUserAuthTimeout_);
431     EXPECT_TRUE(canGetAccessibleByAll_);
432     EXPECT_FALSE(canGetAccessibleByNone_);
433 }
434 
435 // Like MultipleRequestsSameSessionTranscript but we change the sessionTranscript
436 // between the two calls. This test verifies that change is detected and the
437 // second request fails.
438 //
TEST_P(UserAuthTests,MultipleRequestsSessionTranscriptChanges)439 TEST_P(UserAuthTests, MultipleRequestsSessionTranscriptChanges) {
440     provisionData();
441     setupRetrieveData();
442 
443     // First we try with a stale authToken
444     //
445     auto [authToken, verificationToken] = mintTokens(0,           // challengeForAuthToken
446                                                      61 * 1000);  // ageOfAuthTokenMilliSeconds
447     retrieveData(authToken, verificationToken, true /* expectSuccess */,
448                  true /* useSessionTranscript */);
449     EXPECT_FALSE(canGetUserAuthPerSession_);
450     EXPECT_FALSE(canGetUserAuthTimeout_);
451     EXPECT_TRUE(canGetAccessibleByAll_);
452     EXPECT_FALSE(canGetAccessibleByNone_);
453 
454     // Then we get a new authToken and try again.
455     tie(authToken, verificationToken) = mintTokens(0,          // challengeForAuthToken
456                                                    5 * 1000);  // ageOfAuthTokenMilliSeconds
457 
458     // Change sessionTranscript...
459     optional<vector<uint8_t>> eKeyPairNew = support::createEcKeyPair();
460     optional<vector<uint8_t>> ePublicKeyNew = support::ecKeyPairGetPublicKey(eKeyPairNew.value());
461     sessionTranscript_ = calcSessionTranscript(ePublicKeyNew.value());
462 
463     // ... and expect failure.
464     retrieveData(authToken, verificationToken, false /* expectSuccess */,
465                  true /* useSessionTranscript */);
466 }
467 
468 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(UserAuthTests);
469 INSTANTIATE_TEST_SUITE_P(
470         Identity, UserAuthTests,
471         testing::ValuesIn(android::getAidlHalInstanceNames(IIdentityCredentialStore::descriptor)),
472         android::PrintInstanceNameToString);
473 
474 }  // namespace android::hardware::identity
475