1 /*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <fstream>
18
19 #include <gtest/gtest.h>
20
21 #include <keymaster/keymaster_context.h>
22
23 #include "android_keymaster_test_utils.h"
24 #include "attestation_record.h"
25
26 #include <keymaster/keymaster_context.h>
27
28 namespace keymaster {
29 namespace test {
30
31 class TestContext : public KeymasterContext {
32 public:
GetSecurityLevel() const33 keymaster_security_level_t GetSecurityLevel() const override {
34 return KM_SECURITY_LEVEL_SOFTWARE;
35 }
SetSystemVersion(uint32_t,uint32_t)36 keymaster_error_t SetSystemVersion(uint32_t /* os_version */,
37 uint32_t /* os_patchlevel */) override {
38 return KM_ERROR_UNIMPLEMENTED;
39 }
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const40 void GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const override {
41 *os_version = 0;
42 *os_patchlevel = 0;
43 }
GetKeyFactory(keymaster_algorithm_t) const44 KeyFactory* GetKeyFactory(keymaster_algorithm_t /* algorithm */) const override {
45 return nullptr;
46 }
GetOperationFactory(keymaster_algorithm_t,keymaster_purpose_t) const47 OperationFactory* GetOperationFactory(keymaster_algorithm_t /* algorithm */,
48 keymaster_purpose_t /* purpose */) const override {
49 return nullptr;
50 }
GetSupportedAlgorithms(size_t *) const51 keymaster_algorithm_t* GetSupportedAlgorithms(size_t* /* algorithms_count */) const override {
52 return nullptr;
53 }
CreateKeyBlob(const AuthorizationSet &,keymaster_key_origin_t,const KeymasterKeyBlob &,KeymasterKeyBlob *,AuthorizationSet *,AuthorizationSet *) const54 keymaster_error_t CreateKeyBlob(const AuthorizationSet& /* key_description */,
55 keymaster_key_origin_t /* origin */,
56 const KeymasterKeyBlob& /* key_material */,
57 KeymasterKeyBlob* /* blob */,
58 AuthorizationSet* /* hw_enforced */,
59 AuthorizationSet* /* sw_enforced */) const override {
60 return KM_ERROR_UNIMPLEMENTED;
61 }
UpgradeKeyBlob(const KeymasterKeyBlob &,const AuthorizationSet &,KeymasterKeyBlob *) const62 keymaster_error_t UpgradeKeyBlob(const KeymasterKeyBlob& /* key_to_upgrade */,
63 const AuthorizationSet& /* upgrade_params */,
64 KeymasterKeyBlob* /* upgraded_key */) const override {
65 return KM_ERROR_UNIMPLEMENTED;
66 }
ParseKeyBlob(const KeymasterKeyBlob &,const AuthorizationSet &,KeymasterKeyBlob *,AuthorizationSet *,AuthorizationSet *) const67 keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& /* blob */,
68 const AuthorizationSet& /* additional_params */,
69 KeymasterKeyBlob* /* key_material */,
70 AuthorizationSet* /* hw_enforced */,
71 AuthorizationSet* /* sw_enforced */) const override {
72 return KM_ERROR_UNIMPLEMENTED;
73 }
AddRngEntropy(const uint8_t *,size_t) const74 keymaster_error_t AddRngEntropy(const uint8_t* /* buf */, size_t /* length */) const override {
75 return KM_ERROR_UNIMPLEMENTED;
76 }
GenerateRandom(uint8_t *,size_t) const77 keymaster_error_t GenerateRandom(uint8_t* /* buf */, size_t /* length */) const override {
78 return KM_ERROR_UNIMPLEMENTED;
79 }
enforcement_policy()80 KeymasterEnforcement* enforcement_policy() { return nullptr; }
AttestationKey(keymaster_algorithm_t,keymaster_error_t *) const81 EVP_PKEY* AttestationKey(keymaster_algorithm_t /* algorithm */,
82 keymaster_error_t* /* error */) const override {
83 return nullptr;
84 }
AttestationChain(keymaster_algorithm_t,keymaster_error_t *) const85 keymaster_cert_chain_t* AttestationChain(keymaster_algorithm_t /* algorithm */,
86 keymaster_error_t* /* error */) const override {
87 return nullptr;
88 }
GenerateUniqueId(uint64_t,const keymaster_blob_t &,bool,Buffer * unique_id) const89 keymaster_error_t GenerateUniqueId(uint64_t /* creation_date_time */,
90 const keymaster_blob_t& /* application_id */,
91 bool /* reset_since_rotation */, Buffer* unique_id) const {
92 // Finally, the reason for defining this class:
93 unique_id->Reinitialize("foo", 3);
94 return KM_ERROR_OK;
95 }
96 };
97
TEST(AttestTest,Simple)98 TEST(AttestTest, Simple) {
99 AuthorizationSet hw_set(AuthorizationSetBuilder()
100 .RsaSigningKey(512, 3)
101 .Digest(KM_DIGEST_SHA_2_256)
102 .Digest(KM_DIGEST_SHA_2_384)
103 .Authorization(TAG_OS_VERSION, 60000)
104 .Authorization(TAG_OS_PATCHLEVEL, 201512)
105 .Authorization(TAG_APPLICATION_ID, "bar", 3));
106 AuthorizationSet sw_set(AuthorizationSetBuilder().Authorization(TAG_ACTIVE_DATETIME, 10));
107
108 UniquePtr<uint8_t[]> asn1;
109 size_t asn1_len;
110 AuthorizationSet attest_params(
111 AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, "hello", 5));
112 EXPECT_EQ(KM_ERROR_OK, build_attestation_record(attest_params, sw_set, hw_set, TestContext(),
113 &asn1, &asn1_len));
114 EXPECT_GT(asn1_len, 0U);
115
116 std::ofstream output("attest.der",
117 std::ofstream::out | std::ofstream::binary | std::ofstream::trunc);
118 if (output)
119 output.write(reinterpret_cast<const char*>(asn1.get()), asn1_len);
120 output.close();
121
122 AuthorizationSet parsed_hw_set;
123 AuthorizationSet parsed_sw_set;
124 uint32_t attestation_version;
125 uint32_t keymaster_version;
126 keymaster_security_level_t attestation_security_level;
127 keymaster_security_level_t keymaster_security_level;
128 keymaster_blob_t attestation_challenge = {};
129 keymaster_blob_t unique_id = {};
130 EXPECT_EQ(KM_ERROR_OK,
131 parse_attestation_record(asn1.get(), asn1_len, &attestation_version,
132 &attestation_security_level, &keymaster_version,
133 &keymaster_security_level, &attestation_challenge,
134 &parsed_sw_set, &parsed_hw_set, &unique_id));
135
136 delete[] attestation_challenge.data;
137 delete[] unique_id.data;
138
139 hw_set.Sort();
140 sw_set.Sort();
141 parsed_hw_set.Sort();
142 parsed_sw_set.Sort();
143 EXPECT_EQ(hw_set, parsed_hw_set);
144 EXPECT_EQ(sw_set, parsed_sw_set);
145 }
146
147 } // namespace test
148 } // namespace keymaster
149