1 /*
2  * Copyright 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <fstream>
18 
19 #include <gtest/gtest.h>
20 
21 #include <keymaster/keymaster_context.h>
22 
23 #include "android_keymaster_test_utils.h"
24 #include "attestation_record.h"
25 
26 #include <keymaster/keymaster_context.h>
27 
28 namespace keymaster {
29 namespace test {
30 
31 class TestContext : public KeymasterContext {
32   public:
GetSecurityLevel() const33     keymaster_security_level_t GetSecurityLevel() const override {
34         return KM_SECURITY_LEVEL_SOFTWARE;
35     }
SetSystemVersion(uint32_t,uint32_t)36     keymaster_error_t SetSystemVersion(uint32_t /* os_version */,
37                                        uint32_t /* os_patchlevel */) override {
38         return KM_ERROR_UNIMPLEMENTED;
39     }
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const40     void GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const override {
41         *os_version = 0;
42         *os_patchlevel = 0;
43     }
GetKeyFactory(keymaster_algorithm_t) const44     KeyFactory* GetKeyFactory(keymaster_algorithm_t /* algorithm */) const override {
45         return nullptr;
46     }
GetOperationFactory(keymaster_algorithm_t,keymaster_purpose_t) const47     OperationFactory* GetOperationFactory(keymaster_algorithm_t /* algorithm */,
48                                           keymaster_purpose_t /* purpose */) const override {
49         return nullptr;
50     }
GetSupportedAlgorithms(size_t *) const51     keymaster_algorithm_t* GetSupportedAlgorithms(size_t* /* algorithms_count */) const override {
52         return nullptr;
53     }
CreateKeyBlob(const AuthorizationSet &,keymaster_key_origin_t,const KeymasterKeyBlob &,KeymasterKeyBlob *,AuthorizationSet *,AuthorizationSet *) const54     keymaster_error_t CreateKeyBlob(const AuthorizationSet& /* key_description */,
55                                     keymaster_key_origin_t /* origin */,
56                                     const KeymasterKeyBlob& /* key_material */,
57                                     KeymasterKeyBlob* /* blob */,
58                                     AuthorizationSet* /* hw_enforced */,
59                                     AuthorizationSet* /* sw_enforced */) const override {
60         return KM_ERROR_UNIMPLEMENTED;
61     }
UpgradeKeyBlob(const KeymasterKeyBlob &,const AuthorizationSet &,KeymasterKeyBlob *) const62     keymaster_error_t UpgradeKeyBlob(const KeymasterKeyBlob& /* key_to_upgrade */,
63                                      const AuthorizationSet& /* upgrade_params */,
64                                      KeymasterKeyBlob* /* upgraded_key */) const override {
65         return KM_ERROR_UNIMPLEMENTED;
66     }
ParseKeyBlob(const KeymasterKeyBlob &,const AuthorizationSet &,KeymasterKeyBlob *,AuthorizationSet *,AuthorizationSet *) const67     keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& /* blob */,
68                                    const AuthorizationSet& /* additional_params */,
69                                    KeymasterKeyBlob* /* key_material */,
70                                    AuthorizationSet* /* hw_enforced */,
71                                    AuthorizationSet* /* sw_enforced */) const override {
72         return KM_ERROR_UNIMPLEMENTED;
73     }
AddRngEntropy(const uint8_t *,size_t) const74     keymaster_error_t AddRngEntropy(const uint8_t* /* buf */, size_t /* length */) const override {
75         return KM_ERROR_UNIMPLEMENTED;
76     }
GenerateRandom(uint8_t *,size_t) const77     keymaster_error_t GenerateRandom(uint8_t* /* buf */, size_t /* length */) const override {
78         return KM_ERROR_UNIMPLEMENTED;
79     }
enforcement_policy()80     KeymasterEnforcement* enforcement_policy() { return nullptr; }
AttestationKey(keymaster_algorithm_t,keymaster_error_t *) const81     EVP_PKEY* AttestationKey(keymaster_algorithm_t /* algorithm */,
82                              keymaster_error_t* /* error */) const override {
83         return nullptr;
84     }
AttestationChain(keymaster_algorithm_t,keymaster_error_t *) const85     keymaster_cert_chain_t* AttestationChain(keymaster_algorithm_t /* algorithm */,
86                                              keymaster_error_t* /* error */) const override {
87         return nullptr;
88     }
GenerateUniqueId(uint64_t,const keymaster_blob_t &,bool,Buffer * unique_id) const89     keymaster_error_t GenerateUniqueId(uint64_t /* creation_date_time */,
90                                        const keymaster_blob_t& /* application_id */,
91                                        bool /* reset_since_rotation */, Buffer* unique_id) const {
92         // Finally, the reason for defining this class:
93         unique_id->Reinitialize("foo", 3);
94         return KM_ERROR_OK;
95     }
96 };
97 
TEST(AttestTest,Simple)98 TEST(AttestTest, Simple) {
99     AuthorizationSet hw_set(AuthorizationSetBuilder()
100                                 .RsaSigningKey(512, 3)
101                                 .Digest(KM_DIGEST_SHA_2_256)
102                                 .Digest(KM_DIGEST_SHA_2_384)
103                                 .Authorization(TAG_OS_VERSION, 60000)
104                                 .Authorization(TAG_OS_PATCHLEVEL, 201512)
105                                 .Authorization(TAG_APPLICATION_ID, "bar", 3));
106     AuthorizationSet sw_set(AuthorizationSetBuilder().Authorization(TAG_ACTIVE_DATETIME, 10));
107 
108     UniquePtr<uint8_t[]> asn1;
109     size_t asn1_len;
110     AuthorizationSet attest_params(
111         AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, "hello", 5));
112     EXPECT_EQ(KM_ERROR_OK, build_attestation_record(attest_params, sw_set, hw_set, TestContext(),
113                                                     &asn1, &asn1_len));
114     EXPECT_GT(asn1_len, 0U);
115 
116     std::ofstream output("attest.der",
117                          std::ofstream::out | std::ofstream::binary | std::ofstream::trunc);
118     if (output)
119         output.write(reinterpret_cast<const char*>(asn1.get()), asn1_len);
120     output.close();
121 
122     AuthorizationSet parsed_hw_set;
123     AuthorizationSet parsed_sw_set;
124     uint32_t attestation_version;
125     uint32_t keymaster_version;
126     keymaster_security_level_t attestation_security_level;
127     keymaster_security_level_t keymaster_security_level;
128     keymaster_blob_t attestation_challenge = {};
129     keymaster_blob_t unique_id = {};
130     EXPECT_EQ(KM_ERROR_OK,
131               parse_attestation_record(asn1.get(), asn1_len, &attestation_version,
132                                        &attestation_security_level, &keymaster_version,
133                                        &keymaster_security_level, &attestation_challenge,
134                                        &parsed_sw_set, &parsed_hw_set, &unique_id));
135 
136     delete[] attestation_challenge.data;
137     delete[] unique_id.data;
138 
139     hw_set.Sort();
140     sw_set.Sort();
141     parsed_hw_set.Sort();
142     parsed_sw_set.Sort();
143     EXPECT_EQ(hw_set, parsed_hw_set);
144     EXPECT_EQ(sw_set, parsed_sw_set);
145 }
146 
147 }  // namespace test
148 }  // namespace keymaster
149