1 /* 2 * Copyright 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <fstream> 18 19 #include <gtest/gtest.h> 20 21 #include <keymaster/keymaster_context.h> 22 23 #include "android_keymaster_test_utils.h" 24 #include "attestation_record.h" 25 26 #include <keymaster/keymaster_context.h> 27 28 namespace keymaster { 29 namespace test { 30 31 class TestContext : public KeymasterContext { 32 public: 33 keymaster_security_level_t GetSecurityLevel() const override { 34 return KM_SECURITY_LEVEL_SOFTWARE; 35 } 36 keymaster_error_t SetSystemVersion(uint32_t /* os_version */, 37 uint32_t /* os_patchlevel */) override { 38 return KM_ERROR_UNIMPLEMENTED; 39 } 40 void GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const override { 41 *os_version = 0; 42 *os_patchlevel = 0; 43 } 44 KeyFactory* GetKeyFactory(keymaster_algorithm_t /* algorithm */) const override { 45 return nullptr; 46 } 47 OperationFactory* GetOperationFactory(keymaster_algorithm_t /* algorithm */, 48 keymaster_purpose_t /* purpose */) const override { 49 return nullptr; 50 } 51 keymaster_algorithm_t* GetSupportedAlgorithms(size_t* /* algorithms_count */) const override { 52 return nullptr; 53 } 54 keymaster_error_t CreateKeyBlob(const AuthorizationSet& /* key_description */, 55 keymaster_key_origin_t /* origin */, 56 const KeymasterKeyBlob& /* key_material */, 57 KeymasterKeyBlob* /* blob */, 58 AuthorizationSet* /* hw_enforced */, 59 AuthorizationSet* /* sw_enforced */) const override { 60 return KM_ERROR_UNIMPLEMENTED; 61 } 62 keymaster_error_t UpgradeKeyBlob(const KeymasterKeyBlob& /* key_to_upgrade */, 63 const AuthorizationSet& /* upgrade_params */, 64 KeymasterKeyBlob* /* upgraded_key */) const override { 65 return KM_ERROR_UNIMPLEMENTED; 66 } 67 keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& /* blob */, 68 const AuthorizationSet& /* additional_params */, 69 KeymasterKeyBlob* /* key_material */, 70 AuthorizationSet* /* hw_enforced */, 71 AuthorizationSet* /* sw_enforced */) const override { 72 return KM_ERROR_UNIMPLEMENTED; 73 } 74 keymaster_error_t AddRngEntropy(const uint8_t* /* buf */, size_t /* length */) const override { 75 return KM_ERROR_UNIMPLEMENTED; 76 } 77 keymaster_error_t GenerateRandom(uint8_t* /* buf */, size_t /* length */) const override { 78 return KM_ERROR_UNIMPLEMENTED; 79 } 80 KeymasterEnforcement* enforcement_policy() { return nullptr; } 81 EVP_PKEY* AttestationKey(keymaster_algorithm_t /* algorithm */, 82 keymaster_error_t* /* error */) const override { 83 return nullptr; 84 } 85 keymaster_cert_chain_t* AttestationChain(keymaster_algorithm_t /* algorithm */, 86 keymaster_error_t* /* error */) const override { 87 return nullptr; 88 } 89 keymaster_error_t GenerateUniqueId(uint64_t /* creation_date_time */, 90 const keymaster_blob_t& /* application_id */, 91 bool /* reset_since_rotation */, Buffer* unique_id) const { 92 // Finally, the reason for defining this class: 93 unique_id->Reinitialize("foo", 3); 94 return KM_ERROR_OK; 95 } 96 }; 97 98 TEST(AttestTest, Simple) { 99 AuthorizationSet hw_set(AuthorizationSetBuilder() 100 .RsaSigningKey(512, 3) 101 .Digest(KM_DIGEST_SHA_2_256) 102 .Digest(KM_DIGEST_SHA_2_384) 103 .Authorization(TAG_OS_VERSION, 60000) 104 .Authorization(TAG_OS_PATCHLEVEL, 201512) 105 .Authorization(TAG_APPLICATION_ID, "bar", 3)); 106 AuthorizationSet sw_set(AuthorizationSetBuilder().Authorization(TAG_ACTIVE_DATETIME, 10)); 107 108 UniquePtr<uint8_t[]> asn1; 109 size_t asn1_len; 110 AuthorizationSet attest_params( 111 AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, "hello", 5)); 112 EXPECT_EQ(KM_ERROR_OK, build_attestation_record(attest_params, sw_set, hw_set, TestContext(), 113 &asn1, &asn1_len)); 114 EXPECT_GT(asn1_len, 0U); 115 116 std::ofstream output("attest.der", 117 std::ofstream::out | std::ofstream::binary | std::ofstream::trunc); 118 if (output) 119 output.write(reinterpret_cast<const char*>(asn1.get()), asn1_len); 120 output.close(); 121 122 AuthorizationSet parsed_hw_set; 123 AuthorizationSet parsed_sw_set; 124 uint32_t attestation_version; 125 uint32_t keymaster_version; 126 keymaster_security_level_t attestation_security_level; 127 keymaster_security_level_t keymaster_security_level; 128 keymaster_blob_t attestation_challenge = {}; 129 keymaster_blob_t unique_id = {}; 130 EXPECT_EQ(KM_ERROR_OK, 131 parse_attestation_record(asn1.get(), asn1_len, &attestation_version, 132 &attestation_security_level, &keymaster_version, 133 &keymaster_security_level, &attestation_challenge, 134 &parsed_sw_set, &parsed_hw_set, &unique_id)); 135 136 hw_set.Sort(); 137 sw_set.Sort(); 138 parsed_hw_set.Sort(); 139 parsed_sw_set.Sort(); 140 EXPECT_EQ(hw_set, parsed_hw_set); 141 EXPECT_EQ(sw_set, parsed_sw_set); 142 } 143 144 } // namespace test 145 } // namespace keymaster 146
