| /* |
| * Copyright 2014 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "android_keymaster_test_utils.h" |
| |
| #include <algorithm> |
| |
| #include <openssl/rand.h> |
| |
| #include <keymaster/android_keymaster_messages.h> |
| #include <keymaster/android_keymaster_utils.h> |
| |
| using std::is_permutation; |
| using std::ostream; |
| using std::string; |
| using std::vector; |
| |
| std::ostream& operator<<(std::ostream& os, const keymaster_key_param_t& param) { |
| os << "Tag: " << keymaster_tag_mask_type(param.tag); |
| switch (keymaster_tag_get_type(param.tag)) { |
| case KM_INVALID: |
| os << " Invalid"; |
| break; |
| case KM_INT_REP: |
| os << " (Rep)"; |
| /* Falls through */ |
| case KM_INT: |
| os << " Int: " << param.integer; |
| break; |
| case KM_ENUM_REP: |
| os << " (Rep)"; |
| /* Falls through */ |
| case KM_ENUM: |
| os << " Enum: " << param.enumerated; |
| break; |
| case KM_LONG_REP: |
| os << " (Rep)"; |
| /* Falls through */ |
| case KM_LONG: |
| os << " Long: " << param.long_integer; |
| break; |
| case KM_DATE: |
| os << " Date: " << param.date_time; |
| break; |
| case KM_BOOL: |
| os << " Bool: " << param.boolean; |
| break; |
| case KM_BIGNUM: |
| os << " Bignum: "; |
| break; |
| case KM_BYTES: |
| os << " Bytes: "; |
| break; |
| } |
| return os; |
| } |
| |
| bool operator==(const keymaster_key_param_t& a, const keymaster_key_param_t& b) { |
| if (a.tag != b.tag) { |
| return false; |
| } |
| |
| switch (keymaster_tag_get_type(a.tag)) { |
| case KM_INVALID: |
| return true; |
| case KM_INT_REP: |
| case KM_INT: |
| return a.integer == b.integer; |
| case KM_ENUM_REP: |
| case KM_ENUM: |
| return a.enumerated == b.enumerated; |
| case KM_LONG: |
| case KM_LONG_REP: |
| return a.long_integer == b.long_integer; |
| case KM_DATE: |
| return a.date_time == b.date_time; |
| case KM_BOOL: |
| return a.boolean == b.boolean; |
| case KM_BIGNUM: |
| case KM_BYTES: |
| if ((a.blob.data == NULL || b.blob.data == NULL) && a.blob.data != b.blob.data) |
| return false; |
| return a.blob.data_length == b.blob.data_length && |
| (memcmp(a.blob.data, b.blob.data, a.blob.data_length) == 0); |
| } |
| |
| return false; |
| } |
| |
| static char hex_value[256] = { |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9' |
| 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F' |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0, |
| 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f' |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
| 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
| |
| string hex2str(string a) { |
| string b; |
| size_t num = a.size() / 2; |
| b.resize(num); |
| for (size_t i = 0; i < num; i++) { |
| b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); |
| } |
| return b; |
| } |
| |
| namespace keymaster { |
| |
| bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) { |
| if (a.size() != b.size()) |
| return false; |
| |
| for (size_t i = 0; i < a.size(); ++i) |
| if (!(a[i] == b[i])) |
| return false; |
| return true; |
| } |
| |
| bool operator!=(const AuthorizationSet& a, const AuthorizationSet& b) { |
| return !(a == b); |
| } |
| |
| std::ostream& operator<<(std::ostream& os, const AuthorizationSet& set) { |
| if (set.size() == 0) |
| os << "(Empty)" << std::endl; |
| for (size_t i = 0; i < set.size(); ++i) { |
| os << set[i] << std::endl; |
| } |
| return os; |
| } |
| |
| namespace test { |
| |
| Keymaster1Test::Keymaster1Test() : op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) { |
| blob_.key_material = NULL; |
| RAND_seed("foobar", 6); |
| blob_.key_material = 0; |
| device_ = GetParam()->CreateDevice(); |
| } |
| |
| Keymaster1Test::~Keymaster1Test() { |
| FreeCharacteristics(); |
| FreeKeyBlob(); |
| device_->common.close(reinterpret_cast<hw_device_t*>(device_)); |
| } |
| |
| keymaster1_device_t* Keymaster1Test::device() { |
| return device_; |
| } |
| |
| keymaster_error_t Keymaster1Test::GenerateKey(const AuthorizationSetBuilder& builder) { |
| AuthorizationSet params(builder.build()); |
| params.push_back(UserAuthParams()); |
| params.push_back(ClientParams()); |
| |
| FreeKeyBlob(); |
| FreeCharacteristics(); |
| return device()->generate_key(device(), ¶ms, &blob_, &characteristics_); |
| } |
| |
| keymaster_error_t Keymaster1Test::ImportKey(const AuthorizationSetBuilder& builder, |
| keymaster_key_format_t format, |
| const string& key_material) { |
| AuthorizationSet params(builder.build()); |
| params.push_back(UserAuthParams()); |
| params.push_back(ClientParams()); |
| |
| FreeKeyBlob(); |
| FreeCharacteristics(); |
| keymaster_blob_t key = {reinterpret_cast<const uint8_t*>(key_material.c_str()), |
| key_material.length()}; |
| return device()->import_key(device(), ¶ms, format, &key, &blob_, &characteristics_); |
| } |
| |
| AuthorizationSet Keymaster1Test::UserAuthParams() { |
| AuthorizationSet set; |
| set.push_back(TAG_USER_ID, 7); |
| set.push_back(TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD); |
| set.push_back(TAG_AUTH_TIMEOUT, 300); |
| return set; |
| } |
| |
| AuthorizationSet Keymaster1Test::ClientParams() { |
| AuthorizationSet set; |
| set.push_back(TAG_APPLICATION_ID, "app_id", 6); |
| return set; |
| } |
| |
| keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose) { |
| AuthorizationSet in_params(client_params()); |
| keymaster_key_param_set_t out_params; |
| keymaster_error_t error = |
| device()->begin(device(), purpose, &blob_, &in_params, &out_params, &op_handle_); |
| EXPECT_EQ(0U, out_params.length); |
| EXPECT_TRUE(out_params.params == nullptr); |
| return error; |
| } |
| |
| keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose, |
| const AuthorizationSet& input_set, |
| AuthorizationSet* output_set) { |
| keymaster_key_param_set_t out_params; |
| keymaster_error_t error = |
| device()->begin(device(), purpose, &blob_, &input_set, &out_params, &op_handle_); |
| if (error == KM_ERROR_OK) { |
| if (output_set) { |
| output_set->Reinitialize(out_params); |
| } else { |
| EXPECT_EQ(0U, out_params.length); |
| EXPECT_TRUE(out_params.params == nullptr); |
| } |
| keymaster_free_param_set(&out_params); |
| } |
| return error; |
| } |
| |
| keymaster_error_t Keymaster1Test::UpdateOperation(const string& message, string* output, |
| size_t* input_consumed) { |
| EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL); |
| keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()}; |
| keymaster_blob_t out_tmp; |
| keymaster_key_param_set_t out_params; |
| keymaster_error_t error = device()->update(device(), op_handle_, nullptr /* params */, &input, |
| input_consumed, &out_params, &out_tmp); |
| if (error == KM_ERROR_OK && out_tmp.data) |
| output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length); |
| free(const_cast<uint8_t*>(out_tmp.data)); |
| return error; |
| } |
| |
| keymaster_error_t Keymaster1Test::UpdateOperation(const AuthorizationSet& additional_params, |
| const string& message, |
| AuthorizationSet* output_params, string* output, |
| size_t* input_consumed) { |
| EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL); |
| keymaster_blob_t input = {reinterpret_cast<const uint8_t*>(message.c_str()), message.length()}; |
| keymaster_blob_t out_tmp; |
| keymaster_key_param_set_t out_params; |
| keymaster_error_t error = device()->update(device(), op_handle_, &additional_params, &input, |
| input_consumed, &out_params, &out_tmp); |
| if (error == KM_ERROR_OK && out_tmp.data) |
| output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length); |
| free((void*)out_tmp.data); |
| if (output_params) |
| output_params->Reinitialize(out_params); |
| keymaster_free_param_set(&out_params); |
| return error; |
| } |
| |
| keymaster_error_t Keymaster1Test::FinishOperation(string* output) { |
| return FinishOperation("", output); |
| } |
| |
| keymaster_error_t Keymaster1Test::FinishOperation(const string& signature, string* output) { |
| AuthorizationSet additional_params; |
| AuthorizationSet output_params; |
| return FinishOperation(additional_params, signature, &output_params, output); |
| } |
| |
| keymaster_error_t Keymaster1Test::FinishOperation(const AuthorizationSet& additional_params, |
| const string& signature, |
| AuthorizationSet* output_params, string* output) { |
| keymaster_blob_t sig = {reinterpret_cast<const uint8_t*>(signature.c_str()), |
| signature.length()}; |
| keymaster_blob_t out_tmp; |
| keymaster_key_param_set_t out_params; |
| keymaster_error_t error = |
| device()->finish(device(), op_handle_, &additional_params, &sig, &out_params, &out_tmp); |
| if (error != KM_ERROR_OK) { |
| EXPECT_TRUE(out_tmp.data == nullptr); |
| EXPECT_TRUE(out_params.params == nullptr); |
| return error; |
| } |
| |
| if (out_tmp.data) |
| output->append(reinterpret_cast<const char*>(out_tmp.data), out_tmp.data_length); |
| free((void*)out_tmp.data); |
| if (output_params) |
| output_params->Reinitialize(out_params); |
| keymaster_free_param_set(&out_params); |
| return error; |
| } |
| |
| keymaster_error_t Keymaster1Test::AbortOperation() { |
| return device()->abort(device(), op_handle_); |
| } |
| |
| string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message) { |
| EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */)); |
| |
| string result; |
| size_t input_consumed; |
| EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| EXPECT_EQ(message.size(), input_consumed); |
| EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result)); |
| return result; |
| } |
| |
| string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message, |
| const AuthorizationSet& begin_params, |
| const AuthorizationSet& update_params, |
| AuthorizationSet* begin_out_params) { |
| EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, begin_out_params)); |
| |
| string result; |
| size_t input_consumed; |
| EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, nullptr /* output_params */, |
| &result, &input_consumed)); |
| EXPECT_EQ(message.size(), input_consumed); |
| EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, "", &result)); |
| return result; |
| } |
| |
| string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message, |
| const string& signature, const AuthorizationSet& begin_params, |
| const AuthorizationSet& update_params, |
| AuthorizationSet* output_params) { |
| EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, begin_params, output_params)); |
| |
| string result; |
| size_t input_consumed; |
| EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, nullptr /* output_params */, |
| &result, &input_consumed)); |
| EXPECT_EQ(message.size(), input_consumed); |
| EXPECT_EQ(KM_ERROR_OK, FinishOperation(update_params, signature, &result)); |
| return result; |
| } |
| |
| string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message, |
| const string& signature) { |
| EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, client_params(), NULL /* output_params */)); |
| |
| string result; |
| size_t input_consumed; |
| EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| EXPECT_EQ(message.size(), input_consumed); |
| EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result)); |
| return result; |
| } |
| |
| void Keymaster1Test::SignMessage(const string& message, string* signature, |
| keymaster_digest_t digest) { |
| SCOPED_TRACE("SignMessage"); |
| AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_))); |
| input_params.push_back(TAG_DIGEST, digest); |
| AuthorizationSet update_params; |
| AuthorizationSet output_params; |
| *signature = |
| ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params); |
| EXPECT_GT(signature->size(), 0U); |
| } |
| |
| void Keymaster1Test::SignMessage(const string& message, string* signature, |
| keymaster_digest_t digest, keymaster_padding_t padding) { |
| SCOPED_TRACE("SignMessage"); |
| AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_))); |
| input_params.push_back(TAG_DIGEST, digest); |
| input_params.push_back(TAG_PADDING, padding); |
| AuthorizationSet update_params; |
| AuthorizationSet output_params; |
| *signature = |
| ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params); |
| EXPECT_GT(signature->size(), 0U); |
| } |
| |
| void Keymaster1Test::MacMessage(const string& message, string* signature, keymaster_digest_t digest, |
| size_t mac_length) { |
| SCOPED_TRACE("SignMessage"); |
| AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_))); |
| input_params.push_back(TAG_MAC_LENGTH, mac_length); |
| input_params.push_back(TAG_DIGEST, digest); |
| AuthorizationSet update_params; |
| AuthorizationSet output_params; |
| *signature = |
| ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params); |
| EXPECT_GT(signature->size(), 0U); |
| } |
| |
| void Keymaster1Test::VerifyMessage(const string& message, const string& signature, |
| keymaster_digest_t digest) { |
| SCOPED_TRACE("VerifyMessage"); |
| AuthorizationSet input_params(client_params()); |
| input_params.push_back(TAG_DIGEST, digest); |
| AuthorizationSet update_params; |
| AuthorizationSet output_params; |
| ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params, |
| &output_params); |
| } |
| |
| void Keymaster1Test::VerifyMessage(const string& message, const string& signature, |
| keymaster_digest_t digest, keymaster_padding_t padding) { |
| SCOPED_TRACE("VerifyMessage"); |
| AuthorizationSet input_params(client_params()); |
| input_params.push_back(TAG_DIGEST, digest); |
| input_params.push_back(TAG_PADDING, padding); |
| AuthorizationSet update_params; |
| AuthorizationSet output_params; |
| ProcessMessage(KM_PURPOSE_VERIFY, message, signature, input_params, update_params, |
| &output_params); |
| } |
| |
| string Keymaster1Test::EncryptMessage(const string& message, keymaster_padding_t padding, |
| string* generated_nonce) { |
| AuthorizationSet update_params; |
| return EncryptMessage(update_params, message, padding, generated_nonce); |
| } |
| |
| string Keymaster1Test::EncryptMessage(const string& message, keymaster_block_mode_t block_mode, |
| keymaster_padding_t padding, string* generated_nonce) { |
| AuthorizationSet update_params; |
| return EncryptMessage(update_params, message, block_mode, padding, generated_nonce); |
| } |
| |
| string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message, |
| keymaster_padding_t padding, string* generated_nonce) { |
| SCOPED_TRACE("EncryptMessage"); |
| AuthorizationSet begin_params(client_params()), output_params; |
| begin_params.push_back(TAG_PADDING, padding); |
| string ciphertext = |
| ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params); |
| if (generated_nonce) { |
| keymaster_blob_t nonce_blob; |
| EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob)); |
| *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length); |
| } else { |
| EXPECT_EQ(-1, output_params.find(TAG_NONCE)); |
| } |
| return ciphertext; |
| } |
| |
| string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message, |
| keymaster_block_mode_t block_mode, |
| keymaster_padding_t padding, string* generated_nonce) { |
| SCOPED_TRACE("EncryptMessage"); |
| AuthorizationSet begin_params(client_params()), output_params; |
| begin_params.push_back(TAG_PADDING, padding); |
| begin_params.push_back(TAG_BLOCK_MODE, block_mode); |
| string ciphertext = |
| ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params); |
| if (generated_nonce) { |
| keymaster_blob_t nonce_blob; |
| EXPECT_TRUE(output_params.GetTagValue(TAG_NONCE, &nonce_blob)); |
| *generated_nonce = make_string(nonce_blob.data, nonce_blob.data_length); |
| } else { |
| EXPECT_EQ(-1, output_params.find(TAG_NONCE)); |
| } |
| return ciphertext; |
| } |
| |
| string Keymaster1Test::EncryptMessageWithParams(const string& message, |
| const AuthorizationSet& begin_params, |
| const AuthorizationSet& update_params, |
| AuthorizationSet* output_params) { |
| SCOPED_TRACE("EncryptMessageWithParams"); |
| return ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, output_params); |
| } |
| |
| string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding) { |
| SCOPED_TRACE("DecryptMessage"); |
| AuthorizationSet begin_params(client_params()); |
| begin_params.push_back(TAG_PADDING, padding); |
| AuthorizationSet update_params; |
| return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params); |
| } |
| |
| string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode, |
| keymaster_padding_t padding) { |
| SCOPED_TRACE("DecryptMessage"); |
| AuthorizationSet begin_params(client_params()); |
| begin_params.push_back(TAG_PADDING, padding); |
| begin_params.push_back(TAG_BLOCK_MODE, block_mode); |
| AuthorizationSet update_params; |
| return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params); |
| } |
| |
| string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_padding_t padding, |
| const string& nonce) { |
| SCOPED_TRACE("DecryptMessage"); |
| AuthorizationSet begin_params(client_params()); |
| begin_params.push_back(TAG_PADDING, padding); |
| begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size()); |
| AuthorizationSet update_params; |
| return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params); |
| } |
| |
| string Keymaster1Test::DecryptMessage(const string& ciphertext, keymaster_block_mode_t block_mode, |
| keymaster_padding_t padding, const string& nonce) { |
| SCOPED_TRACE("DecryptMessage"); |
| AuthorizationSet begin_params(client_params()); |
| begin_params.push_back(TAG_PADDING, padding); |
| begin_params.push_back(TAG_BLOCK_MODE, block_mode); |
| begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size()); |
| AuthorizationSet update_params; |
| return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params); |
| } |
| |
| string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params, |
| const string& ciphertext, keymaster_padding_t padding, |
| const string& nonce) { |
| SCOPED_TRACE("DecryptMessage"); |
| AuthorizationSet begin_params(client_params()); |
| begin_params.push_back(TAG_PADDING, padding); |
| begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size()); |
| return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params); |
| } |
| |
| keymaster_error_t Keymaster1Test::GetCharacteristics() { |
| FreeCharacteristics(); |
| return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */, |
| &characteristics_); |
| } |
| |
| keymaster_error_t Keymaster1Test::ExportKey(keymaster_key_format_t format, string* export_data) { |
| keymaster_blob_t export_tmp; |
| keymaster_error_t error = device()->export_key(device(), format, &blob_, &client_id_, |
| NULL /* app_data */, &export_tmp); |
| |
| if (error != KM_ERROR_OK) |
| return error; |
| |
| *export_data = string(reinterpret_cast<const char*>(export_tmp.data), export_tmp.data_length); |
| free((void*)export_tmp.data); |
| return error; |
| } |
| |
| void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest, |
| string expected_mac) { |
| ASSERT_EQ(KM_ERROR_OK, |
| ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8).Digest(digest), |
| KM_KEY_FORMAT_RAW, key)); |
| string signature; |
| MacMessage(message, &signature, digest, expected_mac.size() * 8); |
| EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest; |
| } |
| |
| void Keymaster1Test::CheckAesCtrTestVector(const string& key, const string& nonce, |
| const string& message, |
| const string& expected_ciphertext) { |
| ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder() |
| .AesEncryptionKey(key.size() * 8) |
| .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR) |
| .Authorization(TAG_CALLER_NONCE) |
| .Padding(KM_PAD_NONE), |
| KM_KEY_FORMAT_RAW, key)); |
| |
| AuthorizationSet begin_params(client_params()), update_params, output_params; |
| begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size()); |
| begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR); |
| begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| string ciphertext = |
| EncryptMessageWithParams(message, begin_params, update_params, &output_params); |
| EXPECT_EQ(expected_ciphertext, ciphertext); |
| } |
| |
| AuthorizationSet Keymaster1Test::hw_enforced() { |
| EXPECT_TRUE(characteristics_ != NULL); |
| return AuthorizationSet(characteristics_->hw_enforced); |
| } |
| |
| AuthorizationSet Keymaster1Test::sw_enforced() { |
| EXPECT_TRUE(characteristics_ != NULL); |
| return AuthorizationSet(characteristics_->sw_enforced); |
| } |
| |
| void Keymaster1Test::FreeCharacteristics() { |
| keymaster_free_characteristics(characteristics_); |
| free(characteristics_); |
| characteristics_ = NULL; |
| } |
| |
| void Keymaster1Test::FreeKeyBlob() { |
| free(const_cast<uint8_t*>(blob_.key_material)); |
| blob_.key_material = NULL; |
| } |
| |
| void Keymaster1Test::corrupt_key_blob() { |
| assert(blob_.key_material); |
| uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material); |
| ++tmp[blob_.key_material_size / 2]; |
| } |
| |
| } // namespace test |
| } // namespace keymaster |