| /* |
| * Copyright (C) 2024 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #[cfg(test)] |
| mod tests { |
| use android_hardware_security_see::aidl::android::hardware::security::see::hwcrypto::{ |
| IHwCryptoKey::{ |
| DerivedKey::DerivedKey, DerivedKeyParameters::DerivedKeyParameters, |
| DerivedKeyPolicy::DerivedKeyPolicy, DeviceKeyId::DeviceKeyId, |
| DiceBoundDerivationKey::DiceBoundDerivationKey, DiceBoundKeyResult::DiceBoundKeyResult, |
| DiceCurrentBoundKeyResult::DiceCurrentBoundKeyResult, IHwCryptoKey, |
| ClearKeyPolicy::ClearKeyPolicy, |
| }, |
| }; |
| use binder::{StatusCode, Strong}; |
| use rpcbinder::RpcSession; |
| use test::{expect, assert_ok}; |
| use trusty_std::ffi::{CString, FallibleCString}; |
| |
| pub(crate) const RUST_DEVICE_KEY_SERVICE_PORT: &str = "com.android.trusty.rust.hwcryptohal.V1"; |
| |
| pub(crate) const VERSION_0_DICE_POLICY: [u8; 120] = [ |
| 0x83, 0x58, 0x30, 0xa3, 0x01, 0x03, 0x3a, 0x00, 0x01, 0x00, 0x02, 0x58, 0x20, 0x7a, 0x87, |
| 0x07, 0x18, 0x72, 0x14, 0xb4, 0x1e, 0x69, 0x60, 0xc8, 0x6e, 0xfd, 0x8d, 0xdf, 0x6e, 0x48, |
| 0xbd, 0x33, 0xa2, 0xdf, 0x6c, 0x76, 0x59, 0xdf, 0x82, 0x93, 0x3e, 0xf3, 0xa9, 0x6a, 0x23, |
| 0x3a, 0x00, 0x01, 0x00, 0x03, 0x01, 0xa0, 0x58, 0x42, 0xea, 0xf7, 0x26, 0xfd, 0x2a, 0x06, |
| 0x0a, 0x4b, 0x9e, 0x8c, 0xba, 0xf3, 0x41, 0x91, 0xac, 0x88, 0xfd, 0xc6, 0x23, 0xc3, 0x3f, |
| 0x33, 0x64, 0x6d, 0x20, 0xb4, 0x18, 0x7a, 0x55, 0x7c, 0x4c, 0xdd, 0x64, 0x84, 0x54, 0x22, |
| 0xec, 0xd9, 0x1d, 0x89, 0x49, 0xf3, 0xcb, 0x37, 0xfb, 0x1c, 0x49, 0x5a, 0xd5, 0xbc, 0xf6, |
| 0x82, 0xd7, 0x82, 0xcc, 0x51, 0x00, 0x3b, 0x71, 0x0f, 0xde, 0xdb, 0x8a, 0xcf, 0x23, 0xf9, |
| ]; |
| |
| pub(crate) const VERSION_0_CLEAR_KEY: [u8; 256] = [ |
| 0xf7, 0xf3, 0x3f, 0x34, 0xfd, 0x4c, 0x09, 0xcf, 0xb2, 0x20, 0x8a, 0xcc, 0x08, 0xd8, 0x33, |
| 0x97, 0x66, 0xeb, 0x65, 0xd2, 0xba, 0xd9, 0x48, 0x83, 0x79, 0x6d, 0x43, 0x09, 0x69, 0xe5, |
| 0x2d, 0x54, 0x9b, 0xd8, 0xbb, 0xc0, 0xb9, 0xec, 0xe4, 0x90, 0x8b, 0x43, 0x57, 0x9b, 0x84, |
| 0xad, 0x55, 0xd5, 0x68, 0x43, 0xc6, 0x1b, 0x01, 0x36, 0xca, 0x82, 0x6c, 0x96, 0xae, 0x5f, |
| 0xca, 0xec, 0xc2, 0x48, 0x13, 0x5a, 0x72, 0x17, 0x20, 0x56, 0x9e, 0x3b, 0xe3, 0xe5, 0xbd, |
| 0x20, 0x38, 0x56, 0x01, 0x8a, 0x32, 0x92, 0x47, 0xb1, 0x0f, 0x0e, 0x8f, 0x69, 0x1d, 0x7f, |
| 0x33, 0x84, 0xb8, 0x46, 0x58, 0x0d, 0xf6, 0xa2, 0xb1, 0xc7, 0xe9, 0x7a, 0xbc, 0x18, 0xa9, |
| 0x78, 0x70, 0x61, 0xff, 0x4b, 0x70, 0x41, 0x58, 0xdd, 0xbb, 0xcb, 0x71, 0x46, 0x92, 0x4d, |
| 0xf2, 0x26, 0xe0, 0x20, 0x6d, 0x81, 0x4c, 0x82, 0x5a, 0x29, 0xee, 0x1e, 0x01, 0xb7, 0xd1, |
| 0x8b, 0x32, 0xef, 0x00, 0x5e, 0x83, 0x1e, 0x30, 0x1d, 0xc4, 0xb2, 0x95, 0x5a, 0xa5, 0x75, |
| 0x02, 0x9c, 0xae, 0xf5, 0x8e, 0x88, 0xd8, 0x94, 0xac, 0x9a, 0x04, 0x88, 0x6f, 0x38, 0x8b, |
| 0x1b, 0x22, 0x5a, 0x33, 0x3e, 0xfb, 0x2e, 0xfd, 0x6f, 0xaa, 0x7d, 0xcd, 0xf1, 0xab, 0x61, |
| 0x69, 0xc0, 0x54, 0x09, 0xf9, 0xe9, 0x43, 0xa1, 0x7f, 0x48, 0xf5, 0xe9, 0xfe, 0xf3, 0xd5, |
| 0xd1, 0xdf, 0x0c, 0xe7, 0xc9, 0xd4, 0xfd, 0xe2, 0x31, 0x33, 0x6c, 0x71, 0xe1, 0xe0, 0x9b, |
| 0x35, 0x1f, 0xea, 0x7a, 0x3e, 0xaa, 0x36, 0x70, 0xda, 0xb7, 0xcc, 0x5e, 0x1f, 0xe5, 0x70, |
| 0xf6, 0x60, 0xe8, 0xa4, 0x8a, 0xa3, 0x1d, 0x08, 0x6a, 0xa6, 0xf9, 0x6c, 0xac, 0x5b, 0xa2, |
| 0xa9, 0x45, 0x67, 0xae, 0x34, 0x55, 0xc0, 0xd0, 0xf5, 0x37, 0xde, 0xc6, 0x13, 0x06, 0x16, |
| 0x82, |
| ]; |
| |
| fn connect() -> Result<Strong<dyn IHwCryptoKey>, StatusCode> { |
| let port = |
| CString::try_new(RUST_DEVICE_KEY_SERVICE_PORT).expect("Failed to allocate port name"); |
| RpcSession::new().setup_trusty_client(port.as_c_str()) |
| } |
| |
| fn keys_are_sufficiently_distinct(key1: Vec<u8>, key2: Vec<u8>) -> bool { |
| let differing_bytes = key1.iter().zip(key2.iter()).filter(|(&x1, &x2)| x1 != x2).count(); |
| |
| std::cmp::min(key1.len(), key2.len()) - differing_bytes <= 4 |
| } |
| |
| #[test] |
| fn generate_new_policy_and_clear_key() { |
| let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); |
| |
| // Get the device bound key |
| let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); |
| |
| // Generate the current derivation key and policy |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); |
| let DiceCurrentBoundKeyResult { |
| diceBoundKey: derivation_key1, |
| dicePolicyForKeyVersion: dice_policy, |
| } = key_and_policy; |
| |
| expect!(derivation_key1.is_some(), "should have received a key"); |
| expect!(dice_policy.len() > 0, "should have received a DICE policy"); |
| |
| // Derive a clear key from returned current policy and derivation key |
| let mut params = DerivedKeyParameters { |
| derivationKey: derivation_key1, |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: "context".as_bytes().to_vec(), |
| }; |
| |
| let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| // Check key type and length |
| let derived_key1 = match derived_key1 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| assert_eq!(derived_key1.len() as i32, 256, "wrong key length"); |
| |
| // Use dice policy to request same key |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &dice_policy)); |
| let DiceBoundKeyResult { |
| diceBoundKey: derivation_key2, |
| dicePolicyWasCurrent: dice_policy_current, |
| } = key_and_policy; |
| |
| expect!(derivation_key2.is_some(), "should have received a key"); |
| expect!(dice_policy_current, "policy should have been current"); |
| |
| // generate derived key 2 and compare to key 1 |
| params.derivationKey = derivation_key2; |
| |
| let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| // Check key type and length |
| let derived_key2 = match derived_key2 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| assert_eq!(derived_key2.len() as i32, 256, "wrong key length"); |
| |
| // Make sure both derived keys match |
| assert_eq!(derived_key2, derived_key1, "key mismatch"); |
| |
| // If we request current dice policy again, we expect the same key, but different |
| // encryption of the returned policy. Note underlying policy is the same (latest), |
| // but encrypted byte array returned will be different |
| |
| // Generate the current derivation key and policy again |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); |
| let DiceCurrentBoundKeyResult { |
| diceBoundKey: derivation_key3, |
| dicePolicyForKeyVersion: dice_policy3, |
| } = key_and_policy; |
| |
| // We expect the dice policy to appear different due to encruption |
| assert_ne!( |
| dice_policy, dice_policy3, |
| "expected dice policies to appear different due to encryption" |
| ); |
| |
| // Ensure derived key from this policy matches previously generated derived key |
| params.derivationKey = derivation_key3; |
| |
| let derived_key3 = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| // Check key type and length |
| let derived_key3 = match derived_key3 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| assert_eq!(derived_key3.len() as i32, 256, "wrong key length"); |
| |
| // Make sure both derived keys match |
| assert_eq!(derived_key3, derived_key1, "key mismatch"); |
| } |
| |
| #[test] |
| fn old_dice_generates_old_clear_key_and_new_policy() { |
| let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); |
| |
| // Get the device bound key |
| let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); |
| |
| // Generate a derived key from version 0 dice policy |
| let key_and_policy = assert_ok!( |
| hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &VERSION_0_DICE_POLICY) |
| ); |
| let DiceBoundKeyResult { |
| diceBoundKey: derivation_key, |
| dicePolicyWasCurrent: dice_policy_current, |
| } = key_and_policy; |
| |
| // We expect version 0 should not be current |
| expect!(!dice_policy_current, "policy not expected to be current"); |
| |
| // Derive clear key from derivation key |
| let params = DerivedKeyParameters { |
| derivationKey: derivation_key, |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: "context".as_bytes().to_vec(), |
| }; |
| |
| let derived_key = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| // Check key type and length |
| let derived_key = match derived_key { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| assert_eq!(derived_key.len() as i32, 256, "wrong key length"); |
| |
| // Check we got the old key and a new policy |
| assert_eq!(derived_key, VERSION_0_CLEAR_KEY.to_vec(), "Retrieved version 0 key mismatch"); |
| } |
| |
| #[test] |
| fn dice_updates_are_unique() { |
| let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); |
| |
| // Get the device bound key |
| let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); |
| |
| // Generate a derived key from version 0 dice policy |
| let key_and_policy = assert_ok!( |
| hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &VERSION_0_DICE_POLICY) |
| ); |
| let DiceBoundKeyResult { |
| diceBoundKey: _derivation_key, |
| dicePolicyWasCurrent: dice_policy_current, |
| } = key_and_policy; |
| |
| // We expect version 0 should not be current |
| expect!(!dice_policy_current, "policy not expected to be current"); |
| |
| // Get current dice policy multiple times |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); |
| let DiceCurrentBoundKeyResult { |
| diceBoundKey: derivation_key1, |
| dicePolicyForKeyVersion: dice_policy1, |
| } = key_and_policy; |
| |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); |
| let DiceCurrentBoundKeyResult { |
| diceBoundKey: derivation_key2, |
| dicePolicyForKeyVersion: dice_policy2, |
| } = key_and_policy; |
| |
| // policies should appear different due to encryption and not be zero length |
| expect!(dice_policy1.len() > 0, "should have received a DICE policy"); |
| expect!(dice_policy2.len() > 0, "should have received a DICE policy"); |
| assert_ne!(dice_policy1, dice_policy2, "expected policies to be different"); |
| |
| expect!(derivation_key1.is_some(), "should have received a key"); |
| expect!(derivation_key2.is_some(), "should have received a key"); |
| |
| // Generate derived clear keys from returned derivation keys |
| let params = DerivedKeyParameters { |
| derivationKey: derivation_key1, |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: "context".as_bytes().to_vec(), |
| }; |
| |
| let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| let params = DerivedKeyParameters { |
| derivationKey: derivation_key2, |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: "context".as_bytes().to_vec(), |
| }; |
| |
| let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| // Check derived keys |
| let derived_key1 = match derived_key1 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| let derived_key2 = match derived_key2 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| // Check that generated keys match |
| assert_eq!(derived_key1, derived_key2, "key mismatch"); |
| |
| // Check that both dice policies are considered current |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &dice_policy1)); |
| let DiceBoundKeyResult { diceBoundKey: _, dicePolicyWasCurrent: dice_policy1_current } = |
| key_and_policy; |
| |
| expect!(dice_policy1_current, "policy expected to be current"); |
| |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveDicePolicyBoundKey(&device_bound_key, &dice_policy2)); |
| let DiceBoundKeyResult { diceBoundKey: _, dicePolicyWasCurrent: dice_policy2_current } = |
| key_and_policy; |
| |
| expect!(dice_policy2_current, "policy expected to be current"); |
| } |
| |
| #[test] |
| fn explicit_keys_unique_by_context() { |
| let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); |
| |
| // Get the device bound key |
| let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); |
| |
| // Generate the current derivation key and policy |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); |
| let DiceCurrentBoundKeyResult { |
| diceBoundKey: derivation_key, |
| dicePolicyForKeyVersion: dice_policy, |
| } = key_and_policy; |
| |
| expect!(derivation_key.is_some(), "should have received a key"); |
| expect!(dice_policy.len() > 0, "should have received a DICE policy"); |
| |
| // Define two different contexts and get clear derived keys for each |
| let context1 = "context1"; |
| let context2 = "context2"; |
| |
| let params1 = DerivedKeyParameters { |
| derivationKey: derivation_key.clone(), |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: context1.as_bytes().to_vec(), |
| }; |
| |
| let params2 = DerivedKeyParameters { |
| derivationKey: derivation_key.clone(), |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: context2.as_bytes().to_vec(), |
| }; |
| |
| let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms1)); |
| let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms2)); |
| |
| // Check key2 type and length |
| let derived_key1 = match derived_key1 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| let derived_key2 = match derived_key2 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| assert_eq!(derived_key1.len() as i32, 256, "wrong key length"); |
| assert_eq!(derived_key2.len() as i32, 256, "wrong key length"); |
| |
| // Ensure keys are different |
| assert_ne!(derived_key2, derived_key1, "returned keys are same"); |
| assert!( |
| keys_are_sufficiently_distinct(derived_key2, derived_key1), |
| "derived keys share too many bytes" |
| ); |
| } |
| |
| #[test] |
| fn invalid_key_sizes() { |
| let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); |
| |
| // Get the device bound key |
| let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); |
| |
| // Generate the current derivation key and policy |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); |
| let DiceCurrentBoundKeyResult { |
| diceBoundKey: derivation_key, |
| dicePolicyForKeyVersion: dice_policy, |
| } = key_and_policy; |
| |
| expect!(derivation_key.is_some(), "should have received a key"); |
| expect!(dice_policy.len() > 0, "should have received a DICE policy"); |
| |
| // Request a zero length key |
| let params = DerivedKeyParameters { |
| derivationKey: derivation_key.clone(), |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 0 }), |
| context: "context".as_bytes().to_vec(), |
| }; |
| |
| let derived_key = hw_device_key.deriveKey(¶ms); |
| expect!(derived_key.is_err(), "expected error on bad key size"); |
| |
| // Request a negative length key |
| let params = DerivedKeyParameters { |
| derivationKey: derivation_key.clone(), |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: -256 }), |
| context: "context".as_bytes().to_vec(), |
| }; |
| |
| let derived_key = hw_device_key.deriveKey(¶ms); |
| expect!(derived_key.is_err(), "expected error on bad key size"); |
| } |
| |
| #[test] |
| fn large_context() { |
| let hw_device_key = connect().expect("couldn't connect to HW Crypto service"); |
| |
| // Get the device bound key |
| let device_bound_key = DiceBoundDerivationKey::KeyId(DeviceKeyId::DEVICE_BOUND_KEY); |
| |
| // Generate the current derivation key and policy |
| let key_and_policy = |
| assert_ok!(hw_device_key.deriveCurrentDicePolicyBoundKey(&device_bound_key)); |
| let DiceCurrentBoundKeyResult { |
| diceBoundKey: derivation_key, |
| dicePolicyForKeyVersion: dice_policy, |
| } = key_and_policy; |
| |
| expect!(derivation_key.is_some(), "should have received a key"); |
| expect!(dice_policy.len() > 0, "should have received a DICE policy"); |
| |
| // Pick a reasonable large context size |
| const PAYLOAD_LEN: usize = 512; |
| |
| let mut context = vec![42; PAYLOAD_LEN]; |
| |
| // Get a derived key based on large context |
| let params = DerivedKeyParameters { |
| derivationKey: derivation_key.clone(), |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: context.clone(), |
| }; |
| |
| let derived_key1 = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| // Check key type and length |
| let derived_key1 = match derived_key1 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| assert_eq!(derived_key1.len() as i32, 256, "wrong key length"); |
| |
| // Make a minor change to last byte of context and request another key |
| context[PAYLOAD_LEN - 1] = 43; |
| |
| let params = DerivedKeyParameters { |
| derivationKey: derivation_key.clone(), |
| keyPolicy: DerivedKeyPolicy::ClearKey(ClearKeyPolicy { keySizeBytes: 256 }), |
| context: context.clone(), |
| }; |
| |
| let derived_key2 = assert_ok!(hw_device_key.deriveKey(¶ms)); |
| |
| // Check key type and length |
| let derived_key2 = match derived_key2 { |
| DerivedKey::Opaque(_) => panic!("wrong type of key received"), |
| DerivedKey::ExplicitKey(k) => k, |
| }; |
| |
| assert_eq!(derived_key2.len() as i32, 256, "wrong key length"); |
| |
| //Ensure keys are different |
| assert_ne!(derived_key1, derived_key2, "keys expected to differ"); |
| assert!( |
| keys_are_sufficiently_distinct(derived_key1, derived_key2), |
| "derived keys share too many bytes" |
| ); |
| } |
| } |