Merge "Round off attestation tests." into rvc-dev am: 2023afbe

std::tuple<ErrorCode, AttestationRecord> parse_attestation_record(const hidl_vec<uint8_t>& cert) {

    const uint8_t* p = cert.data();

    X509_Ptr x509(d2i_X509(nullptr, &p, cert.size()));

    if (!x509.get()) {

        LOG(ERROR) << "Error converting DER";

        return {ErrorCode::INVALID_ARGUMENT, {}};

    }

    ASN1_OBJECT_Ptr oid(OBJ_txt2obj(kAttestionRecordOid, 1 /* dotted string format */));

    if (!oid.get()) {

 * limitations under the License.

 */

#define LOG_TAG "keymaster_hidl_hal_test"

#include <cutils/log.h>

#include "Keymaster4_1HidlTest.h"

#include <cutils/properties.h>

#include <keymasterV4_1/attestation_record.h>

#include <keymasterV4_1/authorization_set.h>

// Not to dump the attestation by default. Can enable by specify the parameter

// "--dump_attestations" on lunching VTS

static bool dumpAttestations = false;

namespace android::hardware::keymaster::V4_0 {

bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {

    return retval;

}

inline void dumpContent(string content) {

    std::cout << content << std::endl;

}

struct AuthorizationSetDifferences {

    string aName;

    string bName;

    }

}

bool tag_in_list(const KeyParameter& entry) {

    // Attestations don't contain everything in key authorization lists, so we need to filter

    // the key lists to produce the lists that we expect to match the attestations.

    auto tag_list = {

            Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, Tag::EC_CURVE,

            Tag::HARDWARE_TYPE,     Tag::VENDOR_PATCHLEVEL,       Tag::BOOT_PATCHLEVEL,

            Tag::CREATION_DATETIME,

    };

    return std::find(tag_list.begin(), tag_list.end(), (V4_1::Tag)entry.tag) != tag_list.end();

}

AuthorizationSet filter_tags(const AuthorizationSet& set) {

    AuthorizationSet filtered;

    std::remove_copy_if(set.begin(), set.end(), std::back_inserter(filtered), tag_in_list);

    return filtered;

}

void check_attestation_record(AttestationRecord attestation, const HidlBuf& challenge,

                              AuthorizationSet expected_sw_enforced,

                              AuthorizationSet expected_hw_enforced,

    attestation.software_enforced.Sort();

    attestation.hardware_enforced.Sort();

    EXPECT_EQ(expected_sw_enforced, attestation.software_enforced)

    EXPECT_EQ(filter_tags(expected_sw_enforced), filter_tags(attestation.software_enforced))

            << DIFFERENCE(expected_sw_enforced, attestation.software_enforced);

    EXPECT_EQ(expected_hw_enforced, attestation.hardware_enforced)

    EXPECT_EQ(filter_tags(expected_hw_enforced), filter_tags(attestation.hardware_enforced))

            << DIFFERENCE(expected_hw_enforced, attestation.hardware_enforced);

}

                                  .RsaSigningKey(2048, 65537)

                                  .Digest(Digest::SHA_2_256)

                                  .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)

                                          .Authorization(TAG_CREATION_DATETIME, 1))));

                                  .Authorization(TAG_INCLUDE_UNIQUE_ID))));

    hidl_vec<hidl_vec<uint8_t>> cert_chain;

    HidlBuf challenge("challenge");

                                        .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

                                &cert_chain)));

    EXPECT_EQ(1U, cert_chain.size());

    EXPECT_EQ(2U, cert_chain.size());

    if (dumpAttestations) dumpContent(bin2hex(cert_chain[0]));

    auto [err, attestation] = parse_attestation_record(cert_chain[0]);

    EXPECT_EQ(ErrorCode::OK, err);

    ASSERT_EQ(ErrorCode::OK, err);

    check_attestation_record(attestation, challenge,

                             /* sw_enforced */

                             AuthorizationSetBuilder()

                                     .Authorization(TAG_CREATION_DATETIME, 1)

                                     .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

                             /* hw_enforced */

                             AuthorizationSetBuilder()

                                          .Authorization(TAG_NO_AUTH_REQUIRED)

                                          .EcdsaSigningKey(256)

                                          .Digest(Digest::SHA_2_256)

                                          .Authorization(TAG_CREATION_DATETIME, 1))));

                                          .Authorization(TAG_INCLUDE_UNIQUE_ID))));

    hidl_vec<hidl_vec<uint8_t>> cert_chain;

    HidlBuf challenge("challenge");

                                        .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

                                &cert_chain)));

    EXPECT_EQ(1U, cert_chain.size());

    EXPECT_EQ(2U, cert_chain.size());

    if (dumpAttestations) dumpContent(bin2hex(cert_chain[0]));

    auto [err, attestation] = parse_attestation_record(cert_chain[0]);

    EXPECT_EQ(ErrorCode::OK, err);

    ASSERT_EQ(ErrorCode::OK, err);

    check_attestation_record(attestation, challenge,

            /* sw_enforced */

                             AuthorizationSetBuilder()

                                     .Authorization(TAG_CREATION_DATETIME, 1)

                                     .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

            AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

            /* hw_enforced */

            AuthorizationSetBuilder()

                    .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)

}  // namespace test

}  // namespace android::hardware::keymaster::V4_1

int main(int argc, char** argv) {

    ::testing::InitGoogleTest(&argc, argv);

    for (int i = 1; i < argc; ++i) {

        if (argv[i][0] == '-') {

            if (std::string(argv[i]) == "--dump_attestations") {

                dumpAttestations = true;

            }

        }

    }

    int status = RUN_ALL_TESTS();

    ALOGI("Test result = %d", status);

    return status;

}