Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b1b45ff8 authored by Max Bires's avatar Max Bires
Browse files

Adding testing functionality for TAG_ROLLBACK_RESISTANCE 

Due to changes in implementation between keymaster 3.0 and 4.0, rollback
resistance is now specified by the caller. This patch addresses that
inconsistency to make sure rollback resistance is properly tested. If
rollback resistance is supported by the hardware, then it will now be
tested.

Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: I21e8d1e66932ddfad2d42ce8a43591431f3ff284
parent 12ca95cc

keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

+44 −63
Original line number Diff line number Diff line
@@ -4066,63 +4066,53 @@ typedef KeymasterHidlTest KeyDeletionTest; 
 *

 * This test checks that if rollback protection is implemented, DeleteKey invalidates a formerly

 * valid key blob.

 *

 * TODO(swillden):  Update to incorporate changes in rollback resistance semantics.

 */

TEST_F(KeyDeletionTest, DeleteKey) {

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

    auto error = GenerateKey(AuthorizationSetBuilder()

                                     .RsaSigningKey(2048, 65537)

                                     .Digest(Digest::NONE)

                                     .Padding(PaddingMode::NONE)

                                             .Authorization(TAG_NO_AUTH_REQUIRED)));

                                     .Authorization(TAG_NO_AUTH_REQUIRED)

                                     .Authorization(TAG_ROLLBACK_RESISTANCE));

    ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);



    // Delete must work if rollback protection is implemented

    if (error == ErrorCode::OK) {

        AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced);

    bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE);

        ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));



    if (rollback_protected) {

        ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */));

    } else {

        auto delete_result = DeleteKey(true /* keep key blob */);

        ASSERT_TRUE(delete_result == ErrorCode::OK | delete_result == ErrorCode::UNIMPLEMENTED);

    }



        string message = "12345678901234567890123456789012";

        AuthorizationSet begin_out_params;



    if (rollback_protected) {

        EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,

                  Begin(KeyPurpose::SIGN, key_blob_,

                        AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),

                        &begin_out_params, &op_handle_));

    } else {

        EXPECT_EQ(ErrorCode::OK,

                  Begin(KeyPurpose::SIGN, key_blob_,

                        AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),

                        &begin_out_params, &op_handle_));

    }

        AbortIfNeeded();

        key_blob_ = HidlBuf();

    }

}



/**

 * KeyDeletionTest.DeleteInvalidKey

 *

 * This test checks that the HAL excepts invalid key blobs.

 *

 * TODO(swillden):  Update to incorporate changes in rollback resistance semantics.

 * This test checks that the HAL excepts invalid key blobs..

 */

TEST_F(KeyDeletionTest, DeleteInvalidKey) {

    // Generate key just to check if rollback protection is implemented

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

    auto error = GenerateKey(AuthorizationSetBuilder()

                                     .RsaSigningKey(2048, 65537)

                                     .Digest(Digest::NONE)

                                     .Padding(PaddingMode::NONE)

                                             .Authorization(TAG_NO_AUTH_REQUIRED)));

                                     .Authorization(TAG_NO_AUTH_REQUIRED)

                                     .Authorization(TAG_ROLLBACK_RESISTANCE));

    ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);



    // Delete must work if rollback protection is implemented

    if (error == ErrorCode::OK) {

        AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced);

    bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE);

        ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));



        // Delete the key we don't care about the result at this point.

        DeleteKey();
@@ -4130,11 +4120,7 @@ TEST_F(KeyDeletionTest, DeleteInvalidKey) { 
        // Now create an invalid key blob and delete it.

        key_blob_ = HidlBuf("just some garbage data which is not a valid key blob");



    if (rollback_protected) {

        ASSERT_EQ(ErrorCode::OK, DeleteKey());

    } else {

        auto delete_result = DeleteKey();

        ASSERT_TRUE(delete_result == ErrorCode::OK | delete_result == ErrorCode::UNIMPLEMENTED);

    }

}
@@ -4148,40 +4134,35 @@ TEST_F(KeyDeletionTest, DeleteInvalidKey) { 
 * device has been wiped manually (e.g., fastboot flashall -w), and new FBE/FDE keys have

 * been provisioned. Use this test only on dedicated testing devices that have no valuable

 * credentials stored in Keystore/Keymaster.

 *

 * TODO(swillden):  Update to incorporate changes in rollback resistance semantics.

 */

TEST_F(KeyDeletionTest, DeleteAllKeys) {

    if (!arm_deleteAllKeys) return;

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

    auto error = GenerateKey(AuthorizationSetBuilder()

                                     .RsaSigningKey(2048, 65537)

                                     .Digest(Digest::NONE)

                                     .Padding(PaddingMode::NONE)

                                             .Authorization(TAG_NO_AUTH_REQUIRED)));

                                     .Authorization(TAG_NO_AUTH_REQUIRED)

                                     .Authorization(TAG_ROLLBACK_RESISTANCE));

    ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);



    // Delete must work if rollback protection is implemented

    if (error == ErrorCode::OK) {

        AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced);

    bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE);

        ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));



        ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());



        string message = "12345678901234567890123456789012";

        AuthorizationSet begin_out_params;



    if (rollback_protected) {

        EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,

                  Begin(KeyPurpose::SIGN, key_blob_,

                        AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),

                        &begin_out_params, &op_handle_));

    } else {

        EXPECT_EQ(ErrorCode::OK,

                  Begin(KeyPurpose::SIGN, key_blob_,

                        AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),

                        &begin_out_params, &op_handle_));

    }

        AbortIfNeeded();

        key_blob_ = HidlBuf();

    }

}



using UpgradeKeyTest = KeymasterHidlTest;