1 /*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "rkp_factory_extraction_lib.h"
18
19 #include "gmock/gmock-matchers.h"
20 #include "gmock/gmock-more-matchers.h"
21 #include <aidl/android/hardware/security/keymint/DeviceInfo.h>
22 #include <aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.h>
23 #include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
24 #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>
25 #include <android-base/properties.h>
26 #include <gmock/gmock.h>
27 #include <gtest/gtest.h>
28 #include <openssl/base64.h>
29
30 #include <cstdint>
31 #include <memory>
32 #include <ostream>
33 #include <set>
34 #include <vector>
35
36 #include "aidl/android/hardware/security/keymint/ProtectedData.h"
37 #include "android/binder_auto_utils.h"
38 #include "android/binder_interface_utils.h"
39 #include "cppbor.h"
40
41 using ::ndk::ScopedAStatus;
42 using ::ndk::SharedRefBase;
43
44 using namespace ::aidl::android::hardware::security::keymint;
45 using namespace ::cppbor;
46 using namespace ::testing;
47
48 namespace cppbor {
49
operator <<(std::ostream & os,const Item & item)50 std::ostream& operator<<(std::ostream& os, const Item& item) {
51 return os << prettyPrint(&item);
52 }
53
operator <<(std::ostream & os,const std::unique_ptr<Item> & item)54 std::ostream& operator<<(std::ostream& os, const std::unique_ptr<Item>& item) {
55 return os << *item;
56 }
57
operator <<(std::ostream & os,const Item * item)58 std::ostream& operator<<(std::ostream& os, const Item* item) {
59 return os << *item;
60 }
61
62 } // namespace cppbor
63
toBase64(const std::vector<uint8_t> & buffer)64 std::string toBase64(const std::vector<uint8_t>& buffer) {
65 size_t base64Length;
66 int rc = EVP_EncodedLength(&base64Length, buffer.size());
67 if (!rc) {
68 std::cerr << "Error getting base64 length. Size overflow?" << std::endl;
69 exit(-1);
70 }
71
72 std::string base64(base64Length, ' ');
73 rc = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(base64.data()), buffer.data(), buffer.size());
74 ++rc; // Account for NUL, which BoringSSL does not for some reason.
75 if (rc != base64Length) {
76 std::cerr << "Error writing base64. Expected " << base64Length
77 << " bytes to be written, but " << rc << " bytes were actually written."
78 << std::endl;
79 exit(-1);
80 }
81
82 // BoringSSL automatically adds a NUL -- remove it from the string data
83 base64.pop_back();
84
85 return base64;
86 }
87
88 class MockIRemotelyProvisionedComponent : public IRemotelyProvisionedComponentDefault {
89 public:
90 MOCK_METHOD(ScopedAStatus, getHardwareInfo, (RpcHardwareInfo * _aidl_return), (override));
91 MOCK_METHOD(ScopedAStatus, generateEcdsaP256KeyPair,
92 (bool in_testMode, MacedPublicKey* out_macedPublicKey,
93 std::vector<uint8_t>* _aidl_return),
94 (override));
95 MOCK_METHOD(ScopedAStatus, generateCertificateRequest,
96 (bool in_testMode, const std::vector<MacedPublicKey>& in_keysToSign,
97 const std::vector<uint8_t>& in_endpointEncryptionCertChain,
98 const std::vector<uint8_t>& in_challenge, DeviceInfo* out_deviceInfo,
99 ProtectedData* out_protectedData, std::vector<uint8_t>* _aidl_return),
100 (override));
101 MOCK_METHOD(ScopedAStatus, generateCertificateRequestV2,
102 (const std::vector<MacedPublicKey>& in_keysToSign,
103 const std::vector<uint8_t>& in_challenge, std::vector<uint8_t>* _aidl_return),
104 (override));
105 MOCK_METHOD(ScopedAStatus, getInterfaceVersion, (int32_t* _aidl_return), (override));
106 MOCK_METHOD(ScopedAStatus, getInterfaceHash, (std::string * _aidl_return), (override));
107 };
108
TEST(LibRkpFactoryExtractionTests,ToBase64)109 TEST(LibRkpFactoryExtractionTests, ToBase64) {
110 std::vector<uint8_t> input(UINT8_MAX + 1);
111 for (int i = 0; i < input.size(); ++i) {
112 input[i] = i;
113 }
114
115 // Test three lengths so we get all the different padding options
116 EXPECT_EQ("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4"
117 "vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV"
118 "5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMj"
119 "Y6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8"
120 "vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uv"
121 "s7e7v8PHy8/T19vf4+fr7/P3+/w==",
122 toBase64(input));
123
124 input.push_back(42);
125 EXPECT_EQ("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4"
126 "vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV"
127 "5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMj"
128 "Y6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8"
129 "vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uv"
130 "s7e7v8PHy8/T19vf4+fr7/P3+/yo=",
131 toBase64(input));
132
133 input.push_back(42);
134 EXPECT_EQ("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4"
135 "vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV"
136 "5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMj"
137 "Y6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8"
138 "vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uv"
139 "s7e7v8PHy8/T19vf4+fr7/P3+/yoq",
140 toBase64(input));
141 }
142
TEST(LibRkpFactoryExtractionTests,UniqueChallengeSmokeTest)143 TEST(LibRkpFactoryExtractionTests, UniqueChallengeSmokeTest) {
144 // This will at least catch VERY broken implementations.
145 constexpr size_t NUM_CHALLENGES = 32;
146 std::set<std::vector<uint8_t>> challenges;
147 for (size_t i = 0; i < NUM_CHALLENGES; ++i) {
148 const std::vector<uint8_t> challenge = generateChallenge();
149 const auto [_, wasInserted] = challenges.insert(generateChallenge());
150 EXPECT_TRUE(wasInserted) << "Duplicate challenge: " << toBase64(challenge);
151 }
152 }
153
TEST(LibRkpFactoryExtractionTests,GetCsrWithV2Hal)154 TEST(LibRkpFactoryExtractionTests, GetCsrWithV2Hal) {
155 ASSERT_TRUE(true);
156
157 const std::vector<uint8_t> kFakeMac = {1, 2, 3, 4};
158
159 Map cborDeviceInfo;
160 cborDeviceInfo.add("product", "gShoe");
161 cborDeviceInfo.add("version", 2);
162 cborDeviceInfo.add("brand", "Fake Brand");
163 cborDeviceInfo.add("manufacturer", "Fake Mfr");
164 cborDeviceInfo.add("model", "Fake Model");
165 cborDeviceInfo.add("device", "Fake Device");
166 cborDeviceInfo.add("vb_state", "orange");
167 cborDeviceInfo.add("bootloader_state", "unlocked");
168 cborDeviceInfo.add("vbmeta_digest", std::vector<uint8_t>{1, 2, 3, 4});
169 cborDeviceInfo.add("system_patch_level", 42);
170 cborDeviceInfo.add("boot_patch_level", 31415);
171 cborDeviceInfo.add("vendor_patch_level", 0);
172 cborDeviceInfo.add("fused", 0);
173 cborDeviceInfo.add("security_level", "tee");
174 cborDeviceInfo.add("os_version", "the best version");
175 const DeviceInfo kVerifiedDeviceInfo = {cborDeviceInfo.canonicalize().encode()};
176
177 Array cborProtectedData;
178 cborProtectedData.add(Bstr()); // protected
179 cborProtectedData.add(Map()); // unprotected
180 cborProtectedData.add(Bstr()); // ciphertext
181 cborProtectedData.add(Array()); // recipients
182 const ProtectedData kProtectedData = {cborProtectedData.encode()};
183
184 std::vector<uint8_t> eekChain;
185 std::vector<uint8_t> challenge;
186
187 // Set up mock, then call getSCsr
188 auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
189 EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
190 hwInfo->versionNumber = 2;
191 return ScopedAStatus::ok();
192 });
193 EXPECT_CALL(*mockRpc,
194 generateCertificateRequest(false, // testMode
195 IsEmpty(), // keysToSign
196 _, // endpointEncryptionCertChain
197 _, // challenge
198 NotNull(), // deviceInfo
199 NotNull(), // protectedData
200 NotNull())) // _aidl_return
201 .WillOnce(DoAll(SaveArg<2>(&eekChain), //
202 SaveArg<3>(&challenge), //
203 SetArgPointee<4>(kVerifiedDeviceInfo), //
204 SetArgPointee<5>(kProtectedData), //
205 SetArgPointee<6>(kFakeMac), //
206 Return(ByMove(ScopedAStatus::ok())))); //
207
208 auto [csr, csrErrMsg] =
209 getCsr("mock component name", mockRpc.get(),
210 /*selfTest=*/false, /*allowDegenerate=*/true, /*requireUdsCerts=*/false);
211 ASSERT_THAT(csr, NotNull()) << csrErrMsg;
212 ASSERT_THAT(csr->asArray(), Pointee(Property(&Array::size, Eq(4))));
213
214 // Verify the input parameters that we received
215 auto [parsedEek, ignore1, eekParseError] = parse(eekChain);
216 ASSERT_THAT(parsedEek, NotNull()) << eekParseError;
217 EXPECT_THAT(parsedEek->asArray(), Pointee(Property(&Array::size, Gt(1))));
218 EXPECT_THAT(challenge, Property(&std::vector<uint8_t>::size, Eq(kChallengeSize)));
219
220 // Device info consists of (verified info, unverified info)
221 const Array* deviceInfoArray = csr->get(0)->asArray();
222 EXPECT_THAT(deviceInfoArray, Pointee(Property(&Array::size, 2)));
223
224 // Verified device info must match our mock value
225 const Map* actualVerifiedDeviceInfo = deviceInfoArray->get(0)->asMap();
226 EXPECT_THAT(actualVerifiedDeviceInfo, Pointee(Property(&Map::size, Eq(cborDeviceInfo.size()))));
227 EXPECT_THAT(actualVerifiedDeviceInfo->get("product"), Pointee(Eq(Tstr("gShoe"))));
228 EXPECT_THAT(actualVerifiedDeviceInfo->get("version"), Pointee(Eq(Uint(2))));
229
230 // Empty unverified device info
231 const Map* actualUnverifiedDeviceInfo = deviceInfoArray->get(1)->asMap();
232 EXPECT_THAT(actualUnverifiedDeviceInfo, Pointee(Property(&Map::size, Eq(0))));
233
234 // Challenge must match the call to generateCertificateRequest
235 const Bstr* actualChallenge = csr->get(1)->asBstr();
236 EXPECT_THAT(actualChallenge, Pointee(Property(&Bstr::value, Eq(challenge))));
237
238 // Protected data must match the mock value
239 const Array* actualProtectedData = csr->get(2)->asArray();
240 EXPECT_THAT(actualProtectedData, Pointee(Eq(ByRef(cborProtectedData))));
241
242 // Ensure the maced public key matches the expected COSE_mac0
243 const Array* actualMacedKeys = csr->get(3)->asArray();
244 ASSERT_THAT(actualMacedKeys, Pointee(Property(&Array::size, Eq(4))));
245 ASSERT_THAT(actualMacedKeys->get(0)->asBstr(), NotNull());
246 auto [macProtectedParams, ignore2, macParamParseError] =
247 parse(actualMacedKeys->get(0)->asBstr());
248 ASSERT_THAT(macProtectedParams, NotNull()) << macParamParseError;
249 Map expectedMacProtectedParams;
250 expectedMacProtectedParams.add(1, 5);
251 EXPECT_THAT(macProtectedParams, Pointee(Eq(ByRef(expectedMacProtectedParams))));
252 EXPECT_THAT(actualMacedKeys->get(1)->asMap(), Pointee(Property(&Map::size, Eq(0))));
253 EXPECT_THAT(actualMacedKeys->get(2)->asNull(), NotNull());
254 EXPECT_THAT(actualMacedKeys->get(3)->asBstr(), Pointee(Eq(Bstr(kFakeMac))));
255 }
256
TEST(LibRkpFactoryExtractionTests,GetCsrWithV3Hal)257 TEST(LibRkpFactoryExtractionTests, GetCsrWithV3Hal) {
258 const std::vector<uint8_t> kCsr = Array()
259 .add(1 /* version */)
260 .add(Map() /* UdsCerts */)
261 .add(Array() /* DiceCertChain */)
262 .add(Array() /* SignedData */)
263 .encode();
264 std::vector<uint8_t> challenge;
265
266 // Set up mock, then call getCsr
267 auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
268 EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
269 hwInfo->versionNumber = 3;
270 return ScopedAStatus::ok();
271 });
272 EXPECT_CALL(*mockRpc,
273 generateCertificateRequestV2(IsEmpty(), // keysToSign
274 _, // challenge
275 NotNull())) // _aidl_return
276 .WillOnce(DoAll(SaveArg<1>(&challenge), SetArgPointee<2>(kCsr),
277 Return(ByMove(ScopedAStatus::ok()))));
278
279 auto [csr, csrErrMsg] =
280 getCsr("mock component name", mockRpc.get(),
281 /*selfTest=*/false, /*allowDegenerate=*/true, /*requireUdsCerts=*/false);
282 ASSERT_THAT(csr, NotNull()) << csrErrMsg;
283 ASSERT_THAT(csr, Pointee(Property(&Array::size, Eq(5))));
284
285 EXPECT_THAT(csr->get(0 /* version */), Pointee(Eq(Uint(1))));
286 EXPECT_THAT(csr->get(1)->asMap(), NotNull());
287 EXPECT_THAT(csr->get(2)->asArray(), NotNull());
288 EXPECT_THAT(csr->get(3)->asArray(), NotNull());
289
290 const Map* unverifedDeviceInfo = csr->get(4)->asMap();
291 ASSERT_THAT(unverifedDeviceInfo, NotNull());
292 EXPECT_THAT(unverifedDeviceInfo->get("fingerprint"), NotNull());
293 const Tstr fingerprint(android::base::GetProperty("ro.build.fingerprint", ""));
294 EXPECT_THAT(*unverifedDeviceInfo->get("fingerprint")->asTstr(), Eq(fingerprint));
295 }
296
TEST(LibRkpFactoryExtractionTests,requireUdsCerts)297 TEST(LibRkpFactoryExtractionTests, requireUdsCerts) {
298 const std::vector<uint8_t> kCsr = Array()
299 .add(1 /* version */)
300 .add(Map() /* UdsCerts */)
301 .add(Array() /* DiceCertChain */)
302 .add(Array() /* SignedData */)
303 .encode();
304 std::vector<uint8_t> challenge;
305
306 // Set up mock, then call getCsr
307 auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
308 EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
309 hwInfo->versionNumber = 3;
310 return ScopedAStatus::ok();
311 });
312 EXPECT_CALL(*mockRpc,
313 generateCertificateRequestV2(IsEmpty(), // keysToSign
314 _, // challenge
315 NotNull())) // _aidl_return
316 .WillOnce(DoAll(SaveArg<1>(&challenge), SetArgPointee<2>(kCsr),
317 Return(ByMove(ScopedAStatus::ok()))));
318
319 auto [csr, csrErrMsg] =
320 getCsr("mock component name", mockRpc.get(),
321 /*selfTest=*/true, /*allowDegenerate=*/false, /*requireUdsCerts=*/true);
322 ASSERT_EQ(csr, nullptr);
323 ASSERT_THAT(csrErrMsg, testing::HasSubstr("UdsCerts must not be empty"));
324 }
325
TEST(LibRkpFactoryExtractionTests,dontRequireUdsCerts)326 TEST(LibRkpFactoryExtractionTests, dontRequireUdsCerts) {
327 const std::vector<uint8_t> kCsr = Array()
328 .add(1 /* version */)
329 .add(Map() /* UdsCerts */)
330 .add(Array() /* DiceCertChain */)
331 .add(Array() /* SignedData */)
332 .encode();
333 std::vector<uint8_t> challenge;
334
335 // Set up mock, then call getCsr
336 auto mockRpc = SharedRefBase::make<MockIRemotelyProvisionedComponent>();
337 EXPECT_CALL(*mockRpc, getHardwareInfo(NotNull())).WillRepeatedly([](RpcHardwareInfo* hwInfo) {
338 hwInfo->versionNumber = 3;
339 return ScopedAStatus::ok();
340 });
341 EXPECT_CALL(*mockRpc,
342 generateCertificateRequestV2(IsEmpty(), // keysToSign
343 _, // challenge
344 NotNull())) // _aidl_return
345 .WillOnce(DoAll(SaveArg<1>(&challenge), SetArgPointee<2>(kCsr),
346 Return(ByMove(ScopedAStatus::ok()))));
347
348 auto [csr, csrErrMsg] =
349 getCsr("mock component name", mockRpc.get(),
350 /*selfTest=*/true, /*allowDegenerate=*/false, /*requireUdsCerts=*/false);
351 ASSERT_EQ(csr, nullptr);
352 ASSERT_THAT(csrErrMsg, testing::Not(testing::HasSubstr("UdsCerts must not be empty")));
353 }
354
TEST(LibRkpFactoryExtractionTests,parseCommaDelimitedString)355 TEST(LibRkpFactoryExtractionTests, parseCommaDelimitedString) {
356 const auto& rpcNames = "default,avf,,default,Strongbox,strongbox,,";
357 const auto& rpcSet = parseCommaDelimited(rpcNames);
358
359 ASSERT_EQ(rpcSet.size(), 4);
360 ASSERT_TRUE(rpcSet.count("") == 0);
361 ASSERT_TRUE(rpcSet.count("default") == 1);
362 ASSERT_TRUE(rpcSet.count("avf") == 1);
363 ASSERT_TRUE(rpcSet.count("strongbox") == 1);
364 ASSERT_TRUE(rpcSet.count("Strongbox") == 1);
365 }