diff options
author | Rajesh Nyamagoud <nyamagoud@google.com> | 2022-03-21 20:35:18 +0000 |
---|---|---|
committer | Rajesh Nyamagoud <nyamagoud@google.com> | 2022-03-25 19:51:23 +0000 |
commit | 901386c2c44a34688563ab8328311186e0695d03 (patch) | |
tree | 15d3684a676c49e45f8be88db1b5b0d7eff08188 /keystore2/test_utils | |
parent | b174ed0494c13b4adb6bdd634f4bec512878a025 (diff) | |
download | security-901386c2c44a34688563ab8328311186e0695d03.tar.gz |
Create authorizations and key_generations test modules -
- authorizations: helper struct to create set of key authorizations
- key_generations: helper methods to generate various keys.
Test: N/A
Change-Id: I23250838b7b6d8ad59f5ef8682861a07e856299f
Diffstat (limited to 'keystore2/test_utils')
-rw-r--r-- | keystore2/test_utils/authorizations.rs | 88 | ||||
-rw-r--r-- | keystore2/test_utils/key_generations.rs | 68 | ||||
-rw-r--r-- | keystore2/test_utils/lib.rs | 11 |
3 files changed, 167 insertions, 0 deletions
diff --git a/keystore2/test_utils/authorizations.rs b/keystore2/test_utils/authorizations.rs new file mode 100644 index 00000000..4fbe1241 --- /dev/null +++ b/keystore2/test_utils/authorizations.rs @@ -0,0 +1,88 @@ +// Copyright 2022, The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//! This module implements test utils to create Autherizations. + +use std::ops::Deref; + +use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{ + Algorithm::Algorithm, Digest::Digest, EcCurve::EcCurve, KeyParameter::KeyParameter, + KeyParameterValue::KeyParameterValue, KeyPurpose::KeyPurpose, Tag::Tag, +}; + +/// Helper struct to create set of Authorizations. +pub struct AuthSetBuilder(Vec<KeyParameter>); + +impl Default for AuthSetBuilder { + fn default() -> Self { + Self::new() + } +} + +impl AuthSetBuilder { + /// Creates new Authorizations list. + pub fn new() -> Self { + Self(Vec::new()) + } + + /// Add Purpose. + pub fn purpose(mut self, p: KeyPurpose) -> Self { + self.0.push(KeyParameter { tag: Tag::PURPOSE, value: KeyParameterValue::KeyPurpose(p) }); + self + } + + /// Add Digest. + pub fn digest(mut self, d: Digest) -> Self { + self.0.push(KeyParameter { tag: Tag::DIGEST, value: KeyParameterValue::Digest(d) }); + self + } + + /// Add Algorithm. + pub fn algorithm(mut self, a: Algorithm) -> Self { + self.0.push(KeyParameter { tag: Tag::ALGORITHM, value: KeyParameterValue::Algorithm(a) }); + self + } + + /// Add EC-Curve. + pub fn ec_curve(mut self, e: EcCurve) -> Self { + self.0.push(KeyParameter { tag: Tag::EC_CURVE, value: KeyParameterValue::EcCurve(e) }); + self + } + + /// Add Attestation-Challenge. + pub fn attestation_challenge(mut self, b: Vec<u8>) -> Self { + self.0.push(KeyParameter { + tag: Tag::ATTESTATION_CHALLENGE, + value: KeyParameterValue::Blob(b), + }); + self + } + + /// Add Attestation-ID. + pub fn attestation_app_id(mut self, b: Vec<u8>) -> Self { + self.0.push(KeyParameter { + tag: Tag::ATTESTATION_APPLICATION_ID, + value: KeyParameterValue::Blob(b), + }); + self + } +} + +impl Deref for AuthSetBuilder { + type Target = Vec<KeyParameter>; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs new file mode 100644 index 00000000..f49aa9ff --- /dev/null +++ b/keystore2/test_utils/key_generations.rs @@ -0,0 +1,68 @@ +// Copyright 2022, The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//! This module implements test utils to generate various types of keys. + +use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{ + Algorithm::Algorithm, Digest::Digest, EcCurve::EcCurve, KeyPurpose::KeyPurpose, +}; +use android_system_keystore2::aidl::android::system::keystore2::{ + Domain::Domain, IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor, + KeyMetadata::KeyMetadata, +}; + +use crate::authorizations::AuthSetBuilder; + +const SELINUX_SHELL_NAMESPACE: i64 = 1; + +/// Generate attested EC Key blob using given security level with below key parameters - +/// Purposes: SIGN and VERIFY +/// Digest: SHA_2_256 +/// Curve: P_256 +pub fn generate_ec_p256_signing_key_with_attestation( + sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>, +) -> binder::Result<KeyMetadata> { + let att_challenge: &[u8] = b"foo"; + let att_app_id: &[u8] = b"bar"; + let gen_params = AuthSetBuilder::new() + .algorithm(Algorithm::EC) + .purpose(KeyPurpose::SIGN) + .purpose(KeyPurpose::VERIFY) + .digest(Digest::SHA_2_256) + .ec_curve(EcCurve::P_256) + .attestation_challenge(att_challenge.to_vec()) + .attestation_app_id(att_app_id.to_vec()); + + match sec_level.generateKey( + &KeyDescriptor { + domain: Domain::BLOB, + nspace: SELINUX_SHELL_NAMESPACE, + alias: None, + blob: None, + }, + None, + &gen_params, + 0, + b"entropy", + ) { + Ok(key_metadata) => { + assert!(key_metadata.certificate.is_some()); + assert!(key_metadata.certificateChain.is_some()); + assert!(key_metadata.key.blob.is_some()); + + Ok(key_metadata) + } + Err(e) => Err(e), + } +} diff --git a/keystore2/test_utils/lib.rs b/keystore2/test_utils/lib.rs index a355544b..c63bfacc 100644 --- a/keystore2/test_utils/lib.rs +++ b/keystore2/test_utils/lib.rs @@ -19,8 +19,14 @@ use std::io::ErrorKind; use std::path::{Path, PathBuf}; use std::{env::temp_dir, ops::Deref}; +use android_system_keystore2::aidl::android::system::keystore2::IKeystoreService::IKeystoreService; + +pub mod authorizations; +pub mod key_generations; pub mod run_as; +static KS2_SERVICE_NAME: &str = "android.system.keystore2.IKeystoreService/default"; + /// Represents the lifecycle of a temporary directory for testing. #[derive(Debug)] pub struct TempDir { @@ -104,3 +110,8 @@ impl Deref for PathBuilder { &self.0 } } + +/// Get Keystore2 service. +pub fn get_keystore_service() -> binder::Strong<dyn IKeystoreService> { + binder::get_interface(KS2_SERVICE_NAME).unwrap() +} |