diff options
| author | Paul Crowley <paulcrowley@google.com> | 2020-04-12 09:15:41 -0700 |
|---|---|---|
| committer | Paul Crowley <paulcrowley@google.com> | 2020-04-21 16:53:30 -0700 |
| commit | 27edb9ab58d7c69318d3481e5885e88a601a5b28 (patch) | |
| tree | fbda3412bc1283e26e7531c9b7861ffe2c73e7f8 /encryption/utils.cpp | |
| parent | 669c6c14bd5b907faa4ee9a60c80af3b7b263a8a (diff) | |
| download | platform_test_vts-testcase_kernel-27edb9ab58d7c69318d3481e5885e88a601a5b28.tar.gz platform_test_vts-testcase_kernel-27edb9ab58d7c69318d3481e5885e88a601a5b28.tar.bz2 platform_test_vts-testcase_kernel-27edb9ab58d7c69318d3481e5885e88a601a5b28.zip | |
Test hardware-wrapped key support
Ensure that hardware-wrapped keys encrypt data in the way that we
expect.
Bug: 153730132
Test: Cuttlefish, over to QC to amend and test on their hardware
Cherry-Picked-From: 7d4f95fce68cc2320e051f4b5885f83b44a2fec5
Merged-In: Id473072742eb68bfed029e7598839f17ecc7f1b3
Change-Id: Id473072742eb68bfed029e7598839f17ecc7f1b3
Diffstat (limited to 'encryption/utils.cpp')
| -rw-r--r-- | encryption/utils.cpp | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/encryption/utils.cpp b/encryption/utils.cpp index 743a8fd2..c896f721 100644 --- a/encryption/utils.cpp +++ b/encryption/utils.cpp @@ -22,11 +22,15 @@ #include <fstab/fstab.h> #include <gtest/gtest.h> +#include "Keymaster.h" #include "vts_kernel_encryption.h" namespace android { namespace kernel { +// hw-wrapped key size in bytes +constexpr int kHwWrappedKeySize = 32; + std::string Errno() { return std::string(": ") + strerror(errno); } // Generates some "random" bytes. Not secure; this is for testing only. @@ -119,5 +123,43 @@ bool VerifyDataRandomness(const std::vector<uint8_t> &bytes) { return false; } +bool CreateHwWrappedKey(std::vector<uint8_t> *enc_key, + std::vector<uint8_t> *exported_key) { + *enc_key = GenerateTestKey(kHwWrappedKeySize); + + Keymaster keymaster; + if (!keymaster) { + ADD_FAILURE() << "Unable to find keymaster"; + return false; + } + // This key is used to drive a CMAC-based KDF + auto paramBuilder = + km::AuthorizationSetBuilder().AesEncryptionKey(kHwWrappedKeySize * 8); + paramBuilder.Authorization(km::TAG_ROLLBACK_RESISTANCE); + paramBuilder.Authorization(km::TAG_STORAGE_KEY); + + std::string enc_key_string(enc_key->begin(), enc_key->end()); + std::string wrapped_key_blob; + if (!keymaster.importKey(paramBuilder, km::KeyFormat::RAW, enc_key_string, + &wrapped_key_blob)) { + // It's fine for Keymaster not to support hardware-wrapped keys, but + // if generateKey works, importKey must too. + if (keymaster.generateKey(paramBuilder, &wrapped_key_blob)) { + ADD_FAILURE() << "generateKey succeeded but importKey failed"; + } else { + GTEST_LOG_(INFO) << "Skipping test because device doesn't support " + "hardware-wrapped keys"; + } + return false; + } + std::string exported_key_string; + if (!keymaster.exportKey(wrapped_key_blob, &exported_key_string)) { + ADD_FAILURE() << "exportKey failed"; + return false; + } + exported_key->assign(exported_key_string.begin(), exported_key_string.end()); + return true; +} + } // namespace kernel } // namespace android |