1 /*
2  * Copyright 2019, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef VTS_IDENTITY_TEST_UTILS_H
18 #define VTS_IDENTITY_TEST_UTILS_H
19 
20 #include <android/hardware/identity/IIdentityCredentialStore.h>
21 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
22 #include <android/hardware/security/keymint/MacedPublicKey.h>
23 #include <cppbor.h>
24 #include <cppbor_parse.h>
25 #include <gtest/gtest.h>
26 
27 namespace android::hardware::identity::test_utils {
28 
29 using ::std::map;
30 using ::std::optional;
31 using ::std::string;
32 using ::std::vector;
33 
34 using ::android::sp;
35 using ::android::binder::Status;
36 
37 struct AttestationData {
AttestationDataAttestationData38     AttestationData(sp<IWritableIdentityCredential>& writableCredential, string challenge,
39                     vector<uint8_t> attestationAppId)
40         : attestationApplicationId(attestationAppId) {
41         // ASSERT_NE(writableCredential, nullptr);
42 
43         if (!challenge.empty()) {
44             attestationChallenge.assign(challenge.begin(), challenge.end());
45         }
46 
47         result = writableCredential->getAttestationCertificate(
48                 attestationApplicationId, attestationChallenge, &attestationCertificate);
49     }
50 
AttestationDataAttestationData51     AttestationData() {}
52 
53     vector<uint8_t> attestationChallenge;
54     vector<uint8_t> attestationApplicationId;
55     vector<Certificate> attestationCertificate;
56     Status result;
57 };
58 
59 struct TestEntryData {
TestEntryDataTestEntryData60     TestEntryData(string nameSpace, string name, vector<int32_t> profileIds)
61         : nameSpace(nameSpace), name(name), profileIds(profileIds) {}
62 
TestEntryDataTestEntryData63     TestEntryData(string nameSpace, string name, const string& value, vector<int32_t> profileIds)
64         : TestEntryData(nameSpace, name, profileIds) {
65         valueCbor = cppbor::Tstr(((const char*)value.data())).encode();
66     }
TestEntryDataTestEntryData67     TestEntryData(string nameSpace, string name, const vector<uint8_t>& value,
68                   vector<int32_t> profileIds)
69         : TestEntryData(nameSpace, name, profileIds) {
70         valueCbor = cppbor::Bstr(value).encode();
71     }
TestEntryDataTestEntryData72     TestEntryData(string nameSpace, string name, bool value, vector<int32_t> profileIds)
73         : TestEntryData(nameSpace, name, profileIds) {
74         valueCbor = cppbor::Bool(value).encode();
75     }
TestEntryDataTestEntryData76     TestEntryData(string nameSpace, string name, int64_t value, vector<int32_t> profileIds)
77         : TestEntryData(nameSpace, name, profileIds) {
78         if (value >= 0) {
79             valueCbor = cppbor::Uint(value).encode();
80         } else {
81             valueCbor = cppbor::Nint(-value).encode();
82         }
83     }
84 
85     string nameSpace;
86     string name;
87     vector<uint8_t> valueCbor;
88     vector<int32_t> profileIds;
89 };
90 
91 struct TestProfile {
92     uint16_t id;
93     vector<uint8_t> readerCertificate;
94     bool userAuthenticationRequired;
95     uint64_t timeoutMillis;
96 };
97 
98 bool setupWritableCredential(sp<IWritableIdentityCredential>& writableCredential,
99                              sp<IIdentityCredentialStore>& credentialStore, bool testCredential);
100 
101 optional<vector<vector<uint8_t>>> createFakeRemotelyProvisionedCertificateChain(
102         const ::android::hardware::security::keymint::MacedPublicKey& macedPublicKey);
103 
104 optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal);
105 
106 optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal,
107                                                     vector<uint8_t>* outReaderPrivateKey);
108 
109 optional<vector<SecureAccessControlProfile>> addAccessControlProfiles(
110         sp<IWritableIdentityCredential>& writableCredential,
111         const vector<TestProfile>& testProfiles);
112 
113 bool addEntry(sp<IWritableIdentityCredential>& writableCredential, const TestEntryData& entry,
114               int dataChunkSize, map<const TestEntryData*, vector<vector<uint8_t>>>& encryptedBlobs,
115               bool expectSuccess);
116 
117 void setImageData(vector<uint8_t>& image);
118 
119 void validateAttestationCertificate(const vector<Certificate>& credentialKeyCertChain,
120                                     const vector<uint8_t>& expectedChallenge,
121                                     const vector<uint8_t>& expectedAppId, bool isTestCredential);
122 
123 vector<RequestNamespace> buildRequestNamespaces(const vector<TestEntryData> entries);
124 
125 // Verifies that the X.509 certificate for a just created authentication key
126 // is valid.
127 //
128 void verifyAuthKeyCertificate(const vector<uint8_t>& authKeyCertChain);
129 
130 }  // namespace android::hardware::identity::test_utils
131 
132 #endif  // VTS_IDENTITY_TEST_UTILS_H
133