1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17 #ifndef __KEYMASTER4_COMMON_H__
18 #define __KEYMASTER4_COMMON_H__
19
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include <keymasterV4_0/authorization_set.h>
22
23 namespace android::hardware::keymaster::V4_0::fuzzer {
24
25 using ::android::hardware::hidl_vec;
26
27 constexpr uint32_t kKeySize = 2048;
28 constexpr uint32_t kPublicExponent = 65537;
29
30 constexpr EcCurve kCurve[] = {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
31
32 constexpr PaddingMode kPaddingMode[] = {
33 PaddingMode::NONE,
34 PaddingMode::RSA_OAEP,
35 PaddingMode::RSA_PSS,
36 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
37 PaddingMode::RSA_PKCS1_1_5_SIGN,
38 PaddingMode::PKCS7,
39 };
40
41 constexpr Digest kDigest[] = {
42 Digest::NONE, Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
43 Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512,
44 };
45
46 enum AuthSet : uint32_t {
47 RSA_SIGNING_KEY = 0u,
48 RSA_ENCRYPRION_KEY,
49 ECDSA_SIGNING_CURVE,
50 ECDSA_SIGNING_KEY,
51 AES_ENCRYPTION_KEY,
52 TRIPLE_DES,
53 HMAC,
54 NO_DIGEST,
55 ECB_MODE,
56 GSM_MODE_MIN_MAC,
57 GSM_MODE_MAC,
58 BLOCK_MODE,
59 kMaxValue = BLOCK_MODE
60 };
61
createAuthorizationSet(std::unique_ptr<FuzzedDataProvider> & dataProvider)62 AuthorizationSet createAuthorizationSet(std::unique_ptr<FuzzedDataProvider>& dataProvider) {
63 uint32_t authSet = dataProvider->ConsumeEnum<AuthSet>();
64 switch (authSet) {
65 case RSA_SIGNING_KEY: {
66 Digest digest = dataProvider->PickValueInArray(kDigest);
67 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
68 return AuthorizationSetBuilder()
69 .Authorization(TAG_NO_AUTH_REQUIRED)
70 .RsaSigningKey(kKeySize, kPublicExponent)
71 .Digest(digest)
72 .Padding(padding)
73 .Authorization(TAG_INCLUDE_UNIQUE_ID);
74 } break;
75 case RSA_ENCRYPRION_KEY: {
76 Digest digest = dataProvider->PickValueInArray(kDigest);
77 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
78 return AuthorizationSetBuilder()
79 .Authorization(TAG_NO_AUTH_REQUIRED)
80 .RsaEncryptionKey(kKeySize, kPublicExponent)
81 .Digest(digest)
82 .Padding(padding)
83 .Authorization(TAG_INCLUDE_UNIQUE_ID);
84 } break;
85 case ECDSA_SIGNING_CURVE: {
86 EcCurve ecCurve = dataProvider->PickValueInArray(kCurve);
87 Digest digest = dataProvider->PickValueInArray(kDigest);
88 return AuthorizationSetBuilder()
89 .Authorization(TAG_NO_AUTH_REQUIRED)
90 .EcdsaSigningKey(ecCurve)
91 .Digest(digest)
92 .Authorization(TAG_INCLUDE_UNIQUE_ID);
93 } break;
94 case ECDSA_SIGNING_KEY: {
95 Digest digest = dataProvider->PickValueInArray(kDigest);
96 return AuthorizationSetBuilder()
97 .Authorization(TAG_NO_AUTH_REQUIRED)
98 .EcdsaSigningKey(kKeySize)
99 .Digest(digest)
100 .Authorization(TAG_INCLUDE_UNIQUE_ID);
101 } break;
102 case AES_ENCRYPTION_KEY: {
103 Digest digest = dataProvider->PickValueInArray(kDigest);
104 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
105 return AuthorizationSetBuilder()
106 .Authorization(TAG_NO_AUTH_REQUIRED)
107 .AesEncryptionKey(kKeySize)
108 .Digest(digest)
109 .Padding(padding)
110 .Authorization(TAG_INCLUDE_UNIQUE_ID);
111 } break;
112 case TRIPLE_DES: {
113 Digest digest = dataProvider->PickValueInArray(kDigest);
114 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
115 return AuthorizationSetBuilder()
116 .Authorization(TAG_NO_AUTH_REQUIRED)
117 .TripleDesEncryptionKey(kKeySize)
118 .Digest(digest)
119 .Padding(padding)
120 .Authorization(TAG_INCLUDE_UNIQUE_ID);
121 } break;
122 case HMAC: {
123 Digest digest = dataProvider->PickValueInArray(kDigest);
124 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
125 return AuthorizationSetBuilder()
126 .Authorization(TAG_NO_AUTH_REQUIRED)
127 .HmacKey(kKeySize)
128 .Digest(digest)
129 .Padding(padding)
130 .Authorization(TAG_INCLUDE_UNIQUE_ID);
131 } break;
132 case NO_DIGEST: {
133 Digest digest = dataProvider->PickValueInArray(kDigest);
134 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
135 return AuthorizationSetBuilder()
136 .Authorization(TAG_NO_AUTH_REQUIRED)
137 .NoDigestOrPadding()
138 .Digest(digest)
139 .Padding(padding)
140 .Authorization(TAG_INCLUDE_UNIQUE_ID);
141 } break;
142 case ECB_MODE: {
143 Digest digest = dataProvider->PickValueInArray(kDigest);
144 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
145 return AuthorizationSetBuilder()
146 .Authorization(TAG_NO_AUTH_REQUIRED)
147 .EcbMode()
148 .Digest(digest)
149 .Padding(padding)
150 .Authorization(TAG_INCLUDE_UNIQUE_ID);
151 } break;
152 case GSM_MODE_MIN_MAC: {
153 uint32_t minMacLength = dataProvider->ConsumeIntegral<uint32_t>();
154 Digest digest = dataProvider->PickValueInArray(kDigest);
155 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
156 return AuthorizationSetBuilder()
157 .Authorization(TAG_NO_AUTH_REQUIRED)
158 .GcmModeMinMacLen(minMacLength)
159 .Digest(digest)
160 .Padding(padding)
161 .Authorization(TAG_INCLUDE_UNIQUE_ID);
162 } break;
163 case GSM_MODE_MAC: {
164 uint32_t macLength = dataProvider->ConsumeIntegral<uint32_t>();
165 Digest digest = dataProvider->PickValueInArray(kDigest);
166 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
167 return AuthorizationSetBuilder()
168 .Authorization(TAG_NO_AUTH_REQUIRED)
169 .GcmModeMacLen(macLength)
170 .Digest(digest)
171 .Padding(padding)
172 .Authorization(TAG_INCLUDE_UNIQUE_ID);
173 } break;
174 case BLOCK_MODE: {
175 Digest digest = dataProvider->PickValueInArray(kDigest);
176 PaddingMode padding = dataProvider->PickValueInArray(kPaddingMode);
177 auto blockModes = {
178 BlockMode::ECB,
179 BlockMode::CBC,
180 BlockMode::CTR,
181 BlockMode::GCM,
182 };
183 return AuthorizationSetBuilder()
184 .Authorization(TAG_NO_AUTH_REQUIRED)
185 .BlockMode(blockModes)
186 .Digest(digest)
187 .Padding(padding)
188 .Authorization(TAG_INCLUDE_UNIQUE_ID);
189 } break;
190 default:
191 break;
192 };
193 return AuthorizationSetBuilder();
194 }
195
196 } // namespace android::hardware::keymaster::V4_0::fuzzer
197
198 #endif // __KEYMASTER4_COMMON_H__
199