1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "VtsAttestationTests"
18
19 #include <aidl/Gtest.h>
20 #include <aidl/Vintf.h>
21 #include <android-base/logging.h>
22 #include <android/hardware/identity/IIdentityCredentialStore.h>
23 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
24 #include <binder/IServiceManager.h>
25 #include <binder/ProcessState.h>
26 #include <cppbor.h>
27 #include <cppbor_parse.h>
28 #include <gtest/gtest.h>
29 #include <future>
30 #include <map>
31
32 #include "VtsAttestationParserSupport.h"
33 #include "VtsIdentityTestUtils.h"
34
35 namespace android::hardware::identity {
36
37 using std::endl;
38 using std::map;
39 using std::optional;
40 using std::string;
41 using std::vector;
42
43 using ::android::sp;
44 using ::android::String16;
45 using ::android::binder::Status;
46
47 using test_utils::AttestationCertificateParser;
48 using test_utils::setupWritableCredential;
49 using test_utils::validateAttestationCertificate;
50
51 // This file verifies the Identity Credential VTS Attestation Certificate
52 // generated.
53 class VtsAttestationTests : public testing::TestWithParam<std::string> {
54 public:
SetUp()55 virtual void SetUp() override {
56 credentialStore_ = android::waitForDeclaredService<IIdentityCredentialStore>(
57 String16(GetParam().c_str()));
58 ASSERT_NE(credentialStore_, nullptr);
59 }
60
61 sp<IIdentityCredentialStore> credentialStore_;
62 };
63
TEST_P(VtsAttestationTests,verifyAttestationWithNonemptyChallengeEmptyId)64 TEST_P(VtsAttestationTests, verifyAttestationWithNonemptyChallengeEmptyId) {
65 Status result;
66
67 HardwareInformation hwInfo;
68 ASSERT_TRUE(credentialStore_->getHardwareInformation(&hwInfo).isOk());
69
70 sp<IWritableIdentityCredential> writableCredential;
71 ASSERT_TRUE(setupWritableCredential(writableCredential, credentialStore_));
72
73 string challenge = "NotSoRandomChallenge";
74 vector<uint8_t> attestationChallenge(challenge.begin(), challenge.end());
75 vector<Certificate> attestationCertificate;
76 vector<uint8_t> attestationApplicationId = {};
77
78 result = writableCredential->getAttestationCertificate(
79 attestationApplicationId, attestationChallenge, &attestationCertificate);
80
81 ASSERT_TRUE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage()
82 << endl;
83
84 EXPECT_TRUE(validateAttestationCertificate(attestationCertificate, attestationChallenge,
85 attestationApplicationId, hwInfo));
86 }
87
TEST_P(VtsAttestationTests,verifyAttestationWithNonemptyChallengeNonemptyId)88 TEST_P(VtsAttestationTests, verifyAttestationWithNonemptyChallengeNonemptyId) {
89 Status result;
90
91 HardwareInformation hwInfo;
92 ASSERT_TRUE(credentialStore_->getHardwareInformation(&hwInfo).isOk());
93
94 sp<IWritableIdentityCredential> writableCredential;
95 ASSERT_TRUE(setupWritableCredential(writableCredential, credentialStore_));
96
97 string challenge = "NotSoRandomChallenge1NotSoRandomChallenge1NotSoRandomChallenge1";
98 vector<uint8_t> attestationChallenge(challenge.begin(), challenge.end());
99 vector<Certificate> attestationCertificate;
100 string applicationId = "Attestation Verification";
101 vector<uint8_t> attestationApplicationId = {applicationId.begin(), applicationId.end()};
102
103 result = writableCredential->getAttestationCertificate(
104 attestationApplicationId, attestationChallenge, &attestationCertificate);
105
106 ASSERT_TRUE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage()
107 << endl;
108
109 EXPECT_TRUE(validateAttestationCertificate(attestationCertificate, attestationChallenge,
110 attestationApplicationId, hwInfo));
111 }
112
TEST_P(VtsAttestationTests,verifyAttestationWithVeryShortChallengeAndId)113 TEST_P(VtsAttestationTests, verifyAttestationWithVeryShortChallengeAndId) {
114 Status result;
115
116 HardwareInformation hwInfo;
117 ASSERT_TRUE(credentialStore_->getHardwareInformation(&hwInfo).isOk());
118
119 sp<IWritableIdentityCredential> writableCredential;
120 ASSERT_TRUE(setupWritableCredential(writableCredential, credentialStore_));
121
122 string challenge = "c";
123 vector<uint8_t> attestationChallenge(challenge.begin(), challenge.end());
124 vector<Certificate> attestationCertificate;
125 string applicationId = "i";
126 vector<uint8_t> attestationApplicationId = {applicationId.begin(), applicationId.end()};
127
128 result = writableCredential->getAttestationCertificate(
129 attestationApplicationId, attestationChallenge, &attestationCertificate);
130
131 ASSERT_TRUE(result.isOk()) << result.exceptionCode() << "; " << result.exceptionMessage()
132 << endl;
133
134 EXPECT_TRUE(validateAttestationCertificate(attestationCertificate, attestationChallenge,
135 attestationApplicationId, hwInfo));
136 }
137
138 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(VtsAttestationTests);
139 INSTANTIATE_TEST_SUITE_P(
140 Identity, VtsAttestationTests,
141 testing::ValuesIn(android::getAidlHalInstanceNames(IIdentityCredentialStore::descriptor)),
142 android::PrintInstanceNameToString);
143
144 } // namespace android::hardware::identity
145