1/* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "ConfirmationIOHidlHalTest" 18#include <cutils/log.h> 19 20#include <algorithm> 21#include <iostream> 22#include <memory> 23 24#include <android/hardware/confirmationui/1.0/IConfirmationResultCallback.h> 25#include <android/hardware/confirmationui/1.0/IConfirmationUI.h> 26#include <android/hardware/confirmationui/1.0/types.h> 27#include <android/hardware/confirmationui/support/confirmationui_utils.h> 28 29#include <VtsHalHidlTargetCallbackBase.h> 30#include <VtsHalHidlTargetTestBase.h> 31 32#include <openssl/hmac.h> 33#include <openssl/sha.h> 34 35#include <cn-cbor/cn-cbor.h> 36 37using ::android::sp; 38 39using ::std::string; 40 41namespace android { 42namespace hardware { 43 44namespace confirmationui { 45namespace V1_0 { 46 47namespace test { 48namespace { 49const support::auth_token_key_t testKey(static_cast<uint8_t>(TestKeyBits::BYTE)); 50 51class HMacImplementation { 52 public: 53 static support::NullOr<support::hmac_t> hmac256( 54 const support::auth_token_key_t& key, 55 std::initializer_list<support::ByteBufferProxy> buffers) { 56 HMAC_CTX hmacCtx; 57 HMAC_CTX_init(&hmacCtx); 58 if (!HMAC_Init_ex(&hmacCtx, key.data(), key.size(), EVP_sha256(), nullptr)) { 59 return {}; 60 } 61 for (auto& buffer : buffers) { 62 if (!HMAC_Update(&hmacCtx, buffer.data(), buffer.size())) { 63 return {}; 64 } 65 } 66 support::hmac_t result; 67 if (!HMAC_Final(&hmacCtx, result.data(), nullptr)) { 68 return {}; 69 } 70 return result; 71 } 72}; 73 74using HMacer = support::HMac<HMacImplementation>; 75 76template <typename... Data> 77hidl_vec<uint8_t> testHMAC(const Data&... data) { 78 auto hmac = HMacer::hmac256(testKey, data...); 79 if (!hmac.isOk()) { 80 EXPECT_TRUE(false) << "Failed to compute test hmac. This is a self-test error."; 81 return {}; 82 } 83 hidl_vec<uint8_t> result(hmac.value().size()); 84 copy(hmac.value().data(), hmac.value().data() + hmac.value().size(), result.data()); 85 return result; 86} 87 88using ::android::hardware::keymaster::V4_0::HardwareAuthToken; 89using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; 90 91template <typename T> 92auto toBytes(const T& v) -> const uint8_t (&)[sizeof(T)] { 93 return *reinterpret_cast<const uint8_t(*)[sizeof(T)]>(&v); 94} 95 96HardwareAuthToken makeTestToken(const TestModeCommands command, uint64_t timestamp = 0) { 97 HardwareAuthToken auth_token; 98 auth_token.challenge = static_cast<uint64_t>(command); 99 auth_token.userId = 0; 100 auth_token.authenticatorId = 0; 101 auth_token.authenticatorType = HardwareAuthenticatorType::NONE; 102 auth_token.timestamp = timestamp; 103 104 // Canonical form of auth-token v0 105 // version (1 byte) 106 // challenge (8 bytes) 107 // user_id (8 bytes) 108 // authenticator_id (8 bytes) 109 // authenticator_type (4 bytes) 110 // timestamp (8 bytes) 111 // total 37 bytes 112 auth_token.mac = testHMAC("\0", 113 toBytes(auth_token.challenge), // 114 toBytes(auth_token.userId), // 115 toBytes(auth_token.authenticatorId), // 116 toBytes(support::hton(auth_token.authenticatorType)), // 117 toBytes(support::hton(auth_token.timestamp))); // 118 119 return auth_token; 120} 121 122#define DEBUG_CONFRIMATIONUI_UTILS_TEST 123 124#ifdef DEBUG_CONFRIMATIONUI_UTILS_TEST 125std::ostream& hexdump(std::ostream& out, const uint8_t* data, size_t size) { 126 for (size_t i = 0; i < size; ++i) { 127 uint8_t byte = data[i]; 128 out << std::hex << std::setw(2) << std::setfill('0') << (unsigned)byte; 129 switch (i & 0xf) { 130 case 0xf: 131 out << "\n"; 132 break; 133 case 7: 134 out << " "; 135 break; 136 default: 137 out << " "; 138 break; 139 } 140 } 141 return out; 142} 143#endif 144 145constexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 146 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 147 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 148 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9' 149 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F' 150 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 151 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f' 152 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 153 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 154 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 155 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 156 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 157 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 158 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 159 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 160 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 161 162std::string hex2str(std::string a) { 163 std::string b; 164 size_t num = a.size() / 2; 165 b.resize(num); 166 for (size_t i = 0; i < num; i++) { 167 b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); 168 } 169 return b; 170} 171 172} // namespace 173 174class ConfirmationArgs { 175 public: 176 ResponseCode error_; 177 hidl_vec<uint8_t> formattedMessage_; 178 hidl_vec<uint8_t> confirmationToken_; 179 bool verifyConfirmationToken() { 180 static constexpr char confirmationPrefix[] = "confirmation token"; 181 EXPECT_EQ(32U, confirmationToken_.size()); 182 return 32U == confirmationToken_.size() && 183 !memcmp(confirmationToken_.data(), 184 testHMAC(confirmationPrefix, formattedMessage_).data(), 32); 185 } 186}; 187 188class ConfirmationTestCallback : public ::testing::VtsHalHidlTargetCallbackBase<ConfirmationArgs>, 189 public IConfirmationResultCallback { 190 public: 191 Return<void> result(ResponseCode error, const hidl_vec<uint8_t>& formattedMessage, 192 const hidl_vec<uint8_t>& confirmationToken) override { 193 ConfirmationArgs args; 194 args.error_ = error; 195 args.formattedMessage_ = formattedMessage; 196 args.confirmationToken_ = confirmationToken; 197 NotifyFromCallback(args); 198 return Void(); 199 } 200}; 201 202class ConfirmationUIHidlEnvironment : public ::testing::VtsHalHidlTargetTestEnvBase { 203 public: 204 // get the test environment singleton 205 static ConfirmationUIHidlEnvironment* Instance() { 206 static ConfirmationUIHidlEnvironment* instance = new ConfirmationUIHidlEnvironment; 207 return instance; 208 } 209 210 void registerTestServices() override { registerTestService<IConfirmationUI>(); } 211 212 private: 213 ConfirmationUIHidlEnvironment(){}; 214 215 GTEST_DISALLOW_COPY_AND_ASSIGN_(ConfirmationUIHidlEnvironment); 216}; 217 218class ConfirmationUIHidlTest : public ::testing::VtsHalHidlTargetTestBase { 219 public: 220 void TearDown() override { confirmator().abort(); } 221 222 static void SetUpTestCase() { 223 string service_name = 224 ConfirmationUIHidlEnvironment::Instance()->getServiceName<IConfirmationUI>(); 225 confirmator_ = IConfirmationUI::getService(service_name); 226 ASSERT_NE(nullptr, confirmator_.get()); 227 } 228 229 static void TearDownTestCase() { confirmator_.clear(); } 230 231 static IConfirmationUI& confirmator() { return *confirmator_; } 232 233 private: 234 static sp<IConfirmationUI> confirmator_; 235}; 236 237sp<IConfirmationUI> ConfirmationUIHidlTest::confirmator_; 238 239#define ASSERT_HAL_CALL(expected, call) \ 240 { \ 241 auto result = call; \ 242 ASSERT_TRUE(result.isOk()); \ 243 ASSERT_EQ(expected, static_cast<decltype(expected)>(result)); \ 244 } 245 246struct CnCborDeleter { 247 void operator()(cn_cbor* ptr) { cn_cbor_free(ptr); } 248}; 249 250typedef std::unique_ptr<cn_cbor, CnCborDeleter> CnCborPtr; 251 252// Simulates the User taping Ok 253TEST_F(ConfirmationUIHidlTest, UserOkTest) { 254 static constexpr char test_prompt[] = "Me first, gimme gimme!"; 255 static constexpr uint8_t test_extra[] = {0x1, 0x2, 0x3}; 256 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 257 hidl_string prompt_text(test_prompt); 258 hidl_vec<uint8_t> extra(test_extra, test_extra + 3); 259 ASSERT_HAL_CALL(ResponseCode::OK, 260 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 261 262 ASSERT_HAL_CALL(ResponseCode::OK, confirmator().deliverSecureInputEvent( 263 makeTestToken(TestModeCommands::OK_EVENT))); 264 265 auto result = conf_cb->WaitForCallback(); 266 ASSERT_EQ(ResponseCode::OK, result.args->error_); 267 268 ASSERT_TRUE(result.args->verifyConfirmationToken()); 269 270 cn_cbor_errback cn_cbor_error; 271 auto parsed_message = 272 CnCborPtr(cn_cbor_decode(result.args->formattedMessage_.data(), 273 result.args->formattedMessage_.size(), &cn_cbor_error)); 274 // is parsable CBOR 275 ASSERT_TRUE(parsed_message.get()); 276 // is a map 277 ASSERT_EQ(CN_CBOR_MAP, parsed_message->type); 278 279 // the message must have exactly 2 key value pairs. 280 // cn_cbor holds 2*<no_of_pairs> in the length field 281 ASSERT_EQ(4, parsed_message->length); 282 // map has key "prompt" 283 auto prompt = cn_cbor_mapget_string(parsed_message.get(), "prompt"); 284 ASSERT_TRUE(prompt); 285 ASSERT_EQ(CN_CBOR_TEXT, prompt->type); 286 ASSERT_EQ(22, prompt->length); 287 ASSERT_EQ(0, memcmp(test_prompt, prompt->v.str, 22)); 288 // map has key "extra" 289 auto extra_out = cn_cbor_mapget_string(parsed_message.get(), "extra"); 290 ASSERT_TRUE(extra_out); 291 ASSERT_EQ(CN_CBOR_BYTES, extra_out->type); 292 ASSERT_EQ(3, extra_out->length); 293 ASSERT_EQ(0, memcmp(test_extra, extra_out->v.bytes, 3)); 294} 295 296// Initiates a confirmation prompt with a message that is too long 297TEST_F(ConfirmationUIHidlTest, MessageTooLongTest) { 298 static constexpr uint8_t test_extra[static_cast<uint32_t>(MessageSize::MAX)] = {}; 299 static constexpr char test_prompt[] = "D\'oh!"; 300 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 301 hidl_string prompt_text(test_prompt); 302 hidl_vec<uint8_t> extra(test_extra, test_extra + sizeof(test_extra)); 303 ASSERT_HAL_CALL(ResponseCode::UIErrorMessageTooLong, 304 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 305} 306 307// If the message gets very long some HAL implementations might fail even before the message 308// reaches the trusted app implementation. But the HAL must still diagnose the correct error. 309TEST_F(ConfirmationUIHidlTest, MessageWayTooLongTest) { 310 static constexpr uint8_t test_extra[static_cast<uint32_t>(MessageSize::MAX) * 10] = {}; 311 static constexpr char test_prompt[] = "D\'oh!"; 312 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 313 hidl_string prompt_text(test_prompt); 314 hidl_vec<uint8_t> extra(test_extra, test_extra + sizeof(test_extra)); 315 ASSERT_HAL_CALL(ResponseCode::UIErrorMessageTooLong, 316 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 317} 318 319// Simulates the User tapping the Cancel 320TEST_F(ConfirmationUIHidlTest, UserCancelTest) { 321 static constexpr char test_prompt[] = "Me first, gimme gimme!"; 322 static constexpr uint8_t test_extra[] = {0x1, 0x2, 0x3}; 323 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 324 hidl_string prompt_text(test_prompt); 325 hidl_vec<uint8_t> extra(test_extra, test_extra + 3); 326 ASSERT_HAL_CALL(ResponseCode::OK, 327 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 328 329 ASSERT_HAL_CALL(ResponseCode::OK, confirmator().deliverSecureInputEvent( 330 makeTestToken(TestModeCommands::CANCEL_EVENT))); 331 332 auto result = conf_cb->WaitForCallback(); 333 ASSERT_EQ(ResponseCode::Canceled, result.args->error_); 334 335 ASSERT_EQ(0U, result.args->confirmationToken_.size()); 336 ASSERT_EQ(0U, result.args->formattedMessage_.size()); 337} 338 339// Simulates the framework candelling an ongoing prompt 340TEST_F(ConfirmationUIHidlTest, AbortTest) { 341 static constexpr char test_prompt[] = "Me first, gimme gimme!"; 342 static constexpr uint8_t test_extra[] = {0x1, 0x2, 0x3}; 343 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 344 hidl_string prompt_text(test_prompt); 345 hidl_vec<uint8_t> extra(test_extra, test_extra + 3); 346 ASSERT_HAL_CALL(ResponseCode::OK, 347 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 348 349 confirmator().abort(); 350 351 auto result = conf_cb->WaitForCallback(); 352 ASSERT_EQ(ResponseCode::Aborted, result.args->error_); 353 ASSERT_EQ(0U, result.args->confirmationToken_.size()); 354 ASSERT_EQ(0U, result.args->formattedMessage_.size()); 355} 356 357// Passing malformed UTF-8 to the confirmation UI 358// This test passes a string that ends in the middle of a multibyte character 359TEST_F(ConfirmationUIHidlTest, MalformedUTF8Test1) { 360 static constexpr char test_prompt[] = {char(0xc0), 0}; 361 static constexpr uint8_t test_extra[] = {0x1, 0x2, 0x3}; 362 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 363 hidl_string prompt_text(test_prompt); 364 hidl_vec<uint8_t> extra(test_extra, test_extra + 3); 365 ASSERT_HAL_CALL(ResponseCode::UIErrorMalformedUTF8Encoding, 366 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 367} 368 369// Passing malformed UTF-8 to the confirmation UI 370// This test passes a string with a 5-byte character. 371TEST_F(ConfirmationUIHidlTest, MalformedUTF8Test2) { 372 static constexpr char test_prompt[] = {char(0xf8), char(0x82), char(0x82), 373 char(0x82), char(0x82), 0}; 374 static constexpr uint8_t test_extra[] = {0x1, 0x2, 0x3}; 375 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 376 hidl_string prompt_text(test_prompt); 377 hidl_vec<uint8_t> extra(test_extra, test_extra + 3); 378 ASSERT_HAL_CALL(ResponseCode::UIErrorMalformedUTF8Encoding, 379 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 380} 381 382// Passing malformed UTF-8 to the confirmation UI 383// This test passes a string with a 2-byte character followed by a stray non UTF-8 character. 384TEST_F(ConfirmationUIHidlTest, MalformedUTF8Test3) { 385 static constexpr char test_prompt[] = {char(0xc0), char(0x82), char(0x83), 0}; 386 static constexpr uint8_t test_extra[] = {0x1, 0x2, 0x3}; 387 sp<ConfirmationTestCallback> conf_cb = new ConfirmationTestCallback; 388 hidl_string prompt_text(test_prompt); 389 hidl_vec<uint8_t> extra(test_extra, test_extra + 3); 390 ASSERT_HAL_CALL(ResponseCode::UIErrorMalformedUTF8Encoding, 391 confirmator().promptUserConfirmation(conf_cb, prompt_text, extra, "en", {})); 392} 393 394// Test the implementation of HMAC SHA 256 against a golden blob. 395TEST(ConfirmationUITestSelfTest, HMAC256SelfTest) { 396 const char key_str[32] = "keykeykeykeykeykeykeykeykeykeyk"; 397 const uint8_t(&key)[32] = *reinterpret_cast<const uint8_t(*)[32]>(key_str); 398 auto expected = hex2str("2377fbcaa7fb3f6c20cfa1d9ebc60e9922cf58c909e25e300f3cb57f7805c886"); 399 auto result = HMacer::hmac256(key, "value1", "value2", "value3"); 400 401#ifdef DEBUG_CONFRIMATIONUI_UTILS_TEST 402 hexdump(std::cout, reinterpret_cast<const uint8_t*>(expected.data()), 32) << std::endl; 403 hexdump(std::cout, result.value().data(), 32) << std::endl; 404#endif 405 406 support::ByteBufferProxy expected_bytes(expected); 407 ASSERT_TRUE(result.isOk()); 408 ASSERT_EQ(expected, result.value()); 409} 410 411} // namespace test 412} // namespace V1_0 413} // namespace confirmationui 414} // namespace hardware 415} // namespace android 416 417int main(int argc, char** argv) { 418 ::testing::InitGoogleTest(&argc, argv); 419 std::vector<std::string> positional_args; 420 int status = RUN_ALL_TESTS(); 421 ALOGI("Test result = %d", status); 422 return status; 423} 424