identity/aidl/vts/Util.h - LeafOS-Project/android_hardware_interfaces - Gitiles

 /*
  * Copyright 2019, The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef VTS_IDENTITY_TEST_UTILS_H
 #define VTS_IDENTITY_TEST_UTILS_H

 #include <android/hardware/identity/IIdentityCredentialStore.h>
 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
 #include <android/hardware/security/keymint/MacedPublicKey.h>
 #include <cppbor.h>
 #include <cppbor_parse.h>
 #include <gtest/gtest.h>

 namespace android::hardware::identity::test_utils {

 using ::std::map;
 using ::std::optional;
 using ::std::string;
 using ::std::vector;

 using ::android::sp;
 using ::android::binder::Status;

 struct AttestationData {
     AttestationData(sp<IWritableIdentityCredential>& writableCredential, string challenge,
                     vector<uint8_t> attestationAppId)
         : attestationApplicationId(attestationAppId) {
         // ASSERT_NE(writableCredential, nullptr);

         if (!challenge.empty()) {
             attestationChallenge.assign(challenge.begin(), challenge.end());
         }

         result = writableCredential->getAttestationCertificate(
                 attestationApplicationId, attestationChallenge, &attestationCertificate);
     }

     AttestationData() {}

     vector<uint8_t> attestationChallenge;
     vector<uint8_t> attestationApplicationId;
     vector<Certificate> attestationCertificate;
     Status result;
 };

 struct TestEntryData {
     TestEntryData(string nameSpace, string name, vector<int32_t> profileIds)
         : nameSpace(nameSpace), name(name), profileIds(profileIds) {}

     TestEntryData(string nameSpace, string name, const string& value, vector<int32_t> profileIds)
         : TestEntryData(nameSpace, name, profileIds) {
         valueCbor = cppbor::Tstr(((const char*)value.data())).encode();
     }
     TestEntryData(string nameSpace, string name, const vector<uint8_t>& value,
                   vector<int32_t> profileIds)
         : TestEntryData(nameSpace, name, profileIds) {
         valueCbor = cppbor::Bstr(value).encode();
     }
     TestEntryData(string nameSpace, string name, bool value, vector<int32_t> profileIds)
         : TestEntryData(nameSpace, name, profileIds) {
         valueCbor = cppbor::Bool(value).encode();
     }
     TestEntryData(string nameSpace, string name, int64_t value, vector<int32_t> profileIds)
         : TestEntryData(nameSpace, name, profileIds) {
         if (value >= 0) {
             valueCbor = cppbor::Uint(value).encode();
         } else {
             valueCbor = cppbor::Nint(-value).encode();
         }
     }

     string nameSpace;
     string name;
     vector<uint8_t> valueCbor;
     vector<int32_t> profileIds;
 };

 struct TestProfile {
     uint16_t id;
     vector<uint8_t> readerCertificate;
     bool userAuthenticationRequired;
     uint64_t timeoutMillis;
 };

 bool setupWritableCredential(sp<IWritableIdentityCredential>& writableCredential,
                              sp<IIdentityCredentialStore>& credentialStore, bool testCredential);

 optional<vector<vector<uint8_t>>> createFakeRemotelyProvisionedCertificateChain(
         const ::android::hardware::security::keymint::MacedPublicKey& macedPublicKey);

 optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal);

 optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal,
                                                     vector<uint8_t>* outReaderPrivateKey);

 optional<vector<SecureAccessControlProfile>> addAccessControlProfiles(
         sp<IWritableIdentityCredential>& writableCredential,
         const vector<TestProfile>& testProfiles);

 bool addEntry(sp<IWritableIdentityCredential>& writableCredential, const TestEntryData& entry,
               int dataChunkSize, map<const TestEntryData*, vector<vector<uint8_t>>>& encryptedBlobs,
               bool expectSuccess);

 void setImageData(vector<uint8_t>& image);

 void validateAttestationCertificate(const vector<Certificate>& credentialKeyCertChain,
                                     const vector<uint8_t>& expectedChallenge,
                                     const vector<uint8_t>& expectedAppId, bool isTestCredential);

 vector<RequestNamespace> buildRequestNamespaces(const vector<TestEntryData> entries);

 // Verifies that the X.509 certificate for a just created authentication key
 // is valid.
 //
 void verifyAuthKeyCertificate(const vector<uint8_t>& authKeyCertChain);

 }  // namespace android::hardware::identity::test_utils

 #endif  // VTS_IDENTITY_TEST_UTILS_H
	/*
	* Copyright 2019, The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#ifndef VTS_IDENTITY_TEST_UTILS_H
	#define VTS_IDENTITY_TEST_UTILS_H

	#include <android/hardware/identity/IIdentityCredentialStore.h>
	#include <android/hardware/identity/support/IdentityCredentialSupport.h>
	#include <android/hardware/security/keymint/MacedPublicKey.h>
	#include <cppbor.h>
	#include <cppbor_parse.h>
	#include <gtest/gtest.h>

	namespace android::hardware::identity::test_utils {

	using ::std::map;
	using ::std::optional;
	using ::std::string;
	using ::std::vector;

	using ::android::sp;
	using ::android::binder::Status;

	struct AttestationData {
	AttestationData(sp<IWritableIdentityCredential>& writableCredential, string challenge,
	vector<uint8_t> attestationAppId)
	: attestationApplicationId(attestationAppId) {
	// ASSERT_NE(writableCredential, nullptr);

	if (!challenge.empty()) {
	attestationChallenge.assign(challenge.begin(), challenge.end());
	}

	result = writableCredential->getAttestationCertificate(
	attestationApplicationId, attestationChallenge, &attestationCertificate);
	}

	AttestationData() {}

	vector<uint8_t> attestationChallenge;
	vector<uint8_t> attestationApplicationId;
	vector<Certificate> attestationCertificate;
	Status result;
	};

	struct TestEntryData {
	TestEntryData(string nameSpace, string name, vector<int32_t> profileIds)
	: nameSpace(nameSpace), name(name), profileIds(profileIds) {}

	TestEntryData(string nameSpace, string name, const string& value, vector<int32_t> profileIds)
	: TestEntryData(nameSpace, name, profileIds) {
	valueCbor = cppbor::Tstr(((const char*)value.data())).encode();
	}
	TestEntryData(string nameSpace, string name, const vector<uint8_t>& value,
	vector<int32_t> profileIds)
	: TestEntryData(nameSpace, name, profileIds) {
	valueCbor = cppbor::Bstr(value).encode();
	}
	TestEntryData(string nameSpace, string name, bool value, vector<int32_t> profileIds)
	: TestEntryData(nameSpace, name, profileIds) {
	valueCbor = cppbor::Bool(value).encode();
	}
	TestEntryData(string nameSpace, string name, int64_t value, vector<int32_t> profileIds)
	: TestEntryData(nameSpace, name, profileIds) {
	if (value >= 0) {
	valueCbor = cppbor::Uint(value).encode();
	} else {
	valueCbor = cppbor::Nint(-value).encode();
	}
	}

	string nameSpace;
	string name;
	vector<uint8_t> valueCbor;
	vector<int32_t> profileIds;
	};

	struct TestProfile {
	uint16_t id;
	vector<uint8_t> readerCertificate;
	bool userAuthenticationRequired;
	uint64_t timeoutMillis;
	};

	bool setupWritableCredential(sp<IWritableIdentityCredential>& writableCredential,
	sp<IIdentityCredentialStore>& credentialStore, bool testCredential);

	optional<vector<vector<uint8_t>>> createFakeRemotelyProvisionedCertificateChain(
	const ::android::hardware::security::keymint::MacedPublicKey& macedPublicKey);

	optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal);

	optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal,
	vector<uint8_t>* outReaderPrivateKey);

	optional<vector<SecureAccessControlProfile>> addAccessControlProfiles(
	sp<IWritableIdentityCredential>& writableCredential,
	const vector<TestProfile>& testProfiles);

	bool addEntry(sp<IWritableIdentityCredential>& writableCredential, const TestEntryData& entry,
	int dataChunkSize, map<const TestEntryData*, vector<vector<uint8_t>>>& encryptedBlobs,
	bool expectSuccess);

	void setImageData(vector<uint8_t>& image);

	void validateAttestationCertificate(const vector<Certificate>& credentialKeyCertChain,
	const vector<uint8_t>& expectedChallenge,
	const vector<uint8_t>& expectedAppId, bool isTestCredential);

	vector<RequestNamespace> buildRequestNamespaces(const vector<TestEntryData> entries);

	// Verifies that the X.509 certificate for a just created authentication key
	// is valid.
	//
	void verifyAuthKeyCertificate(const vector<uint8_t>& authKeyCertChain);

	} // namespace android::hardware::identity::test_utils

	#endif // VTS_IDENTITY_TEST_UTILS_H