1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
/* Copyright 2019 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "common.h"
#include "ec_commands.h"
#include "fpsensor_crypto.h"
#include "fpsensor_state.h"
#include "host_command.h"
#include "test_util.h"
#include "util.h"
static const uint8_t fake_rollback_secret[] = {
0xcf, 0xe3, 0x23, 0x76, 0x35, 0x04, 0xc2, 0x0f,
0x0d, 0xb6, 0x02, 0xa9, 0x68, 0xba, 0x2a, 0x61,
0x86, 0x2a, 0x85, 0xd1, 0xca, 0x09, 0x54, 0x8a,
0x6b, 0xe2, 0xe3, 0x38, 0xde, 0x5d, 0x59, 0x14,
};
static const uint8_t fake_tpm_seed[] = {
0xd9, 0x71, 0xaf, 0xc4, 0xcd, 0x36, 0xe3, 0x60,
0xf8, 0x5a, 0xa0, 0xa6, 0x2c, 0xb3, 0xf5, 0xe2,
0xeb, 0xb9, 0xd8, 0x2f, 0xb5, 0x78, 0x5c, 0x79,
0x82, 0xce, 0x06, 0x3f, 0xcc, 0x23, 0xb9, 0xe7,
};
static int rollback_should_fail;
/* Mock the rollback for unit test. */
int rollback_get_secret(uint8_t *secret)
{
if (rollback_should_fail)
return EC_ERROR_UNKNOWN;
memcpy(secret, fake_rollback_secret, sizeof(fake_rollback_secret));
return EC_SUCCESS;
}
static int check_fp_enc_status_valid_flags(const uint32_t expected)
{
int rv;
struct ec_response_fp_encryption_status resp = { 0 };
rv = test_send_host_command(EC_CMD_FP_ENC_STATUS, 0,
NULL, 0,
&resp, sizeof(resp));
if (rv != EC_RES_SUCCESS) {
ccprintf("%s:%s(): failed to get encryption status. rv = %d\n",
__FILE__, __func__, rv);
return -1;
}
if (resp.valid_flags != expected) {
ccprintf("%s:%s(): expected valid flags 0x%08x, got 0x%08x\n",
__FILE__, __func__, expected, resp.valid_flags);
return -1;
}
return EC_RES_SUCCESS;
}
test_static int test_derive_encryption_key_failure_seed_not_set(void)
{
static uint8_t unused_key[SBP_ENC_KEY_LEN];
static const uint8_t unused_salt[FP_CONTEXT_SALT_BYTES] = { 0 };
/* GIVEN that the TPM seed is not set. */
if (fp_tpm_seed_is_set()) {
ccprintf("%s:%s(): this test should be executed before setting"
" TPM seed.\n", __FILE__, __func__);
return -1;
}
/* THEN derivation will fail. */
TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) ==
EC_RES_ERROR);
return EC_SUCCESS;
}
static int test_derive_encryption_key_raw(const uint32_t *user_id_,
const uint8_t *salt,
const uint8_t *expected_key)
{
uint8_t key[SBP_ENC_KEY_LEN];
int rv;
/*
* |user_id| is a global variable used as "info" in HKDF expand
* in derive_encryption_key().
*/
memcpy(user_id, user_id_, sizeof(user_id));
rv = derive_encryption_key(key, salt);
TEST_ASSERT(rv == EC_RES_SUCCESS);
TEST_ASSERT_ARRAY_EQ(key, expected_key, sizeof(key));
return EC_SUCCESS;
}
test_static int test_derive_encryption_key(void)
{
/*
* These vectors are obtained by choosing the salt and the user_id
* (used as "info" in HKDF), and running boringSSL's HKDF
* (https://boringssl.googlesource.com/boringssl/+/c0b4c72b6d4c6f4828a373ec454bd646390017d4/crypto/hkdf/)
* locally to get the output key. The IKM used in the run is the
* concatenation of |fake_rollback_secret| and |fake_tpm_seed|.
*/
static const uint32_t user_id1[] = {
0x608b1b0b, 0xe10d3d24, 0x0bbbe4e6, 0x807b36d9,
0x2a1f8abc, 0xea38104a, 0x562d9431, 0x64d721c5,
};
static const uint8_t salt1[] = {
0xd0, 0x88, 0x34, 0x15, 0xc0, 0xfa, 0x8e, 0x22,
0x9f, 0xb4, 0xd5, 0xa9, 0xee, 0xd3, 0x15, 0x19,
};
static const uint8_t key1[] = {
0xdb, 0x49, 0x6e, 0x1b, 0x67, 0x8a, 0x35, 0xc6,
0xa0, 0x9d, 0xb6, 0xa0, 0x13, 0xf4, 0x21, 0xb3,
};
static const uint32_t user_id2[] = {
0x2546a2ca, 0xf1891f7a, 0x44aad8b8, 0x0d6aac74,
0x6a4ab846, 0x9c279796, 0x5a72eae1, 0x8276d2a3,
};
static const uint8_t salt2[] = {
0x72, 0x6b, 0xc1, 0xe4, 0x64, 0xd4, 0xff, 0xa2,
0x5a, 0xac, 0x5b, 0x0b, 0x06, 0x67, 0xe1, 0x53,
};
static const uint8_t key2[] = {
0x8d, 0x53, 0xaf, 0x4c, 0x96, 0xa2, 0xee, 0x46,
0x9c, 0xe2, 0xe2, 0x6f, 0xe6, 0x66, 0x3d, 0x3a,
};
/*
* GIVEN that the TPM seed is set, and reading the rollback secret will
* succeed.
*/
TEST_ASSERT(fp_tpm_seed_is_set() && !rollback_should_fail);
/* THEN the derivation will succeed. */
TEST_ASSERT(test_derive_encryption_key_raw(user_id1, salt1, key1) ==
EC_SUCCESS);
TEST_ASSERT(test_derive_encryption_key_raw(user_id2, salt2, key2) ==
EC_SUCCESS);
return EC_SUCCESS;
}
test_static int test_derive_encryption_key_failure_rollback_fail(void)
{
static uint8_t unused_key[SBP_ENC_KEY_LEN];
static const uint8_t unused_salt[FP_CONTEXT_SALT_BYTES] = { 0 };
/* GIVEN that reading the rollback secret will fail. */
rollback_should_fail = 1;
/* THEN the derivation will fail. */
TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) ==
EC_RES_ERROR);
/* GIVEN that reading the rollback secret will succeed. */
rollback_should_fail = 0;
/* GIVEN that the TPM seed has been set. */
TEST_ASSERT(fp_tpm_seed_is_set());
/* THEN the derivation will succeed. */
TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) ==
EC_RES_SUCCESS);
return EC_SUCCESS;
}
static int check_fp_tpm_seed_not_set(void)
{
int rv;
struct ec_response_fp_encryption_status resp = { 0 };
/* Initially the seed should not have been set. */
rv = test_send_host_command(EC_CMD_FP_ENC_STATUS, 0,
NULL, 0,
&resp, sizeof(resp));
if (rv != EC_RES_SUCCESS || resp.status & FP_ENC_STATUS_SEED_SET) {
ccprintf("%s:%s(): rv = %d, seed is set: %d\n", __FILE__,
__func__, rv, resp.status & FP_ENC_STATUS_SEED_SET);
return -1;
}
return EC_RES_SUCCESS;
}
static int set_fp_tpm_seed(void)
{
/*
* TODO(yichengli): test setting the seed twice:
* the second time fails;
* the seed is still set.
*/
int rv;
struct ec_params_fp_seed params;
struct ec_response_fp_encryption_status resp = { 0 };
params.struct_version = FP_TEMPLATE_FORMAT_VERSION;
memcpy(params.seed, fake_tpm_seed, sizeof(fake_tpm_seed));
rv = test_send_host_command(EC_CMD_FP_SEED, 0,
¶ms, sizeof(params),
NULL, 0);
if (rv != EC_RES_SUCCESS) {
ccprintf("%s:%s(): rv = %d, set seed failed\n",
__FILE__, __func__, rv);
return -1;
}
/* Now seed should have been set. */
rv = test_send_host_command(EC_CMD_FP_ENC_STATUS, 0,
NULL, 0,
&resp, sizeof(resp));
if (rv != EC_RES_SUCCESS || !(resp.status & FP_ENC_STATUS_SEED_SET)) {
ccprintf("%s:%s(): rv = %d, seed is set: %d\n", __FILE__,
__func__, rv, resp.status & FP_ENC_STATUS_SEED_SET);
return -1;
}
return EC_RES_SUCCESS;
}
test_static int test_fpsensor_seed(void)
{
TEST_ASSERT(check_fp_enc_status_valid_flags(FP_ENC_STATUS_SEED_SET) ==
EC_RES_SUCCESS);
TEST_ASSERT(check_fp_tpm_seed_not_set() == EC_RES_SUCCESS);
TEST_ASSERT(set_fp_tpm_seed() == EC_RES_SUCCESS);
return EC_SUCCESS;
}
test_static int test_fp_set_sensor_mode(void)
{
uint32_t requested_mode = 0;
uint32_t output_mode = 0;
/* Validate initial conditions */
TEST_ASSERT(FP_MAX_FINGER_COUNT == 5);
TEST_ASSERT(templ_valid == 0);
TEST_ASSERT(sensor_mode == 0);
/* GIVEN missing output parameter, THEN get error */
TEST_ASSERT(fp_set_sensor_mode(0, NULL) == EC_RES_INVALID_PARAM);
/* THEN sensor_mode is unchanged */
TEST_ASSERT(sensor_mode == 0);
/* GIVEN requested mode includes FP_MODE_DONT_CHANGE, THEN succeed */
TEST_ASSERT(sensor_mode == 0);
TEST_ASSERT(output_mode == 0);
requested_mode = FP_MODE_DONT_CHANGE;
TEST_ASSERT(fp_set_sensor_mode(requested_mode, &output_mode) ==
EC_RES_SUCCESS);
/* THEN sensor_mode is unchanged */
TEST_ASSERT(sensor_mode == 0);
/* THEN output_mode matches sensor_mode */
TEST_ASSERT(output_mode == sensor_mode);
/* GIVEN request to change to valid sensor mode */
TEST_ASSERT(sensor_mode == 0);
requested_mode = FP_MODE_ENROLL_SESSION;
/* THEN succeed */
TEST_ASSERT(fp_set_sensor_mode(requested_mode, &output_mode) ==
EC_RES_SUCCESS);
/* THEN requested mode is returned */
TEST_ASSERT(requested_mode == output_mode);
/* THEN sensor_mode is updated */
TEST_ASSERT(sensor_mode == requested_mode);
/* GIVEN max number of fingers already enrolled */
sensor_mode = 0;
output_mode = 0xdeadbeef;
templ_valid = FP_MAX_FINGER_COUNT;
requested_mode = FP_MODE_ENROLL_SESSION;
/* THEN additional enroll attempt will fail */
TEST_ASSERT(fp_set_sensor_mode(requested_mode, &output_mode) ==
EC_RES_INVALID_PARAM);
/* THEN output parameters is unchanged */
TEST_ASSERT(output_mode = 0xdeadbeef);
/* THEN sensor_mode is unchanged */
TEST_ASSERT(sensor_mode == 0);
return EC_SUCCESS;
}
void run_test(void)
{
RUN_TEST(test_derive_encryption_key_failure_seed_not_set);
RUN_TEST(test_fpsensor_seed);
RUN_TEST(test_derive_encryption_key);
RUN_TEST(test_derive_encryption_key_failure_rollback_fail);
RUN_TEST(test_fp_set_sensor_mode);
test_print_result();
}
|
