Test store & get Secret functionality

Test Store/Get api of SecretManagement HAL. We use a hard coded hypothetical chain & a dice policy (which the dice chain matches against) for testing the store/get functionality. This patch also adds required error codes in SecretManagement.cddl Bug: 291224769 Test: atest VtsSecretkeeperTargetTest Change-Id: I0aa2dfc7413791e9de62a6e753bda4ab2f813d2c
2023-11-28 11:19:59 +00:00 · 2023-11-28 11:19:59 +00:00 · cbad9a37d3
commit cbad9a37d3
parent 2759df0d3c
3 changed files with 127 additions and 2 deletions
--- a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
@ -111,6 +111,12 @@ ErrorCode = &(
    ErrorCode_UnexpectedServerError: 1,
    ; Indicate the Request was malformed & hence couldnt be served.
    ErrorCode_RequestMalformed: 2,
+    ; Requested Entry not found.
+    ErrorCode_EntryNotFound: 3,
+    ; Error happened while serialization or deserialization.
+    SerializationError: 4,
+    ; Indicates that Dice Policy matching did not succeed & hence access not granted.
+    ErrorCode_DicePolicyError: 5,
 )

 ; INCLUDE DicePolicy.cddl for: DicePolicy
--- a/security/secretkeeper/aidl/vts/Android.bp
+++ b/security/secretkeeper/aidl/vts/Android.bp
@ -32,6 +32,7 @@ rust_test {
        "libcoset",
        "libauthgraph_vts_test",
        "libbinder_rs",
+        "libcoset",
        "liblog_rust",
    ],
    require_root: true,
--- a/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
+++ b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
@ -21,8 +21,9 @@ use log::warn;
 use secretkeeper_comm::data_types::error::SecretkeeperError;
 use secretkeeper_comm::data_types::request::Request;
 use secretkeeper_comm::data_types::request_response_impl::{
-    GetVersionRequest, GetVersionResponse,
-};
+    GetVersionRequest, GetVersionResponse, GetSecretRequest, GetSecretResponse, StoreSecretRequest,
+    StoreSecretResponse };
+use secretkeeper_comm::data_types::{Id, ID_SIZE, Secret, SECRET_SIZE};
 use secretkeeper_comm::data_types::response::Response;
 use secretkeeper_comm::data_types::packet::{ResponsePacket, ResponseType};
 use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::ISecretkeeper;
@ -33,6 +34,33 @@ const SECRETKEEPER_IDENTIFIER: &str =
    "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure";
 const CURRENT_VERSION: u64 = 1;

+// TODO(b/291238565): This will change once libdice_policy switches to Explicit-key DiceCertChain
+// This is generated by patching libdice_policy such that it dumps an example dice chain &
+// a policy, such that the former matches the latter.
+const HYPOTHETICAL_DICE_POLICY: [u8; 43] = [
+    0x83, 0x01, 0x81, 0x83, 0x01, 0x80, 0xA1, 0x01, 0x00, 0x82, 0x83, 0x01, 0x81, 0x01, 0x73, 0x74,
+    0x65, 0x73, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x64, 0x69, 0x63, 0x65, 0x5F, 0x70, 0x6F, 0x6C, 0x69,
+    0x63, 0x79, 0x83, 0x02, 0x82, 0x03, 0x18, 0x64, 0x19, 0xE9, 0x75,
+];
+
+// Random bytes (of ID_SIZE/SECRET_SIZE) generated for tests.
+const ID_EXAMPLE: [u8; ID_SIZE] = [
+    0xF1, 0xB2, 0xED, 0x3B, 0xD1, 0xBD, 0xF0, 0x7D, 0xE1, 0xF0, 0x01, 0xFC, 0x61, 0x71, 0xD3, 0x42,
+    0xE5, 0x8A, 0xAF, 0x33, 0x6C, 0x11, 0xDC, 0xC8, 0x6F, 0xAE, 0x12, 0x5C, 0x26, 0x44, 0x6B, 0x86,
+    0xCC, 0x24, 0xFD, 0xBF, 0x91, 0x4A, 0x54, 0x84, 0xF9, 0x01, 0x59, 0x25, 0x70, 0x89, 0x38, 0x8D,
+    0x5E, 0xE6, 0x91, 0xDF, 0x68, 0x60, 0x69, 0x26, 0xBE, 0xFE, 0x79, 0x58, 0xF7, 0xEA, 0x81, 0x7D,
+];
+const ID_NOT_STORED: [u8; ID_SIZE] = [
+    0x56, 0xD0, 0x4E, 0xAA, 0xC1, 0x7B, 0x55, 0x6B, 0xA0, 0x2C, 0x65, 0x43, 0x39, 0x0A, 0x6C, 0xE9,
+    0x1F, 0xD0, 0x0E, 0x20, 0x3E, 0xFB, 0xF5, 0xF9, 0x3F, 0x5B, 0x11, 0x1B, 0x18, 0x73, 0xF6, 0xBB,
+    0xAB, 0x9F, 0xF2, 0xD6, 0xBD, 0xBA, 0x25, 0x68, 0x22, 0x30, 0xF2, 0x1F, 0x90, 0x05, 0xF3, 0x64,
+    0xE7, 0xEF, 0xC6, 0xB6, 0xA0, 0x85, 0xC9, 0x40, 0x40, 0xF0, 0xB4, 0xB9, 0xD8, 0x28, 0xEE, 0x9C,
+];
+const SECRET_EXAMPLE: [u8; SECRET_SIZE] = [
+    0xA9, 0x89, 0x97, 0xFE, 0xAE, 0x97, 0x55, 0x4B, 0x32, 0x35, 0xF0, 0xE8, 0x93, 0xDA, 0xEA, 0x24,
+    0x06, 0xAC, 0x36, 0x8B, 0x3C, 0x95, 0x50, 0x16, 0x67, 0x71, 0x65, 0x26, 0xEB, 0xD0, 0xC3, 0x98,
+];
+
 fn get_connection() -> Option<binder::Strong<dyn ISecretkeeper>> {
    match binder::get_interface(SECRETKEEPER_IDENTIFIER) {
        Ok(sk) => Some(sk),
@ -161,3 +189,93 @@ fn secret_management_malformed_request() {
    let err = *SecretkeeperError::deserialize_from_packet(response_packet).unwrap();
    assert_eq!(err, SecretkeeperError::RequestMalformed);
 }
+
+#[test]
+fn secret_management_store_get_secret_found() {
+    let secretkeeper = match get_connection() {
+        Some(sk) => sk,
+        None => {
+            warn!("Secretkeeper HAL is unavailable, skipping test");
+            return;
+        }
+    };
+
+    let store_request = StoreSecretRequest {
+        id: Id(ID_EXAMPLE),
+        secret: Secret(SECRET_EXAMPLE),
+        sealing_policy: HYPOTHETICAL_DICE_POLICY.to_vec(),
+    };
+
+    let store_request = store_request.serialize_to_packet().to_vec().unwrap();
+    let store_response = secretkeeper
+        .processSecretManagementRequest(&store_request)
+        .unwrap();
+    let store_response = ResponsePacket::from_slice(&store_response).unwrap();
+
+    assert_eq!(
+        store_response.response_type().unwrap(),
+        ResponseType::Success
+    );
+    // Really just checking that the response is indeed StoreSecretResponse
+    let _ = StoreSecretResponse::deserialize_from_packet(store_response).unwrap();
+
+    // Get the secret that was just stored
+    let get_request = GetSecretRequest {
+        id: Id(ID_EXAMPLE),
+        updated_sealing_policy: None,
+    };
+    let get_request = get_request.serialize_to_packet().to_vec().unwrap();
+
+    let get_response = secretkeeper
+        .processSecretManagementRequest(&get_request)
+        .unwrap();
+    let get_response = ResponsePacket::from_slice(&get_response).unwrap();
+    assert_eq!(get_response.response_type().unwrap(), ResponseType::Success);
+    let get_response = *GetSecretResponse::deserialize_from_packet(get_response).unwrap();
+    assert_eq!(get_response.secret.0, SECRET_EXAMPLE);
+}
+
+#[test]
+fn secret_management_store_get_secret_not_found() {
+    let secretkeeper = match get_connection() {
+        Some(sk) => sk,
+        None => {
+            warn!("Secretkeeper HAL is unavailable, skipping test");
+            return;
+        }
+    };
+
+    // Store a secret (corresponding to an id).
+    let store_request = StoreSecretRequest {
+        id: Id(ID_EXAMPLE),
+        secret: Secret(SECRET_EXAMPLE),
+        sealing_policy: HYPOTHETICAL_DICE_POLICY.to_vec(),
+    };
+
+    let store_request = store_request.serialize_to_packet().to_vec().unwrap();
+    let store_response = secretkeeper
+        .processSecretManagementRequest(&store_request)
+        .unwrap();
+    let store_response = ResponsePacket::from_slice(&store_response).unwrap();
+
+    assert_eq!(
+        store_response.response_type().unwrap(),
+        ResponseType::Success
+    );
+
+    // (Try to) Get the secret that was never stored
+    let get_request = GetSecretRequest {
+        id: Id(ID_NOT_STORED),
+        updated_sealing_policy: None,
+    };
+    let get_request = get_request.serialize_to_packet().to_vec().unwrap();
+    let get_response = secretkeeper
+        .processSecretManagementRequest(&get_request)
+        .unwrap();
+
+    // Check that response is `SecretkeeperError::EntryNotFound`
+    let get_response = ResponsePacket::from_slice(&get_response).unwrap();
+    assert_eq!(get_response.response_type().unwrap(), ResponseType::Error);
+    let err = *SecretkeeperError::deserialize_from_packet(get_response).unwrap();
+    assert_eq!(err, SecretkeeperError::EntryNotFound);
+}