security/authgraph/aidl/vts/functional/sink.rs - third_party/android/platform/hardware/interfaces - Git at Google

 /*
  * Copyright (C) 2023 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 //! VTS tests for sinks
 use super::*;
 use authgraph_core::{key, keyexchange as ke};

 /// Run AuthGraph tests against the provided sink, using a local test source implementation.
 pub fn test(
     local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
 ) {
     test_mainline(local_source, sink.clone());
     test_corrupt_sig(local_source, sink.clone());
     test_corrupt_keys(local_source, sink);
 }

 /// Perform mainline AuthGraph key exchange with the provided sink and local implementation.
 /// Return the agreed AES keys in plaintext, together with the session ID.
 pub fn test_mainline(
     local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
 ) -> ([key::AesKey; 2], Vec<u8>) {
     // Step 1: create an ephemeral ECDH key at the (local) source.
     let source_init_info = local_source
         .create()
         .expect("failed to create() with local impl");

     // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
     let init_result = sink
         .init(
             &build_plain_pub_key(&source_init_info.ke_key.pub_key),
             &vec_to_identity(&source_init_info.identity),
             &source_init_info.nonce,
             source_init_info.version,
         )
         .expect("failed to init() with remote impl");
     let sink_init_info = init_result.sessionInitiationInfo;
     let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);

     let sink_info = init_result.sessionInfo;
     assert!(!sink_info.sessionId.is_empty());

     // The AuthGraph core library will verify the session ID signature, but do it here too.
     let sink_verification_key = local_source
         .peer_verification_key_from_identity(&sink_init_info.identity.identity)
         .expect("failed to get peer verification from identity");
     local_source
         .verify_signature_on_session_id(
             &sink_verification_key,
             &sink_info.sessionId,
             &sink_info.signature.signature,
         )
         .expect("failed verification of signed session ID");

     // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
     // can calculate the same pair of symmetric keys.
     let source_info = local_source
         .finish(
             &sink_pub_key.plainPubKey,
             &sink_init_info.identity.identity,
             &sink_info.signature.signature,
             &sink_init_info.nonce,
             sink_init_info.version,
             source_init_info.ke_key,
         )
         .expect("failed to finish() with local impl");
     assert!(!source_info.session_id.is_empty());

     // The AuthGraph core library will verify the session ID signature, but do it here too.
     let source_verification_key = key::Identity::from_slice(&source_init_info.identity)
         .expect("invalid identity CBOR")
         .cert_chain
         .root_key;
     local_source
         .verify_signature_on_session_id(
             &source_verification_key,
             &source_info.session_id,
             &source_info.session_id_signature,
         )
         .expect("failed verification of signed session ID");

     // Both ends should agree on the session ID.
     assert_eq!(source_info.session_id, sink_info.sessionId);

     // Step 4: pass the (local) source's session ID signature back to the sink, so it can check it
     // and update the symmetric keys so they're marked as authentication complete.
     let _sink_arcs = sink
         .authenticationComplete(
             &vec_to_signature(&source_info.session_id_signature),
             &sink_info.sharedKeys,
         )
         .expect("failed to authenticationComplete() with remote sink");
     // Decrypt and return the session keys.
     let decrypted_shared_keys = local_source
         .decipher_shared_keys_from_arcs(&source_info.shared_keys)
         .expect("failed to decrypt shared key arcs")
         .try_into();
     let decrypted_shared_keys_array = match decrypted_shared_keys {
         Ok(array) => array,
         Err(_) => panic!("wrong number of decrypted shared key arcs"),
     };
     (decrypted_shared_keys_array, sink_info.sessionId)
 }

 /// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
 /// session ID signature.
 pub fn test_corrupt_sig(
     local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
 ) {
     // Step 1: create an ephemeral ECDH key at the (local) source.
     let source_init_info = local_source
         .create()
         .expect("failed to create() with local impl");

     // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
     let init_result = sink
         .init(
             &build_plain_pub_key(&source_init_info.ke_key.pub_key),
             &vec_to_identity(&source_init_info.identity),
             &source_init_info.nonce,
             source_init_info.version,
         )
         .expect("failed to init() with remote impl");
     let sink_init_info = init_result.sessionInitiationInfo;
     let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);

     let sink_info = init_result.sessionInfo;
     assert!(!sink_info.sessionId.is_empty());

     // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
     // can calculate the same pair of symmetric keys.
     let source_info = local_source
         .finish(
             &sink_pub_key.plainPubKey,
             &sink_init_info.identity.identity,
             &sink_info.signature.signature,
             &sink_init_info.nonce,
             sink_init_info.version,
             source_init_info.ke_key,
         )
         .expect("failed to finish() with local impl");
     assert!(!source_info.session_id.is_empty());

     // Build a corrupted version of the (local) source's session ID signature.
     let mut corrupt_signature = source_info.session_id_signature.clone();
     let sig_len = corrupt_signature.len();
     corrupt_signature[sig_len - 1] ^= 0x01;

     // Step 4: pass the (local) source's **invalid** session ID signature back to the sink,
     // which should reject it.
     let result =
         sink.authenticationComplete(&vec_to_signature(&corrupt_signature), &sink_info.sharedKeys);
     let err = result.expect_err("expect failure with corrupt signature");
     assert_eq!(
         err,
         binder::Status::new_service_specific_error(Error::INVALID_SIGNATURE.0, None)
     );
 }

 /// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
 /// Arc for the sink's key.
 pub fn test_corrupt_keys(
     local_source: &mut ke::AuthGraphParticipant,
     sink: binder::Strong<dyn IAuthGraphKeyExchange>,
 ) {
     // Step 1: create an ephemeral ECDH key at the (local) source.
     let source_init_info = local_source
         .create()
         .expect("failed to create() with local impl");

     // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
     let init_result = sink
         .init(
             &build_plain_pub_key(&source_init_info.ke_key.pub_key),
             &vec_to_identity(&source_init_info.identity),
             &source_init_info.nonce,
             source_init_info.version,
         )
         .expect("failed to init() with remote impl");
     let sink_init_info = init_result.sessionInitiationInfo;
     let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);

     let sink_info = init_result.sessionInfo;
     assert!(!sink_info.sessionId.is_empty());

     // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
     // can calculate the same pair of symmetric keys.
     let source_info = local_source
         .finish(
             &sink_pub_key.plainPubKey,
             &sink_init_info.identity.identity,
             &sink_info.signature.signature,
             &sink_init_info.nonce,
             sink_init_info.version,
             source_init_info.ke_key,
         )
         .expect("failed to finish() with local impl");
     assert!(!source_info.session_id.is_empty());

     // Deliberately corrupt the sink's shared key Arcs before returning them
     let mut corrupt_keys = sink_info.sharedKeys.clone();
     let len0 = corrupt_keys[0].arc.len();
     let len1 = corrupt_keys[1].arc.len();
     corrupt_keys[0].arc[len0 - 1] ^= 0x01;
     corrupt_keys[1].arc[len1 - 1] ^= 0x01;

     // Step 4: pass the (local) source's session ID signature back to the sink, but with corrupted
     // keys, which should be rejected.
     let result = sink.authenticationComplete(
         &vec_to_signature(&source_info.session_id_signature),
         &corrupt_keys,
     );
     let err = result.expect_err("expect failure with corrupt keys");
     assert_eq!(
         err,
         binder::Status::new_service_specific_error(Error::INVALID_SHARED_KEY_ARCS.0, None)
     );
 }
	/*
	* Copyright (C) 2023 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	//! VTS tests for sinks
	use super::*;
	use authgraph_core::{key, keyexchange as ke};

	/// Run AuthGraph tests against the provided sink, using a local test source implementation.
	pub fn test(
	local_source: &mut ke::AuthGraphParticipant,
	sink: binder::Strong<dyn IAuthGraphKeyExchange>,
	) {
	test_mainline(local_source, sink.clone());
	test_corrupt_sig(local_source, sink.clone());
	test_corrupt_keys(local_source, sink);
	}

	/// Perform mainline AuthGraph key exchange with the provided sink and local implementation.
	/// Return the agreed AES keys in plaintext, together with the session ID.
	pub fn test_mainline(
	local_source: &mut ke::AuthGraphParticipant,
	sink: binder::Strong<dyn IAuthGraphKeyExchange>,
	) -> ([key::AesKey; 2], Vec<u8>) {
	// Step 1: create an ephemeral ECDH key at the (local) source.
	let source_init_info = local_source
	.create()
	.expect("failed to create() with local impl");

	// Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
	let init_result = sink
	.init(
	&build_plain_pub_key(&source_init_info.ke_key.pub_key),
	&vec_to_identity(&source_init_info.identity),
	&source_init_info.nonce,
	source_init_info.version,
	)
	.expect("failed to init() with remote impl");
	let sink_init_info = init_result.sessionInitiationInfo;
	let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);

	let sink_info = init_result.sessionInfo;
	assert!(!sink_info.sessionId.is_empty());

	// The AuthGraph core library will verify the session ID signature, but do it here too.
	let sink_verification_key = local_source
	.peer_verification_key_from_identity(&sink_init_info.identity.identity)
	.expect("failed to get peer verification from identity");
	local_source
	.verify_signature_on_session_id(
	&sink_verification_key,
	&sink_info.sessionId,
	&sink_info.signature.signature,
	)
	.expect("failed verification of signed session ID");

	// Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
	// can calculate the same pair of symmetric keys.
	let source_info = local_source
	.finish(
	&sink_pub_key.plainPubKey,
	&sink_init_info.identity.identity,
	&sink_info.signature.signature,
	&sink_init_info.nonce,
	sink_init_info.version,
	source_init_info.ke_key,
	)
	.expect("failed to finish() with local impl");
	assert!(!source_info.session_id.is_empty());

	// The AuthGraph core library will verify the session ID signature, but do it here too.
	let source_verification_key = key::Identity::from_slice(&source_init_info.identity)
	.expect("invalid identity CBOR")
	.cert_chain
	.root_key;
	local_source
	.verify_signature_on_session_id(
	&source_verification_key,
	&source_info.session_id,
	&source_info.session_id_signature,
	)
	.expect("failed verification of signed session ID");

	// Both ends should agree on the session ID.
	assert_eq!(source_info.session_id, sink_info.sessionId);

	// Step 4: pass the (local) source's session ID signature back to the sink, so it can check it
	// and update the symmetric keys so they're marked as authentication complete.
	let _sink_arcs = sink
	.authenticationComplete(
	&vec_to_signature(&source_info.session_id_signature),
	&sink_info.sharedKeys,
	)
	.expect("failed to authenticationComplete() with remote sink");
	// Decrypt and return the session keys.
	let decrypted_shared_keys = local_source
	.decipher_shared_keys_from_arcs(&source_info.shared_keys)
	.expect("failed to decrypt shared key arcs")
	.try_into();
	let decrypted_shared_keys_array = match decrypted_shared_keys {
	Ok(array) => array,
	Err(_) => panic!("wrong number of decrypted shared key arcs"),
	};
	(decrypted_shared_keys_array, sink_info.sessionId)
	}

	/// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
	/// session ID signature.
	pub fn test_corrupt_sig(
	local_source: &mut ke::AuthGraphParticipant,
	sink: binder::Strong<dyn IAuthGraphKeyExchange>,
	) {
	// Step 1: create an ephemeral ECDH key at the (local) source.
	let source_init_info = local_source
	.create()
	.expect("failed to create() with local impl");

	// Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
	let init_result = sink
	.init(
	&build_plain_pub_key(&source_init_info.ke_key.pub_key),
	&vec_to_identity(&source_init_info.identity),
	&source_init_info.nonce,
	source_init_info.version,
	)
	.expect("failed to init() with remote impl");
	let sink_init_info = init_result.sessionInitiationInfo;
	let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);

	let sink_info = init_result.sessionInfo;
	assert!(!sink_info.sessionId.is_empty());

	// Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
	// can calculate the same pair of symmetric keys.
	let source_info = local_source
	.finish(
	&sink_pub_key.plainPubKey,
	&sink_init_info.identity.identity,
	&sink_info.signature.signature,
	&sink_init_info.nonce,
	sink_init_info.version,
	source_init_info.ke_key,
	)
	.expect("failed to finish() with local impl");
	assert!(!source_info.session_id.is_empty());

	// Build a corrupted version of the (local) source's session ID signature.
	let mut corrupt_signature = source_info.session_id_signature.clone();
	let sig_len = corrupt_signature.len();
	corrupt_signature[sig_len - 1] ^= 0x01;

	// Step 4: pass the (local) source's invalid session ID signature back to the sink,
	// which should reject it.
	let result =
	sink.authenticationComplete(&vec_to_signature(&corrupt_signature), &sink_info.sharedKeys);
	let err = result.expect_err("expect failure with corrupt signature");
	assert_eq!(
	err,
	binder::Status::new_service_specific_error(Error::INVALID_SIGNATURE.0, None)
	);
	}

	/// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
	/// Arc for the sink's key.
	pub fn test_corrupt_keys(
	local_source: &mut ke::AuthGraphParticipant,
	sink: binder::Strong<dyn IAuthGraphKeyExchange>,
	) {
	// Step 1: create an ephemeral ECDH key at the (local) source.
	let source_init_info = local_source
	.create()
	.expect("failed to create() with local impl");

	// Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
	let init_result = sink
	.init(
	&build_plain_pub_key(&source_init_info.ke_key.pub_key),
	&vec_to_identity(&source_init_info.identity),
	&source_init_info.nonce,
	source_init_info.version,
	)
	.expect("failed to init() with remote impl");
	let sink_init_info = init_result.sessionInitiationInfo;
	let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);

	let sink_info = init_result.sessionInfo;
	assert!(!sink_info.sessionId.is_empty());

	// Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
	// can calculate the same pair of symmetric keys.
	let source_info = local_source
	.finish(
	&sink_pub_key.plainPubKey,
	&sink_init_info.identity.identity,
	&sink_info.signature.signature,
	&sink_init_info.nonce,
	sink_init_info.version,
	source_init_info.ke_key,
	)
	.expect("failed to finish() with local impl");
	assert!(!source_info.session_id.is_empty());

	// Deliberately corrupt the sink's shared key Arcs before returning them
	let mut corrupt_keys = sink_info.sharedKeys.clone();
	let len0 = corrupt_keys[0].arc.len();
	let len1 = corrupt_keys[1].arc.len();
	corrupt_keys[0].arc[len0 - 1] ^= 0x01;
	corrupt_keys[1].arc[len1 - 1] ^= 0x01;

	// Step 4: pass the (local) source's session ID signature back to the sink, but with corrupted
	// keys, which should be rejected.
	let result = sink.authenticationComplete(
	&vec_to_signature(&source_info.session_id_signature),
	&corrupt_keys,
	);
	let err = result.expect_err("expect failure with corrupt keys");
	assert_eq!(
	err,
	binder::Status::new_service_specific_error(Error::INVALID_SHARED_KEY_ARCS.0, None)
	);
	}