1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <fcntl.h>
18 #include <stdlib.h>
19 #include <unistd.h>
20 #include <sys/mman.h>
21 #include <sys/stat.h>
22 #include <sys/types.h>
23
24 #include <fstream>
25 #include <iostream>
26 #include <memory>
27
28 #include <gtest/gtest.h>
29
30 #include <openssl/bn.h>
31 #include <openssl/evp.h>
32 #include <openssl/x509.h>
33
34 #define LOG_TAG "keymaster_test"
35 #include <utils/Log.h>
36
37 #include <hardware/keymaster0.h>
38
39 namespace android {
40
41 class UniqueBlob : public std::unique_ptr<uint8_t[]> {
42 public:
UniqueBlob(size_t length)43 explicit UniqueBlob(size_t length) :
44 mLength(length) {
45 }
46
UniqueBlob(uint8_t * bytes,size_t length)47 UniqueBlob(uint8_t* bytes, size_t length) :
48 std::unique_ptr<uint8_t[]>(bytes), mLength(length) {
49 }
50
operator ==(const UniqueBlob & other) const51 bool operator==(const UniqueBlob &other) const {
52 if (other.length() != mLength) {
53 return false;
54 }
55
56 const uint8_t* mine = get();
57 const uint8_t* theirs = other.get();
58
59 for (size_t i = 0; i < mLength; i++) {
60 if (mine[i] != theirs[i]) {
61 return false;
62 }
63 }
64
65 return true;
66 }
67
length() const68 size_t length() const {
69 return mLength;
70 }
71
72 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob);
73
74 private:
75 size_t mLength;
76 };
77
operator <<(std::ostream & stream,const UniqueBlob & blob)78 std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) {
79 const size_t length = blob.mLength;
80 stream << "Blob length=" << length << " < ";
81
82 const uint8_t* data = blob.get();
83 for (size_t i = 0; i < length; i++) {
84 stream << std::hex << std::setw(2) << std::setfill('0')
85 << static_cast<unsigned int>(data[i]) << ' ';
86 }
87 stream << '>' << std::endl;
88
89 return stream;
90 }
91
92 class UniqueKey : public UniqueBlob {
93 public:
UniqueKey(keymaster0_device_t ** dev,uint8_t * bytes,size_t length)94 UniqueKey(keymaster0_device_t** dev, uint8_t* bytes, size_t length) :
95 UniqueBlob(bytes, length), mDevice(dev) {
96 }
97
~UniqueKey()98 ~UniqueKey() {
99 if (mDevice != NULL && *mDevice != NULL) {
100 keymaster0_device_t* dev = *mDevice;
101 if (dev->delete_keypair != NULL) {
102 dev->delete_keypair(dev, get(), length());
103 }
104 }
105 }
106
107 private:
108 keymaster0_device_t** mDevice;
109 };
110
111 class UniqueReadOnlyBlob {
112 public:
UniqueReadOnlyBlob(uint8_t * data,size_t dataSize)113 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) :
114 mDataSize(dataSize) {
115 int pageSize = sysconf(_SC_PAGE_SIZE);
116 if (pageSize == -1) {
117 return;
118 }
119
120 int fd = open("/dev/zero", O_RDONLY);
121 if (fd == -1) {
122 return;
123 }
124
125 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1);
126 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE,
127 MAP_PRIVATE, fd, 0);
128 close(fd);
129
130 if (buffer == NULL) {
131 return;
132 }
133
134 memcpy(buffer, data, dataSize);
135 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) {
136 munmap(buffer, mBufferSize);
137 return;
138 }
139
140 mBuffer = buffer;
141 }
142
~UniqueReadOnlyBlob()143 ~UniqueReadOnlyBlob() {
144 munmap(mBuffer, mBufferSize);
145 }
146
get() const147 uint8_t* get() const {
148 return mBuffer;
149 }
150
length() const151 size_t length() const {
152 return mDataSize;
153 }
154
155 private:
156 uint8_t* mBuffer;
157 size_t mBufferSize;
158 size_t mDataSize;
159 };
160
161 struct BIGNUM_Delete {
operator ()android::BIGNUM_Delete162 void operator()(BIGNUM* p) const {
163 BN_free(p);
164 }
165 };
166 typedef std::unique_ptr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
167
168 struct EVP_PKEY_Delete {
operator ()android::EVP_PKEY_Delete169 void operator()(EVP_PKEY* p) const {
170 EVP_PKEY_free(p);
171 }
172 };
173 typedef std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
174
175 struct PKCS8_PRIV_KEY_INFO_Delete {
operator ()android::PKCS8_PRIV_KEY_INFO_Delete176 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
177 PKCS8_PRIV_KEY_INFO_free(p);
178 }
179 };
180 typedef std::unique_ptr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
181
182 struct RSA_Delete {
operator ()android::RSA_Delete183 void operator()(RSA* p) const {
184 RSA_free(p);
185 }
186 };
187 typedef std::unique_ptr<RSA, RSA_Delete> Unique_RSA;
188
189 struct EC_KEY_Delete {
operator ()android::EC_KEY_Delete190 void operator()(EC_KEY* p) const {
191 EC_KEY_free(p);
192 }
193 };
194 typedef std::unique_ptr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY;
195
196
197 /*
198 * DER-encoded PKCS#8 format RSA key. Generated using:
199 *
200 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
201 */
202 static uint8_t TEST_RSA_KEY_1[] = {
203 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
204 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
205 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
206 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27,
207 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55,
208 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0,
209 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A,
210 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13,
211 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8,
212 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A,
213 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77,
214 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10,
215 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D,
216 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7,
217 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64,
218 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6,
219 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC,
220 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9,
221 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A,
222 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F,
223 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28,
224 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC,
225 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD,
226 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78,
227 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
228 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC,
229 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA,
230 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF,
231 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F,
232 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26,
233 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07,
234 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77,
235 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D,
236 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75,
237 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF,
238 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12,
239 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34,
240 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48,
241 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98,
242 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43,
243 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC,
244 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75,
245 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57,
246 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21,
247 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68,
248 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81,
249 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA,
250 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27,
251 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12,
252 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89,
253 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B,
254 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D,
255 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50,
256 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7,
257 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95,
258 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12,
259 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E,
260 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC,
261 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63,
262 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33,
263 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44,
264 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32,
265 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4,
266 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5,
267 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0,
268 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E,
269 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83,
270 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C,
271 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4,
272 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42,
273 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14,
274 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8,
275 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C,
276 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6,
277 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67,
278 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B,
279 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D,
280 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B,
281 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62,
282 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91,
283 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1,
284 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40,
285 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64,
286 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E,
287 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72,
288 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F,
289 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11,
290 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE,
291 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9,
292 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71,
293 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B,
294 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46,
295 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13,
296 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E,
297 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61,
298 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2,
299 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63,
300 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82,
301 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED,
302 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9,
303 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2,
304 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5,
305 };
306
307 /*
308 * DER-encoded PKCS#8 format EC key. Generated using:
309 *
310 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
311 */
312 static uint8_t TEST_EC_KEY_1[] = {
313 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86,
314 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
315 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20,
316 0x25, 0xAC, 0x77, 0x2B, 0x04, 0x33, 0xC8, 0x16, 0x59, 0xA3, 0xC7, 0xE7,
317 0x11, 0x42, 0xD0, 0x11, 0x71, 0x30, 0x7B, 0xB8, 0xD2, 0x67, 0xFF, 0x9C,
318 0x5F, 0x50, 0x2E, 0xAB, 0x67, 0xD4, 0x17, 0x51, 0xA1, 0x44, 0x03, 0x42,
319 0x00, 0x04, 0xCF, 0xCE, 0xB8, 0x7F, 0x88, 0x36, 0xC4, 0xF8, 0x51, 0x29,
320 0xE2, 0xA7, 0x21, 0xC3, 0x3B, 0xFF, 0x88, 0xE3, 0x87, 0x98, 0xD1, 0xA6,
321 0x4B, 0xB3, 0x4B, 0xD5, 0x44, 0xF8, 0xE0, 0x43, 0x6B, 0x50, 0x74, 0xFB,
322 0xB0, 0xAD, 0x41, 0x1C, 0x11, 0x9D, 0xC6, 0x1E, 0x83, 0x8C, 0x49, 0xCA,
323 0xBE, 0xC6, 0xCE, 0xB6, 0xC9, 0xA1, 0xBF, 0x69, 0xA9, 0xA0, 0xA3, 0x80,
324 0x14, 0x39, 0x57, 0x94, 0xDA, 0x5D
325 };
326
327
328 /*
329 * Generated using keys on the keyboard and lack of imagination.
330 */
331 static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF };
332
333
334 class KeymasterBaseTest : public ::testing::Test {
335 public:
SetUpTestCase()336 static void SetUpTestCase() {
337 const hw_module_t* mod;
338 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod))
339 << "Should be able to find a keymaster hardware module";
340
341 std::cout << "Using keymaster module: " << mod->name << std::endl;
342
343 ASSERT_EQ(0, keymaster0_open(mod, &sDevice))
344 << "Should be able to open the keymaster device";
345
346 ASSERT_EQ(KEYMASTER_MODULE_API_VERSION_0_2, mod->module_api_version)
347 << "Keymaster should implement API version 2";
348
349 ASSERT_TRUE(sDevice->generate_keypair != NULL)
350 << "Should implement generate_keypair";
351
352 ASSERT_TRUE(sDevice->import_keypair != NULL)
353 << "Should implement import_keypair";
354
355 ASSERT_TRUE(sDevice->get_keypair_public != NULL)
356 << "Should implement get_keypair_public";
357
358 ASSERT_TRUE(sDevice->sign_data != NULL)
359 << "Should implement sign_data";
360
361 ASSERT_TRUE(sDevice->verify_data != NULL)
362 << "Should implement verify_data";
363 }
364
TearDownTestCase()365 static void TearDownTestCase() {
366 ASSERT_EQ(0, keymaster0_close(sDevice));
367 }
368
369 protected:
370 static keymaster0_device_t* sDevice;
371 };
372
373 keymaster0_device_t* KeymasterBaseTest::sDevice = NULL;
374
375 class KeymasterTest : public KeymasterBaseTest {
376 };
377
378 class KeymasterAllTypesTest : public KeymasterBaseTest,
379 public ::testing::WithParamInterface<keymaster_keypair_t> {
380 };
381
382 class KeymasterGenerateRSATest : public KeymasterBaseTest,
383 public ::testing::WithParamInterface<uint32_t> {
384 };
385
386 class KeymasterGenerateDSATest : public KeymasterBaseTest,
387 public ::testing::WithParamInterface<uint32_t> {
388 };
389
390 class KeymasterGenerateECTest : public KeymasterBaseTest,
391 public ::testing::WithParamInterface<uint32_t> {
392 };
393
TEST_P(KeymasterGenerateRSATest,GenerateKeyPair_RSA_Success)394 TEST_P(KeymasterGenerateRSATest, GenerateKeyPair_RSA_Success) {
395 keymaster_keypair_t key_type = TYPE_RSA;
396 keymaster_rsa_keygen_params_t params = {
397 .modulus_size = GetParam(),
398 .public_exponent = RSA_F4,
399 };
400
401 uint8_t* key_blob;
402 size_t key_blob_length;
403
404 ASSERT_EQ(0,
405 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length))
406 << "Should generate an RSA key with " << GetParam() << " bit modulus size";
407 UniqueKey key(&sDevice, key_blob, key_blob_length);
408
409 uint8_t* x509_data = NULL;
410 size_t x509_data_length;
411 ASSERT_EQ(0,
412 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
413 &x509_data, &x509_data_length))
414 << "Should be able to retrieve RSA public key successfully";
415 UniqueBlob x509_blob(x509_data, x509_data_length);
416 ASSERT_FALSE(x509_blob.get() == NULL)
417 << "X509 data should be allocated";
418
419 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
420 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
421 static_cast<long>(x509_blob.length())));
422
423 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type))
424 << "Generated key type should be of type RSA";
425
426 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get()));
427 ASSERT_FALSE(rsa.get() == NULL)
428 << "Should be able to extract RSA key from EVP_PKEY";
429
430 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e))
431 << "Exponent should be RSA_F4";
432
433 ASSERT_EQ((GetParam() + 7) / 8, static_cast<uint32_t>(RSA_size(rsa.get())))
434 << "Modulus size should be the specified parameter";
435 }
436
437 INSTANTIATE_TEST_CASE_P(RSA,
438 KeymasterGenerateRSATest,
439 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U));
440
441
TEST_P(KeymasterGenerateECTest,GenerateKeyPair_EC_Success)442 TEST_P(KeymasterGenerateECTest, GenerateKeyPair_EC_Success) {
443 keymaster_keypair_t key_type = TYPE_EC;
444 keymaster_ec_keygen_params_t params = {
445 .field_size = GetParam(),
446 };
447
448 uint8_t* key_blob;
449 size_t key_blob_length;
450
451 ASSERT_EQ(0,
452 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length))
453 << "Should generate an EC key with " << GetParam() << " field size";
454 UniqueKey key(&sDevice, key_blob, key_blob_length);
455
456 uint8_t* x509_data = NULL;
457 size_t x509_data_length;
458 ASSERT_EQ(0,
459 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
460 &x509_data, &x509_data_length))
461 << "Should be able to retrieve EC public key successfully";
462 UniqueBlob x509_blob(x509_data, x509_data_length);
463 ASSERT_FALSE(x509_blob.get() == NULL)
464 << "X509 data should be allocated";
465
466 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
467 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
468 static_cast<long>(x509_blob.length())));
469
470 ASSERT_EQ(EVP_PKEY_EC, EVP_PKEY_type(actual.get()->type))
471 << "Generated key type should be of type EC";
472
473 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(actual.get()));
474 ASSERT_FALSE(ecKey.get() == NULL)
475 << "Should be able to extract EC key from EVP_PKEY";
476
477 ASSERT_FALSE(EC_KEY_get0_group(ecKey.get()) == NULL)
478 << "EC key should have a EC_GROUP";
479
480 ASSERT_TRUE(EC_KEY_check_key(ecKey.get()))
481 << "EC key should check correctly";
482 }
483
484 INSTANTIATE_TEST_CASE_P(EC,
485 KeymasterGenerateECTest,
486 ::testing::Values(192U, 224U, 256U, 384U, 521U));
487
488
TEST_P(KeymasterAllTypesTest,GenerateKeyPair_NullParams_Failure)489 TEST_P(KeymasterAllTypesTest, GenerateKeyPair_NullParams_Failure) {
490 keymaster_keypair_t key_type = GetParam();
491
492 uint8_t* key_blob;
493 size_t key_blob_length;
494
495 ASSERT_EQ(-1,
496 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
497 << "Should not be able to generate a key with null params";
498 }
499
500 INSTANTIATE_TEST_CASE_P(Types,
501 KeymasterAllTypesTest,
502 ::testing::Values(TYPE_RSA, TYPE_DSA, TYPE_EC));
503
TEST_F(KeymasterTest,GenerateKeyPair_UnknownType_Failure)504 TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) {
505 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF);
506
507 uint8_t* key_blob;
508 size_t key_blob_length;
509
510 ASSERT_EQ(-1,
511 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
512 << "Should not generate an unknown key type";
513 }
514
TEST_F(KeymasterTest,ImportKeyPair_RSA_Success)515 TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) {
516 uint8_t* key_blob;
517 size_t key_blob_length;
518
519 ASSERT_EQ(0,
520 sDevice->import_keypair(sDevice, TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1),
521 &key_blob, &key_blob_length))
522 << "Should successfully import an RSA key";
523 UniqueKey key(&sDevice, key_blob, key_blob_length);
524
525 uint8_t* x509_data;
526 size_t x509_data_length;
527 ASSERT_EQ(0,
528 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
529 &x509_data, &x509_data_length))
530 << "Should be able to retrieve RSA public key successfully";
531 UniqueBlob x509_blob(x509_data, x509_data_length);
532
533 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
534 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
535 static_cast<long>(x509_blob.length())));
536
537 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA)
538 << "Generated key type should be of type RSA";
539
540 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_RSA_KEY_1);
541 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8(
542 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp,
543 sizeof(TEST_RSA_KEY_1)));
544
545 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
546
547 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
548 << "Expected and actual keys should match";
549 }
550
TEST_F(KeymasterTest,ImportKeyPair_EC_Success)551 TEST_F(KeymasterTest, ImportKeyPair_EC_Success) {
552 uint8_t* key_blob;
553 size_t key_blob_length;
554
555 ASSERT_EQ(0,
556 sDevice->import_keypair(sDevice, TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1),
557 &key_blob, &key_blob_length))
558 << "Should successfully import an EC key";
559 UniqueKey key(&sDevice, key_blob, key_blob_length);
560
561 uint8_t* x509_data;
562 size_t x509_data_length;
563 ASSERT_EQ(0,
564 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
565 &x509_data, &x509_data_length))
566 << "Should be able to retrieve EC public key successfully";
567 UniqueBlob x509_blob(x509_data, x509_data_length);
568
569 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
570 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
571 static_cast<long>(x509_blob.length())));
572
573 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_EC)
574 << "Generated key type should be of type EC";
575
576 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_EC_KEY_1);
577 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8(
578 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp,
579 sizeof(TEST_EC_KEY_1)));
580
581 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
582
583 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
584 << "Expected and actual keys should match";
585 }
586
TEST_F(KeymasterTest,ImportKeyPair_BogusKey_Failure)587 TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) {
588 uint8_t* key_blob;
589 size_t key_blob_length;
590
591 ASSERT_EQ(-1,
592 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1),
593 &key_blob, &key_blob_length))
594 << "Should not import an unknown key type";
595 }
596
TEST_F(KeymasterTest,ImportKeyPair_NullKey_Failure)597 TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) {
598 uint8_t* key_blob;
599 size_t key_blob_length;
600
601 ASSERT_EQ(-1,
602 sDevice->import_keypair(sDevice, NULL, 0,
603 &key_blob, &key_blob_length))
604 << "Should not import a null key";
605 }
606
TEST_F(KeymasterTest,GetKeypairPublic_RSA_Success)607 TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) {
608 uint8_t* key_blob;
609 size_t key_blob_length;
610
611 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
612 ASSERT_TRUE(testKey.get() != NULL);
613
614 ASSERT_EQ(0,
615 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
616 &key_blob, &key_blob_length))
617 << "Should successfully import an RSA key";
618 UniqueKey key(&sDevice, key_blob, key_blob_length);
619
620 uint8_t* x509_data;
621 size_t x509_data_length;
622 ASSERT_EQ(0,
623 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
624 &x509_data, &x509_data_length))
625 << "Should be able to retrieve RSA public key successfully";
626 UniqueBlob x509_blob(x509_data, x509_data_length);
627 }
628
TEST_F(KeymasterTest,GetKeypairPublic_EC_Success)629 TEST_F(KeymasterTest, GetKeypairPublic_EC_Success) {
630 uint8_t* key_blob;
631 size_t key_blob_length;
632
633 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1));
634 ASSERT_TRUE(testKey.get() != NULL);
635
636 ASSERT_EQ(0,
637 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
638 &key_blob, &key_blob_length))
639 << "Should successfully import an EC key";
640 UniqueKey key(&sDevice, key_blob, key_blob_length);
641
642 uint8_t* x509_data;
643 size_t x509_data_length;
644 ASSERT_EQ(0,
645 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
646 &x509_data, &x509_data_length))
647 << "Should be able to retrieve EC public key successfully";
648 UniqueBlob x509_blob(x509_data, x509_data_length);
649 }
650
TEST_F(KeymasterTest,GetKeypairPublic_NullKey_Failure)651 TEST_F(KeymasterTest, GetKeypairPublic_NullKey_Failure) {
652 uint8_t* x509_data = NULL;
653 size_t x509_data_length;
654 ASSERT_EQ(-1,
655 sDevice->get_keypair_public(sDevice, NULL, 0,
656 &x509_data, &x509_data_length))
657 << "Should not be able to retrieve public key from null key";
658 UniqueBlob x509_blob(x509_data, x509_data_length);
659 }
660
TEST_F(KeymasterTest,GetKeypairPublic_RSA_NullDestination_Failure)661 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) {
662 uint8_t* key_blob;
663 size_t key_blob_length;
664
665 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
666 ASSERT_TRUE(testKey.get() != NULL);
667
668 ASSERT_EQ(0,
669 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
670 &key_blob, &key_blob_length))
671 << "Should successfully import an RSA key";
672 UniqueKey key(&sDevice, key_blob, key_blob_length);
673
674 ASSERT_EQ(-1,
675 sDevice->get_keypair_public(sDevice, key.get(), key.length(),
676 NULL, NULL))
677 << "Should not be able to succeed with NULL destination blob";
678 }
679
TEST_F(KeymasterTest,GetKeypairPublic_EC_NullDestination_Failure)680 TEST_F(KeymasterTest, GetKeypairPublic_EC_NullDestination_Failure) {
681 uint8_t* key_blob;
682 size_t key_blob_length;
683
684 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1));
685 ASSERT_TRUE(testKey.get() != NULL);
686
687 ASSERT_EQ(0,
688 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
689 &key_blob, &key_blob_length))
690 << "Should successfully import an RSA key";
691 UniqueKey key(&sDevice, key_blob, key_blob_length);
692
693 ASSERT_EQ(-1,
694 sDevice->get_keypair_public(sDevice, key.get(), key.length(),
695 NULL, NULL))
696 << "Should not be able to succeed with NULL destination blob";
697 }
698
TEST_F(KeymasterTest,DeleteKeyPair_RSA_Success)699 TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) {
700 uint8_t* key_blob;
701 size_t key_blob_length;
702
703 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
704 ASSERT_TRUE(testKey.get() != NULL);
705
706 ASSERT_EQ(0,
707 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
708 &key_blob, &key_blob_length))
709 << "Should successfully import an RSA key";
710 UniqueKey key(&sDevice, key_blob, key_blob_length);
711 }
712
TEST_F(KeymasterTest,DeleteKeyPair_RSA_DoubleDelete_Failure)713 TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) {
714 uint8_t* key_blob;
715 size_t key_blob_length;
716
717 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
718 ASSERT_TRUE(testKey.get() != NULL);
719
720 /*
721 * This is only run if the module indicates it implements key deletion
722 * by implementing delete_keypair.
723 */
724 if (sDevice->delete_keypair != NULL) {
725 ASSERT_EQ(0,
726 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
727 &key_blob, &key_blob_length))
728 << "Should successfully import an RSA key";
729 UniqueBlob blob(key_blob, key_blob_length);
730
731 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
732 << "Should delete key after import";
733
734 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
735 << "Should not be able to delete key twice";
736 }
737 }
738
TEST_F(KeymasterTest,DeleteKeyPair_RSA_NullKey_Failure)739 TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) {
740 /*
741 * This is only run if the module indicates it implements key deletion
742 * by implementing delete_keypair.
743 */
744 if (sDevice->delete_keypair != NULL) {
745 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0))
746 << "Should not be able to delete null key";
747 }
748 }
749
750 /*
751 * DER-encoded PKCS#8 format RSA key. Generated using:
752 *
753 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
754 */
755 static uint8_t TEST_SIGN_RSA_KEY_1[] = {
756 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
757 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
758 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
759 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5,
760 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9,
761 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78,
762 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED,
763 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D,
764 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00,
765 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2,
766 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E,
767 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55,
768 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B,
769 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E,
770 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64,
771 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6,
772 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C,
773 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5,
774 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA,
775 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83,
776 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43,
777 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6,
778 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60,
779 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A,
780 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20,
781 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9,
782 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B,
783 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80,
784 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A,
785 };
786
787 /*
788 * DER-encoded PKCS#8 format EC key. Generated using:
789 *
790 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
791 */
792 static uint8_t TEST_SIGN_EC_KEY_1[] = {
793 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86,
794 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
795 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20,
796 0x9E, 0x66, 0x11, 0x6A, 0x89, 0xF5, 0x78, 0x57, 0xF3, 0x35, 0xA2, 0x46,
797 0x09, 0x06, 0x4B, 0x4D, 0x81, 0xEC, 0xD3, 0x9B, 0x0A, 0xC4, 0x68, 0x06,
798 0xB8, 0x42, 0x24, 0x5E, 0x74, 0x2C, 0x62, 0x79, 0xA1, 0x44, 0x03, 0x42,
799 0x00, 0x04, 0x35, 0xB5, 0x9A, 0x5C, 0xE5, 0x52, 0x35, 0xF2, 0x10, 0x6C,
800 0xD9, 0x98, 0x67, 0xED, 0x5E, 0xCB, 0x6B, 0xB8, 0x96, 0x5E, 0x54, 0x7C,
801 0x34, 0x2A, 0xA3, 0x3B, 0xF3, 0xD1, 0x39, 0x48, 0x36, 0x7A, 0xEA, 0xD8,
802 0xCA, 0xDD, 0x40, 0x8F, 0xE9, 0xE0, 0x95, 0x2E, 0x3F, 0x95, 0x0F, 0x14,
803 0xD6, 0x14, 0x78, 0xB5, 0xAD, 0x17, 0xD2, 0x5A, 0x41, 0x96, 0x99, 0x20,
804 0xC7, 0x5B, 0x0F, 0x60, 0xFD, 0xBA
805 };
806
807 /*
808 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying
809 * the signature below in no padding mode:
810 *
811 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig
812 */
813 static uint8_t TEST_SIGN_DATA_1[] = {
814 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
815 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
816 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
817 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
818 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77,
819 0x6F, 0x72, 0x6C, 0x64,
820 };
821
822 /*
823 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_RSA_KEY_1. Generated using:
824 *
825 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1
826 */
827 static uint8_t TEST_SIGN_RSA_SIGNATURE_1[] = {
828 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
829 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
830 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
831 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
832 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
833 0x79, 0xE4, 0x91, 0x40,
834 };
835
836 /*
837 * Identical to TEST_SIGN_RSA_SIGNATURE_1 except the last octet is '1' instead of '0'
838 * This should fail any test.
839 */
840 static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = {
841 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
842 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
843 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
844 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
845 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
846 0x79, 0xE4, 0x91, 0x41,
847 };
848
TEST_F(KeymasterTest,SignData_RSA_Raw_Success)849 TEST_F(KeymasterTest, SignData_RSA_Raw_Success) {
850 uint8_t* key_blob;
851 size_t key_blob_length;
852
853 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
854 ASSERT_TRUE(testKey.get() != NULL);
855
856 ASSERT_EQ(0,
857 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
858 &key_blob, &key_blob_length))
859 << "Should successfully import an RSA key";
860 UniqueKey key(&sDevice, key_blob, key_blob_length);
861
862 keymaster_rsa_sign_params_t params = {
863 .digest_type = DIGEST_NONE,
864 .padding_type = PADDING_NONE,
865 };
866
867 uint8_t* sig;
868 size_t sig_length;
869
870 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
871 ASSERT_TRUE(testData.get() != NULL);
872
873 ASSERT_EQ(0,
874 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
875 testData.get(), testData.length(),
876 &sig, &sig_length))
877 << "Should sign data successfully";
878 UniqueBlob sig_blob(sig, sig_length);
879
880 UniqueBlob expected_sig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1));
881
882 ASSERT_EQ(expected_sig, sig_blob)
883 << "Generated signature should match expected signature";
884
885 // The expected signature is actually stack data, so don't let it try to free.
886 uint8_t* unused __attribute__((unused)) = expected_sig.release();
887 }
888
TEST_F(KeymasterTest,SignData_EC_Success)889 TEST_F(KeymasterTest, SignData_EC_Success) {
890 uint8_t* key_blob;
891 size_t key_blob_length;
892
893 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));
894 ASSERT_TRUE(testKey.get() != NULL);
895
896 ASSERT_EQ(0,
897 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
898 &key_blob, &key_blob_length))
899 << "Should successfully import an EC key";
900 UniqueKey key(&sDevice, key_blob, key_blob_length);
901
902 keymaster_ec_sign_params_t params = {
903 .digest_type = DIGEST_NONE,
904 };
905
906 uint8_t* sig;
907 size_t sig_length;
908
909 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
910 ASSERT_TRUE(testData.get() != NULL);
911
912 ASSERT_EQ(0,
913 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
914 testData.get(), testData.length(),
915 &sig, &sig_length))
916 << "Should sign data successfully";
917 UniqueBlob sig_blob(sig, sig_length);
918
919 uint8_t* x509_data;
920 size_t x509_data_length;
921 ASSERT_EQ(0,
922 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
923 &x509_data, &x509_data_length))
924 << "Should be able to retrieve RSA public key successfully";
925 UniqueBlob x509_blob(x509_data, x509_data_length);
926
927 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
928 Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
929 static_cast<long>(x509_blob.length())));
930
931 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get()));
932
933 ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get()))
934 << "Signature should verify";
935 }
936
TEST_F(KeymasterTest,SignData_RSA_Raw_InvalidSizeInput_Failure)937 TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) {
938 uint8_t* key_blob;
939 size_t key_blob_length;
940
941 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
942 ASSERT_TRUE(testKey.get() != NULL);
943
944 ASSERT_EQ(0,
945 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
946 &key_blob, &key_blob_length))
947 << "Should successfully import an RSA key";
948 UniqueKey key(&sDevice, key_blob, key_blob_length);
949
950 keymaster_rsa_sign_params_t params = {
951 .digest_type = DIGEST_NONE,
952 .padding_type = PADDING_NONE,
953 };
954
955 uint8_t* sig;
956 size_t sig_length;
957
958 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
959 ASSERT_TRUE(testData.get() != NULL);
960
961 ASSERT_EQ(-1,
962 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
963 testData.get(), testData.length(),
964 &sig, &sig_length))
965 << "Should not be able to do raw signature on incorrect size data";
966 }
967
TEST_F(KeymasterTest,SignData_RSA_Raw_NullKey_Failure)968 TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) {
969 keymaster_rsa_sign_params_t params = {
970 .digest_type = DIGEST_NONE,
971 .padding_type = PADDING_NONE,
972 };
973
974 uint8_t* sig;
975 size_t sig_length;
976
977 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
978 ASSERT_TRUE(testData.get() != NULL);
979
980 ASSERT_EQ(-1,
981 sDevice->sign_data(sDevice, ¶ms, NULL, 0,
982 testData.get(), testData.length(),
983 &sig, &sig_length))
984 << "Should not be able to do raw signature on incorrect size data";
985 }
986
TEST_F(KeymasterTest,SignData_RSA_Raw_NullInput_Failure)987 TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) {
988 uint8_t* key_blob;
989 size_t key_blob_length;
990
991 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
992 ASSERT_TRUE(testKey.get() != NULL);
993
994 ASSERT_EQ(0,
995 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
996 &key_blob, &key_blob_length))
997 << "Should successfully import an RSA key";
998 UniqueKey key(&sDevice, key_blob, key_blob_length);
999
1000 keymaster_rsa_sign_params_t params = {
1001 .digest_type = DIGEST_NONE,
1002 .padding_type = PADDING_NONE,
1003 };
1004
1005 uint8_t* sig;
1006 size_t sig_length;
1007
1008 ASSERT_EQ(-1,
1009 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
1010 NULL, 0,
1011 &sig, &sig_length))
1012 << "Should error when input data is null";
1013 }
1014
TEST_F(KeymasterTest,SignData_RSA_Raw_NullOutput_Failure)1015 TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) {
1016 uint8_t* key_blob;
1017 size_t key_blob_length;
1018
1019 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1020 ASSERT_TRUE(testKey.get() != NULL);
1021
1022 ASSERT_EQ(0,
1023 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1024 &key_blob, &key_blob_length))
1025 << "Should successfully import an RSA key";
1026 UniqueKey key(&sDevice, key_blob, key_blob_length);
1027
1028 keymaster_rsa_sign_params_t params = {
1029 .digest_type = DIGEST_NONE,
1030 .padding_type = PADDING_NONE,
1031 };
1032
1033 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
1034 ASSERT_TRUE(testData.get() != NULL);
1035
1036 ASSERT_EQ(-1,
1037 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
1038 testData.get(), testData.length(),
1039 NULL, NULL))
1040 << "Should error when output is null";
1041 }
1042
TEST_F(KeymasterTest,VerifyData_RSA_Raw_Success)1043 TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) {
1044 uint8_t* key_blob;
1045 size_t key_blob_length;
1046
1047 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1048 ASSERT_TRUE(testKey.get() != NULL);
1049
1050 ASSERT_EQ(0,
1051 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1052 &key_blob, &key_blob_length))
1053 << "Should successfully import an RSA key";
1054 UniqueKey key(&sDevice, key_blob, key_blob_length);
1055
1056 keymaster_rsa_sign_params_t params = {
1057 .digest_type = DIGEST_NONE,
1058 .padding_type = PADDING_NONE,
1059 };
1060
1061 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1062 ASSERT_TRUE(testData.get() != NULL);
1063
1064 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1));
1065 ASSERT_TRUE(testSig.get() != NULL);
1066
1067 ASSERT_EQ(0,
1068 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1069 testData.get(), testData.length(),
1070 testSig.get(), testSig.length()))
1071 << "Should verify data successfully";
1072 }
1073
TEST_F(KeymasterTest,VerifyData_EC_Raw_Success)1074 TEST_F(KeymasterTest, VerifyData_EC_Raw_Success) {
1075 uint8_t* key_blob;
1076 size_t key_blob_length;
1077
1078 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));
1079 ASSERT_TRUE(testKey.get() != NULL);
1080
1081 ASSERT_EQ(0,
1082 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1083 &key_blob, &key_blob_length))
1084 << "Should successfully import an RSA key";
1085 UniqueKey key(&sDevice, key_blob, key_blob_length);
1086
1087 keymaster_ec_sign_params_t params = {
1088 .digest_type = DIGEST_NONE,
1089 };
1090
1091 uint8_t* sig;
1092 size_t sig_length;
1093
1094 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1095 ASSERT_TRUE(testData.get() != NULL);
1096
1097 ASSERT_EQ(0,
1098 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
1099 testData.get(), testData.length(),
1100 &sig, &sig_length))
1101 << "Should sign data successfully";
1102 UniqueBlob sig_blob(sig, sig_length);
1103
1104 ASSERT_EQ(0,
1105 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1106 testData.get(), testData.length(),
1107 sig_blob.get(), sig_blob.length()))
1108 << "Should verify data successfully";
1109 }
1110
TEST_F(KeymasterTest,VerifyData_RSA_Raw_BadSignature_Failure)1111 TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) {
1112 uint8_t* key_blob;
1113 size_t key_blob_length;
1114
1115 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1116 ASSERT_TRUE(testKey.get() != NULL);
1117
1118 ASSERT_EQ(0,
1119 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1120 &key_blob, &key_blob_length))
1121 << "Should successfully import an RSA key";
1122 UniqueKey key(&sDevice, key_blob, key_blob_length);
1123
1124 keymaster_rsa_sign_params_t params = {
1125 .digest_type = DIGEST_NONE,
1126 .padding_type = PADDING_NONE,
1127 };
1128
1129 ASSERT_EQ(-1,
1130 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1131 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
1132 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
1133 << "Should sign data successfully";
1134 }
1135
TEST_F(KeymasterTest,VerifyData_EC_Raw_BadSignature_Failure)1136 TEST_F(KeymasterTest, VerifyData_EC_Raw_BadSignature_Failure) {
1137 uint8_t* key_blob;
1138 size_t key_blob_length;
1139
1140 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));
1141 ASSERT_TRUE(testKey.get() != NULL);
1142
1143 ASSERT_EQ(0,
1144 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1145 &key_blob, &key_blob_length))
1146 << "Should successfully import an RSA key";
1147 UniqueKey key(&sDevice, key_blob, key_blob_length);
1148
1149 keymaster_ec_sign_params_t params = {
1150 .digest_type = DIGEST_NONE,
1151 };
1152
1153 ASSERT_EQ(-1,
1154 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1155 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
1156 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
1157 << "Should sign data successfully";
1158 }
1159
TEST_F(KeymasterTest,VerifyData_RSA_Raw_NullKey_Failure)1160 TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) {
1161 keymaster_rsa_sign_params_t params = {
1162 .digest_type = DIGEST_NONE,
1163 .padding_type = PADDING_NONE,
1164 };
1165
1166 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1167 ASSERT_TRUE(testData.get() != NULL);
1168
1169 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1));
1170 ASSERT_TRUE(testSig.get() != NULL);
1171
1172 ASSERT_EQ(-1,
1173 sDevice->verify_data(sDevice, ¶ms, NULL, 0,
1174 testData.get(), testData.length(),
1175 testSig.get(), testSig.length()))
1176 << "Should fail when key is null";
1177 }
1178
TEST_F(KeymasterTest,VerifyData_RSA_NullInput_Failure)1179 TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) {
1180 uint8_t* key_blob;
1181 size_t key_blob_length;
1182
1183 ASSERT_EQ(0,
1184 sDevice->import_keypair(sDevice, TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1),
1185 &key_blob, &key_blob_length))
1186 << "Should successfully import an RSA key";
1187 UniqueKey key(&sDevice, key_blob, key_blob_length);
1188
1189 keymaster_rsa_sign_params_t params = {
1190 .digest_type = DIGEST_NONE,
1191 .padding_type = PADDING_NONE,
1192 };
1193
1194 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1));
1195 ASSERT_TRUE(testSig.get() != NULL);
1196
1197 ASSERT_EQ(-1,
1198 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1199 NULL, 0,
1200 testSig.get(), testSig.length()))
1201 << "Should fail on null input";
1202 }
1203
TEST_F(KeymasterTest,VerifyData_RSA_NullSignature_Failure)1204 TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) {
1205 uint8_t* key_blob;
1206 size_t key_blob_length;
1207
1208 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1209 ASSERT_TRUE(testKey.get() != NULL);
1210
1211 ASSERT_EQ(0,
1212 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1213 &key_blob, &key_blob_length))
1214 << "Should successfully import an RSA key";
1215 UniqueKey key(&sDevice, key_blob, key_blob_length);
1216
1217 keymaster_rsa_sign_params_t params = {
1218 .digest_type = DIGEST_NONE,
1219 .padding_type = PADDING_NONE,
1220 };
1221
1222 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1223 ASSERT_TRUE(testData.get() != NULL);
1224
1225 ASSERT_EQ(-1,
1226 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(),
1227 testData.get(), testData.length(),
1228 NULL, 0))
1229 << "Should fail on null signature";
1230 }
1231
TEST_F(KeymasterTest,EraseAll_Success)1232 TEST_F(KeymasterTest, EraseAll_Success) {
1233 uint8_t *key1_blob, *key2_blob;
1234 size_t key1_blob_length, key2_blob_length;
1235
1236 // Only test this if the device says it supports delete_all
1237 if (sDevice->delete_all == NULL) {
1238 return;
1239 }
1240
1241 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1242 ASSERT_TRUE(testKey.get() != NULL);
1243
1244 ASSERT_EQ(0,
1245 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1246 &key1_blob, &key1_blob_length))
1247 << "Should successfully import an RSA key";
1248 UniqueKey key1(&sDevice, key1_blob, key1_blob_length);
1249
1250 UniqueReadOnlyBlob testKey2(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1251 ASSERT_TRUE(testKey2.get() != NULL);
1252
1253 ASSERT_EQ(0,
1254 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(),
1255 &key2_blob, &key2_blob_length))
1256 << "Should successfully import an RSA key";
1257 UniqueKey key2(&sDevice, key2_blob, key2_blob_length);
1258
1259 ASSERT_EQ(0, sDevice->delete_all(sDevice))
1260 << "Should erase all keys";
1261
1262 key1.reset();
1263
1264 uint8_t* x509_data;
1265 size_t x509_data_length;
1266 ASSERT_EQ(-1,
1267 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length,
1268 &x509_data, &x509_data_length))
1269 << "Should be able to retrieve RSA public key 1 successfully";
1270
1271 ASSERT_EQ(-1,
1272 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length,
1273 &x509_data, &x509_data_length))
1274 << "Should be able to retrieve RSA public key 2 successfully";
1275 }
1276
1277 }
1278