1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <fcntl.h>
18 #include <stdlib.h>
19 #include <unistd.h>
20 #include <sys/mman.h>
21 #include <sys/stat.h>
22 #include <sys/types.h>
23
24 #include <fstream>
25 #include <iostream>
26
27 #include <gtest/gtest.h>
28
29 #include <openssl/bn.h>
30 #include <openssl/evp.h>
31 #include <openssl/x509.h>
32
33 #define LOG_TAG "keymaster_test"
34 #include <utils/Log.h>
35 #include <utils/UniquePtr.h>
36
37 #include <hardware/keymaster.h>
38
39 namespace android {
40
41 class UniqueBlob : public UniquePtr<uint8_t[]> {
42 public:
UniqueBlob(size_t length)43 UniqueBlob(size_t length) :
44 mLength(length) {
45 }
46
UniqueBlob(uint8_t * bytes,size_t length)47 UniqueBlob(uint8_t* bytes, size_t length) :
48 UniquePtr<uint8_t[]>(bytes), mLength(length) {
49 }
50
operator ==(const UniqueBlob & other) const51 bool operator==(const UniqueBlob &other) const {
52 if (other.length() != mLength) {
53 return false;
54 }
55
56 const uint8_t* mine = get();
57 const uint8_t* theirs = other.get();
58
59 for (size_t i = 0; i < mLength; i++) {
60 if (mine[i] != theirs[i]) {
61 return false;
62 }
63 }
64
65 return true;
66 }
67
length() const68 size_t length() const {
69 return mLength;
70 }
71
72 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob);
73
74 private:
75 size_t mLength;
76 };
77
operator <<(std::ostream & stream,const UniqueBlob & blob)78 std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) {
79 const size_t length = blob.mLength;
80 stream << "Blob length=" << length << " < ";
81
82 const uint8_t* data = blob.get();
83 for (size_t i = 0; i < length; i++) {
84 stream << std::hex << std::setw(2) << std::setfill('0')
85 << static_cast<unsigned int>(data[i]) << ' ';
86 }
87 stream << '>' << std::endl;
88
89 return stream;
90 }
91
92 class UniqueKey : public UniqueBlob {
93 public:
UniqueKey(keymaster_device_t ** dev,uint8_t * bytes,size_t length)94 UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) :
95 UniqueBlob(bytes, length), mDevice(dev) {
96 }
97
~UniqueKey()98 ~UniqueKey() {
99 if (mDevice != NULL && *mDevice != NULL) {
100 keymaster_device_t* dev = *mDevice;
101 if (dev->delete_keypair != NULL) {
102 dev->delete_keypair(dev, get(), length());
103 }
104 }
105 }
106
107 private:
108 keymaster_device_t** mDevice;
109 };
110
111 class UniqueReadOnlyBlob {
112 public:
UniqueReadOnlyBlob(uint8_t * data,size_t dataSize)113 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) :
114 mDataSize(dataSize) {
115 int pageSize = sysconf(_SC_PAGE_SIZE);
116 if (pageSize == -1) {
117 return;
118 }
119
120 int fd = open("/dev/zero", O_RDONLY);
121 if (fd == -1) {
122 return;
123 }
124
125 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1);
126 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE,
127 MAP_PRIVATE, fd, 0);
128 close(fd);
129
130 if (buffer == NULL) {
131 return;
132 }
133
134 memcpy(buffer, data, dataSize);
135 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) {
136 munmap(buffer, mBufferSize);
137 return;
138 }
139
140 mBuffer = buffer;
141 }
142
~UniqueReadOnlyBlob()143 ~UniqueReadOnlyBlob() {
144 munmap(mBuffer, mBufferSize);
145 }
146
get() const147 uint8_t* get() const {
148 return mBuffer;
149 }
150
length() const151 size_t length() const {
152 return mDataSize;
153 }
154
155 private:
156 uint8_t* mBuffer;
157 size_t mBufferSize;
158 size_t mDataSize;
159 };
160
161 struct BIGNUM_Delete {
operator ()android::BIGNUM_Delete162 void operator()(BIGNUM* p) const {
163 BN_free(p);
164 }
165 };
166 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
167
168 struct EVP_PKEY_Delete {
operator ()android::EVP_PKEY_Delete169 void operator()(EVP_PKEY* p) const {
170 EVP_PKEY_free(p);
171 }
172 };
173 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
174
175 struct PKCS8_PRIV_KEY_INFO_Delete {
operator ()android::PKCS8_PRIV_KEY_INFO_Delete176 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
177 PKCS8_PRIV_KEY_INFO_free(p);
178 }
179 };
180 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
181
182 struct RSA_Delete {
operator ()android::RSA_Delete183 void operator()(RSA* p) const {
184 RSA_free(p);
185 }
186 };
187 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
188
189 /*
190 * DER-encoded PKCS#8 format RSA key. Generated using:
191 *
192 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
193 */
194 static uint8_t TEST_KEY_1[] = {
195 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
196 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
197 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
198 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27,
199 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55,
200 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0,
201 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A,
202 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13,
203 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8,
204 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A,
205 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77,
206 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10,
207 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D,
208 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7,
209 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64,
210 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6,
211 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC,
212 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9,
213 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A,
214 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F,
215 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28,
216 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC,
217 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD,
218 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78,
219 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
220 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC,
221 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA,
222 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF,
223 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F,
224 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26,
225 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07,
226 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77,
227 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D,
228 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75,
229 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF,
230 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12,
231 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34,
232 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48,
233 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98,
234 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43,
235 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC,
236 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75,
237 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57,
238 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21,
239 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68,
240 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81,
241 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA,
242 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27,
243 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12,
244 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89,
245 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B,
246 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D,
247 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50,
248 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7,
249 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95,
250 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12,
251 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E,
252 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC,
253 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63,
254 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33,
255 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44,
256 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32,
257 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4,
258 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5,
259 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0,
260 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E,
261 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83,
262 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C,
263 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4,
264 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42,
265 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14,
266 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8,
267 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C,
268 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6,
269 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67,
270 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B,
271 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D,
272 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B,
273 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62,
274 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91,
275 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1,
276 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40,
277 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64,
278 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E,
279 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72,
280 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F,
281 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11,
282 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE,
283 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9,
284 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71,
285 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B,
286 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46,
287 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13,
288 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E,
289 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61,
290 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2,
291 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63,
292 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82,
293 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED,
294 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9,
295 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2,
296 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5,
297 };
298
299 /*
300 * Generated using keys on the keyboard and lack of imagination.
301 */
302 static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF };
303
304
305 class KeymasterBaseTest : public ::testing::Test {
306 public:
SetUpTestCase()307 static void SetUpTestCase() {
308 const hw_module_t* mod;
309 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod))
310 << "Should be able to find a keymaster hardware module";
311
312 std::cout << "Using keymaster module: " << mod->name << std::endl;
313
314 ASSERT_EQ(0, keymaster_open(mod, &sDevice))
315 << "Should be able to open the keymaster device";
316
317 ASSERT_TRUE(sDevice->generate_keypair != NULL)
318 << "Should implement generate_keypair";
319
320 ASSERT_TRUE(sDevice->import_keypair != NULL)
321 << "Should implement import_keypair";
322
323 ASSERT_TRUE(sDevice->get_keypair_public != NULL)
324 << "Should implement get_keypair_public";
325
326 ASSERT_TRUE(sDevice->sign_data != NULL)
327 << "Should implement sign_data";
328
329 ASSERT_TRUE(sDevice->verify_data != NULL)
330 << "Should implement verify_data";
331 }
332
TearDownTestCase()333 static void TearDownTestCase() {
334 ASSERT_EQ(0, keymaster_close(sDevice));
335 }
336
337 protected:
338 static keymaster_device_t* sDevice;
339 };
340
341 keymaster_device_t* KeymasterBaseTest::sDevice = NULL;
342
343 class KeymasterTest : public KeymasterBaseTest {
344 };
345
346 class KeymasterGenerateTest : public KeymasterBaseTest,
347 public ::testing::WithParamInterface<uint32_t> {
348 };
349
TEST_P(KeymasterGenerateTest,GenerateKeyPair_RSA_Success)350 TEST_P(KeymasterGenerateTest, GenerateKeyPair_RSA_Success) {
351 keymaster_keypair_t key_type = TYPE_RSA;
352 keymaster_rsa_keygen_params_t params = {
353 modulus_size: GetParam(),
354 public_exponent: RSA_F4,
355 };
356
357 uint8_t* key_blob;
358 size_t key_blob_length;
359
360 ASSERT_EQ(0,
361 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length))
362 << "Should generate an RSA key with 512 bit modulus size";
363 UniqueKey key(&sDevice, key_blob, key_blob_length);
364
365 uint8_t* x509_data = NULL;
366 size_t x509_data_length;
367 ASSERT_EQ(0,
368 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
369 &x509_data, &x509_data_length))
370 << "Should be able to retrieve RSA public key successfully";
371 UniqueBlob x509_blob(x509_data, x509_data_length);
372 ASSERT_FALSE(x509_blob.get() == NULL)
373 << "X509 data should be allocated";
374
375 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
376 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
377 static_cast<long>(x509_blob.length())));
378
379 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type))
380 << "Generated key type should be of type RSA";
381
382 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get()));
383 ASSERT_FALSE(rsa.get() == NULL)
384 << "Should be able to extract RSA key from EVP_PKEY";
385
386 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e))
387 << "Exponent should be RSA_F4";
388
389 ASSERT_EQ(GetParam() / 8, static_cast<uint32_t>(RSA_size(rsa.get())))
390 << "Modulus size should be the specified parameter";
391 }
392
393 INSTANTIATE_TEST_CASE_P(RSA,
394 KeymasterGenerateTest,
395 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U));
396
TEST_F(KeymasterTest,GenerateKeyPair_RSA_NullParams_Failure)397 TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) {
398 keymaster_keypair_t key_type = TYPE_RSA;
399
400 uint8_t* key_blob;
401 size_t key_blob_length;
402
403 ASSERT_EQ(-1,
404 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
405 << "Should not be able to generate an RSA key with null params";
406 }
407
TEST_F(KeymasterTest,GenerateKeyPair_UnknownType_Failure)408 TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) {
409 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF);
410
411 uint8_t* key_blob;
412 size_t key_blob_length;
413
414 ASSERT_EQ(-1,
415 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
416 << "Should not generate an unknown key type";
417 }
418
TEST_F(KeymasterTest,ImportKeyPair_RSA_Success)419 TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) {
420 uint8_t* key_blob;
421 size_t key_blob_length;
422
423 ASSERT_EQ(0,
424 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
425 &key_blob, &key_blob_length))
426 << "Should successfully import an RSA key";
427 UniqueKey key(&sDevice, key_blob, key_blob_length);
428
429 uint8_t* x509_data;
430 size_t x509_data_length;
431 ASSERT_EQ(0,
432 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
433 &x509_data, &x509_data_length))
434 << "Should be able to retrieve RSA public key successfully";
435 UniqueBlob x509_blob(x509_data, x509_data_length);
436
437 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
438 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
439 static_cast<long>(x509_blob.length())));
440
441 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA)
442 << "Generated key type should be of type RSA";
443
444 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_KEY_1);
445 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8(
446 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp,
447 sizeof(TEST_KEY_1)));
448
449 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
450
451 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
452 << "Expected and actual keys should match";
453 }
454
TEST_F(KeymasterTest,ImportKeyPair_BogusKey_Failure)455 TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) {
456 uint8_t* key_blob;
457 size_t key_blob_length;
458
459 ASSERT_EQ(-1,
460 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1),
461 &key_blob, &key_blob_length))
462 << "Should not import an unknown key type";
463 }
464
TEST_F(KeymasterTest,ImportKeyPair_NullKey_Failure)465 TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) {
466 uint8_t* key_blob;
467 size_t key_blob_length;
468
469 ASSERT_EQ(-1,
470 sDevice->import_keypair(sDevice, NULL, 0,
471 &key_blob, &key_blob_length))
472 << "Should not import a null key";
473 }
474
TEST_F(KeymasterTest,GetKeypairPublic_RSA_Success)475 TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) {
476 uint8_t* key_blob;
477 size_t key_blob_length;
478
479 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
480 ASSERT_TRUE(testKey.get() != NULL);
481
482 ASSERT_EQ(0,
483 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
484 &key_blob, &key_blob_length))
485 << "Should successfully import an RSA key";
486 UniqueKey key(&sDevice, key_blob, key_blob_length);
487
488 uint8_t* x509_data;
489 size_t x509_data_length;
490 ASSERT_EQ(0,
491 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
492 &x509_data, &x509_data_length))
493 << "Should be able to retrieve RSA public key successfully";
494 UniqueBlob x509_blob(x509_data, x509_data_length);
495 }
496
TEST_F(KeymasterTest,GetKeypairPublic_RSA_NullKey_Failure)497 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullKey_Failure) {
498 uint8_t* key_blob;
499 size_t key_blob_length;
500
501 uint8_t* x509_data = NULL;
502 size_t x509_data_length;
503 ASSERT_EQ(-1,
504 sDevice->get_keypair_public(sDevice, NULL, 0,
505 &x509_data, &x509_data_length))
506 << "Should not be able to retrieve RSA public key from null key";
507 UniqueBlob x509_blob(x509_data, x509_data_length);
508 }
509
TEST_F(KeymasterTest,GetKeypairPublic_RSA_NullDestination_Failure)510 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) {
511 uint8_t* key_blob;
512 size_t key_blob_length;
513
514 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
515 ASSERT_TRUE(testKey.get() != NULL);
516
517 ASSERT_EQ(0,
518 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
519 &key_blob, &key_blob_length))
520 << "Should successfully import an RSA key";
521 UniqueKey key(&sDevice, key_blob, key_blob_length);
522
523 ASSERT_EQ(-1,
524 sDevice->get_keypair_public(sDevice, key.get(), key.length(),
525 NULL, NULL))
526 << "Should not be able to succeed with NULL destination blob";
527 }
528
TEST_F(KeymasterTest,DeleteKeyPair_RSA_Success)529 TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) {
530 uint8_t* key_blob;
531 size_t key_blob_length;
532
533 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
534 ASSERT_TRUE(testKey.get() != NULL);
535
536 ASSERT_EQ(0,
537 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
538 &key_blob, &key_blob_length))
539 << "Should successfully import an RSA key";
540 UniqueKey key(&sDevice, key_blob, key_blob_length);
541 }
542
TEST_F(KeymasterTest,DeleteKeyPair_RSA_DoubleDelete_Failure)543 TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) {
544 uint8_t* key_blob;
545 size_t key_blob_length;
546
547 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
548 ASSERT_TRUE(testKey.get() != NULL);
549
550 /*
551 * This is only run if the module indicates it implements key deletion
552 * by implementing delete_keypair.
553 */
554 if (sDevice->delete_keypair != NULL) {
555 ASSERT_EQ(0,
556 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
557 &key_blob, &key_blob_length))
558 << "Should successfully import an RSA key";
559 UniqueBlob blob(key_blob, key_blob_length);
560
561 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
562 << "Should delete key after import";
563
564 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
565 << "Should not be able to delete key twice";
566 }
567 }
568
TEST_F(KeymasterTest,DeleteKeyPair_RSA_NullKey_Failure)569 TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) {
570 /*
571 * This is only run if the module indicates it implements key deletion
572 * by implementing delete_keypair.
573 */
574 if (sDevice->delete_keypair != NULL) {
575 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0))
576 << "Should not be able to delete null key";
577 }
578 }
579
580 /*
581 * DER-encoded PKCS#8 format RSA key. Generated using:
582 *
583 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
584 */
585 static uint8_t TEST_SIGN_KEY_1[] = {
586 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
587 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
588 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
589 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5,
590 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9,
591 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78,
592 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED,
593 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D,
594 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00,
595 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2,
596 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E,
597 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55,
598 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B,
599 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E,
600 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64,
601 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6,
602 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C,
603 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5,
604 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA,
605 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83,
606 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43,
607 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6,
608 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60,
609 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A,
610 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20,
611 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9,
612 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B,
613 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80,
614 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A,
615 };
616
617 /*
618 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying
619 * the signature below in no padding mode:
620 *
621 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig
622 */
623 static uint8_t TEST_SIGN_DATA_1[] = {
624 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
625 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
626 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
627 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
628 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77,
629 0x6F, 0x72, 0x6C, 0x64,
630 };
631
632 /*
633 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_KEY_1. Generated using:
634 *
635 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1
636 */
637 static uint8_t TEST_SIGN_SIGNATURE_1[] = {
638 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
639 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
640 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
641 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
642 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
643 0x79, 0xE4, 0x91, 0x40,
644 };
645
646 /*
647 * Identical to TEST_SIGN_SIGNATURE_1 except the last octet is '1' instead of '0'
648 * This should fail any test.
649 */
650 static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = {
651 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
652 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
653 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
654 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
655 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
656 0x79, 0xE4, 0x91, 0x41,
657 };
658
TEST_F(KeymasterTest,SignData_RSA_Raw_Success)659 TEST_F(KeymasterTest, SignData_RSA_Raw_Success) {
660 uint8_t* key_blob;
661 size_t key_blob_length;
662
663 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
664 ASSERT_TRUE(testKey.get() != NULL);
665
666 ASSERT_EQ(0,
667 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
668 &key_blob, &key_blob_length))
669 << "Should successfully import an RSA key";
670 UniqueKey key(&sDevice, key_blob, key_blob_length);
671
672 keymaster_rsa_sign_params_t params = {
673 digest_type: DIGEST_NONE,
674 padding_type: PADDING_NONE,
675 };
676
677 uint8_t* sig;
678 size_t sig_length;
679
680 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
681 ASSERT_TRUE(testData.get() != NULL);
682
683 ASSERT_EQ(0,
684 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
685 testData.get(), testData.length(),
686 &sig, &sig_length))
687 << "Should sign data successfully";
688 UniqueBlob sig_blob(sig, sig_length);
689
690 UniqueBlob expected_sig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
691
692 ASSERT_EQ(expected_sig, sig_blob)
693 << "Generated signature should match expected signature";
694
695 // The expected signature is actually stack data, so don't let it try to free.
696 uint8_t* unused __attribute__((unused)) = expected_sig.release();
697 }
698
TEST_F(KeymasterTest,SignData_RSA_Raw_InvalidSizeInput_Failure)699 TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) {
700 uint8_t* key_blob;
701 size_t key_blob_length;
702
703 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
704 ASSERT_TRUE(testKey.get() != NULL);
705
706 ASSERT_EQ(0,
707 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
708 &key_blob, &key_blob_length))
709 << "Should successfully import an RSA key";
710 UniqueKey key(&sDevice, key_blob, key_blob_length);
711
712 keymaster_rsa_sign_params_t params = {
713 digest_type: DIGEST_NONE,
714 padding_type: PADDING_NONE,
715 };
716
717 uint8_t* sig;
718 size_t sig_length;
719
720 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
721 ASSERT_TRUE(testData.get() != NULL);
722
723 ASSERT_EQ(-1,
724 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
725 testData.get(), testData.length(),
726 &sig, &sig_length))
727 << "Should not be able to do raw signature on incorrect size data";
728 }
729
TEST_F(KeymasterTest,SignData_RSA_Raw_NullKey_Failure)730 TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) {
731 keymaster_rsa_sign_params_t params = {
732 digest_type: DIGEST_NONE,
733 padding_type: PADDING_NONE,
734 };
735
736 uint8_t* sig;
737 size_t sig_length;
738
739 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
740 ASSERT_TRUE(testData.get() != NULL);
741
742 ASSERT_EQ(-1,
743 sDevice->sign_data(sDevice, ¶ms, NULL, 0,
744 testData.get(), testData.length(),
745 &sig, &sig_length))
746 << "Should not be able to do raw signature on incorrect size data";
747 }
748
TEST_F(KeymasterTest,SignData_RSA_Raw_NullInput_Failure)749 TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) {
750 uint8_t* key_blob;
751 size_t key_blob_length;
752
753 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
754 ASSERT_TRUE(testKey.get() != NULL);
755
756 ASSERT_EQ(0,
757 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
758 &key_blob, &key_blob_length))
759 << "Should successfully import an RSA key";
760 UniqueKey key(&sDevice, key_blob, key_blob_length);
761
762 keymaster_rsa_sign_params_t params = {
763 digest_type: DIGEST_NONE,
764 padding_type: PADDING_NONE,
765 };
766
767 uint8_t* sig;
768 size_t sig_length;
769
770 ASSERT_EQ(-1,
771 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
772 NULL, 0,
773 &sig, &sig_length))
774 << "Should error when input data is null";
775 }
776
TEST_F(KeymasterTest,SignData_RSA_Raw_NullOutput_Failure)777 TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) {
778 uint8_t* key_blob;
779 size_t key_blob_length;
780
781 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
782 ASSERT_TRUE(testKey.get() != NULL);
783
784 ASSERT_EQ(0,
785 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
786 &key_blob, &key_blob_length))
787 << "Should successfully import an RSA key";
788 UniqueKey key(&sDevice, key_blob, key_blob_length);
789
790 keymaster_rsa_sign_params_t params = {
791 digest_type: DIGEST_NONE,
792 padding_type: PADDING_NONE,
793 };
794
795 uint8_t* sig;
796 size_t sig_length;
797
798 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
799 ASSERT_TRUE(testData.get() != NULL);
800
801 ASSERT_EQ(-1,
802 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
803 testData.get(), testData.length(),
804 NULL, NULL))
805 << "Should error when output is null";
806 }
807
TEST_F(KeymasterTest,VerifyData_RSA_Raw_Success)808 TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) {
809 uint8_t* key_blob;
810 size_t key_blob_length;
811
812 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
813 ASSERT_TRUE(testKey.get() != NULL);
814
815 ASSERT_EQ(0,
816 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
817 &key_blob, &key_blob_length))
818 << "Should successfully import an RSA key";
819 UniqueKey key(&sDevice, key_blob, key_blob_length);
820
821 keymaster_rsa_sign_params_t params = {
822 digest_type: DIGEST_NONE,
823 padding_type: PADDING_NONE,
824 };
825
826 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
827 ASSERT_TRUE(testData.get() != NULL);
828
829 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
830 ASSERT_TRUE(testSig.get() != NULL);
831
832 ASSERT_EQ(0,
833 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
834 testData.get(), testData.length(),
835 testSig.get(), testSig.length()))
836 << "Should verify data successfully";
837 }
838
TEST_F(KeymasterTest,VerifyData_RSA_Raw_BadSignature_Failure)839 TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) {
840 uint8_t* key_blob;
841 size_t key_blob_length;
842
843 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
844 ASSERT_TRUE(testKey.get() != NULL);
845
846 ASSERT_EQ(0,
847 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
848 &key_blob, &key_blob_length))
849 << "Should successfully import an RSA key";
850 UniqueKey key(&sDevice, key_blob, key_blob_length);
851
852 keymaster_rsa_sign_params_t params = {
853 digest_type: DIGEST_NONE,
854 padding_type: PADDING_NONE,
855 };
856
857 ASSERT_EQ(-1,
858 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
859 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
860 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
861 << "Should sign data successfully";
862 }
863
TEST_F(KeymasterTest,VerifyData_RSA_Raw_NullKey_Failure)864 TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) {
865 keymaster_rsa_sign_params_t params = {
866 digest_type: DIGEST_NONE,
867 padding_type: PADDING_NONE,
868 };
869
870 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
871 ASSERT_TRUE(testData.get() != NULL);
872
873 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1));
874 ASSERT_TRUE(testSig.get() != NULL);
875
876 ASSERT_EQ(-1,
877 sDevice->verify_data(sDevice, ¶ms, NULL, 0,
878 testData.get(), testData.length(),
879 testSig.get(), testSig.length()))
880 << "Should fail when key is null";
881 }
882
TEST_F(KeymasterTest,VerifyData_RSA_NullInput_Failure)883 TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) {
884 uint8_t* key_blob;
885 size_t key_blob_length;
886
887 ASSERT_EQ(0,
888 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
889 &key_blob, &key_blob_length))
890 << "Should successfully import an RSA key";
891 UniqueKey key(&sDevice, key_blob, key_blob_length);
892
893 keymaster_rsa_sign_params_t params = {
894 digest_type: DIGEST_NONE,
895 padding_type: PADDING_NONE,
896 };
897
898 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
899 ASSERT_TRUE(testSig.get() != NULL);
900
901 ASSERT_EQ(-1,
902 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
903 NULL, 0,
904 testSig.get(), testSig.length()))
905 << "Should fail on null input";
906 }
907
TEST_F(KeymasterTest,VerifyData_RSA_NullSignature_Failure)908 TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) {
909 uint8_t* key_blob;
910 size_t key_blob_length;
911
912 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
913 ASSERT_TRUE(testKey.get() != NULL);
914
915 ASSERT_EQ(0,
916 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
917 &key_blob, &key_blob_length))
918 << "Should successfully import an RSA key";
919 UniqueKey key(&sDevice, key_blob, key_blob_length);
920
921 keymaster_rsa_sign_params_t params = {
922 digest_type: DIGEST_NONE,
923 padding_type: PADDING_NONE,
924 };
925
926 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
927 ASSERT_TRUE(testData.get() != NULL);
928
929 ASSERT_EQ(-1,
930 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(),
931 testData.get(), testData.length(),
932 NULL, 0))
933 << "Should fail on null signature";
934 }
935
TEST_F(KeymasterTest,EraseAll_Success)936 TEST_F(KeymasterTest, EraseAll_Success) {
937 uint8_t *key1_blob, *key2_blob;
938 size_t key1_blob_length, key2_blob_length;
939
940 // Only test this if the device says it supports delete_all
941 if (sDevice->delete_all == NULL) {
942 return;
943 }
944
945 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
946 ASSERT_TRUE(testKey.get() != NULL);
947
948 ASSERT_EQ(0,
949 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
950 &key1_blob, &key1_blob_length))
951 << "Should successfully import an RSA key";
952 UniqueKey key1(&sDevice, key1_blob, key1_blob_length);
953
954 UniqueReadOnlyBlob testKey2(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
955 ASSERT_TRUE(testKey2.get() != NULL);
956
957 ASSERT_EQ(0,
958 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(),
959 &key2_blob, &key2_blob_length))
960 << "Should successfully import an RSA key";
961 UniqueKey key2(&sDevice, key2_blob, key2_blob_length);
962
963 ASSERT_EQ(0, sDevice->delete_all(sDevice))
964 << "Should erase all keys";
965
966 key1.reset();
967
968 uint8_t* x509_data;
969 size_t x509_data_length;
970 ASSERT_EQ(-1,
971 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length,
972 &x509_data, &x509_data_length))
973 << "Should be able to retrieve RSA public key 1 successfully";
974
975 ASSERT_EQ(-1,
976 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length,
977 &x509_data, &x509_data_length))
978 << "Should be able to retrieve RSA public key 2 successfully";
979 }
980
981 }
982