1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <algorithm>
18
19 #include <gtest/gtest.h>
20
21 #include <openssl/engine.h>
22
23 #include <keymaster/authorization_set.h>
24 #include <keymaster/google_keymaster_utils.h>
25 #include <keymaster/keymaster_tags.h>
26
27 #include <keymaster/key_blob.h>
28
main(int argc,char ** argv)29 int main(int argc, char** argv) {
30 ::testing::InitGoogleTest(&argc, argv);
31 int result = RUN_ALL_TESTS();
32 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
33 CRYPTO_cleanup_all_ex_data();
34 ERR_free_strings();
35 return result;
36 }
37
38 namespace keymaster {
39
40 namespace test {
41
42 const uint8_t master_key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
43 const uint8_t key_data[5] = {21, 22, 23, 24, 25};
44 const uint8_t nonce[KeyBlob::NONCE_LENGTH]{12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1};
45
46 class KeyBlobTest : public testing::Test {
47 protected:
KeyBlobTest()48 KeyBlobTest() {
49 key_.key_material = const_cast<uint8_t*>(key_data);
50 key_.key_material_size = array_size(key_data);
51 master_key_.key_material = const_cast<uint8_t*>(master_key_data);
52 master_key_.key_material_size = array_size(master_key_data);
53
54 enforced_.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
55 enforced_.push_back(TAG_KEY_SIZE, 256);
56 enforced_.push_back(TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE);
57 enforced_.push_back(TAG_MIN_SECONDS_BETWEEN_OPS, 10);
58 enforced_.push_back(TAG_ALL_USERS);
59 enforced_.push_back(TAG_NO_AUTH_REQUIRED);
60 enforced_.push_back(TAG_ORIGIN, KM_ORIGIN_HARDWARE);
61
62 unenforced_.push_back(TAG_ACTIVE_DATETIME, 10);
63 unenforced_.push_back(TAG_ORIGINATION_EXPIRE_DATETIME, 100);
64 unenforced_.push_back(TAG_CREATION_DATETIME, 10);
65 unenforced_.push_back(TAG_CHUNK_LENGTH, 10);
66
67 hidden_.push_back(TAG_ROOT_OF_TRUST, "foo", 3);
68 hidden_.push_back(TAG_APPLICATION_ID, "my_app", 6);
69
70 blob_.reset(new KeyBlob(enforced_, unenforced_, hidden_, key_, master_key_, nonce));
71 }
72
73 AuthorizationSet enforced_;
74 AuthorizationSet unenforced_;
75 AuthorizationSet hidden_;
76
77 UniquePtr<KeyBlob> blob_;
78
79 keymaster_key_blob_t key_;
80 keymaster_key_blob_t master_key_;
81 };
82
TEST_F(KeyBlobTest,EncryptDecrypt)83 TEST_F(KeyBlobTest, EncryptDecrypt) {
84 size_t size = blob_->SerializedSize();
85 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
86 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
87
88 // key_data shouldn't be anywhere in the blob.
89 uint8_t* begin = serialized_blob.get();
90 uint8_t* end = begin + size;
91 EXPECT_EQ(end, std::search(begin, end, key_data, key_data + array_size(key_data)));
92
93 // Recover the key material.
94 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
95 KeyBlob deserialized(encrypted_blob, hidden_, master_key_);
96 EXPECT_EQ(KM_ERROR_OK, deserialized.error());
97 EXPECT_EQ(0, memcmp(deserialized.key_material(), key_data, array_size(key_data)));
98 }
99
TEST_F(KeyBlobTest,WrongKeyLength)100 TEST_F(KeyBlobTest, WrongKeyLength) {
101 size_t size = blob_->SerializedSize();
102 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
103 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
104
105 // Modify the key length
106 serialized_blob[KeyBlob::NONCE_LENGTH]++;
107
108 // Decrypting with wrong nonce should fail.
109 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
110 KeyBlob deserialized(encrypted_blob, hidden_, master_key_);
111 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
112 }
113
TEST_F(KeyBlobTest,WrongNonce)114 TEST_F(KeyBlobTest, WrongNonce) {
115 size_t size = blob_->SerializedSize();
116 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
117 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
118
119 // Find the nonce, then modify it.
120 uint8_t* begin = serialized_blob.get();
121 uint8_t* end = begin + size;
122 auto nonce_ptr = std::search(begin, end, nonce, nonce + array_size(nonce));
123 ASSERT_NE(nonce_ptr, end);
124 EXPECT_EQ(end, std::search(nonce_ptr + 1, end, nonce, nonce + array_size(nonce)));
125 (*nonce_ptr)++;
126
127 // Decrypting with wrong nonce should fail.
128 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
129 KeyBlob deserialized(encrypted_blob, hidden_, master_key_);
130 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
131 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data, array_size(key_data)));
132 }
133
TEST_F(KeyBlobTest,WrongTag)134 TEST_F(KeyBlobTest, WrongTag) {
135 size_t size = blob_->SerializedSize();
136 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
137 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
138
139 // Find the tag, them modify it.
140 uint8_t* begin = serialized_blob.get();
141 uint8_t* end = begin + size;
142 auto tag_ptr = std::search(begin, end, blob_->tag(), blob_->tag() + KeyBlob::TAG_LENGTH);
143 ASSERT_NE(tag_ptr, end);
144 EXPECT_EQ(end, std::search(tag_ptr + 1, end, blob_->tag(), blob_->tag() + KeyBlob::TAG_LENGTH));
145 (*tag_ptr)++;
146
147 // Decrypting with wrong tag should fail.
148 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
149 KeyBlob deserialized(encrypted_blob, hidden_, master_key_);
150 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
151 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data, array_size(key_data)));
152 }
153
TEST_F(KeyBlobTest,WrongCiphertext)154 TEST_F(KeyBlobTest, WrongCiphertext) {
155 size_t size = blob_->SerializedSize();
156 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
157 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
158
159 // Find the ciphertext, them modify it.
160 uint8_t* begin = serialized_blob.get();
161 uint8_t* end = begin + size;
162 auto ciphertext_ptr =
163 std::search(begin, end, blob_->encrypted_key_material(),
164 blob_->encrypted_key_material() + blob_->key_material_length());
165 ASSERT_NE(ciphertext_ptr, end);
166 EXPECT_EQ(end, std::search(ciphertext_ptr + 1, end, blob_->encrypted_key_material(),
167 blob_->encrypted_key_material() + blob_->key_material_length()));
168 (*ciphertext_ptr)++;
169
170 // Decrypting with wrong tag should fail.
171 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
172 KeyBlob deserialized(encrypted_blob, hidden_, master_key_);
173 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
174 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data, array_size(key_data)));
175 }
176
TEST_F(KeyBlobTest,WrongMasterKey)177 TEST_F(KeyBlobTest, WrongMasterKey) {
178 size_t size = blob_->SerializedSize();
179 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
180 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
181
182 uint8_t wrong_master_data[] = {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
183 keymaster_key_blob_t wrong_master;
184 wrong_master.key_material = wrong_master_data;
185 wrong_master.key_material_size = array_size(wrong_master_data);
186
187 // Decrypting with wrong master key should fail.
188 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
189 KeyBlob deserialized(encrypted_blob, hidden_, wrong_master);
190 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
191 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data, array_size(key_data)));
192 }
193
TEST_F(KeyBlobTest,WrongEnforced)194 TEST_F(KeyBlobTest, WrongEnforced) {
195 size_t size = blob_->SerializedSize();
196 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
197 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
198 uint8_t* begin = serialized_blob.get();
199 uint8_t* end = begin + size;
200
201 // Find enforced serialization data and modify it.
202 size_t enforced_size = enforced_.SerializedSize();
203 UniquePtr<uint8_t[]> enforced_data(new uint8_t[enforced_size]);
204 enforced_.Serialize(enforced_data.get(), enforced_data.get() + enforced_size);
205
206 auto enforced_ptr =
207 std::search(begin, end, enforced_data.get(), enforced_data.get() + enforced_size);
208 ASSERT_NE(end, enforced_ptr);
209 EXPECT_EQ(end, std::search(enforced_ptr + 1, end, enforced_data.get(),
210 enforced_data.get() + enforced_size));
211 (*(enforced_ptr + enforced_size - 1))++;
212
213 // Decrypting with wrong unenforced data should fail.
214 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
215 KeyBlob deserialized(encrypted_blob, hidden_, master_key_);
216 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
217 }
218
TEST_F(KeyBlobTest,WrongUnenforced)219 TEST_F(KeyBlobTest, WrongUnenforced) {
220 size_t size = blob_->SerializedSize();
221 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
222 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
223 uint8_t* begin = serialized_blob.get();
224 uint8_t* end = begin + size;
225
226 // Find unenforced serialization data and modify it.
227 size_t unenforced_size = unenforced_.SerializedSize();
228 UniquePtr<uint8_t[]> unenforced_data(new uint8_t[unenforced_size]);
229 unenforced_.Serialize(unenforced_data.get(), unenforced_data.get() + unenforced_size);
230
231 auto unenforced_ptr =
232 std::search(begin, end, unenforced_data.get(), unenforced_data.get() + unenforced_size);
233 ASSERT_NE(end, unenforced_ptr);
234 EXPECT_EQ(end, std::search(unenforced_ptr + 1, end, unenforced_data.get(),
235 unenforced_data.get() + unenforced_size));
236 (*(unenforced_ptr + unenforced_size - 1))++;
237
238 // Decrypting with wrong unenforced data should fail.
239 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
240 KeyBlob deserialized(encrypted_blob, hidden_, master_key_);
241 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
242 }
243
TEST_F(KeyBlobTest,EmptyHidden)244 TEST_F(KeyBlobTest, EmptyHidden) {
245 size_t size = blob_->SerializedSize();
246 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
247 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
248 uint8_t* begin = serialized_blob.get();
249 uint8_t* end = begin + size;
250
251 AuthorizationSet wrong_hidden;
252
253 // Decrypting with wrong hidden data should fail.
254 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
255 KeyBlob deserialized(encrypted_blob, wrong_hidden, master_key_);
256 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
257 }
258
TEST_F(KeyBlobTest,WrongRootOfTrust)259 TEST_F(KeyBlobTest, WrongRootOfTrust) {
260 size_t size = blob_->SerializedSize();
261 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
262 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
263 uint8_t* begin = serialized_blob.get();
264 uint8_t* end = begin + size;
265
266 AuthorizationSet wrong_hidden;
267 wrong_hidden.push_back(TAG_ROOT_OF_TRUST, "bar", 3);
268 wrong_hidden.push_back(TAG_APPLICATION_ID, "my_app", 6);
269
270 // Decrypting with wrong hidden data should fail.
271 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
272 KeyBlob deserialized(encrypted_blob, wrong_hidden, master_key_);
273 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
274 }
275
TEST_F(KeyBlobTest,WrongAppId)276 TEST_F(KeyBlobTest, WrongAppId) {
277 size_t size = blob_->SerializedSize();
278 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
279 blob_->Serialize(serialized_blob.get(), serialized_blob.get() + size);
280 uint8_t* begin = serialized_blob.get();
281 uint8_t* end = begin + size;
282
283 AuthorizationSet wrong_hidden;
284 wrong_hidden.push_back(TAG_ROOT_OF_TRUST, "foo", 3);
285 wrong_hidden.push_back(TAG_APPLICATION_ID, "your_app", 7);
286
287 // Decrypting with wrong hidden data should fail.
288 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
289 KeyBlob deserialized(encrypted_blob, wrong_hidden, master_key_);
290 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
291 }
292
293 } // namespace test
294 } // namespace keymaster
295