Merge "modules: camera: Add Streams"
diff --git a/include/hardware/camera3.h b/include/hardware/camera3.h
index f4bae13..af91856 100644
--- a/include/hardware/camera3.h
+++ b/include/hardware/camera3.h
@@ -42,7 +42,8 @@
  *   S2. Startup and operation sequencing
  *   S3. Operational modes
  *   S4. 3A modes and state machines
- *   S5. Error management
+ *   S5. Cropping
+ *   S6. Error management
  */
 
 /**
@@ -744,7 +745,162 @@
  */
 
 /**
- * S5. Error management:
+ * S5. Cropping:
+ *
+ * Cropping of the full pixel array (for digital zoom and other use cases where
+ * a smaller FOV is desirable) is communicated through the
+ * ANDROID_SCALER_CROP_REGION setting. This is a per-request setting, and can
+ * change on a per-request basis, which is critical for implementing smooth
+ * digital zoom.
+ *
+ * The region is defined as a rectangle (x, y, width, height), with (x, y)
+ * describing the top-left corner of the rectangle. The rectangle is defined on
+ * the coordinate system of the sensor active pixel array, with (0,0) being the
+ * top-left pixel of the active pixel array. Therefore, the width and height
+ * cannot be larger than the dimensions reported in the
+ * ANDROID_SENSOR_ACTIVE_PIXEL_ARRAY static info field. The minimum allowed
+ * width and height are reported by the HAL through the
+ * ANDROID_SCALER_MAX_DIGITAL_ZOOM static info field, which describes the
+ * maximum supported zoom factor. Therefore, the minimum crop region width and
+ * height are:
+ *
+ * {width, height} =
+ *    { floor(ANDROID_SENSOR_ACTIVE_PIXEL_ARRAY[0] /
+ *        ANDROID_SCALER_MAX_DIGITAL_ZOOM),
+ *      floor(ANDROID_SENSOR_ACTIVE_PIXEL_ARRAY[1] /
+ *        ANDROID_SCALER_MAX_DIGITAL_ZOOM) }
+ *
+ * If the crop region needs to fulfill specific requirements (for example, it
+ * needs to start on even coordinates, and its width/height needs to be even),
+ * the HAL must do the necessary rounding and write out the final crop region
+ * used in the output result metadata. Similarly, if the HAL implements video
+ * stabilization, it must adjust the result crop region to describe the region
+ * actually included in the output after video stabilization is applied. In
+ * general, a camera-using application must be able to determine the field of
+ * view it is receiving based on the crop region, the dimensions of the image
+ * sensor, and the lens focal length.
+ *
+ * Since the crop region applies to all streams, which may have different aspect
+ * ratios than the crop region, the exact sensor region used for each stream may
+ * be smaller than the crop region. Specifically, each stream should maintain
+ * square pixels and its aspect ratio by minimally further cropping the defined
+ * crop region. If the stream's aspect ratio is wider than the crop region, the
+ * stream should be further cropped vertically, and if the stream's aspect ratio
+ * is narrower than the crop region, the stream should be further cropped
+ * horizontally.
+ *
+ * In all cases, the stream crop must be centered within the full crop region,
+ * and each stream is only either cropped horizontally or vertical relative to
+ * the full crop region, never both.
+ *
+ * For example, if two streams are defined, a 640x480 stream (4:3 aspect), and a
+ * 1280x720 stream (16:9 aspect), below demonstrates the expected output regions
+ * for each stream for a few sample crop regions, on a hypothetical 3 MP (2000 x
+ * 1500 pixel array) sensor.
+ *
+ * Crop region: (500, 375, 1000, 750) (4:3 aspect ratio)
+ *
+ *   640x480 stream crop: (500, 375, 1000, 750) (equal to crop region)
+ *   1280x720 stream crop: (500, 469, 1000, 562) (marked with =)
+ *
+ * 0                   1000               2000
+ * +---------+---------+---------+----------+
+ * | Active pixel array                     |
+ * |                                        |
+ * |                                        |
+ * +         +-------------------+          + 375
+ * |         |                   |          |
+ * |         O===================O          |
+ * |         I 1280x720 stream   I          |
+ * +         I                   I          + 750
+ * |         I                   I          |
+ * |         O===================O          |
+ * |         |                   |          |
+ * +         +-------------------+          + 1125
+ * |          Crop region, 640x480 stream   |
+ * |                                        |
+ * |                                        |
+ * +---------+---------+---------+----------+ 1500
+ *
+ * Crop region: (500, 375, 1333, 750) (16:9 aspect ratio)
+ *
+ *   640x480 stream crop: (666, 375, 1000, 750) (marked with =)
+ *   1280x720 stream crop: (500, 375, 1333, 750) (equal to crop region)
+ *
+ * 0                   1000               2000
+ * +---------+---------+---------+----------+
+ * | Active pixel array                     |
+ * |                                        |
+ * |                                        |
+ * +         +---O==================O---+   + 375
+ * |         |   I 640x480 stream   I   |   |
+ * |         |   I                  I   |   |
+ * |         |   I                  I   |   |
+ * +         |   I                  I   |   + 750
+ * |         |   I                  I   |   |
+ * |         |   I                  I   |   |
+ * |         |   I                  I   |   |
+ * +         +---O==================O---+   + 1125
+ * |          Crop region, 1280x720 stream  |
+ * |                                        |
+ * |                                        |
+ * +---------+---------+---------+----------+ 1500
+ *
+ * Crop region: (500, 375, 750, 750) (1:1 aspect ratio)
+ *
+ *   640x480 stream crop: (500, 469, 750, 562) (marked with =)
+ *   1280x720 stream crop: (500, 543, 750, 414) (marged with #)
+ *
+ * 0                   1000               2000
+ * +---------+---------+---------+----------+
+ * | Active pixel array                     |
+ * |                                        |
+ * |                                        |
+ * +         +--------------+               + 375
+ * |         O==============O               |
+ * |         ################               |
+ * |         #              #               |
+ * +         #              #               + 750
+ * |         #              #               |
+ * |         ################ 1280x720      |
+ * |         O==============O 640x480       |
+ * +         +--------------+               + 1125
+ * |          Crop region                   |
+ * |                                        |
+ * |                                        |
+ * +---------+---------+---------+----------+ 1500
+ *
+ * And a final example, a 1024x1024 square aspect ratio stream instead of the
+ * 480p stream:
+ *
+ * Crop region: (500, 375, 1000, 750) (4:3 aspect ratio)
+ *
+ *   1024x1024 stream crop: (625, 375, 750, 750) (marked with #)
+ *   1280x720 stream crop: (500, 469, 1000, 562) (marked with =)
+ *
+ * 0                   1000               2000
+ * +---------+---------+---------+----------+
+ * | Active pixel array                     |
+ * |                                        |
+ * |              1024x1024 stream          |
+ * +         +--###############--+          + 375
+ * |         |  #             #  |          |
+ * |         O===================O          |
+ * |         I 1280x720 stream   I          |
+ * +         I                   I          + 750
+ * |         I                   I          |
+ * |         O===================O          |
+ * |         |  #             #  |          |
+ * +         +--###############--+          + 1125
+ * |          Crop region                   |
+ * |                                        |
+ * |                                        |
+ * +---------+---------+---------+----------+ 1500
+ *
+ */
+
+/**
+ * S6. Error management:
  *
  * Camera HAL device ops functions that have a return value will all return
  * -ENODEV / NULL in case of a serious error. This means the device cannot
diff --git a/include/hardware/gralloc.h b/include/hardware/gralloc.h
index a6d9c1f..9c62242 100644
--- a/include/hardware/gralloc.h
+++ b/include/hardware/gralloc.h
@@ -19,6 +19,7 @@
 #define ANDROID_GRALLOC_INTERFACE_H
 
 #include <system/window.h>
+#include <system/graphics.h>
 #include <hardware/hardware.h>
 
 #include <stdint.h>
@@ -32,7 +33,23 @@
 
 __BEGIN_DECLS
 
-#define GRALLOC_API_VERSION 1
+/**
+ * Module versioning information for the Gralloc hardware module, based on
+ * gralloc_module_t.common.module_api_version.
+ *
+ * Version History:
+ *
+ * GRALLOC_MODULE_API_VERSION_0_1:
+ * Initial Gralloc hardware module API.
+ *
+ * GRALLOC_MODULE_API_VERSION_0_2:
+ * Add support for flexible YCbCr format with (*lock_ycbcr)() method.
+ */
+
+#define GRALLOC_MODULE_API_VERSION_0_1  HARDWARE_MODULE_API_VERSION(0, 1)
+#define GRALLOC_MODULE_API_VERSION_0_2  HARDWARE_MODULE_API_VERSION(0, 2)
+
+#define GRALLOC_DEVICE_API_VERSION_0_1  HARDWARE_DEVICE_API_VERSION(0, 1)
 
 /**
  * The id of this module
@@ -165,6 +182,10 @@
      * If usage specifies GRALLOC_USAGE_SW_*, vaddr is filled with the address
      * of the buffer in virtual memory.
      *
+     * Note calling (*lock)() on HAL_PIXEL_FORMAT_YCbCr_*_888 buffers will fail
+     * and return -EINVAL.  These buffers must be locked with (*lock_ycbcr)()
+     * instead.
+     *
      * THREADING CONSIDERATIONS:
      *
      * It is legal for several different threads to lock a buffer from 
@@ -201,8 +222,24 @@
     int (*perform)(struct gralloc_module_t const* module,
             int operation, ... );
 
+    /*
+     * The (*lock_ycbcr)() method is like the (*lock)() method, with the
+     * difference that it fills a struct ycbcr with a description of the buffer
+     * layout, and zeroes out the reserved fields.
+     *
+     * This will only work on buffers with HAL_PIXEL_FORMAT_YCbCr_*_888, and
+     * will return -EINVAL on any other buffer formats.
+     *
+     * Added in GRALLOC_MODULE_API_VERSION_0_2.
+     */
+
+    int (*lock_ycbcr)(struct gralloc_module_t const* module,
+            buffer_handle_t handle, int usage,
+            int l, int t, int w, int h,
+            struct android_ycbcr *ycbcr);
+
     /* reserved for future use */
-    void* reserved_proc[7];
+    void* reserved_proc[6];
 } gralloc_module_t;
 
 /*****************************************************************************/
@@ -221,6 +258,10 @@
      * allow the implementation to satisfy hardware constraints on the width
      * of a pixmap (eg: it may have to be multiple of 8 pixels). 
      * The CALLER TAKES OWNERSHIP of the buffer_handle_t.
+     *
+     * If format is HAL_PIXEL_FORMAT_YCbCr_420_888, the returned stride must be
+     * 0, since the actual strides are available from the android_ycbcr
+     * structure.
      * 
      * Returns 0 on success or -errno on error.
      */
diff --git a/include/hardware/hwcomposer.h b/include/hardware/hwcomposer.h
index 3b29f1f..d75a047 100644
--- a/include/hardware/hwcomposer.h
+++ b/include/hardware/hwcomposer.h
@@ -299,7 +299,8 @@
             hwc_surface_t sur;
         };
 
-        /* Fields only relevant for HWC_DEVICE_VERSION_1_2 and later. */
+        /* WARNING: These fields are for experimental virtual display support,
+         * and are not currently used. */
         struct {
             /* outbuf is the buffer that receives the composed image for
              * virtual displays. Writes to the outbuf must wait until
@@ -307,6 +308,13 @@
              * writes to outbuf are complete should be returned in
              * retireFenceFd.
              *
+             * This field will not be updated until after prepare(). If
+             * prepare() sets all non-FB layers to OVERLAY or sets all non-FB
+             * layers to FRAMEBUFFER, then the FRAMEBUFFER_TARGET buffer and
+             * the output buffer may be the same. In mixed OVERLAY/FRAMEBUFFER
+             * configurations they will have different buffers so the
+             * h/w composer does not have to read and write the same buffer.
+             *
              * For physical displays, outbuf will be NULL.
              */
             buffer_handle_t outbuf;
@@ -428,10 +436,9 @@
      * For HWC 1.1, numDisplays will always be HWC_NUM_DISPLAY_TYPES. Entries
      * for unsupported or disabled/disconnected display types will be NULL.
      *
-     * For HWC 1.2 and later, numDisplays will be HWC_NUM_DISPLAY_TYPES or more.
-     * The extra entries correspond to enabled virtual displays, and will be
-     * non-NULL. In HWC 1.2, support for one virtual display is required, and
-     * no more than one will be used. Future HWC versions might require more.
+     * In a future version, numDisplays may be larger than
+     * HWC_NUM_DISPLAY_TYPES. The extra entries correspond to enabled virtual
+     * displays, and will be non-NULL.
      *
      * returns: 0 on success. An negative error code on error. If an error is
      * returned, SurfaceFlinger will assume that none of the layer will be
@@ -462,10 +469,9 @@
      * For HWC 1.1, numDisplays will always be HWC_NUM_DISPLAY_TYPES. Entries
      * for unsupported or disabled/disconnected display types will be NULL.
      *
-     * For HWC 1.2 and later, numDisplays will be HWC_NUM_DISPLAY_TYPES or more.
-     * The extra entries correspond to enabled virtual displays, and will be
-     * non-NULL. In HWC 1.2, support for one virtual display is required, and
-     * no more than one will be used. Future HWC versions might require more.
+     * In a future version, numDisplays may be larger than
+     * HWC_NUM_DISPLAY_TYPES. The extra entries correspond to enabled virtual
+     * displays, and will be non-NULL.
      *
      * IMPORTANT NOTE: There is an implicit layer containing opaque black
      * pixels behind all the layers in the list. It is the responsibility of
diff --git a/tests/keymaster/keymaster_test.cpp b/tests/keymaster/keymaster_test.cpp
index 37e98d7..57e7dc8 100644
--- a/tests/keymaster/keymaster_test.cpp
+++ b/tests/keymaster/keymaster_test.cpp
@@ -14,11 +14,15 @@
  * limitations under the License.
  */
 
-#define LOG_TAG "keymaster_test"
-#include <utils/Log.h>
-#include <utils/UniquePtr.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
 
-#include <hardware/keymaster.h>
+#include <fstream>
+#include <iostream>
 
 #include <gtest/gtest.h>
 
@@ -26,13 +30,20 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
-#include <fstream>
-#include <iostream>
+#define LOG_TAG "keymaster_test"
+#include <utils/Log.h>
+#include <utils/UniquePtr.h>
+
+#include <hardware/keymaster.h>
 
 namespace android {
 
 class UniqueBlob : public UniquePtr<uint8_t[]> {
 public:
+    UniqueBlob(size_t length) :
+            mLength(length) {
+    }
+
     UniqueBlob(uint8_t* bytes, size_t length) :
             UniquePtr<uint8_t[]>(bytes), mLength(length) {
     }
@@ -97,6 +108,56 @@
     keymaster_device_t** mDevice;
 };
 
+class UniqueReadOnlyBlob {
+public:
+    UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) :
+            mDataSize(dataSize) {
+        int pageSize = sysconf(_SC_PAGE_SIZE);
+        if (pageSize == -1) {
+            return;
+        }
+
+        int fd = open("/dev/zero", O_RDONLY);
+        if (fd == -1) {
+            return;
+        }
+
+        mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1);
+        uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE,
+                                          MAP_PRIVATE, fd, 0);
+        close(fd);
+
+        if (buffer == NULL) {
+            return;
+        }
+
+        memcpy(buffer, data, dataSize);
+        if (mprotect(buffer, mBufferSize, PROT_READ) == -1) {
+            munmap(buffer, mBufferSize);
+            return;
+        }
+
+        mBuffer = buffer;
+    }
+
+    ~UniqueReadOnlyBlob() {
+        munmap(mBuffer, mBufferSize);
+    }
+
+    uint8_t* get() const {
+        return mBuffer;
+    }
+
+    size_t length() const {
+        return mDataSize;
+    }
+
+private:
+    uint8_t* mBuffer;
+    size_t mBufferSize;
+    size_t mDataSize;
+};
+
 struct BIGNUM_Delete {
     void operator()(BIGNUM* p) const {
         BN_free(p);
@@ -331,7 +392,7 @@
 
 INSTANTIATE_TEST_CASE_P(RSA,
                         KeymasterGenerateTest,
-                        ::testing::Values(512, 1024, 2048));
+                        ::testing::Values(512U, 1024U, 2048U));
 
 TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) {
     keymaster_keypair_t key_type = TYPE_RSA;
@@ -415,8 +476,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -447,8 +511,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -463,8 +530,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -474,13 +544,16 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     /*
      * This is only run if the module indicates it implements key deletion
      * by implementing delete_keypair.
      */
     if (sDevice->delete_keypair != NULL) {
         ASSERT_EQ(0,
-                sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
+                sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                         &key_blob, &key_blob_length))
                 << "Should successfully import an RSA key";
         UniqueBlob blob(key_blob, key_blob_length);
@@ -587,8 +660,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -601,9 +677,12 @@
     uint8_t* sig;
     size_t sig_length;
 
+    UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
+    ASSERT_TRUE(testData.get() != NULL);
+
     ASSERT_EQ(0,
             sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
-                    TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
+                    testData.get(), testData.length(),
                     &sig, &sig_length))
             << "Should sign data successfully";
     UniqueBlob sig_blob(sig, sig_length);
@@ -621,8 +700,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -635,9 +717,12 @@
     uint8_t* sig;
     size_t sig_length;
 
+    UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
+    ASSERT_TRUE(testData.get() != NULL);
+
     ASSERT_EQ(-1,
             sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
-                    TEST_KEY_1, sizeof(TEST_KEY_1),
+                    testData.get(), testData.length(),
                     &sig, &sig_length))
             << "Should not be able to do raw signature on incorrect size data";
 }
@@ -651,9 +736,12 @@
     uint8_t* sig;
     size_t sig_length;
 
+    UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
+    ASSERT_TRUE(testData.get() != NULL);
+
     ASSERT_EQ(-1,
             sDevice->sign_data(sDevice, &params, NULL, 0,
-                    TEST_KEY_1, sizeof(TEST_KEY_1),
+                    testData.get(), testData.length(),
                     &sig, &sig_length))
             << "Should not be able to do raw signature on incorrect size data";
 }
@@ -662,8 +750,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -687,8 +778,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -701,9 +795,12 @@
     uint8_t* sig;
     size_t sig_length;
 
+    UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
+    ASSERT_TRUE(testData.get() != NULL);
+
     ASSERT_EQ(-1,
             sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
-                    TEST_KEY_1, sizeof(TEST_KEY_1),
+                    testData.get(), testData.length(),
                     NULL, NULL))
             << "Should error when output is null";
 }
@@ -712,8 +809,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -723,10 +823,16 @@
             padding_type: PADDING_NONE,
     };
 
+    UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
+    ASSERT_TRUE(testData.get() != NULL);
+
+    UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
+    ASSERT_TRUE(testSig.get() != NULL);
+
     ASSERT_EQ(0,
             sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
-                    TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
-                    TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)))
+                    testData.get(), testData.length(),
+                    testSig.get(), testSig.length()))
             << "Should verify data successfully";
 }
 
@@ -734,8 +840,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -758,10 +867,16 @@
             padding_type: PADDING_NONE,
     };
 
+    UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
+    ASSERT_TRUE(testData.get() != NULL);
+
+    UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1));
+    ASSERT_TRUE(testSig.get() != NULL);
+
     ASSERT_EQ(-1,
             sDevice->verify_data(sDevice, &params, NULL, 0,
-                    TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
-                    TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
+                    testData.get(), testData.length(),
+                    testSig.get(), testSig.length()))
             << "Should fail when key is null";
 }
 
@@ -780,10 +895,13 @@
             padding_type: PADDING_NONE,
     };
 
+    UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
+    ASSERT_TRUE(testSig.get() != NULL);
+
     ASSERT_EQ(-1,
             sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
                     NULL, 0,
-                    TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)))
+                    testSig.get(), testSig.length()))
             << "Should fail on null input";
 }
 
@@ -791,8 +909,11 @@
     uint8_t* key_blob;
     size_t key_blob_length;
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
@@ -802,9 +923,12 @@
             padding_type: PADDING_NONE,
     };
 
+    UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
+    ASSERT_TRUE(testData.get() != NULL);
+
     ASSERT_EQ(-1,
             sDevice->verify_data(sDevice, &params, key.get(), key.length(),
-                    TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
+                    testData.get(), testData.length(),
                     NULL, 0))
             << "Should fail on null signature";
 }
@@ -818,14 +942,20 @@
         return;
     }
 
+    UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+            sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
                     &key1_blob, &key1_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key1(&sDevice, key1_blob, key1_blob_length);
 
+    UniqueReadOnlyBlob testKey2(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
+    ASSERT_TRUE(testKey2.get() != NULL);
+
     ASSERT_EQ(0,
-            sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
+            sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(),
                     &key2_blob, &key2_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key2(&sDevice, key2_blob, key2_blob_length);