Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_libhardware / 5dae225de7b5ccf965d1496bc4343828a250f788 / . / tests / keymaster / keymaster_test.cpp
blob: 0046ea48812f57b103ae3a67e890063b185f7db1 [file] [log] [blame]
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]17#include <fcntl.h>
18#include <stdlib.h>
19#include <unistd.h>
20#include <sys/mman.h>
21#include <sys/stat.h>
22#include <sys/types.h>
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]23
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]24#include <fstream>
25#include <iostream>
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]26
27#include <gtest/gtest.h>
28
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]29#include <openssl/bn.h>
30#include <openssl/evp.h>
31#include <openssl/x509.h>
32
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]33#define LOG_TAG "keymaster_test"
34#include <utils/Log.h>
35#include <utils/UniquePtr.h>
36
37#include <hardware/keymaster.h>
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]38
39namespace android {
40
41class UniqueBlob : public UniquePtr<uint8_t[]> {
42public:
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]43 UniqueBlob(size_t length) :
44 mLength(length) {
45 }
46
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]47 UniqueBlob(uint8_t* bytes, size_t length) :
48 UniquePtr<uint8_t[]>(bytes), mLength(length) {
49 }
50
51 bool operator==(const UniqueBlob &other) const {
52 if (other.length() != mLength) {
53 return false;
54 }
55
56 const uint8_t* mine = get();
57 const uint8_t* theirs = other.get();
58
59 for (size_t i = 0; i < mLength; i++) {
60 if (mine[i] != theirs[i]) {
61 return false;
62 }
63 }
64
65 return true;
66 }
67
68 size_t length() const {
69 return mLength;
70 }
71
72 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob);
73
74private:
75 size_t mLength;
76};
77
78std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) {
79 const size_t length = blob.mLength;
80 stream << "Blob length=" << length << " < ";
81
82 const uint8_t* data = blob.get();
83 for (size_t i = 0; i < length; i++) {
84 stream << std::hex << std::setw(2) << std::setfill('0')
85 << static_cast<unsigned int>(data[i]) << ' ';
86 }
87 stream << '>' << std::endl;
88
89 return stream;
90}
91
92class UniqueKey : public UniqueBlob {
93public:
94 UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) :
95 UniqueBlob(bytes, length), mDevice(dev) {
96 }
97
98 ~UniqueKey() {
99 if (mDevice != NULL && *mDevice != NULL) {
100 keymaster_device_t* dev = *mDevice;
101 if (dev->delete_keypair != NULL) {
102 dev->delete_keypair(dev, get(), length());
103 }
104 }
105 }
106
107private:
108 keymaster_device_t** mDevice;
109};
110
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]111class UniqueReadOnlyBlob {
112public:
113 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) :
114 mDataSize(dataSize) {
115 int pageSize = sysconf(_SC_PAGE_SIZE);
116 if (pageSize == -1) {
117 return;
118 }
119
120 int fd = open("/dev/zero", O_RDONLY);
121 if (fd == -1) {
122 return;
123 }
124
125 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1);
126 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE,
127 MAP_PRIVATE, fd, 0);
128 close(fd);
129
130 if (buffer == NULL) {
131 return;
132 }
133
134 memcpy(buffer, data, dataSize);
135 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) {
136 munmap(buffer, mBufferSize);
137 return;
138 }
139
140 mBuffer = buffer;
141 }
142
143 ~UniqueReadOnlyBlob() {
144 munmap(mBuffer, mBufferSize);
145 }
146
147 uint8_t* get() const {
148 return mBuffer;
149 }
150
151 size_t length() const {
152 return mDataSize;
153 }
154
155private:
156 uint8_t* mBuffer;
157 size_t mBufferSize;
158 size_t mDataSize;
159};
160
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]161struct BIGNUM_Delete {
162 void operator()(BIGNUM* p) const {
163 BN_free(p);
164 }
165};
166typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
167
168struct EVP_PKEY_Delete {
169 void operator()(EVP_PKEY* p) const {
170 EVP_PKEY_free(p);
171 }
172};
173typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
174
175struct PKCS8_PRIV_KEY_INFO_Delete {
176 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
177 PKCS8_PRIV_KEY_INFO_free(p);
178 }
179};
180typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
181
182struct RSA_Delete {
183 void operator()(RSA* p) const {
184 RSA_free(p);
185 }
186};
187typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
188
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]189/*
190 * DER-encoded PKCS#8 format RSA key. Generated using:
191 *
192 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
193 */
194static uint8_t TEST_KEY_1[] = {
195 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
196 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
197 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
198 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27,
199 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55,
200 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0,
201 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A,
202 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13,
203 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8,
204 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A,
205 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77,
206 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10,
207 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D,
208 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7,
209 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64,
210 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6,
211 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC,
212 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9,
213 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A,
214 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F,
215 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28,
216 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC,
217 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD,
218 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78,
219 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
220 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC,
221 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA,
222 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF,
223 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F,
224 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26,
225 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07,
226 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77,
227 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D,
228 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75,
229 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF,
230 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12,
231 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34,
232 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48,
233 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98,
234 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43,
235 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC,
236 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75,
237 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57,
238 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21,
239 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68,
240 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81,
241 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA,
242 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27,
243 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12,
244 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89,
245 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B,
246 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D,
247 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50,
248 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7,
249 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95,
250 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12,
251 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E,
252 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC,
253 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63,
254 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33,
255 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44,
256 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32,
257 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4,
258 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5,
259 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0,
260 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E,
261 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83,
262 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C,
263 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4,
264 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42,
265 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14,
266 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8,
267 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C,
268 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6,
269 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67,
270 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B,
271 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D,
272 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B,
273 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62,
274 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91,
275 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1,
276 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40,
277 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64,
278 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E,
279 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72,
280 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F,
281 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11,
282 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE,
283 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9,
284 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71,
285 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B,
286 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46,
287 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13,
288 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E,
289 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61,
290 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2,
291 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63,
292 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82,
293 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED,
294 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9,
295 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2,
296 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5,
297};
298
299/*
300 * Generated using keys on the keyboard and lack of imagination.
301 */
302static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF };
303
304
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]305class KeymasterBaseTest : public ::testing::Test {
306public:
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]307 static void SetUpTestCase() {
308 const hw_module_t* mod;
309 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod))
310 << "Should be able to find a keymaster hardware module";
311
312 std::cout << "Using keymaster module: " << mod->name << std::endl;
313
314 ASSERT_EQ(0, keymaster_open(mod, &sDevice))
315 << "Should be able to open the keymaster device";
316
317 ASSERT_TRUE(sDevice->generate_keypair != NULL)
318 << "Should implement generate_keypair";
319
320 ASSERT_TRUE(sDevice->import_keypair != NULL)
321 << "Should implement import_keypair";
322
323 ASSERT_TRUE(sDevice->get_keypair_public != NULL)
324 << "Should implement get_keypair_public";
325
326 ASSERT_TRUE(sDevice->sign_data != NULL)
327 << "Should implement sign_data";
328
329 ASSERT_TRUE(sDevice->verify_data != NULL)
330 << "Should implement verify_data";
331 }
332
333 static void TearDownTestCase() {
334 ASSERT_EQ(0, keymaster_close(sDevice));
335 }
336
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]337protected:
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]338 static keymaster_device_t* sDevice;
339};
340
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]341keymaster_device_t* KeymasterBaseTest::sDevice = NULL;
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]342
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]343class KeymasterTest : public KeymasterBaseTest {
344};
345
346class KeymasterGenerateTest : public KeymasterBaseTest,
347 public ::testing::WithParamInterface<uint32_t> {
348};
349
350TEST_P(KeymasterGenerateTest, GenerateKeyPair_RSA_Success) {
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]351 keymaster_keypair_t key_type = TYPE_RSA;
352 keymaster_rsa_keygen_params_t params = {
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]353 modulus_size: GetParam(),
354 public_exponent: RSA_F4,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]355 };
356
357 uint8_t* key_blob;
358 size_t key_blob_length;
359
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]360 ASSERT_EQ(0,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]361 sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
362 << "Should generate an RSA key with 512 bit modulus size";
363 UniqueKey key(&sDevice, key_blob, key_blob_length);
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]364
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]365 uint8_t* x509_data = NULL;
366 size_t x509_data_length;
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]367 ASSERT_EQ(0,
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]368 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
369 &x509_data, &x509_data_length))
370 << "Should be able to retrieve RSA public key successfully";
371 UniqueBlob x509_blob(x509_data, x509_data_length);
372 ASSERT_FALSE(x509_blob.get() == NULL)
373 << "X509 data should be allocated";
374
375 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
376 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
377 static_cast<long>(x509_blob.length())));
378
379 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type))
380 << "Generated key type should be of type RSA";
381
382 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get()));
383 ASSERT_FALSE(rsa.get() == NULL)
384 << "Should be able to extract RSA key from EVP_PKEY";
385
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]386 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e))
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]387 << "Exponent should be RSA_F4";
388
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]389 ASSERT_EQ(GetParam() / 8, static_cast<uint32_t>(RSA_size(rsa.get())))
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]390 << "Modulus size should be the specified parameter";
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]391}
392
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]393INSTANTIATE_TEST_CASE_P(RSA,
394 KeymasterGenerateTest,
Brian Carlstrom63b64332013-05-14 15:20:28 -0700[diff] [blame]395 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U));
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]396
397TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) {
398 keymaster_keypair_t key_type = TYPE_RSA;
399
400 uint8_t* key_blob;
401 size_t key_blob_length;
402
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]403 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]404 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
405 << "Should not be able to generate an RSA key with null params";
406}
407
408TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) {
409 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF);
410
411 uint8_t* key_blob;
412 size_t key_blob_length;
413
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]414 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]415 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
416 << "Should not generate an unknown key type";
417}
418
419TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) {
420 uint8_t* key_blob;
421 size_t key_blob_length;
422
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]423 ASSERT_EQ(0,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]424 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
425 &key_blob, &key_blob_length))
426 << "Should successfully import an RSA key";
427 UniqueKey key(&sDevice, key_blob, key_blob_length);
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]428
429 uint8_t* x509_data;
430 size_t x509_data_length;
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]431 ASSERT_EQ(0,
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]432 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
433 &x509_data, &x509_data_length))
434 << "Should be able to retrieve RSA public key successfully";
435 UniqueBlob x509_blob(x509_data, x509_data_length);
436
437 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
438 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
439 static_cast<long>(x509_blob.length())));
440
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]441 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA)
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]442 << "Generated key type should be of type RSA";
443
444 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_KEY_1);
445 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8(
446 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp,
447 sizeof(TEST_KEY_1)));
448
449 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
450
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]451 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
Kenny Root8467a6d2012-08-08 17:04:40 -0700[diff] [blame]452 << "Expected and actual keys should match";
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]453}
454
455TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) {
456 uint8_t* key_blob;
457 size_t key_blob_length;
458
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]459 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]460 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1),
461 &key_blob, &key_blob_length))
462 << "Should not import an unknown key type";
463}
464
465TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) {
466 uint8_t* key_blob;
467 size_t key_blob_length;
468
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]469 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]470 sDevice->import_keypair(sDevice, NULL, 0,
471 &key_blob, &key_blob_length))
472 << "Should not import a null key";
473}
474
475TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) {
476 uint8_t* key_blob;
477 size_t key_blob_length;
478
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]479 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
480 ASSERT_TRUE(testKey.get() != NULL);
481
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]482 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]483 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]484 &key_blob, &key_blob_length))
485 << "Should successfully import an RSA key";
486 UniqueKey key(&sDevice, key_blob, key_blob_length);
487
488 uint8_t* x509_data;
489 size_t x509_data_length;
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]490 ASSERT_EQ(0,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]491 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
492 &x509_data, &x509_data_length))
493 << "Should be able to retrieve RSA public key successfully";
494 UniqueBlob x509_blob(x509_data, x509_data_length);
495}
496
497TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullKey_Failure) {
498 uint8_t* key_blob;
499 size_t key_blob_length;
500
501 uint8_t* x509_data = NULL;
502 size_t x509_data_length;
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]503 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]504 sDevice->get_keypair_public(sDevice, NULL, 0,
505 &x509_data, &x509_data_length))
506 << "Should not be able to retrieve RSA public key from null key";
507 UniqueBlob x509_blob(x509_data, x509_data_length);
508}
509
510TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) {
511 uint8_t* key_blob;
512 size_t key_blob_length;
513
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]514 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
515 ASSERT_TRUE(testKey.get() != NULL);
516
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]517 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]518 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]519 &key_blob, &key_blob_length))
520 << "Should successfully import an RSA key";
521 UniqueKey key(&sDevice, key_blob, key_blob_length);
522
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]523 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]524 sDevice->get_keypair_public(sDevice, key.get(), key.length(),
525 NULL, NULL))
526 << "Should not be able to succeed with NULL destination blob";
527}
528
529TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) {
530 uint8_t* key_blob;
531 size_t key_blob_length;
532
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]533 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
534 ASSERT_TRUE(testKey.get() != NULL);
535
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]536 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]537 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]538 &key_blob, &key_blob_length))
539 << "Should successfully import an RSA key";
540 UniqueKey key(&sDevice, key_blob, key_blob_length);
541}
542
543TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) {
544 uint8_t* key_blob;
545 size_t key_blob_length;
546
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]547 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1));
548 ASSERT_TRUE(testKey.get() != NULL);
549
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]550 /*
551 * This is only run if the module indicates it implements key deletion
552 * by implementing delete_keypair.
553 */
554 if (sDevice->delete_keypair != NULL) {
555 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]556 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]557 &key_blob, &key_blob_length))
558 << "Should successfully import an RSA key";
559 UniqueBlob blob(key_blob, key_blob_length);
560
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]561 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]562 << "Should delete key after import";
563
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]564 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]565 << "Should not be able to delete key twice";
566 }
567}
568
569TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) {
570 /*
571 * This is only run if the module indicates it implements key deletion
572 * by implementing delete_keypair.
573 */
574 if (sDevice->delete_keypair != NULL) {
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]575 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0))
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]576 << "Should not be able to delete null key";
577 }
578}
579
580/*
581 * DER-encoded PKCS#8 format RSA key. Generated using:
582 *
583 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
584 */
585static uint8_t TEST_SIGN_KEY_1[] = {
586 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
587 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
588 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
589 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5,
590 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9,
591 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78,
592 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED,
593 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D,
594 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00,
595 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2,
596 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E,
597 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55,
598 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B,
599 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E,
600 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64,
601 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6,
602 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C,
603 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5,
604 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA,
605 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83,
606 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43,
607 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6,
608 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60,
609 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A,
610 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20,
611 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9,
612 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B,
613 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80,
614 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A,
615};
616
617/*
618 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying
619 * the signature below in no padding mode:
620 *
621 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig
622 */
623static uint8_t TEST_SIGN_DATA_1[] = {
624 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
625 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
626 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
627 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
628 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77,
629 0x6F, 0x72, 0x6C, 0x64,
630};
631
632/*
633 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_KEY_1. Generated using:
634 *
635 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1
636 */
637static uint8_t TEST_SIGN_SIGNATURE_1[] = {
638 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
639 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
640 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
641 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
642 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
643 0x79, 0xE4, 0x91, 0x40,
644};
645
646/*
647 * Identical to TEST_SIGN_SIGNATURE_1 except the last octet is '1' instead of '0'
648 * This should fail any test.
649 */
650static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = {
651 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
652 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
653 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
654 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
655 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
656 0x79, 0xE4, 0x91, 0x41,
657};
658
659TEST_F(KeymasterTest, SignData_RSA_Raw_Success) {
660 uint8_t* key_blob;
661 size_t key_blob_length;
662
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]663 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
664 ASSERT_TRUE(testKey.get() != NULL);
665
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]666 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]667 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]668 &key_blob, &key_blob_length))
669 << "Should successfully import an RSA key";
670 UniqueKey key(&sDevice, key_blob, key_blob_length);
671
672 keymaster_rsa_sign_params_t params = {
673 digest_type: DIGEST_NONE,
674 padding_type: PADDING_NONE,
675 };
676
677 uint8_t* sig;
678 size_t sig_length;
679
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]680 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
681 ASSERT_TRUE(testData.get() != NULL);
682
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]683 ASSERT_EQ(0,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]684 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]685 testData.get(), testData.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]686 &sig, &sig_length))
687 << "Should sign data successfully";
688 UniqueBlob sig_blob(sig, sig_length);
689
690 UniqueBlob expected_sig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
691
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]692 ASSERT_EQ(expected_sig, sig_blob)
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]693 << "Generated signature should match expected signature";
694
695 // The expected signature is actually stack data, so don't let it try to free.
696 uint8_t* unused __attribute__((unused)) = expected_sig.release();
697}
698
699TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) {
700 uint8_t* key_blob;
701 size_t key_blob_length;
702
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]703 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
704 ASSERT_TRUE(testKey.get() != NULL);
705
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]706 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]707 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]708 &key_blob, &key_blob_length))
709 << "Should successfully import an RSA key";
710 UniqueKey key(&sDevice, key_blob, key_blob_length);
711
712 keymaster_rsa_sign_params_t params = {
713 digest_type: DIGEST_NONE,
714 padding_type: PADDING_NONE,
715 };
716
717 uint8_t* sig;
718 size_t sig_length;
719
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]720 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
721 ASSERT_TRUE(testData.get() != NULL);
722
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]723 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]724 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]725 testData.get(), testData.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]726 &sig, &sig_length))
727 << "Should not be able to do raw signature on incorrect size data";
728}
729
730TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) {
731 keymaster_rsa_sign_params_t params = {
732 digest_type: DIGEST_NONE,
733 padding_type: PADDING_NONE,
734 };
735
736 uint8_t* sig;
737 size_t sig_length;
738
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]739 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
740 ASSERT_TRUE(testData.get() != NULL);
741
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]742 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]743 sDevice->sign_data(sDevice, &params, NULL, 0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]744 testData.get(), testData.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]745 &sig, &sig_length))
746 << "Should not be able to do raw signature on incorrect size data";
747}
748
749TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) {
750 uint8_t* key_blob;
751 size_t key_blob_length;
752
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]753 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
754 ASSERT_TRUE(testKey.get() != NULL);
755
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]756 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]757 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]758 &key_blob, &key_blob_length))
759 << "Should successfully import an RSA key";
760 UniqueKey key(&sDevice, key_blob, key_blob_length);
761
762 keymaster_rsa_sign_params_t params = {
763 digest_type: DIGEST_NONE,
764 padding_type: PADDING_NONE,
765 };
766
767 uint8_t* sig;
768 size_t sig_length;
769
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]770 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]771 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
772 NULL, 0,
773 &sig, &sig_length))
774 << "Should error when input data is null";
775}
776
777TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) {
778 uint8_t* key_blob;
779 size_t key_blob_length;
780
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]781 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
782 ASSERT_TRUE(testKey.get() != NULL);
783
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]784 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]785 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]786 &key_blob, &key_blob_length))
787 << "Should successfully import an RSA key";
788 UniqueKey key(&sDevice, key_blob, key_blob_length);
789
790 keymaster_rsa_sign_params_t params = {
791 digest_type: DIGEST_NONE,
792 padding_type: PADDING_NONE,
793 };
794
795 uint8_t* sig;
796 size_t sig_length;
797
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]798 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1));
799 ASSERT_TRUE(testData.get() != NULL);
800
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]801 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]802 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]803 testData.get(), testData.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]804 NULL, NULL))
805 << "Should error when output is null";
806}
807
808TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) {
809 uint8_t* key_blob;
810 size_t key_blob_length;
811
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]812 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
813 ASSERT_TRUE(testKey.get() != NULL);
814
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]815 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]816 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]817 &key_blob, &key_blob_length))
818 << "Should successfully import an RSA key";
819 UniqueKey key(&sDevice, key_blob, key_blob_length);
820
821 keymaster_rsa_sign_params_t params = {
822 digest_type: DIGEST_NONE,
823 padding_type: PADDING_NONE,
824 };
825
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]826 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
827 ASSERT_TRUE(testData.get() != NULL);
828
829 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
830 ASSERT_TRUE(testSig.get() != NULL);
831
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]832 ASSERT_EQ(0,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]833 sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]834 testData.get(), testData.length(),
835 testSig.get(), testSig.length()))
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]836 << "Should verify data successfully";
837}
838
839TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) {
840 uint8_t* key_blob;
841 size_t key_blob_length;
842
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]843 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
844 ASSERT_TRUE(testKey.get() != NULL);
845
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]846 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]847 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]848 &key_blob, &key_blob_length))
849 << "Should successfully import an RSA key";
850 UniqueKey key(&sDevice, key_blob, key_blob_length);
851
852 keymaster_rsa_sign_params_t params = {
853 digest_type: DIGEST_NONE,
854 padding_type: PADDING_NONE,
855 };
856
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]857 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]858 sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
859 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
860 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
861 << "Should sign data successfully";
862}
863
864TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) {
865 keymaster_rsa_sign_params_t params = {
866 digest_type: DIGEST_NONE,
867 padding_type: PADDING_NONE,
868 };
869
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]870 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
871 ASSERT_TRUE(testData.get() != NULL);
872
873 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1));
874 ASSERT_TRUE(testSig.get() != NULL);
875
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]876 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]877 sDevice->verify_data(sDevice, &params, NULL, 0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]878 testData.get(), testData.length(),
879 testSig.get(), testSig.length()))
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]880 << "Should fail when key is null";
881}
882
883TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) {
884 uint8_t* key_blob;
885 size_t key_blob_length;
886
887 ASSERT_EQ(0,
888 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
889 &key_blob, &key_blob_length))
890 << "Should successfully import an RSA key";
891 UniqueKey key(&sDevice, key_blob, key_blob_length);
892
893 keymaster_rsa_sign_params_t params = {
894 digest_type: DIGEST_NONE,
895 padding_type: PADDING_NONE,
896 };
897
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]898 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
899 ASSERT_TRUE(testSig.get() != NULL);
900
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]901 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]902 sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
903 NULL, 0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]904 testSig.get(), testSig.length()))
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]905 << "Should fail on null input";
906}
907
908TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) {
909 uint8_t* key_blob;
910 size_t key_blob_length;
911
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]912 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
913 ASSERT_TRUE(testKey.get() != NULL);
914
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]915 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]916 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]917 &key_blob, &key_blob_length))
918 << "Should successfully import an RSA key";
919 UniqueKey key(&sDevice, key_blob, key_blob_length);
920
921 keymaster_rsa_sign_params_t params = {
922 digest_type: DIGEST_NONE,
923 padding_type: PADDING_NONE,
924 };
925
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]926 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
927 ASSERT_TRUE(testData.get() != NULL);
928
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]929 ASSERT_EQ(-1,
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]930 sDevice->verify_data(sDevice, &params, key.get(), key.length(),
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]931 testData.get(), testData.length(),
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]932 NULL, 0))
933 << "Should fail on null signature";
934}
935
Kenny Root8ae65e72012-03-23 16:17:28 -0700[diff] [blame]936TEST_F(KeymasterTest, EraseAll_Success) {
937 uint8_t *key1_blob, *key2_blob;
938 size_t key1_blob_length, key2_blob_length;
939
940 // Only test this if the device says it supports delete_all
941 if (sDevice->delete_all == NULL) {
942 return;
943 }
944
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]945 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
946 ASSERT_TRUE(testKey.get() != NULL);
947
Kenny Root8ae65e72012-03-23 16:17:28 -0700[diff] [blame]948 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]949 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
Kenny Root8ae65e72012-03-23 16:17:28 -0700[diff] [blame]950 &key1_blob, &key1_blob_length))
951 << "Should successfully import an RSA key";
952 UniqueKey key1(&sDevice, key1_blob, key1_blob_length);
953
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]954 UniqueReadOnlyBlob testKey2(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1));
955 ASSERT_TRUE(testKey2.get() != NULL);
956
Kenny Root8ae65e72012-03-23 16:17:28 -0700[diff] [blame]957 ASSERT_EQ(0,
Kenny Rooteca8b3c2013-04-26 16:46:01 -0700[diff] [blame]958 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(),
Kenny Root8ae65e72012-03-23 16:17:28 -0700[diff] [blame]959 &key2_blob, &key2_blob_length))
960 << "Should successfully import an RSA key";
961 UniqueKey key2(&sDevice, key2_blob, key2_blob_length);
962
Kenny Root139d44f2012-11-20 14:37:40 -0800[diff] [blame]963 ASSERT_EQ(0, sDevice->delete_all(sDevice))
Kenny Root8ae65e72012-03-23 16:17:28 -0700[diff] [blame]964 << "Should erase all keys";
965
966 key1.reset();
967
968 uint8_t* x509_data;
969 size_t x509_data_length;
970 ASSERT_EQ(-1,
971 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length,
972 &x509_data, &x509_data_length))
973 << "Should be able to retrieve RSA public key 1 successfully";
974
975 ASSERT_EQ(-1,
976 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length,
977 &x509_data, &x509_data_length))
978 << "Should be able to retrieve RSA public key 2 successfully";
979}
980
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]981}