Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_libhardware / caf62bd7fb288be42d207d88d1fd282de79aa085 / . / tests / keymaster / keymaster_test.cpp
blob: 98e940769fb7b21cb5708eb9712bf77a2d07989f [file] [log] [blame]
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keymaster_test"
18#include <utils/Log.h>
Kenny Rootcaf62bd2012-03-22 16:33:37 -0700[diff] [blame^]19#include <utils/UniquePtr.h>
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]20
21#include <hardware/keymaster.h>
22
23#include <gtest/gtest.h>
24
25#include <fstream>
26#include <iostream>
Kenny Root4fd0db72012-03-16 13:19:07 -0700[diff] [blame]27
28namespace android {
29
30class UniqueBlob : public UniquePtr<uint8_t[]> {
31public:
32 UniqueBlob(uint8_t* bytes, size_t length) :
33 UniquePtr<uint8_t[]>(bytes), mLength(length) {
34 }
35
36 bool operator==(const UniqueBlob &other) const {
37 if (other.length() != mLength) {
38 return false;
39 }
40
41 const uint8_t* mine = get();
42 const uint8_t* theirs = other.get();
43
44 for (size_t i = 0; i < mLength; i++) {
45 if (mine[i] != theirs[i]) {
46 return false;
47 }
48 }
49
50 return true;
51 }
52
53 size_t length() const {
54 return mLength;
55 }
56
57 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob);
58
59private:
60 size_t mLength;
61};
62
63std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) {
64 const size_t length = blob.mLength;
65 stream << "Blob length=" << length << " < ";
66
67 const uint8_t* data = blob.get();
68 for (size_t i = 0; i < length; i++) {
69 stream << std::hex << std::setw(2) << std::setfill('0')
70 << static_cast<unsigned int>(data[i]) << ' ';
71 }
72 stream << '>' << std::endl;
73
74 return stream;
75}
76
77class UniqueKey : public UniqueBlob {
78public:
79 UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) :
80 UniqueBlob(bytes, length), mDevice(dev) {
81 }
82
83 ~UniqueKey() {
84 if (mDevice != NULL && *mDevice != NULL) {
85 keymaster_device_t* dev = *mDevice;
86 if (dev->delete_keypair != NULL) {
87 dev->delete_keypair(dev, get(), length());
88 }
89 }
90 }
91
92private:
93 keymaster_device_t** mDevice;
94};
95
96/*
97 * DER-encoded PKCS#8 format RSA key. Generated using:
98 *
99 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
100 */
101static uint8_t TEST_KEY_1[] = {
102 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
103 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
104 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
105 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27,
106 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55,
107 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0,
108 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A,
109 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13,
110 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8,
111 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A,
112 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77,
113 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10,
114 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D,
115 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7,
116 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64,
117 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6,
118 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC,
119 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9,
120 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A,
121 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F,
122 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28,
123 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC,
124 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD,
125 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78,
126 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
127 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC,
128 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA,
129 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF,
130 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F,
131 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26,
132 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07,
133 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77,
134 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D,
135 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75,
136 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF,
137 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12,
138 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34,
139 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48,
140 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98,
141 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43,
142 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC,
143 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75,
144 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57,
145 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21,
146 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68,
147 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81,
148 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA,
149 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27,
150 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12,
151 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89,
152 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B,
153 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D,
154 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50,
155 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7,
156 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95,
157 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12,
158 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E,
159 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC,
160 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63,
161 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33,
162 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44,
163 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32,
164 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4,
165 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5,
166 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0,
167 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E,
168 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83,
169 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C,
170 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4,
171 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42,
172 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14,
173 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8,
174 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C,
175 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6,
176 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67,
177 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B,
178 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D,
179 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B,
180 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62,
181 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91,
182 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1,
183 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40,
184 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64,
185 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E,
186 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72,
187 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F,
188 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11,
189 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE,
190 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9,
191 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71,
192 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B,
193 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46,
194 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13,
195 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E,
196 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61,
197 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2,
198 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63,
199 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82,
200 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED,
201 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9,
202 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2,
203 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5,
204};
205
206/*
207 * Generated using keys on the keyboard and lack of imagination.
208 */
209static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF };
210
211
212class KeymasterTest : public testing::Test {
213protected:
214 static void SetUpTestCase() {
215 const hw_module_t* mod;
216 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod))
217 << "Should be able to find a keymaster hardware module";
218
219 std::cout << "Using keymaster module: " << mod->name << std::endl;
220
221 ASSERT_EQ(0, keymaster_open(mod, &sDevice))
222 << "Should be able to open the keymaster device";
223
224 ASSERT_TRUE(sDevice->generate_keypair != NULL)
225 << "Should implement generate_keypair";
226
227 ASSERT_TRUE(sDevice->import_keypair != NULL)
228 << "Should implement import_keypair";
229
230 ASSERT_TRUE(sDevice->get_keypair_public != NULL)
231 << "Should implement get_keypair_public";
232
233 ASSERT_TRUE(sDevice->sign_data != NULL)
234 << "Should implement sign_data";
235
236 ASSERT_TRUE(sDevice->verify_data != NULL)
237 << "Should implement verify_data";
238 }
239
240 static void TearDownTestCase() {
241 ASSERT_EQ(0, keymaster_close(sDevice));
242 }
243
244 virtual void SetUp() {
245 }
246
247 virtual void TearDown() {
248 }
249
250 static keymaster_device_t* sDevice;
251};
252
253keymaster_device_t* KeymasterTest::sDevice = NULL;
254
255TEST_F(KeymasterTest, GenerateKeyPair_RSA_512_Success) {
256 keymaster_keypair_t key_type = TYPE_RSA;
257 keymaster_rsa_keygen_params_t params = {
258 modulus_size: 512,
259 public_exponent: 0x10001L,
260 };
261
262 uint8_t* key_blob;
263 size_t key_blob_length;
264
265 EXPECT_EQ(0,
266 sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
267 << "Should generate an RSA key with 512 bit modulus size";
268 UniqueKey key(&sDevice, key_blob, key_blob_length);
269}
270
271TEST_F(KeymasterTest, GenerateKeyPair_RSA_1024_Success) {
272 keymaster_keypair_t key_type = TYPE_RSA;
273 keymaster_rsa_keygen_params_t params = {
274 modulus_size: 1024,
275 public_exponent: 0x3L,
276 };
277
278 uint8_t* key_blob;
279 size_t key_blob_length;
280
281 EXPECT_EQ(0,
282 sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
283 << "Should generate an RSA key with 2048 bit modulus size";
284 UniqueKey key(&sDevice, key_blob, key_blob_length);
285}
286
287TEST_F(KeymasterTest, GenerateKeyPair_RSA_2048_Success) {
288 keymaster_keypair_t key_type = TYPE_RSA;
289 keymaster_rsa_keygen_params_t params = {
290 modulus_size: 2048,
291 public_exponent: 0x3L,
292 };
293
294 uint8_t* key_blob;
295 size_t key_blob_length;
296
297 EXPECT_EQ(0,
298 sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
299 << "Should generate an RSA key with 2048 bit modulus size";
300 UniqueKey key(&sDevice, key_blob, key_blob_length);
301}
302
303TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) {
304 keymaster_keypair_t key_type = TYPE_RSA;
305
306 uint8_t* key_blob;
307 size_t key_blob_length;
308
309 EXPECT_EQ(-1,
310 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
311 << "Should not be able to generate an RSA key with null params";
312}
313
314TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) {
315 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF);
316
317 uint8_t* key_blob;
318 size_t key_blob_length;
319
320 EXPECT_EQ(-1,
321 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
322 << "Should not generate an unknown key type";
323}
324
325TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) {
326 uint8_t* key_blob;
327 size_t key_blob_length;
328
329 EXPECT_EQ(0,
330 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
331 &key_blob, &key_blob_length))
332 << "Should successfully import an RSA key";
333 UniqueKey key(&sDevice, key_blob, key_blob_length);
334}
335
336TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) {
337 uint8_t* key_blob;
338 size_t key_blob_length;
339
340 EXPECT_EQ(-1,
341 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1),
342 &key_blob, &key_blob_length))
343 << "Should not import an unknown key type";
344}
345
346TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) {
347 uint8_t* key_blob;
348 size_t key_blob_length;
349
350 EXPECT_EQ(-1,
351 sDevice->import_keypair(sDevice, NULL, 0,
352 &key_blob, &key_blob_length))
353 << "Should not import a null key";
354}
355
356TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) {
357 uint8_t* key_blob;
358 size_t key_blob_length;
359
360 ASSERT_EQ(0,
361 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
362 &key_blob, &key_blob_length))
363 << "Should successfully import an RSA key";
364 UniqueKey key(&sDevice, key_blob, key_blob_length);
365
366 uint8_t* x509_data;
367 size_t x509_data_length;
368 EXPECT_EQ(0,
369 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
370 &x509_data, &x509_data_length))
371 << "Should be able to retrieve RSA public key successfully";
372 UniqueBlob x509_blob(x509_data, x509_data_length);
373}
374
375TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullKey_Failure) {
376 uint8_t* key_blob;
377 size_t key_blob_length;
378
379 uint8_t* x509_data = NULL;
380 size_t x509_data_length;
381 EXPECT_EQ(-1,
382 sDevice->get_keypair_public(sDevice, NULL, 0,
383 &x509_data, &x509_data_length))
384 << "Should not be able to retrieve RSA public key from null key";
385 UniqueBlob x509_blob(x509_data, x509_data_length);
386}
387
388TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) {
389 uint8_t* key_blob;
390 size_t key_blob_length;
391
392 ASSERT_EQ(0,
393 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
394 &key_blob, &key_blob_length))
395 << "Should successfully import an RSA key";
396 UniqueKey key(&sDevice, key_blob, key_blob_length);
397
398 EXPECT_EQ(-1,
399 sDevice->get_keypair_public(sDevice, key.get(), key.length(),
400 NULL, NULL))
401 << "Should not be able to succeed with NULL destination blob";
402}
403
404TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) {
405 uint8_t* key_blob;
406 size_t key_blob_length;
407
408 EXPECT_EQ(0,
409 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
410 &key_blob, &key_blob_length))
411 << "Should successfully import an RSA key";
412 UniqueKey key(&sDevice, key_blob, key_blob_length);
413}
414
415TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) {
416 uint8_t* key_blob;
417 size_t key_blob_length;
418
419 /*
420 * This is only run if the module indicates it implements key deletion
421 * by implementing delete_keypair.
422 */
423 if (sDevice->delete_keypair != NULL) {
424 ASSERT_EQ(0,
425 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
426 &key_blob, &key_blob_length))
427 << "Should successfully import an RSA key";
428 UniqueBlob blob(key_blob, key_blob_length);
429
430 EXPECT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
431 << "Should delete key after import";
432
433 EXPECT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
434 << "Should not be able to delete key twice";
435 }
436}
437
438TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) {
439 /*
440 * This is only run if the module indicates it implements key deletion
441 * by implementing delete_keypair.
442 */
443 if (sDevice->delete_keypair != NULL) {
444 EXPECT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0))
445 << "Should not be able to delete null key";
446 }
447}
448
449/*
450 * DER-encoded PKCS#8 format RSA key. Generated using:
451 *
452 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
453 */
454static uint8_t TEST_SIGN_KEY_1[] = {
455 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
456 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
457 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
458 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5,
459 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9,
460 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78,
461 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED,
462 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D,
463 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00,
464 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2,
465 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E,
466 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55,
467 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B,
468 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E,
469 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64,
470 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6,
471 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C,
472 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5,
473 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA,
474 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83,
475 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43,
476 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6,
477 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60,
478 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A,
479 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20,
480 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9,
481 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B,
482 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80,
483 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A,
484};
485
486/*
487 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying
488 * the signature below in no padding mode:
489 *
490 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig
491 */
492static uint8_t TEST_SIGN_DATA_1[] = {
493 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
494 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
495 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
496 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
497 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77,
498 0x6F, 0x72, 0x6C, 0x64,
499};
500
501/*
502 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_KEY_1. Generated using:
503 *
504 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1
505 */
506static uint8_t TEST_SIGN_SIGNATURE_1[] = {
507 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
508 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
509 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
510 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
511 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
512 0x79, 0xE4, 0x91, 0x40,
513};
514
515/*
516 * Identical to TEST_SIGN_SIGNATURE_1 except the last octet is '1' instead of '0'
517 * This should fail any test.
518 */
519static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = {
520 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
521 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
522 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
523 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
524 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
525 0x79, 0xE4, 0x91, 0x41,
526};
527
528TEST_F(KeymasterTest, SignData_RSA_Raw_Success) {
529 uint8_t* key_blob;
530 size_t key_blob_length;
531
532 ASSERT_EQ(0,
533 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
534 &key_blob, &key_blob_length))
535 << "Should successfully import an RSA key";
536 UniqueKey key(&sDevice, key_blob, key_blob_length);
537
538 keymaster_rsa_sign_params_t params = {
539 digest_type: DIGEST_NONE,
540 padding_type: PADDING_NONE,
541 };
542
543 uint8_t* sig;
544 size_t sig_length;
545
546 EXPECT_EQ(0,
547 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
548 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
549 &sig, &sig_length))
550 << "Should sign data successfully";
551 UniqueBlob sig_blob(sig, sig_length);
552
553 UniqueBlob expected_sig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1));
554
555 EXPECT_EQ(expected_sig, sig_blob)
556 << "Generated signature should match expected signature";
557
558 // The expected signature is actually stack data, so don't let it try to free.
559 uint8_t* unused __attribute__((unused)) = expected_sig.release();
560}
561
562TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) {
563 uint8_t* key_blob;
564 size_t key_blob_length;
565
566 ASSERT_EQ(0,
567 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
568 &key_blob, &key_blob_length))
569 << "Should successfully import an RSA key";
570 UniqueKey key(&sDevice, key_blob, key_blob_length);
571
572 keymaster_rsa_sign_params_t params = {
573 digest_type: DIGEST_NONE,
574 padding_type: PADDING_NONE,
575 };
576
577 uint8_t* sig;
578 size_t sig_length;
579
580 EXPECT_EQ(-1,
581 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
582 TEST_KEY_1, sizeof(TEST_KEY_1),
583 &sig, &sig_length))
584 << "Should not be able to do raw signature on incorrect size data";
585}
586
587TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) {
588 keymaster_rsa_sign_params_t params = {
589 digest_type: DIGEST_NONE,
590 padding_type: PADDING_NONE,
591 };
592
593 uint8_t* sig;
594 size_t sig_length;
595
596 EXPECT_EQ(-1,
597 sDevice->sign_data(sDevice, &params, NULL, 0,
598 TEST_KEY_1, sizeof(TEST_KEY_1),
599 &sig, &sig_length))
600 << "Should not be able to do raw signature on incorrect size data";
601}
602
603TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) {
604 uint8_t* key_blob;
605 size_t key_blob_length;
606
607 ASSERT_EQ(0,
608 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
609 &key_blob, &key_blob_length))
610 << "Should successfully import an RSA key";
611 UniqueKey key(&sDevice, key_blob, key_blob_length);
612
613 keymaster_rsa_sign_params_t params = {
614 digest_type: DIGEST_NONE,
615 padding_type: PADDING_NONE,
616 };
617
618 uint8_t* sig;
619 size_t sig_length;
620
621 EXPECT_EQ(-1,
622 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
623 NULL, 0,
624 &sig, &sig_length))
625 << "Should error when input data is null";
626}
627
628TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) {
629 uint8_t* key_blob;
630 size_t key_blob_length;
631
632 ASSERT_EQ(0,
633 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
634 &key_blob, &key_blob_length))
635 << "Should successfully import an RSA key";
636 UniqueKey key(&sDevice, key_blob, key_blob_length);
637
638 keymaster_rsa_sign_params_t params = {
639 digest_type: DIGEST_NONE,
640 padding_type: PADDING_NONE,
641 };
642
643 uint8_t* sig;
644 size_t sig_length;
645
646 EXPECT_EQ(-1,
647 sDevice->sign_data(sDevice, &params, key_blob, key_blob_length,
648 TEST_KEY_1, sizeof(TEST_KEY_1),
649 NULL, NULL))
650 << "Should error when output is null";
651}
652
653TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) {
654 uint8_t* key_blob;
655 size_t key_blob_length;
656
657 ASSERT_EQ(0,
658 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
659 &key_blob, &key_blob_length))
660 << "Should successfully import an RSA key";
661 UniqueKey key(&sDevice, key_blob, key_blob_length);
662
663 keymaster_rsa_sign_params_t params = {
664 digest_type: DIGEST_NONE,
665 padding_type: PADDING_NONE,
666 };
667
668 EXPECT_EQ(0,
669 sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
670 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
671 TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)))
672 << "Should verify data successfully";
673}
674
675TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) {
676 uint8_t* key_blob;
677 size_t key_blob_length;
678
679 ASSERT_EQ(0,
680 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
681 &key_blob, &key_blob_length))
682 << "Should successfully import an RSA key";
683 UniqueKey key(&sDevice, key_blob, key_blob_length);
684
685 keymaster_rsa_sign_params_t params = {
686 digest_type: DIGEST_NONE,
687 padding_type: PADDING_NONE,
688 };
689
690 EXPECT_EQ(-1,
691 sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
692 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
693 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
694 << "Should sign data successfully";
695}
696
697TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) {
698 keymaster_rsa_sign_params_t params = {
699 digest_type: DIGEST_NONE,
700 padding_type: PADDING_NONE,
701 };
702
703 EXPECT_EQ(-1,
704 sDevice->verify_data(sDevice, &params, NULL, 0,
705 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
706 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
707 << "Should fail when key is null";
708}
709
710TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) {
711 uint8_t* key_blob;
712 size_t key_blob_length;
713
714 ASSERT_EQ(0,
715 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
716 &key_blob, &key_blob_length))
717 << "Should successfully import an RSA key";
718 UniqueKey key(&sDevice, key_blob, key_blob_length);
719
720 keymaster_rsa_sign_params_t params = {
721 digest_type: DIGEST_NONE,
722 padding_type: PADDING_NONE,
723 };
724
725 EXPECT_EQ(-1,
726 sDevice->verify_data(sDevice, &params, key_blob, key_blob_length,
727 NULL, 0,
728 TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)))
729 << "Should fail on null input";
730}
731
732TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) {
733 uint8_t* key_blob;
734 size_t key_blob_length;
735
736 ASSERT_EQ(0,
737 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
738 &key_blob, &key_blob_length))
739 << "Should successfully import an RSA key";
740 UniqueKey key(&sDevice, key_blob, key_blob_length);
741
742 keymaster_rsa_sign_params_t params = {
743 digest_type: DIGEST_NONE,
744 padding_type: PADDING_NONE,
745 };
746
747 EXPECT_EQ(-1,
748 sDevice->verify_data(sDevice, &params, key.get(), key.length(),
749 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
750 NULL, 0))
751 << "Should fail on null signature";
752}
753
754}