Blame - keystore2/src/sw_keyblob/tests.rs - android_system_security

David Drysdale

2566fb3

2024-07-09 14:46:37 +0100

[diff] [blame]

1

2

//

3

// Licensed under the Apache License, Version 2.0 (the "License");

4

// you may not use this file except in compliance with the License.

5

// You may obtain a copy of the License at

6

//

7

// http://www.apache.org/licenses/LICENSE-2.0

8

//

9

// Unless required by applicable law or agreed to in writing, software

10

// distributed under the License is distributed on an "AS IS" BASIS,

11

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

12

// See the License for the specific language governing permissions and

13

// limitations under the License.

14

15

//! Tests for software-backed keyblobs.

16

use super::*;

17

use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{

18

Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,

19

KeyOrigin::KeyOrigin, KeyParameter::KeyParameter, KeyParameterValue::KeyParameterValue as KPV,

20

KeyPurpose::KeyPurpose, PaddingMode::PaddingMode, Tag::Tag,

21

};

22

23

macro_rules! expect_err {

24

($result:expr, $err_msg:expr) => {

25

assert!(

26

$result.is_err(),

27

"Expected error containing '{}', got success {:?}",

$err_msg,

$result

);

let err = $result.err();

32

assert!(

33

format!("{:?}", err).contains($err_msg),

34

"Unexpected error {:?}, doesn't contain '{}'",

err,

$err_msg

);

};

}

#[test]

fn test_consume_u8() {

43

let buffer = [1, 2];

44

let mut data = &buffer[..];

45

assert_eq!(1u8, consume_u8(&mut data).unwrap());

46

assert_eq!(2u8, consume_u8(&mut data).unwrap());

47

let result = consume_u8(&mut data);

48

expect_err!(result, "failed to find 1 byte");

}

#[test]

fn test_consume_u32() {

53

// All supported platforms are little-endian.

54

let buffer = [

55

0x01, 0x02, 0x03, 0x04, // little-endian u32

56

0x04, 0x03, 0x02, 0x01, // little-endian u32

57

0x11, 0x12, 0x13,

58

];

59

let mut data = &buffer[..];

60

assert_eq!(0x04030201u32, consume_u32(&mut data).unwrap());

61

assert_eq!(0x01020304u32, consume_u32(&mut data).unwrap());

62

let result = consume_u32(&mut data);

63

expect_err!(result, "failed to find 4 bytes");

}

#[test]

fn test_consume_i64() {

68

// All supported platforms are little-endian.

69

let buffer = [

70

0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, // little-endian i64

71

0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, // little-endian i64

72

0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,

73

];

74

let mut data = &buffer[..];

75

assert_eq!(0x0807060504030201i64, consume_i64(&mut data).unwrap());

76

assert_eq!(0x0102030405060708i64, consume_i64(&mut data).unwrap());

77

let result = consume_i64(&mut data);

78

expect_err!(result, "failed to find 8 bytes");

}

#[test]

fn test_consume_vec() {

83

let buffer = [

84

0x01, 0x00, 0x00, 0x00, 0xaa, //

85

0x00, 0x00, 0x00, 0x00, //

86

0x01, 0x00, 0x00, 0x00, 0xbb, //

87

0x07, 0x00, 0x00, 0x00, 0xbb, // not enough data

88

];

89

let mut data = &buffer[..];

90

assert_eq!(vec![0xaa], consume_vec(&mut data).unwrap());

91

assert_eq!(Vec::<u8>::new(), consume_vec(&mut data).unwrap());

92

assert_eq!(vec![0xbb], consume_vec(&mut data).unwrap());

93

let result = consume_vec(&mut data);

94

expect_err!(result, "failed to find 7 bytes");

let buffer = [

0x01, 0x00, 0x00, //

];

let mut data = &buffer[..];

100

let result = consume_vec(&mut data);

101

expect_err!(result, "failed to find 4 bytes");

}

#[test]

fn test_key_new_from_serialized() {

106

let hidden = hidden_params(&[], &[SOFTWARE_ROOT_OF_TRUST]);

107

// Test data originally generated by instrumenting Cuttlefish C++ KeyMint while running VTS

// tests.

let tests = [

(

concat!(

"0010000000d43c2f04f948521b81bdbf001310f5920000000000000000000000",

113

"00000000000c0000006400000002000010200000000300003080000000010000",

114

"2000000000010000200100000004000020020000000600002001000000be0200",

115

"1000000000c1020030b0ad0100c20200307b150300bd020060a8bb52407b0100",

116

"00ce02003011643401cf020030000000003b06b13ae6ae6671",

117

),

118

KeyBlob {

119

key_material: hex::decode("d43c2f04f948521b81bdbf001310f592").unwrap(),

120

hw_enforced: vec![],

121

sw_enforced: vec![

122

KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::AES) },

123

KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(128) },

124

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::ENCRYPT) },

125

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::DECRYPT) },

126

KeyParameter { tag: Tag::BLOCK_MODE, value: KPV::BlockMode(BlockMode::CBC) },

127

KeyParameter { tag: Tag::PADDING, value: KPV::PaddingMode(PaddingMode::NONE) },

128

KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },

129

KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },

130

KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },

131

KeyParameter {

132

tag: Tag::CREATION_DATETIME,

133

value: KPV::DateTime(1628871769000),

134

},

135

KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },

136

KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },

137

],

138

},

139

Some(KeyFormat::RAW),

),

(

concat!(

"00df0000003081dc020101044200b6ce876b947e263d61b8e3998d50dc0afb6b",

144

"a14e46ab7ca532fbe2a379b155d0a5bb99265402857b1601fb20be6c244bf654",

145

"e9e79413cd503eae3d9cf68ed24f47a00706052b81040023a181890381860004",

146

"006b840f0db0b12f074ab916c7773cfa7d42967c9e5b4fae09cf999f7e116d14",

147

"0743bdd028db0a3fcc670e721b9f00bc7fb70aa401c7d6de6582fc26962a29b7",

148

"45e30142e90685646661550344113aaf28bdee6cb02d19df1faab4398556a909",

149

"7d6f64b95209601a549389a311231c6cce78354f2cdbc3a904abf70686f5f0c3",

150

"b877984d000000000000000000000000000000000c0000006400000002000010",

151

"030000000a000010030000000100002002000000010000200300000005000020",

152

"000000000300003009020000be02001000000000c1020030b0ad0100c2020030",

153

"7b150300bd02006018d352407b010000ce02003011643401cf02003000000000",

"2f69002e55e9b0a3"

),

KeyBlob {

key_material: hex::decode(concat!(

158

"3081dc020101044200b6ce876b947e263d61b8e3998d50dc0afb6ba14e46ab7c",

159

"a532fbe2a379b155d0a5bb99265402857b1601fb20be6c244bf654e9e79413cd",

160

"503eae3d9cf68ed24f47a00706052b81040023a181890381860004006b840f0d",

161

"b0b12f074ab916c7773cfa7d42967c9e5b4fae09cf999f7e116d140743bdd028",

162

"db0a3fcc670e721b9f00bc7fb70aa401c7d6de6582fc26962a29b745e30142e9",

163

"0685646661550344113aaf28bdee6cb02d19df1faab4398556a9097d6f64b952",

164

"09601a549389a311231c6cce78354f2cdbc3a904abf70686f5f0c3b877984d",

))

.unwrap(),

hw_enforced: vec![],

sw_enforced: vec![

KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::EC) },

170

KeyParameter { tag: Tag::EC_CURVE, value: KPV::EcCurve(EcCurve::P_521) },

171

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::SIGN) },

172

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::VERIFY) },

173

KeyParameter { tag: Tag::DIGEST, value: KPV::Digest(Digest::NONE) },

174

KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(521) },

175

KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },

176

KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },

177

KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },

178

KeyParameter {

179

tag: Tag::CREATION_DATETIME,

180

value: KPV::DateTime(1628871775000),

181

},

182

KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },

183

KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },

184

],

185

},

186

Some(KeyFormat::PKCS8),

),

(

concat!(

"0037000000541d4c440223650d5f51753c1abd80c725034485551e874d62327c",

191

"65f6247a057f1218bd6c8cd7d319103ddb823fc11fb6c2c7268b5acc00000000",

192

"0000000000000000000000000c00000064000000020000108000000003000030",

193

"b801000001000020020000000100002003000000050000200400000008000030",

194

"00010000be02001000000000c1020030b0ad0100c20200307b150300bd020060",

195

"00d752407b010000ce02003011643401cf0200300000000036e6986ffc45fbb0",

196

),

197

KeyBlob {

198

key_material: hex::decode(concat!(

199

"541d4c440223650d5f51753c1abd80c725034485551e874d62327c65f6247a05",

200

"7f1218bd6c8cd7d319103ddb823fc11fb6c2c7268b5acc"

))

.unwrap(),

hw_enforced: vec![],

sw_enforced: vec![

KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::HMAC) },

206

KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(440) },

207

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::SIGN) },

208

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::VERIFY) },

209

KeyParameter { tag: Tag::DIGEST, value: KPV::Digest(Digest::SHA_2_256) },

210

KeyParameter { tag: Tag::MIN_MAC_LENGTH, value: KPV::Integer(256) },

211

KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },

212

KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },

213

KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },

214

KeyParameter {

215

tag: Tag::CREATION_DATETIME,

216

value: KPV::DateTime(1628871776000),

217

},

218

KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },

219

KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },

220

],

221

},

222

Some(KeyFormat::RAW),

),

(

concat!(

"00a8040000308204a40201000282010100bc47b5c71116766669b91fa747df87",

227

"a1963df83956569d4ac232aeba8a246c0ec73bf606374a6d07f30c2162f97082",

228

"825c7c6e482a2841dfeaec1429d84e52c54a6b2f760dec952c9c44a3c3a80f31",

229

"c1ced84878edd4858059071c4d20d9ab0aae978bd68c1eb448e174a9736c3973",

230

"6838151642eda8215107375865a99a57f29467c74c40f37b0221b93ec3f4f22d",

231

"5337c8bf9245d56936196a92b1dea315ecce8785f9fa9b7d159ca207612cc0de",

232

"b0957d61dbba5d9bd38784f4fecbf233b04e686a340528665ecd03db8e8a09b2",

233

"540c84e45c4a99fb338b76bba7722856b5113341c349708937228f167d238ed8",

234

"efb9cc19547dd620f6a90d95f07e50bfe102030100010282010002f91b69d9af",

235

"59fe87421af9ba60f15c77f9c1c90effd6634332876f8ee5a116b126f55d3703",

236

"8bf9f588ae20c8d951d842e35c9ef35a7822d3ebf72c0b7c3e229b289ae2e178",

237

"a848e06d558c2e03d26871ee98a35f370d461ff1c4acc39d684de680a25ec88e",

238

"e610260e406c400bdeb2893b2d0330cb483e662fa5abd24c2b82143e85dfe30a",

239

"e7a31f8262da2903d882b35a34a26b699ff2d812bad4b126a0065ec0e101d73a",

240

"e6f8b29a9144eb83f54940a371fc7416c2c0370df6a41cb5391f17ba33239e1b",

241

"4217c8db50db5c6bf77ccf621354ecc652a4f7196054c254566fd7b3bc0f3817",

242

"d9380b190bd382aaffa37785759f285194c11a188bccde0e2e2902818100fb23",

243

"3335770c9f3cbd4b6ede5f12d03c449b1997bce06a8249bc3de99972fd0d0a63",

244

"3f7790d1011bf5eedee16fa45a9107a910656ecaee364ce9edb4369843be71f2",

245

"7a74852d6c7215a6cc60d9803bcac544922f806d8e5844e0ddd914bd78009490",

246

"4c2856d2b944fade3fb1d67d4a33fb7663a9ab660ab372c2e4868a0f45990281",

247

"8100bfecf2bb4012e880fd065a0b088f2d757af2878d3f1305f21ce7a7158458",

248

"18e01181ff06b2f406239fc50808ce3dbe7b68ec01174913c0f237feb3c8c7eb",

249

"0078b77fb5b8f214b72f6d3835b1a7ebe8b132feb6cb34ab09ce22b98160fc84",

250

"20fcbf48d1eee49f874e902f049b206a61a095f0405a4935e7c5e49757ab7b57",

251

"298902818100ec0049383e16f3716de5fc5b2677148efe5dceb02483b43399bd",

252

"3765559994a9f3900eed7a7e9e8f3b0eee0e660eca392e3cb736cae612f39e55",

253

"dad696d3821def10d1f8bbca52f5e6d8e7893ffbdcb491aafdc17bebf86f84d2",

254

"d8480ed07a7bf9209d20ef6e79429489d4cb7768281a2f7e32ec1830fd6f6332",

255

"38f521ba764902818100b2c3ce5751580b4e51df3fb175387f5c24b79040a4d6",

256

"603c6265f70018b441ff3aef7d8e4cd2f480ec0906f1c4c0481304e8861f9d46",

257

"93fa48e3a9abc362859eeb343e1c5507ac94b5439ce7ac04154a2fb886a4819b",

258

"2a57e18a2e131b412ac4a09b004766959cdf357745f003e272aab3de02e2d5bc",

259

"2af4ed75760858ab181902818061d19c2a8dcacde104b97f7c4fae11216157c1",

260

"c0a258d882984d12383a73dc56fe2ac93512bb321df9706ecdb2f70a44c949c4",

261

"340a9fae64a0646cf51f37c58c08bebde91667b3b2fa7c895f7983d4786c5526",

262

"1941b3654533b0598383ebbcffcdf28b6cf13d376e3a70b49b14d8d06e8563a2",

263

"47f56a337e3b9845b4f2b61356000000000000000000000000000000000d0000",

264

"007000000002000010010000000300003000080000c800005001000100000000",

265

"0001000020020000000100002003000000050000200000000006000020010000",

266

"00be02001000000000c1020030b0ad0100c20200307b150300bd020060a8bb52",

267

"407b010000ce02003011643401cf02003000000000544862e9c961e857",

268

),

269

KeyBlob {

270

key_material: hex::decode(concat!(

271

"308204a40201000282010100bc47b5c71116766669b91fa747df87a1963df839",

272

"56569d4ac232aeba8a246c0ec73bf606374a6d07f30c2162f97082825c7c6e48",

273

"2a2841dfeaec1429d84e52c54a6b2f760dec952c9c44a3c3a80f31c1ced84878",

274

"edd4858059071c4d20d9ab0aae978bd68c1eb448e174a9736c39736838151642",

275

"eda8215107375865a99a57f29467c74c40f37b0221b93ec3f4f22d5337c8bf92",

276

"45d56936196a92b1dea315ecce8785f9fa9b7d159ca207612cc0deb0957d61db",

277

"ba5d9bd38784f4fecbf233b04e686a340528665ecd03db8e8a09b2540c84e45c",

278

"4a99fb338b76bba7722856b5113341c349708937228f167d238ed8efb9cc1954",

279

"7dd620f6a90d95f07e50bfe102030100010282010002f91b69d9af59fe87421a",

280

"f9ba60f15c77f9c1c90effd6634332876f8ee5a116b126f55d37038bf9f588ae",

281

"20c8d951d842e35c9ef35a7822d3ebf72c0b7c3e229b289ae2e178a848e06d55",

282

"8c2e03d26871ee98a35f370d461ff1c4acc39d684de680a25ec88ee610260e40",

283

"6c400bdeb2893b2d0330cb483e662fa5abd24c2b82143e85dfe30ae7a31f8262",

284

"da2903d882b35a34a26b699ff2d812bad4b126a0065ec0e101d73ae6f8b29a91",

285

"44eb83f54940a371fc7416c2c0370df6a41cb5391f17ba33239e1b4217c8db50",

286

"db5c6bf77ccf621354ecc652a4f7196054c254566fd7b3bc0f3817d9380b190b",

287

"d382aaffa37785759f285194c11a188bccde0e2e2902818100fb233335770c9f",

288

"3cbd4b6ede5f12d03c449b1997bce06a8249bc3de99972fd0d0a633f7790d101",

289

"1bf5eedee16fa45a9107a910656ecaee364ce9edb4369843be71f27a74852d6c",

290

"7215a6cc60d9803bcac544922f806d8e5844e0ddd914bd780094904c2856d2b9",

291

"44fade3fb1d67d4a33fb7663a9ab660ab372c2e4868a0f459902818100bfecf2",

292

"bb4012e880fd065a0b088f2d757af2878d3f1305f21ce7a715845818e01181ff",

293

"06b2f406239fc50808ce3dbe7b68ec01174913c0f237feb3c8c7eb0078b77fb5",

294

"b8f214b72f6d3835b1a7ebe8b132feb6cb34ab09ce22b98160fc8420fcbf48d1",

295

"eee49f874e902f049b206a61a095f0405a4935e7c5e49757ab7b572989028181",

296

"00ec0049383e16f3716de5fc5b2677148efe5dceb02483b43399bd3765559994",

297

"a9f3900eed7a7e9e8f3b0eee0e660eca392e3cb736cae612f39e55dad696d382",

298

"1def10d1f8bbca52f5e6d8e7893ffbdcb491aafdc17bebf86f84d2d8480ed07a",

299

"7bf9209d20ef6e79429489d4cb7768281a2f7e32ec1830fd6f633238f521ba76",

300

"4902818100b2c3ce5751580b4e51df3fb175387f5c24b79040a4d6603c6265f7",

301

"0018b441ff3aef7d8e4cd2f480ec0906f1c4c0481304e8861f9d4693fa48e3a9",

302

"abc362859eeb343e1c5507ac94b5439ce7ac04154a2fb886a4819b2a57e18a2e",

303

"131b412ac4a09b004766959cdf357745f003e272aab3de02e2d5bc2af4ed7576",

304

"0858ab181902818061d19c2a8dcacde104b97f7c4fae11216157c1c0a258d882",

305

"984d12383a73dc56fe2ac93512bb321df9706ecdb2f70a44c949c4340a9fae64",

306

"a0646cf51f37c58c08bebde91667b3b2fa7c895f7983d4786c55261941b36545",

307

"33b0598383ebbcffcdf28b6cf13d376e3a70b49b14d8d06e8563a247f56a337e",

"3b9845b4f2b61356",

))

.unwrap(),

hw_enforced: vec![],

sw_enforced: vec![

KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::RSA) },

314

KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(2048) },

315

KeyParameter { tag: Tag::RSA_PUBLIC_EXPONENT, value: KPV::LongInteger(65537) },

316

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::SIGN) },

317

KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::VERIFY) },

318

KeyParameter { tag: Tag::DIGEST, value: KPV::Digest(Digest::NONE) },

319

KeyParameter { tag: Tag::PADDING, value: KPV::PaddingMode(PaddingMode::NONE) },

320

KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },

321

KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },

322

KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },

323

KeyParameter {

324

tag: Tag::CREATION_DATETIME,

325

value: KPV::DateTime(1628871769000),

326

},

327

KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },

328

KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },

329

],

330

},

331

// No support for RSA keys in export_key().

None,

),

];

for (input, want, want_format) in tests {

337

let input = hex::decode(input).unwrap();

338

let got = KeyBlob::new_from_serialized(&input, &hidden).expect("invalid keyblob!");

339

assert!(got == want);

340

341

if let Some(want_format) = want_format {

342

let (got_format, _key_material, params) =

343

export_key(&input, &[]).expect("invalid keyblob!");

344

assert_eq!(got_format, want_format);

345

// All the test cases are software-only keys.

346

assert_eq!(params, got.sw_enforced);

}

}

}

#[test]

fn test_add_der_len() {

let tests = [

(0, "00"),

(1, "01"),

(126, "7e"),

(127, "7f"),

(128, "8180"),

(129, "8181"),

(255, "81ff"),

(256, "820100"),

(257, "820101"),

(65535, "82ffff"),

];

for (input, want) in tests {

366

let mut got = Vec::new();

367

add_der_len(&mut got, input).unwrap();

368

assert_eq!(hex::encode(got), want, " for input length {input}");

}

}

#[test]

fn test_pkcs8_wrap_key_p256() {

374

// Key material taken from `ec_256_key` in

375

// hardware/interfaces/security/keymint/aidl/vts/function/KeyMintTest.cpp

376

let input = hex::decode(concat!(

377

"3025", // SEQUENCE (ECPrivateKey)

378

"020101", // INTEGER length 1 value 1 (version)

379

"0420", // OCTET STRING (privateKey)

380

"737c2ecd7b8d1940bf2930aa9b4ed3ff",

381

"941eed09366bc03299986481f3a4d859",

382

))

383

.unwrap();

384

let want = hex::decode(concat!(

385

// RFC 5208 s5

386

"3041", // SEQUENCE (PrivateKeyInfo) {

387

"020100", // INTEGER length 1 value 0 (version)

388

"3013", // SEQUENCE length 0x13 (AlgorithmIdentifier) {

389

"0607", // OBJECT IDENTIFIER length 7 (algorithm)

390

"2a8648ce3d0201", // 1.2.840.10045.2.1 (ecPublicKey)

391

"0608", // OBJECT IDENTIFIER length 8 (param)

392

"2a8648ce3d030107", // 1.2.840.10045.3.1.7 (secp256r1)

393

// } end SEQUENCE (AlgorithmIdentifier)

394

"0427", // OCTET STRING (privateKey) holding...

395

"3025", // SEQUENCE (ECPrivateKey)

396

"020101", // INTEGER length 1 value 1 (version)

397

"0420", // OCTET STRING length 0x20 (privateKey)

398

"737c2ecd7b8d1940bf2930aa9b4ed3ff",

399

"941eed09366bc03299986481f3a4d859",

400

// } end SEQUENCE (ECPrivateKey)

401

// } end SEQUENCE (PrivateKeyInfo)

402

))

403

.unwrap();

404

let got = pkcs8_wrap_nist_key(&input, EcCurve::P_256).unwrap();

405

assert_eq!(hex::encode(got), hex::encode(want), " for input {}", hex::encode(input));

}

#[test]

fn test_pkcs8_wrap_key_p521() {

410

// Key material taken from `ec_521_key` in

411

// hardware/interfaces/security/keymint/aidl/vts/function/KeyMintTest.cpp

412

let input = hex::decode(concat!(

413

"3047", // SEQUENCE length 0xd3 (ECPrivateKey)

414

"020101", // INTEGER length 1 value 1 (version)

415

"0442", // OCTET STRING length 0x42 (privateKey)

416

"0011458c586db5daa92afab03f4fe46a",

417

"a9d9c3ce9a9b7a006a8384bec4c78e8e",

418

"9d18d7d08b5bcfa0e53c75b064ad51c4",

419

"49bae0258d54b94b1e885ded08ed4fb2",

420

"5ce9",

421

// } end SEQUENCE (ECPrivateKey)

422

))

423

.unwrap();

424

let want = hex::decode(concat!(

425

// RFC 5208 s5

426

"3060", // SEQUENCE (PrivateKeyInfo) {

427

"020100", // INTEGER length 1 value 0 (version)

428

"3010", // SEQUENCE length 0x10 (AlgorithmIdentifier) {

429

"0607", // OBJECT IDENTIFIER length 7 (algorithm)

430

"2a8648ce3d0201", // 1.2.840.10045.2.1 (ecPublicKey)

431

"0605", // OBJECT IDENTIFIER length 5 (param)

432

"2b81040023", // 1.3.132.0.35 (secp521r1)

433

// } end SEQUENCE (AlgorithmIdentifier)

434

"0449", // OCTET STRING (privateKey) holding...

435

"3047", // SEQUENCE (ECPrivateKey)

436

"020101", // INTEGER length 1 value 1 (version)

437

"0442", // OCTET STRING length 0x42 (privateKey)

438

"0011458c586db5daa92afab03f4fe46a",

439

"a9d9c3ce9a9b7a006a8384bec4c78e8e",

440

"9d18d7d08b5bcfa0e53c75b064ad51c4",

441

"49bae0258d54b94b1e885ded08ed4fb2",

442

"5ce9",

443

// } end SEQUENCE (ECPrivateKey)

444

// } end SEQUENCE (PrivateKeyInfo)

445

))

446

.unwrap();

447

let got = pkcs8_wrap_nist_key(&input, EcCurve::P_521).unwrap();

448

assert_eq!(hex::encode(got), hex::encode(want), " for input {}", hex::encode(input));

449

}