1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <fcntl.h> 18 #include <stdlib.h> 19 #include <unistd.h> 20 #include <sys/mman.h> 21 #include <sys/stat.h> 22 #include <sys/types.h> 23 24 #include <fstream> 25 #include <iostream> 26 27 #include <gtest/gtest.h> 28 29 #include <openssl/bn.h> 30 #include <openssl/evp.h> 31 #include <openssl/x509.h> 32 33 #define LOG_TAG "keymaster_test" 34 #include <utils/Log.h> 35 #include <utils/UniquePtr.h> 36 37 #include <hardware/keymaster.h> 38 39 namespace android { 40 41 class UniqueBlob : public UniquePtr<uint8_t[]> { 42 public: 43 UniqueBlob(size_t length) : 44 mLength(length) { 45 } 46 47 UniqueBlob(uint8_t* bytes, size_t length) : 48 UniquePtr<uint8_t[]>(bytes), mLength(length) { 49 } 50 51 bool operator==(const UniqueBlob &other) const { 52 if (other.length() != mLength) { 53 return false; 54 } 55 56 const uint8_t* mine = get(); 57 const uint8_t* theirs = other.get(); 58 59 for (size_t i = 0; i < mLength; i++) { 60 if (mine[i] != theirs[i]) { 61 return false; 62 } 63 } 64 65 return true; 66 } 67 68 size_t length() const { 69 return mLength; 70 } 71 72 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob); 73 74 private: 75 size_t mLength; 76 }; 77 78 std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) { 79 const size_t length = blob.mLength; 80 stream << "Blob length=" << length << " < "; 81 82 const uint8_t* data = blob.get(); 83 for (size_t i = 0; i < length; i++) { 84 stream << std::hex << std::setw(2) << std::setfill('0') 85 << static_cast<unsigned int>(data[i]) << ' '; 86 } 87 stream << '>' << std::endl; 88 89 return stream; 90 } 91 92 class UniqueKey : public UniqueBlob { 93 public: 94 UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) : 95 UniqueBlob(bytes, length), mDevice(dev) { 96 } 97 98 ~UniqueKey() { 99 if (mDevice != NULL && *mDevice != NULL) { 100 keymaster_device_t* dev = *mDevice; 101 if (dev->delete_keypair != NULL) { 102 dev->delete_keypair(dev, get(), length()); 103 } 104 } 105 } 106 107 private: 108 keymaster_device_t** mDevice; 109 }; 110 111 class UniqueReadOnlyBlob { 112 public: 113 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) : 114 mDataSize(dataSize) { 115 int pageSize = sysconf(_SC_PAGE_SIZE); 116 if (pageSize == -1) { 117 return; 118 } 119 120 int fd = open("/dev/zero", O_RDONLY); 121 if (fd == -1) { 122 return; 123 } 124 125 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1); 126 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE, 127 MAP_PRIVATE, fd, 0); 128 close(fd); 129 130 if (buffer == NULL) { 131 return; 132 } 133 134 memcpy(buffer, data, dataSize); 135 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) { 136 munmap(buffer, mBufferSize); 137 return; 138 } 139 140 mBuffer = buffer; 141 } 142 143 ~UniqueReadOnlyBlob() { 144 munmap(mBuffer, mBufferSize); 145 } 146 147 uint8_t* get() const { 148 return mBuffer; 149 } 150 151 size_t length() const { 152 return mDataSize; 153 } 154 155 private: 156 uint8_t* mBuffer; 157 size_t mBufferSize; 158 size_t mDataSize; 159 }; 160 161 struct BIGNUM_Delete { 162 void operator()(BIGNUM* p) const { 163 BN_free(p); 164 } 165 }; 166 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 167 168 struct EVP_PKEY_Delete { 169 void operator()(EVP_PKEY* p) const { 170 EVP_PKEY_free(p); 171 } 172 }; 173 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 174 175 struct PKCS8_PRIV_KEY_INFO_Delete { 176 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 177 PKCS8_PRIV_KEY_INFO_free(p); 178 } 179 }; 180 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 181 182 struct RSA_Delete { 183 void operator()(RSA* p) const { 184 RSA_free(p); 185 } 186 }; 187 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; 188 189 /* 190 * DER-encoded PKCS#8 format RSA key. Generated using: 191 * 192 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 193 */ 194 static uint8_t TEST_KEY_1[] = { 195 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 196 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 197 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 198 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27, 199 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55, 200 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0, 201 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A, 202 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13, 203 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8, 204 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A, 205 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77, 206 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10, 207 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D, 208 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7, 209 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64, 210 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6, 211 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC, 212 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9, 213 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A, 214 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F, 215 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28, 216 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC, 217 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD, 218 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78, 219 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 220 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC, 221 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA, 222 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF, 223 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F, 224 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26, 225 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07, 226 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77, 227 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D, 228 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75, 229 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF, 230 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12, 231 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34, 232 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48, 233 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98, 234 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43, 235 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC, 236 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75, 237 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57, 238 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21, 239 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68, 240 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81, 241 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA, 242 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27, 243 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12, 244 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89, 245 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B, 246 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D, 247 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50, 248 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7, 249 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95, 250 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12, 251 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E, 252 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC, 253 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63, 254 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33, 255 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44, 256 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32, 257 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4, 258 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5, 259 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0, 260 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E, 261 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83, 262 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C, 263 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4, 264 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42, 265 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14, 266 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8, 267 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C, 268 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6, 269 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67, 270 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B, 271 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D, 272 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B, 273 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62, 274 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91, 275 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1, 276 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40, 277 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64, 278 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E, 279 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72, 280 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F, 281 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11, 282 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE, 283 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9, 284 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71, 285 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B, 286 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46, 287 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13, 288 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E, 289 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61, 290 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2, 291 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63, 292 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82, 293 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED, 294 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9, 295 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2, 296 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5, 297 }; 298 299 /* 300 * Generated using keys on the keyboard and lack of imagination. 301 */ 302 static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF }; 303 304 305 class KeymasterBaseTest : public ::testing::Test { 306 public: 307 static void SetUpTestCase() { 308 const hw_module_t* mod; 309 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod)) 310 << "Should be able to find a keymaster hardware module"; 311 312 std::cout << "Using keymaster module: " << mod->name << std::endl; 313 314 ASSERT_EQ(0, keymaster_open(mod, &sDevice)) 315 << "Should be able to open the keymaster device"; 316 317 ASSERT_TRUE(sDevice->generate_keypair != NULL) 318 << "Should implement generate_keypair"; 319 320 ASSERT_TRUE(sDevice->import_keypair != NULL) 321 << "Should implement import_keypair"; 322 323 ASSERT_TRUE(sDevice->get_keypair_public != NULL) 324 << "Should implement get_keypair_public"; 325 326 ASSERT_TRUE(sDevice->sign_data != NULL) 327 << "Should implement sign_data"; 328 329 ASSERT_TRUE(sDevice->verify_data != NULL) 330 << "Should implement verify_data"; 331 } 332 333 static void TearDownTestCase() { 334 ASSERT_EQ(0, keymaster_close(sDevice)); 335 } 336 337 protected: 338 static keymaster_device_t* sDevice; 339 }; 340 341 keymaster_device_t* KeymasterBaseTest::sDevice = NULL; 342 343 class KeymasterTest : public KeymasterBaseTest { 344 }; 345 346 class KeymasterGenerateTest : public KeymasterBaseTest, 347 public ::testing::WithParamInterface<uint32_t> { 348 }; 349 350 TEST_P(KeymasterGenerateTest, GenerateKeyPair_RSA_Success) { 351 keymaster_keypair_t key_type = TYPE_RSA; 352 keymaster_rsa_keygen_params_t params = { 353 modulus_size: GetParam(), 354 public_exponent: RSA_F4, 355 }; 356 357 uint8_t* key_blob; 358 size_t key_blob_length; 359 360 ASSERT_EQ(0, 361 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 362 << "Should generate an RSA key with 512 bit modulus size"; 363 UniqueKey key(&sDevice, key_blob, key_blob_length); 364 365 uint8_t* x509_data = NULL; 366 size_t x509_data_length; 367 ASSERT_EQ(0, 368 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 369 &x509_data, &x509_data_length)) 370 << "Should be able to retrieve RSA public key successfully"; 371 UniqueBlob x509_blob(x509_data, x509_data_length); 372 ASSERT_FALSE(x509_blob.get() == NULL) 373 << "X509 data should be allocated"; 374 375 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 376 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 377 static_cast<long>(x509_blob.length()))); 378 379 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type)) 380 << "Generated key type should be of type RSA"; 381 382 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get())); 383 ASSERT_FALSE(rsa.get() == NULL) 384 << "Should be able to extract RSA key from EVP_PKEY"; 385 386 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e)) 387 << "Exponent should be RSA_F4"; 388 389 ASSERT_EQ(GetParam() / 8, static_cast<uint32_t>(RSA_size(rsa.get()))) 390 << "Modulus size should be the specified parameter"; 391 } 392 393 INSTANTIATE_TEST_CASE_P(RSA, 394 KeymasterGenerateTest, 395 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U)); 396 397 TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) { 398 keymaster_keypair_t key_type = TYPE_RSA; 399 400 uint8_t* key_blob; 401 size_t key_blob_length; 402 403 ASSERT_EQ(-1, 404 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 405 << "Should not be able to generate an RSA key with null params"; 406 } 407 408 TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) { 409 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF); 410 411 uint8_t* key_blob; 412 size_t key_blob_length; 413 414 ASSERT_EQ(-1, 415 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 416 << "Should not generate an unknown key type"; 417 } 418 419 TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) { 420 uint8_t* key_blob; 421 size_t key_blob_length; 422 423 ASSERT_EQ(0, 424 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 425 &key_blob, &key_blob_length)) 426 << "Should successfully import an RSA key"; 427 UniqueKey key(&sDevice, key_blob, key_blob_length); 428 429 uint8_t* x509_data; 430 size_t x509_data_length; 431 ASSERT_EQ(0, 432 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 433 &x509_data, &x509_data_length)) 434 << "Should be able to retrieve RSA public key successfully"; 435 UniqueBlob x509_blob(x509_data, x509_data_length); 436 437 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 438 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 439 static_cast<long>(x509_blob.length()))); 440 441 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA) 442 << "Generated key type should be of type RSA"; 443 444 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_KEY_1); 445 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 446 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 447 sizeof(TEST_KEY_1))); 448 449 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 450 451 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 452 << "Expected and actual keys should match"; 453 } 454 455 TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) { 456 uint8_t* key_blob; 457 size_t key_blob_length; 458 459 ASSERT_EQ(-1, 460 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1), 461 &key_blob, &key_blob_length)) 462 << "Should not import an unknown key type"; 463 } 464 465 TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) { 466 uint8_t* key_blob; 467 size_t key_blob_length; 468 469 ASSERT_EQ(-1, 470 sDevice->import_keypair(sDevice, NULL, 0, 471 &key_blob, &key_blob_length)) 472 << "Should not import a null key"; 473 } 474 475 TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) { 476 uint8_t* key_blob; 477 size_t key_blob_length; 478 479 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1)); 480 ASSERT_TRUE(testKey.get() != NULL); 481 482 ASSERT_EQ(0, 483 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 484 &key_blob, &key_blob_length)) 485 << "Should successfully import an RSA key"; 486 UniqueKey key(&sDevice, key_blob, key_blob_length); 487 488 uint8_t* x509_data; 489 size_t x509_data_length; 490 ASSERT_EQ(0, 491 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 492 &x509_data, &x509_data_length)) 493 << "Should be able to retrieve RSA public key successfully"; 494 UniqueBlob x509_blob(x509_data, x509_data_length); 495 } 496 497 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullKey_Failure) { 498 uint8_t* key_blob; 499 size_t key_blob_length; 500 501 uint8_t* x509_data = NULL; 502 size_t x509_data_length; 503 ASSERT_EQ(-1, 504 sDevice->get_keypair_public(sDevice, NULL, 0, 505 &x509_data, &x509_data_length)) 506 << "Should not be able to retrieve RSA public key from null key"; 507 UniqueBlob x509_blob(x509_data, x509_data_length); 508 } 509 510 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) { 511 uint8_t* key_blob; 512 size_t key_blob_length; 513 514 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1)); 515 ASSERT_TRUE(testKey.get() != NULL); 516 517 ASSERT_EQ(0, 518 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 519 &key_blob, &key_blob_length)) 520 << "Should successfully import an RSA key"; 521 UniqueKey key(&sDevice, key_blob, key_blob_length); 522 523 ASSERT_EQ(-1, 524 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 525 NULL, NULL)) 526 << "Should not be able to succeed with NULL destination blob"; 527 } 528 529 TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) { 530 uint8_t* key_blob; 531 size_t key_blob_length; 532 533 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1)); 534 ASSERT_TRUE(testKey.get() != NULL); 535 536 ASSERT_EQ(0, 537 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 538 &key_blob, &key_blob_length)) 539 << "Should successfully import an RSA key"; 540 UniqueKey key(&sDevice, key_blob, key_blob_length); 541 } 542 543 TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) { 544 uint8_t* key_blob; 545 size_t key_blob_length; 546 547 UniqueReadOnlyBlob testKey(TEST_KEY_1, sizeof(TEST_KEY_1)); 548 ASSERT_TRUE(testKey.get() != NULL); 549 550 /* 551 * This is only run if the module indicates it implements key deletion 552 * by implementing delete_keypair. 553 */ 554 if (sDevice->delete_keypair != NULL) { 555 ASSERT_EQ(0, 556 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 557 &key_blob, &key_blob_length)) 558 << "Should successfully import an RSA key"; 559 UniqueBlob blob(key_blob, key_blob_length); 560 561 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 562 << "Should delete key after import"; 563 564 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 565 << "Should not be able to delete key twice"; 566 } 567 } 568 569 TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) { 570 /* 571 * This is only run if the module indicates it implements key deletion 572 * by implementing delete_keypair. 573 */ 574 if (sDevice->delete_keypair != NULL) { 575 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0)) 576 << "Should not be able to delete null key"; 577 } 578 } 579 580 /* 581 * DER-encoded PKCS#8 format RSA key. Generated using: 582 * 583 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 584 */ 585 static uint8_t TEST_SIGN_KEY_1[] = { 586 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 587 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 588 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 589 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5, 590 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9, 591 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78, 592 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED, 593 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D, 594 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 595 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2, 596 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E, 597 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55, 598 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B, 599 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E, 600 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64, 601 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6, 602 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C, 603 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5, 604 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA, 605 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83, 606 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43, 607 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6, 608 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60, 609 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A, 610 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20, 611 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9, 612 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B, 613 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80, 614 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A, 615 }; 616 617 /* 618 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying 619 * the signature below in no padding mode: 620 * 621 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig 622 */ 623 static uint8_t TEST_SIGN_DATA_1[] = { 624 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 625 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 626 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 627 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 628 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77, 629 0x6F, 0x72, 0x6C, 0x64, 630 }; 631 632 /* 633 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_KEY_1. Generated using: 634 * 635 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1 636 */ 637 static uint8_t TEST_SIGN_SIGNATURE_1[] = { 638 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 639 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 640 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 641 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 642 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 643 0x79, 0xE4, 0x91, 0x40, 644 }; 645 646 /* 647 * Identical to TEST_SIGN_SIGNATURE_1 except the last octet is '1' instead of '0' 648 * This should fail any test. 649 */ 650 static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = { 651 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 652 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 653 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 654 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 655 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 656 0x79, 0xE4, 0x91, 0x41, 657 }; 658 659 TEST_F(KeymasterTest, SignData_RSA_Raw_Success) { 660 uint8_t* key_blob; 661 size_t key_blob_length; 662 663 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 664 ASSERT_TRUE(testKey.get() != NULL); 665 666 ASSERT_EQ(0, 667 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 668 &key_blob, &key_blob_length)) 669 << "Should successfully import an RSA key"; 670 UniqueKey key(&sDevice, key_blob, key_blob_length); 671 672 keymaster_rsa_sign_params_t params = { 673 digest_type: DIGEST_NONE, 674 padding_type: PADDING_NONE, 675 }; 676 677 uint8_t* sig; 678 size_t sig_length; 679 680 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 681 ASSERT_TRUE(testData.get() != NULL); 682 683 ASSERT_EQ(0, 684 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 685 testData.get(), testData.length(), 686 &sig, &sig_length)) 687 << "Should sign data successfully"; 688 UniqueBlob sig_blob(sig, sig_length); 689 690 UniqueBlob expected_sig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)); 691 692 ASSERT_EQ(expected_sig, sig_blob) 693 << "Generated signature should match expected signature"; 694 695 // The expected signature is actually stack data, so don't let it try to free. 696 uint8_t* unused __attribute__((unused)) = expected_sig.release(); 697 } 698 699 TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) { 700 uint8_t* key_blob; 701 size_t key_blob_length; 702 703 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 704 ASSERT_TRUE(testKey.get() != NULL); 705 706 ASSERT_EQ(0, 707 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 708 &key_blob, &key_blob_length)) 709 << "Should successfully import an RSA key"; 710 UniqueKey key(&sDevice, key_blob, key_blob_length); 711 712 keymaster_rsa_sign_params_t params = { 713 digest_type: DIGEST_NONE, 714 padding_type: PADDING_NONE, 715 }; 716 717 uint8_t* sig; 718 size_t sig_length; 719 720 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1)); 721 ASSERT_TRUE(testData.get() != NULL); 722 723 ASSERT_EQ(-1, 724 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 725 testData.get(), testData.length(), 726 &sig, &sig_length)) 727 << "Should not be able to do raw signature on incorrect size data"; 728 } 729 730 TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) { 731 keymaster_rsa_sign_params_t params = { 732 digest_type: DIGEST_NONE, 733 padding_type: PADDING_NONE, 734 }; 735 736 uint8_t* sig; 737 size_t sig_length; 738 739 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1)); 740 ASSERT_TRUE(testData.get() != NULL); 741 742 ASSERT_EQ(-1, 743 sDevice->sign_data(sDevice, ¶ms, NULL, 0, 744 testData.get(), testData.length(), 745 &sig, &sig_length)) 746 << "Should not be able to do raw signature on incorrect size data"; 747 } 748 749 TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) { 750 uint8_t* key_blob; 751 size_t key_blob_length; 752 753 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 754 ASSERT_TRUE(testKey.get() != NULL); 755 756 ASSERT_EQ(0, 757 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 758 &key_blob, &key_blob_length)) 759 << "Should successfully import an RSA key"; 760 UniqueKey key(&sDevice, key_blob, key_blob_length); 761 762 keymaster_rsa_sign_params_t params = { 763 digest_type: DIGEST_NONE, 764 padding_type: PADDING_NONE, 765 }; 766 767 uint8_t* sig; 768 size_t sig_length; 769 770 ASSERT_EQ(-1, 771 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 772 NULL, 0, 773 &sig, &sig_length)) 774 << "Should error when input data is null"; 775 } 776 777 TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) { 778 uint8_t* key_blob; 779 size_t key_blob_length; 780 781 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 782 ASSERT_TRUE(testKey.get() != NULL); 783 784 ASSERT_EQ(0, 785 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 786 &key_blob, &key_blob_length)) 787 << "Should successfully import an RSA key"; 788 UniqueKey key(&sDevice, key_blob, key_blob_length); 789 790 keymaster_rsa_sign_params_t params = { 791 digest_type: DIGEST_NONE, 792 padding_type: PADDING_NONE, 793 }; 794 795 uint8_t* sig; 796 size_t sig_length; 797 798 UniqueReadOnlyBlob testData(TEST_KEY_1, sizeof(TEST_KEY_1)); 799 ASSERT_TRUE(testData.get() != NULL); 800 801 ASSERT_EQ(-1, 802 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 803 testData.get(), testData.length(), 804 NULL, NULL)) 805 << "Should error when output is null"; 806 } 807 808 TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) { 809 uint8_t* key_blob; 810 size_t key_blob_length; 811 812 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 813 ASSERT_TRUE(testKey.get() != NULL); 814 815 ASSERT_EQ(0, 816 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 817 &key_blob, &key_blob_length)) 818 << "Should successfully import an RSA key"; 819 UniqueKey key(&sDevice, key_blob, key_blob_length); 820 821 keymaster_rsa_sign_params_t params = { 822 digest_type: DIGEST_NONE, 823 padding_type: PADDING_NONE, 824 }; 825 826 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 827 ASSERT_TRUE(testData.get() != NULL); 828 829 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)); 830 ASSERT_TRUE(testSig.get() != NULL); 831 832 ASSERT_EQ(0, 833 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 834 testData.get(), testData.length(), 835 testSig.get(), testSig.length())) 836 << "Should verify data successfully"; 837 } 838 839 TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) { 840 uint8_t* key_blob; 841 size_t key_blob_length; 842 843 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 844 ASSERT_TRUE(testKey.get() != NULL); 845 846 ASSERT_EQ(0, 847 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 848 &key_blob, &key_blob_length)) 849 << "Should successfully import an RSA key"; 850 UniqueKey key(&sDevice, key_blob, key_blob_length); 851 852 keymaster_rsa_sign_params_t params = { 853 digest_type: DIGEST_NONE, 854 padding_type: PADDING_NONE, 855 }; 856 857 ASSERT_EQ(-1, 858 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 859 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 860 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 861 << "Should sign data successfully"; 862 } 863 864 TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) { 865 keymaster_rsa_sign_params_t params = { 866 digest_type: DIGEST_NONE, 867 padding_type: PADDING_NONE, 868 }; 869 870 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 871 ASSERT_TRUE(testData.get() != NULL); 872 873 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)); 874 ASSERT_TRUE(testSig.get() != NULL); 875 876 ASSERT_EQ(-1, 877 sDevice->verify_data(sDevice, ¶ms, NULL, 0, 878 testData.get(), testData.length(), 879 testSig.get(), testSig.length())) 880 << "Should fail when key is null"; 881 } 882 883 TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) { 884 uint8_t* key_blob; 885 size_t key_blob_length; 886 887 ASSERT_EQ(0, 888 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 889 &key_blob, &key_blob_length)) 890 << "Should successfully import an RSA key"; 891 UniqueKey key(&sDevice, key_blob, key_blob_length); 892 893 keymaster_rsa_sign_params_t params = { 894 digest_type: DIGEST_NONE, 895 padding_type: PADDING_NONE, 896 }; 897 898 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)); 899 ASSERT_TRUE(testSig.get() != NULL); 900 901 ASSERT_EQ(-1, 902 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 903 NULL, 0, 904 testSig.get(), testSig.length())) 905 << "Should fail on null input"; 906 } 907 908 TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) { 909 uint8_t* key_blob; 910 size_t key_blob_length; 911 912 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 913 ASSERT_TRUE(testKey.get() != NULL); 914 915 ASSERT_EQ(0, 916 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 917 &key_blob, &key_blob_length)) 918 << "Should successfully import an RSA key"; 919 UniqueKey key(&sDevice, key_blob, key_blob_length); 920 921 keymaster_rsa_sign_params_t params = { 922 digest_type: DIGEST_NONE, 923 padding_type: PADDING_NONE, 924 }; 925 926 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 927 ASSERT_TRUE(testData.get() != NULL); 928 929 ASSERT_EQ(-1, 930 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(), 931 testData.get(), testData.length(), 932 NULL, 0)) 933 << "Should fail on null signature"; 934 } 935 936 TEST_F(KeymasterTest, EraseAll_Success) { 937 uint8_t *key1_blob, *key2_blob; 938 size_t key1_blob_length, key2_blob_length; 939 940 // Only test this if the device says it supports delete_all 941 if (sDevice->delete_all == NULL) { 942 return; 943 } 944 945 UniqueReadOnlyBlob testKey(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 946 ASSERT_TRUE(testKey.get() != NULL); 947 948 ASSERT_EQ(0, 949 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 950 &key1_blob, &key1_blob_length)) 951 << "Should successfully import an RSA key"; 952 UniqueKey key1(&sDevice, key1_blob, key1_blob_length); 953 954 UniqueReadOnlyBlob testKey2(TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1)); 955 ASSERT_TRUE(testKey2.get() != NULL); 956 957 ASSERT_EQ(0, 958 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(), 959 &key2_blob, &key2_blob_length)) 960 << "Should successfully import an RSA key"; 961 UniqueKey key2(&sDevice, key2_blob, key2_blob_length); 962 963 ASSERT_EQ(0, sDevice->delete_all(sDevice)) 964 << "Should erase all keys"; 965 966 key1.reset(); 967 968 uint8_t* x509_data; 969 size_t x509_data_length; 970 ASSERT_EQ(-1, 971 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length, 972 &x509_data, &x509_data_length)) 973 << "Should be able to retrieve RSA public key 1 successfully"; 974 975 ASSERT_EQ(-1, 976 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length, 977 &x509_data, &x509_data_length)) 978 << "Should be able to retrieve RSA public key 2 successfully"; 979 } 980 981 } 982