1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <fcntl.h> 18 #include <stdlib.h> 19 #include <unistd.h> 20 #include <sys/mman.h> 21 #include <sys/stat.h> 22 #include <sys/types.h> 23 24 #include <fstream> 25 #include <iostream> 26 27 #include <gtest/gtest.h> 28 29 #include <openssl/bn.h> 30 #include <openssl/evp.h> 31 #include <openssl/x509.h> 32 33 #define LOG_TAG "keymaster_test" 34 #include <utils/Log.h> 35 #include <utils/UniquePtr.h> 36 37 #include <hardware/keymaster.h> 38 39 namespace android { 40 41 class UniqueBlob : public UniquePtr<uint8_t[]> { 42 public: 43 UniqueBlob(size_t length) : 44 mLength(length) { 45 } 46 47 UniqueBlob(uint8_t* bytes, size_t length) : 48 UniquePtr<uint8_t[]>(bytes), mLength(length) { 49 } 50 51 bool operator==(const UniqueBlob &other) const { 52 if (other.length() != mLength) { 53 return false; 54 } 55 56 const uint8_t* mine = get(); 57 const uint8_t* theirs = other.get(); 58 59 for (size_t i = 0; i < mLength; i++) { 60 if (mine[i] != theirs[i]) { 61 return false; 62 } 63 } 64 65 return true; 66 } 67 68 size_t length() const { 69 return mLength; 70 } 71 72 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob); 73 74 private: 75 size_t mLength; 76 }; 77 78 std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) { 79 const size_t length = blob.mLength; 80 stream << "Blob length=" << length << " < "; 81 82 const uint8_t* data = blob.get(); 83 for (size_t i = 0; i < length; i++) { 84 stream << std::hex << std::setw(2) << std::setfill('0') 85 << static_cast<unsigned int>(data[i]) << ' '; 86 } 87 stream << '>' << std::endl; 88 89 return stream; 90 } 91 92 class UniqueKey : public UniqueBlob { 93 public: 94 UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) : 95 UniqueBlob(bytes, length), mDevice(dev) { 96 } 97 98 ~UniqueKey() { 99 if (mDevice != NULL && *mDevice != NULL) { 100 keymaster_device_t* dev = *mDevice; 101 if (dev->delete_keypair != NULL) { 102 dev->delete_keypair(dev, get(), length()); 103 } 104 } 105 } 106 107 private: 108 keymaster_device_t** mDevice; 109 }; 110 111 class UniqueReadOnlyBlob { 112 public: 113 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) : 114 mDataSize(dataSize) { 115 int pageSize = sysconf(_SC_PAGE_SIZE); 116 if (pageSize == -1) { 117 return; 118 } 119 120 int fd = open("/dev/zero", O_RDONLY); 121 if (fd == -1) { 122 return; 123 } 124 125 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1); 126 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE, 127 MAP_PRIVATE, fd, 0); 128 close(fd); 129 130 if (buffer == NULL) { 131 return; 132 } 133 134 memcpy(buffer, data, dataSize); 135 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) { 136 munmap(buffer, mBufferSize); 137 return; 138 } 139 140 mBuffer = buffer; 141 } 142 143 ~UniqueReadOnlyBlob() { 144 munmap(mBuffer, mBufferSize); 145 } 146 147 uint8_t* get() const { 148 return mBuffer; 149 } 150 151 size_t length() const { 152 return mDataSize; 153 } 154 155 private: 156 uint8_t* mBuffer; 157 size_t mBufferSize; 158 size_t mDataSize; 159 }; 160 161 struct BIGNUM_Delete { 162 void operator()(BIGNUM* p) const { 163 BN_free(p); 164 } 165 }; 166 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 167 168 struct EVP_PKEY_Delete { 169 void operator()(EVP_PKEY* p) const { 170 EVP_PKEY_free(p); 171 } 172 }; 173 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 174 175 struct PKCS8_PRIV_KEY_INFO_Delete { 176 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 177 PKCS8_PRIV_KEY_INFO_free(p); 178 } 179 }; 180 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 181 182 struct RSA_Delete { 183 void operator()(RSA* p) const { 184 RSA_free(p); 185 } 186 }; 187 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; 188 189 struct EC_KEY_Delete { 190 void operator()(EC_KEY* p) const { 191 EC_KEY_free(p); 192 } 193 }; 194 typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY; 195 196 197 /* 198 * DER-encoded PKCS#8 format RSA key. Generated using: 199 * 200 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 201 */ 202 static uint8_t TEST_RSA_KEY_1[] = { 203 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 204 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 205 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 206 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27, 207 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55, 208 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0, 209 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A, 210 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13, 211 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8, 212 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A, 213 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77, 214 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10, 215 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D, 216 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7, 217 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64, 218 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6, 219 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC, 220 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9, 221 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A, 222 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F, 223 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28, 224 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC, 225 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD, 226 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78, 227 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 228 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC, 229 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA, 230 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF, 231 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F, 232 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26, 233 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07, 234 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77, 235 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D, 236 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75, 237 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF, 238 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12, 239 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34, 240 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48, 241 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98, 242 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43, 243 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC, 244 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75, 245 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57, 246 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21, 247 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68, 248 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81, 249 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA, 250 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27, 251 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12, 252 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89, 253 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B, 254 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D, 255 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50, 256 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7, 257 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95, 258 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12, 259 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E, 260 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC, 261 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63, 262 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33, 263 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44, 264 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32, 265 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4, 266 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5, 267 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0, 268 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E, 269 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83, 270 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C, 271 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4, 272 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42, 273 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14, 274 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8, 275 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C, 276 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6, 277 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67, 278 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B, 279 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D, 280 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B, 281 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62, 282 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91, 283 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1, 284 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40, 285 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64, 286 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E, 287 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72, 288 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F, 289 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11, 290 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE, 291 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9, 292 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71, 293 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B, 294 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46, 295 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13, 296 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E, 297 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61, 298 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2, 299 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63, 300 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82, 301 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED, 302 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9, 303 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2, 304 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5, 305 }; 306 307 /* 308 * DER-encoded PKCS#8 format EC key. Generated using: 309 * 310 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 311 */ 312 static uint8_t TEST_EC_KEY_1[] = { 313 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 314 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 315 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20, 316 0x25, 0xAC, 0x77, 0x2B, 0x04, 0x33, 0xC8, 0x16, 0x59, 0xA3, 0xC7, 0xE7, 317 0x11, 0x42, 0xD0, 0x11, 0x71, 0x30, 0x7B, 0xB8, 0xD2, 0x67, 0xFF, 0x9C, 318 0x5F, 0x50, 0x2E, 0xAB, 0x67, 0xD4, 0x17, 0x51, 0xA1, 0x44, 0x03, 0x42, 319 0x00, 0x04, 0xCF, 0xCE, 0xB8, 0x7F, 0x88, 0x36, 0xC4, 0xF8, 0x51, 0x29, 320 0xE2, 0xA7, 0x21, 0xC3, 0x3B, 0xFF, 0x88, 0xE3, 0x87, 0x98, 0xD1, 0xA6, 321 0x4B, 0xB3, 0x4B, 0xD5, 0x44, 0xF8, 0xE0, 0x43, 0x6B, 0x50, 0x74, 0xFB, 322 0xB0, 0xAD, 0x41, 0x1C, 0x11, 0x9D, 0xC6, 0x1E, 0x83, 0x8C, 0x49, 0xCA, 323 0xBE, 0xC6, 0xCE, 0xB6, 0xC9, 0xA1, 0xBF, 0x69, 0xA9, 0xA0, 0xA3, 0x80, 324 0x14, 0x39, 0x57, 0x94, 0xDA, 0x5D 325 }; 326 327 328 /* 329 * Generated using keys on the keyboard and lack of imagination. 330 */ 331 static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF }; 332 333 334 class KeymasterBaseTest : public ::testing::Test { 335 public: 336 static void SetUpTestCase() { 337 const hw_module_t* mod; 338 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod)) 339 << "Should be able to find a keymaster hardware module"; 340 341 std::cout << "Using keymaster module: " << mod->name << std::endl; 342 343 ASSERT_EQ(0, keymaster_open(mod, &sDevice)) 344 << "Should be able to open the keymaster device"; 345 346 ASSERT_EQ(KEYMASTER_MODULE_API_VERSION_0_2, mod->module_api_version) 347 << "Keymaster should implement API version 2"; 348 349 ASSERT_TRUE(sDevice->generate_keypair != NULL) 350 << "Should implement generate_keypair"; 351 352 ASSERT_TRUE(sDevice->import_keypair != NULL) 353 << "Should implement import_keypair"; 354 355 ASSERT_TRUE(sDevice->get_keypair_public != NULL) 356 << "Should implement get_keypair_public"; 357 358 ASSERT_TRUE(sDevice->sign_data != NULL) 359 << "Should implement sign_data"; 360 361 ASSERT_TRUE(sDevice->verify_data != NULL) 362 << "Should implement verify_data"; 363 } 364 365 static void TearDownTestCase() { 366 ASSERT_EQ(0, keymaster_close(sDevice)); 367 } 368 369 protected: 370 static keymaster_device_t* sDevice; 371 }; 372 373 keymaster_device_t* KeymasterBaseTest::sDevice = NULL; 374 375 class KeymasterTest : public KeymasterBaseTest { 376 }; 377 378 class KeymasterAllTypesTest : public KeymasterBaseTest, 379 public ::testing::WithParamInterface<keymaster_keypair_t> { 380 }; 381 382 class KeymasterGenerateRSATest : public KeymasterBaseTest, 383 public ::testing::WithParamInterface<uint32_t> { 384 }; 385 386 class KeymasterGenerateDSATest : public KeymasterBaseTest, 387 public ::testing::WithParamInterface<uint32_t> { 388 }; 389 390 class KeymasterGenerateECTest : public KeymasterBaseTest, 391 public ::testing::WithParamInterface<uint32_t> { 392 }; 393 394 TEST_P(KeymasterGenerateRSATest, GenerateKeyPair_RSA_Success) { 395 keymaster_keypair_t key_type = TYPE_RSA; 396 keymaster_rsa_keygen_params_t params = { 397 modulus_size: GetParam(), 398 public_exponent: RSA_F4, 399 }; 400 401 uint8_t* key_blob; 402 size_t key_blob_length; 403 404 ASSERT_EQ(0, 405 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 406 << "Should generate an RSA key with " << GetParam() << " bit modulus size"; 407 UniqueKey key(&sDevice, key_blob, key_blob_length); 408 409 uint8_t* x509_data = NULL; 410 size_t x509_data_length; 411 ASSERT_EQ(0, 412 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 413 &x509_data, &x509_data_length)) 414 << "Should be able to retrieve RSA public key successfully"; 415 UniqueBlob x509_blob(x509_data, x509_data_length); 416 ASSERT_FALSE(x509_blob.get() == NULL) 417 << "X509 data should be allocated"; 418 419 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 420 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 421 static_cast<long>(x509_blob.length()))); 422 423 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type)) 424 << "Generated key type should be of type RSA"; 425 426 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get())); 427 ASSERT_FALSE(rsa.get() == NULL) 428 << "Should be able to extract RSA key from EVP_PKEY"; 429 430 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e)) 431 << "Exponent should be RSA_F4"; 432 433 ASSERT_EQ((GetParam() + 7) / 8, static_cast<uint32_t>(RSA_size(rsa.get()))) 434 << "Modulus size should be the specified parameter"; 435 } 436 437 INSTANTIATE_TEST_CASE_P(RSA, 438 KeymasterGenerateRSATest, 439 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U)); 440 441 442 TEST_P(KeymasterGenerateECTest, GenerateKeyPair_EC_Success) { 443 keymaster_keypair_t key_type = TYPE_EC; 444 keymaster_ec_keygen_params_t params = { 445 field_size: GetParam(), 446 }; 447 448 uint8_t* key_blob; 449 size_t key_blob_length; 450 451 ASSERT_EQ(0, 452 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 453 << "Should generate an EC key with " << GetParam() << " field size"; 454 UniqueKey key(&sDevice, key_blob, key_blob_length); 455 456 uint8_t* x509_data = NULL; 457 size_t x509_data_length; 458 ASSERT_EQ(0, 459 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 460 &x509_data, &x509_data_length)) 461 << "Should be able to retrieve EC public key successfully"; 462 UniqueBlob x509_blob(x509_data, x509_data_length); 463 ASSERT_FALSE(x509_blob.get() == NULL) 464 << "X509 data should be allocated"; 465 466 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 467 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 468 static_cast<long>(x509_blob.length()))); 469 470 ASSERT_EQ(EVP_PKEY_EC, EVP_PKEY_type(actual.get()->type)) 471 << "Generated key type should be of type EC"; 472 473 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(actual.get())); 474 ASSERT_FALSE(ecKey.get() == NULL) 475 << "Should be able to extract EC key from EVP_PKEY"; 476 477 ASSERT_FALSE(EC_KEY_get0_group(ecKey.get()) == NULL) 478 << "EC key should have a EC_GROUP"; 479 480 ASSERT_TRUE(EC_KEY_check_key(ecKey.get())) 481 << "EC key should check correctly"; 482 } 483 484 INSTANTIATE_TEST_CASE_P(EC, 485 KeymasterGenerateECTest, 486 ::testing::Values(192U, 224U, 256U, 384U, 521U)); 487 488 489 TEST_P(KeymasterAllTypesTest, GenerateKeyPair_NullParams_Failure) { 490 keymaster_keypair_t key_type = GetParam(); 491 492 uint8_t* key_blob; 493 size_t key_blob_length; 494 495 ASSERT_EQ(-1, 496 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 497 << "Should not be able to generate a key with null params"; 498 } 499 500 INSTANTIATE_TEST_CASE_P(Types, 501 KeymasterAllTypesTest, 502 ::testing::Values(TYPE_RSA, TYPE_DSA, TYPE_EC)); 503 504 TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) { 505 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF); 506 507 uint8_t* key_blob; 508 size_t key_blob_length; 509 510 ASSERT_EQ(-1, 511 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 512 << "Should not generate an unknown key type"; 513 } 514 515 TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) { 516 uint8_t* key_blob; 517 size_t key_blob_length; 518 519 ASSERT_EQ(0, 520 sDevice->import_keypair(sDevice, TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1), 521 &key_blob, &key_blob_length)) 522 << "Should successfully import an RSA key"; 523 UniqueKey key(&sDevice, key_blob, key_blob_length); 524 525 uint8_t* x509_data; 526 size_t x509_data_length; 527 ASSERT_EQ(0, 528 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 529 &x509_data, &x509_data_length)) 530 << "Should be able to retrieve RSA public key successfully"; 531 UniqueBlob x509_blob(x509_data, x509_data_length); 532 533 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 534 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 535 static_cast<long>(x509_blob.length()))); 536 537 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA) 538 << "Generated key type should be of type RSA"; 539 540 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_RSA_KEY_1); 541 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 542 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 543 sizeof(TEST_RSA_KEY_1))); 544 545 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 546 547 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 548 << "Expected and actual keys should match"; 549 } 550 551 TEST_F(KeymasterTest, ImportKeyPair_EC_Success) { 552 uint8_t* key_blob; 553 size_t key_blob_length; 554 555 ASSERT_EQ(0, 556 sDevice->import_keypair(sDevice, TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1), 557 &key_blob, &key_blob_length)) 558 << "Should successfully import an EC key"; 559 UniqueKey key(&sDevice, key_blob, key_blob_length); 560 561 uint8_t* x509_data; 562 size_t x509_data_length; 563 ASSERT_EQ(0, 564 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 565 &x509_data, &x509_data_length)) 566 << "Should be able to retrieve EC public key successfully"; 567 UniqueBlob x509_blob(x509_data, x509_data_length); 568 569 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 570 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 571 static_cast<long>(x509_blob.length()))); 572 573 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_EC) 574 << "Generated key type should be of type EC"; 575 576 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_EC_KEY_1); 577 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 578 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 579 sizeof(TEST_EC_KEY_1))); 580 581 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 582 583 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 584 << "Expected and actual keys should match"; 585 } 586 587 TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) { 588 uint8_t* key_blob; 589 size_t key_blob_length; 590 591 ASSERT_EQ(-1, 592 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1), 593 &key_blob, &key_blob_length)) 594 << "Should not import an unknown key type"; 595 } 596 597 TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) { 598 uint8_t* key_blob; 599 size_t key_blob_length; 600 601 ASSERT_EQ(-1, 602 sDevice->import_keypair(sDevice, NULL, 0, 603 &key_blob, &key_blob_length)) 604 << "Should not import a null key"; 605 } 606 607 TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) { 608 uint8_t* key_blob; 609 size_t key_blob_length; 610 611 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 612 ASSERT_TRUE(testKey.get() != NULL); 613 614 ASSERT_EQ(0, 615 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 616 &key_blob, &key_blob_length)) 617 << "Should successfully import an RSA key"; 618 UniqueKey key(&sDevice, key_blob, key_blob_length); 619 620 uint8_t* x509_data; 621 size_t x509_data_length; 622 ASSERT_EQ(0, 623 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 624 &x509_data, &x509_data_length)) 625 << "Should be able to retrieve RSA public key successfully"; 626 UniqueBlob x509_blob(x509_data, x509_data_length); 627 } 628 629 TEST_F(KeymasterTest, GetKeypairPublic_EC_Success) { 630 uint8_t* key_blob; 631 size_t key_blob_length; 632 633 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1)); 634 ASSERT_TRUE(testKey.get() != NULL); 635 636 ASSERT_EQ(0, 637 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 638 &key_blob, &key_blob_length)) 639 << "Should successfully import an EC key"; 640 UniqueKey key(&sDevice, key_blob, key_blob_length); 641 642 uint8_t* x509_data; 643 size_t x509_data_length; 644 ASSERT_EQ(0, 645 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 646 &x509_data, &x509_data_length)) 647 << "Should be able to retrieve EC public key successfully"; 648 UniqueBlob x509_blob(x509_data, x509_data_length); 649 } 650 651 TEST_F(KeymasterTest, GetKeypairPublic_NullKey_Failure) { 652 uint8_t* key_blob; 653 size_t key_blob_length; 654 655 uint8_t* x509_data = NULL; 656 size_t x509_data_length; 657 ASSERT_EQ(-1, 658 sDevice->get_keypair_public(sDevice, NULL, 0, 659 &x509_data, &x509_data_length)) 660 << "Should not be able to retrieve public key from null key"; 661 UniqueBlob x509_blob(x509_data, x509_data_length); 662 } 663 664 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) { 665 uint8_t* key_blob; 666 size_t key_blob_length; 667 668 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 669 ASSERT_TRUE(testKey.get() != NULL); 670 671 ASSERT_EQ(0, 672 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 673 &key_blob, &key_blob_length)) 674 << "Should successfully import an RSA key"; 675 UniqueKey key(&sDevice, key_blob, key_blob_length); 676 677 ASSERT_EQ(-1, 678 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 679 NULL, NULL)) 680 << "Should not be able to succeed with NULL destination blob"; 681 } 682 683 TEST_F(KeymasterTest, GetKeypairPublic_EC_NullDestination_Failure) { 684 uint8_t* key_blob; 685 size_t key_blob_length; 686 687 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1)); 688 ASSERT_TRUE(testKey.get() != NULL); 689 690 ASSERT_EQ(0, 691 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 692 &key_blob, &key_blob_length)) 693 << "Should successfully import an RSA key"; 694 UniqueKey key(&sDevice, key_blob, key_blob_length); 695 696 ASSERT_EQ(-1, 697 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 698 NULL, NULL)) 699 << "Should not be able to succeed with NULL destination blob"; 700 } 701 702 TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) { 703 uint8_t* key_blob; 704 size_t key_blob_length; 705 706 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 707 ASSERT_TRUE(testKey.get() != NULL); 708 709 ASSERT_EQ(0, 710 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 711 &key_blob, &key_blob_length)) 712 << "Should successfully import an RSA key"; 713 UniqueKey key(&sDevice, key_blob, key_blob_length); 714 } 715 716 TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) { 717 uint8_t* key_blob; 718 size_t key_blob_length; 719 720 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 721 ASSERT_TRUE(testKey.get() != NULL); 722 723 /* 724 * This is only run if the module indicates it implements key deletion 725 * by implementing delete_keypair. 726 */ 727 if (sDevice->delete_keypair != NULL) { 728 ASSERT_EQ(0, 729 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 730 &key_blob, &key_blob_length)) 731 << "Should successfully import an RSA key"; 732 UniqueBlob blob(key_blob, key_blob_length); 733 734 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 735 << "Should delete key after import"; 736 737 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 738 << "Should not be able to delete key twice"; 739 } 740 } 741 742 TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) { 743 /* 744 * This is only run if the module indicates it implements key deletion 745 * by implementing delete_keypair. 746 */ 747 if (sDevice->delete_keypair != NULL) { 748 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0)) 749 << "Should not be able to delete null key"; 750 } 751 } 752 753 /* 754 * DER-encoded PKCS#8 format RSA key. Generated using: 755 * 756 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 757 */ 758 static uint8_t TEST_SIGN_RSA_KEY_1[] = { 759 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 760 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 761 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 762 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5, 763 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9, 764 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78, 765 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED, 766 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D, 767 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 768 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2, 769 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E, 770 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55, 771 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B, 772 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E, 773 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64, 774 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6, 775 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C, 776 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5, 777 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA, 778 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83, 779 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43, 780 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6, 781 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60, 782 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A, 783 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20, 784 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9, 785 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B, 786 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80, 787 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A, 788 }; 789 790 /* 791 * DER-encoded PKCS#8 format EC key. Generated using: 792 * 793 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 794 */ 795 static uint8_t TEST_SIGN_EC_KEY_1[] = { 796 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 797 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 798 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20, 799 0x9E, 0x66, 0x11, 0x6A, 0x89, 0xF5, 0x78, 0x57, 0xF3, 0x35, 0xA2, 0x46, 800 0x09, 0x06, 0x4B, 0x4D, 0x81, 0xEC, 0xD3, 0x9B, 0x0A, 0xC4, 0x68, 0x06, 801 0xB8, 0x42, 0x24, 0x5E, 0x74, 0x2C, 0x62, 0x79, 0xA1, 0x44, 0x03, 0x42, 802 0x00, 0x04, 0x35, 0xB5, 0x9A, 0x5C, 0xE5, 0x52, 0x35, 0xF2, 0x10, 0x6C, 803 0xD9, 0x98, 0x67, 0xED, 0x5E, 0xCB, 0x6B, 0xB8, 0x96, 0x5E, 0x54, 0x7C, 804 0x34, 0x2A, 0xA3, 0x3B, 0xF3, 0xD1, 0x39, 0x48, 0x36, 0x7A, 0xEA, 0xD8, 805 0xCA, 0xDD, 0x40, 0x8F, 0xE9, 0xE0, 0x95, 0x2E, 0x3F, 0x95, 0x0F, 0x14, 806 0xD6, 0x14, 0x78, 0xB5, 0xAD, 0x17, 0xD2, 0x5A, 0x41, 0x96, 0x99, 0x20, 807 0xC7, 0x5B, 0x0F, 0x60, 0xFD, 0xBA 808 }; 809 810 /* 811 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying 812 * the signature below in no padding mode: 813 * 814 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig 815 */ 816 static uint8_t TEST_SIGN_DATA_1[] = { 817 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 818 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 819 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 820 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 821 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77, 822 0x6F, 0x72, 0x6C, 0x64, 823 }; 824 825 /* 826 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_RSA_KEY_1. Generated using: 827 * 828 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1 829 */ 830 static uint8_t TEST_SIGN_RSA_SIGNATURE_1[] = { 831 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 832 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 833 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 834 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 835 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 836 0x79, 0xE4, 0x91, 0x40, 837 }; 838 839 /* 840 * Identical to TEST_SIGN_RSA_SIGNATURE_1 except the last octet is '1' instead of '0' 841 * This should fail any test. 842 */ 843 static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = { 844 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 845 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 846 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 847 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 848 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 849 0x79, 0xE4, 0x91, 0x41, 850 }; 851 852 TEST_F(KeymasterTest, SignData_RSA_Raw_Success) { 853 uint8_t* key_blob; 854 size_t key_blob_length; 855 856 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 857 ASSERT_TRUE(testKey.get() != NULL); 858 859 ASSERT_EQ(0, 860 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 861 &key_blob, &key_blob_length)) 862 << "Should successfully import an RSA key"; 863 UniqueKey key(&sDevice, key_blob, key_blob_length); 864 865 keymaster_rsa_sign_params_t params = { 866 digest_type: DIGEST_NONE, 867 padding_type: PADDING_NONE, 868 }; 869 870 uint8_t* sig; 871 size_t sig_length; 872 873 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 874 ASSERT_TRUE(testData.get() != NULL); 875 876 ASSERT_EQ(0, 877 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 878 testData.get(), testData.length(), 879 &sig, &sig_length)) 880 << "Should sign data successfully"; 881 UniqueBlob sig_blob(sig, sig_length); 882 883 UniqueBlob expected_sig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 884 885 ASSERT_EQ(expected_sig, sig_blob) 886 << "Generated signature should match expected signature"; 887 888 // The expected signature is actually stack data, so don't let it try to free. 889 uint8_t* unused __attribute__((unused)) = expected_sig.release(); 890 } 891 892 TEST_F(KeymasterTest, SignData_EC_Success) { 893 uint8_t* key_blob; 894 size_t key_blob_length; 895 896 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 897 ASSERT_TRUE(testKey.get() != NULL); 898 899 ASSERT_EQ(0, 900 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 901 &key_blob, &key_blob_length)) 902 << "Should successfully import an EC key"; 903 UniqueKey key(&sDevice, key_blob, key_blob_length); 904 905 keymaster_ec_sign_params_t params = { 906 digest_type: DIGEST_NONE, 907 }; 908 909 uint8_t* sig; 910 size_t sig_length; 911 912 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 913 ASSERT_TRUE(testData.get() != NULL); 914 915 ASSERT_EQ(0, 916 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 917 testData.get(), testData.length(), 918 &sig, &sig_length)) 919 << "Should sign data successfully"; 920 UniqueBlob sig_blob(sig, sig_length); 921 922 uint8_t* x509_data; 923 size_t x509_data_length; 924 ASSERT_EQ(0, 925 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 926 &x509_data, &x509_data_length)) 927 << "Should be able to retrieve RSA public key successfully"; 928 UniqueBlob x509_blob(x509_data, x509_data_length); 929 930 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 931 Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 932 static_cast<long>(x509_blob.length()))); 933 934 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get())); 935 936 ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get())) 937 << "Signature should verify"; 938 } 939 940 TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) { 941 uint8_t* key_blob; 942 size_t key_blob_length; 943 944 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 945 ASSERT_TRUE(testKey.get() != NULL); 946 947 ASSERT_EQ(0, 948 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 949 &key_blob, &key_blob_length)) 950 << "Should successfully import an RSA key"; 951 UniqueKey key(&sDevice, key_blob, key_blob_length); 952 953 keymaster_rsa_sign_params_t params = { 954 digest_type: DIGEST_NONE, 955 padding_type: PADDING_NONE, 956 }; 957 958 uint8_t* sig; 959 size_t sig_length; 960 961 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 962 ASSERT_TRUE(testData.get() != NULL); 963 964 ASSERT_EQ(-1, 965 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 966 testData.get(), testData.length(), 967 &sig, &sig_length)) 968 << "Should not be able to do raw signature on incorrect size data"; 969 } 970 971 TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) { 972 keymaster_rsa_sign_params_t params = { 973 digest_type: DIGEST_NONE, 974 padding_type: PADDING_NONE, 975 }; 976 977 uint8_t* sig; 978 size_t sig_length; 979 980 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 981 ASSERT_TRUE(testData.get() != NULL); 982 983 ASSERT_EQ(-1, 984 sDevice->sign_data(sDevice, ¶ms, NULL, 0, 985 testData.get(), testData.length(), 986 &sig, &sig_length)) 987 << "Should not be able to do raw signature on incorrect size data"; 988 } 989 990 TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) { 991 uint8_t* key_blob; 992 size_t key_blob_length; 993 994 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 995 ASSERT_TRUE(testKey.get() != NULL); 996 997 ASSERT_EQ(0, 998 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 999 &key_blob, &key_blob_length)) 1000 << "Should successfully import an RSA key"; 1001 UniqueKey key(&sDevice, key_blob, key_blob_length); 1002 1003 keymaster_rsa_sign_params_t params = { 1004 digest_type: DIGEST_NONE, 1005 padding_type: PADDING_NONE, 1006 }; 1007 1008 uint8_t* sig; 1009 size_t sig_length; 1010 1011 ASSERT_EQ(-1, 1012 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1013 NULL, 0, 1014 &sig, &sig_length)) 1015 << "Should error when input data is null"; 1016 } 1017 1018 TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) { 1019 uint8_t* key_blob; 1020 size_t key_blob_length; 1021 1022 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1023 ASSERT_TRUE(testKey.get() != NULL); 1024 1025 ASSERT_EQ(0, 1026 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1027 &key_blob, &key_blob_length)) 1028 << "Should successfully import an RSA key"; 1029 UniqueKey key(&sDevice, key_blob, key_blob_length); 1030 1031 keymaster_rsa_sign_params_t params = { 1032 digest_type: DIGEST_NONE, 1033 padding_type: PADDING_NONE, 1034 }; 1035 1036 uint8_t* sig; 1037 size_t sig_length; 1038 1039 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 1040 ASSERT_TRUE(testData.get() != NULL); 1041 1042 ASSERT_EQ(-1, 1043 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1044 testData.get(), testData.length(), 1045 NULL, NULL)) 1046 << "Should error when output is null"; 1047 } 1048 1049 TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) { 1050 uint8_t* key_blob; 1051 size_t key_blob_length; 1052 1053 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1054 ASSERT_TRUE(testKey.get() != NULL); 1055 1056 ASSERT_EQ(0, 1057 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1058 &key_blob, &key_blob_length)) 1059 << "Should successfully import an RSA key"; 1060 UniqueKey key(&sDevice, key_blob, key_blob_length); 1061 1062 keymaster_rsa_sign_params_t params = { 1063 digest_type: DIGEST_NONE, 1064 padding_type: PADDING_NONE, 1065 }; 1066 1067 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1068 ASSERT_TRUE(testData.get() != NULL); 1069 1070 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 1071 ASSERT_TRUE(testSig.get() != NULL); 1072 1073 ASSERT_EQ(0, 1074 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1075 testData.get(), testData.length(), 1076 testSig.get(), testSig.length())) 1077 << "Should verify data successfully"; 1078 } 1079 1080 TEST_F(KeymasterTest, VerifyData_EC_Raw_Success) { 1081 uint8_t* key_blob; 1082 size_t key_blob_length; 1083 1084 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 1085 ASSERT_TRUE(testKey.get() != NULL); 1086 1087 ASSERT_EQ(0, 1088 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1089 &key_blob, &key_blob_length)) 1090 << "Should successfully import an RSA key"; 1091 UniqueKey key(&sDevice, key_blob, key_blob_length); 1092 1093 keymaster_ec_sign_params_t params = { 1094 digest_type: DIGEST_NONE, 1095 }; 1096 1097 uint8_t* sig; 1098 size_t sig_length; 1099 1100 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1101 ASSERT_TRUE(testData.get() != NULL); 1102 1103 ASSERT_EQ(0, 1104 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1105 testData.get(), testData.length(), 1106 &sig, &sig_length)) 1107 << "Should sign data successfully"; 1108 UniqueBlob sig_blob(sig, sig_length); 1109 1110 ASSERT_EQ(0, 1111 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1112 testData.get(), testData.length(), 1113 sig_blob.get(), sig_blob.length())) 1114 << "Should verify data successfully"; 1115 } 1116 1117 TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) { 1118 uint8_t* key_blob; 1119 size_t key_blob_length; 1120 1121 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1122 ASSERT_TRUE(testKey.get() != NULL); 1123 1124 ASSERT_EQ(0, 1125 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1126 &key_blob, &key_blob_length)) 1127 << "Should successfully import an RSA key"; 1128 UniqueKey key(&sDevice, key_blob, key_blob_length); 1129 1130 keymaster_rsa_sign_params_t params = { 1131 digest_type: DIGEST_NONE, 1132 padding_type: PADDING_NONE, 1133 }; 1134 1135 ASSERT_EQ(-1, 1136 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1137 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 1138 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 1139 << "Should sign data successfully"; 1140 } 1141 1142 TEST_F(KeymasterTest, VerifyData_EC_Raw_BadSignature_Failure) { 1143 uint8_t* key_blob; 1144 size_t key_blob_length; 1145 1146 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 1147 ASSERT_TRUE(testKey.get() != NULL); 1148 1149 ASSERT_EQ(0, 1150 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1151 &key_blob, &key_blob_length)) 1152 << "Should successfully import an RSA key"; 1153 UniqueKey key(&sDevice, key_blob, key_blob_length); 1154 1155 keymaster_ec_sign_params_t params = { 1156 digest_type: DIGEST_NONE, 1157 }; 1158 1159 ASSERT_EQ(-1, 1160 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1161 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 1162 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 1163 << "Should sign data successfully"; 1164 } 1165 1166 TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) { 1167 keymaster_rsa_sign_params_t params = { 1168 digest_type: DIGEST_NONE, 1169 padding_type: PADDING_NONE, 1170 }; 1171 1172 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1173 ASSERT_TRUE(testData.get() != NULL); 1174 1175 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)); 1176 ASSERT_TRUE(testSig.get() != NULL); 1177 1178 ASSERT_EQ(-1, 1179 sDevice->verify_data(sDevice, ¶ms, NULL, 0, 1180 testData.get(), testData.length(), 1181 testSig.get(), testSig.length())) 1182 << "Should fail when key is null"; 1183 } 1184 1185 TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) { 1186 uint8_t* key_blob; 1187 size_t key_blob_length; 1188 1189 ASSERT_EQ(0, 1190 sDevice->import_keypair(sDevice, TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1), 1191 &key_blob, &key_blob_length)) 1192 << "Should successfully import an RSA key"; 1193 UniqueKey key(&sDevice, key_blob, key_blob_length); 1194 1195 keymaster_rsa_sign_params_t params = { 1196 digest_type: DIGEST_NONE, 1197 padding_type: PADDING_NONE, 1198 }; 1199 1200 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 1201 ASSERT_TRUE(testSig.get() != NULL); 1202 1203 ASSERT_EQ(-1, 1204 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1205 NULL, 0, 1206 testSig.get(), testSig.length())) 1207 << "Should fail on null input"; 1208 } 1209 1210 TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) { 1211 uint8_t* key_blob; 1212 size_t key_blob_length; 1213 1214 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1215 ASSERT_TRUE(testKey.get() != NULL); 1216 1217 ASSERT_EQ(0, 1218 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1219 &key_blob, &key_blob_length)) 1220 << "Should successfully import an RSA key"; 1221 UniqueKey key(&sDevice, key_blob, key_blob_length); 1222 1223 keymaster_rsa_sign_params_t params = { 1224 digest_type: DIGEST_NONE, 1225 padding_type: PADDING_NONE, 1226 }; 1227 1228 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1229 ASSERT_TRUE(testData.get() != NULL); 1230 1231 ASSERT_EQ(-1, 1232 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(), 1233 testData.get(), testData.length(), 1234 NULL, 0)) 1235 << "Should fail on null signature"; 1236 } 1237 1238 TEST_F(KeymasterTest, EraseAll_Success) { 1239 uint8_t *key1_blob, *key2_blob; 1240 size_t key1_blob_length, key2_blob_length; 1241 1242 // Only test this if the device says it supports delete_all 1243 if (sDevice->delete_all == NULL) { 1244 return; 1245 } 1246 1247 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1248 ASSERT_TRUE(testKey.get() != NULL); 1249 1250 ASSERT_EQ(0, 1251 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1252 &key1_blob, &key1_blob_length)) 1253 << "Should successfully import an RSA key"; 1254 UniqueKey key1(&sDevice, key1_blob, key1_blob_length); 1255 1256 UniqueReadOnlyBlob testKey2(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1257 ASSERT_TRUE(testKey2.get() != NULL); 1258 1259 ASSERT_EQ(0, 1260 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(), 1261 &key2_blob, &key2_blob_length)) 1262 << "Should successfully import an RSA key"; 1263 UniqueKey key2(&sDevice, key2_blob, key2_blob_length); 1264 1265 ASSERT_EQ(0, sDevice->delete_all(sDevice)) 1266 << "Should erase all keys"; 1267 1268 key1.reset(); 1269 1270 uint8_t* x509_data; 1271 size_t x509_data_length; 1272 ASSERT_EQ(-1, 1273 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length, 1274 &x509_data, &x509_data_length)) 1275 << "Should be able to retrieve RSA public key 1 successfully"; 1276 1277 ASSERT_EQ(-1, 1278 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length, 1279 &x509_data, &x509_data_length)) 1280 << "Should be able to retrieve RSA public key 2 successfully"; 1281 } 1282 1283 } 1284
