1 /* 2 * Copyright (C) 2009 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security; 18 19 import android.app.Activity; 20 import android.os.Process; 21 import android.security.KeyStore; 22 import android.test.ActivityUnitTestCase; 23 import android.test.AssertionFailedError; 24 import android.test.suitebuilder.annotation.MediumTest; 25 import com.android.org.conscrypt.NativeCrypto; 26 import java.nio.charset.StandardCharsets; 27 import java.util.Arrays; 28 import java.util.Date; 29 import java.util.HashSet; 30 31 /** 32 * Junit / Instrumentation test case for KeyStore class 33 * 34 * Running the test suite: 35 * 36 * runtest keystore-unit 37 * 38 * Or this individual test case: 39 * 40 * runtest --path frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java 41 */ 42 @MediumTest 43 public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 44 private static final String TEST_PASSWD = "12345678"; 45 private static final String TEST_PASSWD2 = "87654321"; 46 private static final String TEST_KEYNAME = "test-key"; 47 private static final String TEST_KEYNAME1 = "test-key.1"; 48 private static final String TEST_KEYNAME2 = "test-key\02"; 49 private static final byte[] TEST_KEYVALUE = "test value".getBytes(StandardCharsets.UTF_8); 50 51 // "Hello, World" in Chinese 52 private static final String TEST_I18N_KEY = "\u4F60\u597D, \u4E16\u754C"; 53 private static final byte[] TEST_I18N_VALUE = TEST_I18N_KEY.getBytes(StandardCharsets.UTF_8); 54 55 // Test vector data for signatures 56 private static final byte[] TEST_DATA = new byte[256]; 57 static { 58 for (int i = 0; i < TEST_DATA.length; i++) { 59 TEST_DATA[i] = (byte) i; 60 } 61 } 62 63 private KeyStore mKeyStore = null; 64 65 public KeyStoreTest() { 66 super(Activity.class); 67 } 68 69 private static final byte[] PRIVKEY_BYTES = hexToBytes( 70 "308204BE020100300D06092A864886F70D0101010500048204A8308204A4020100028201" + 71 "0100E0473E8AB8F2284FEB9E742FF9748FA118ED98633C92F52AEB7A2EBE0D3BE60329BE" + 72 "766AD10EB6A515D0D2CFD9BEA7930F0C306537899F7958CD3E85B01F8818524D312584A9" + 73 "4B251E3625B54141EDBFEE198808E1BB97FC7CB49B9EAAAF68E9C98D7D0EDC53BBC0FA00" + 74 "34356D6305FBBCC3C7001405386ABBC873CB0F3EF7425F3D33DF7B315AE036D2A0B66AFD" + 75 "47503B169BF36E3B5162515B715FDA83DEAF2C58AEB9ABFB3097C3CC9DD9DBE5EF296C17" + 76 "6139028E8A671E63056D45F40188D2C4133490845DE52C2534E9C6B2478C07BDAE928823" + 77 "B62D066C7770F9F63F3DBA247F530844747BE7AAA85D853B8BD244ACEC3DE3C89AB46453" + 78 "AB4D24C3AC6902030100010282010037784776A5F17698F5AC960DFB83A1B67564E648BD" + 79 "0597CF8AB8087186F2669C27A9ECBDD480F0197A80D07309E6C6A96F925331E57F8B4AC6" + 80 "F4D45EDA45A23269C09FC428C07A4E6EDF738A15DEC97FABD2F2BB47A14F20EA72FCFE4C" + 81 "36E01ADA77BD137CD8D4DA10BB162E94A4662971F175F985FA188F056CB97EE2816F43AB" + 82 "9D3747612486CDA8C16196C30818A995EC85D38467791267B3BF21F273710A6925862576" + 83 "841C5B6712C12D4BD20A2F3299ADB7C135DA5E9515ABDA76E7CAF2A3BE80551D073B78BF" + 84 "1162C48AD2B7F4743A0238EE4D252F7D5E7E6533CCAE64CCB39360075A2FD1E034EC3AE5" + 85 "CE9C408CCBF0E25E4114021687B3DD4754AE8102818100F541884BC3737B2922D4119EF4" + 86 "5E2DEE2CD4CBB75F45505A157AA5009F99C73A2DF0724AC46024306332EA898177634546" + 87 "5DC6DF1E0A6F140AFF3B7396E6A8994AC5DAA96873472FE37749D14EB3E075E629DBEB35" + 88 "83338A6F3649D0A2654A7A42FD9AB6BFA4AC4D481D390BB229B064BDC311CC1BE1B63189" + 89 "DA7C40CDECF2B102818100EA1A742DDB881CEDB7288C87E38D868DD7A409D15A43F445D5" + 90 "377A0B5731DDBFCA2DAF28A8E13CD5C0AFCEC3347D74A39E235A3CD9633F274DE2B94F92" + 91 "DF43833911D9E9F1CF58F27DE2E08FF45964C720D3EC2139DC7CAFC912953CDECB2F355A" + 92 "2E2C35A50FAD754CB3B23166424BA3B6E3112A2B898C38C5C15EDB238693390281805182" + 93 "8F1EC6FD996029901BAF1D7E337BA5F0AF27E984EAD895ACE62BD7DF4EE45A224089F2CC" + 94 "151AF3CD173FCE0474BCB04F386A2CDCC0E0036BA2419F54579262D47100BE931984A3EF" + 95 "A05BECF141574DC079B3A95C4A83E6C43F3214D6DF32D512DE198085E531E616B83FD7DD" + 96 "9D1F4E2607C3333D07C55D107D1D3893587102818100DB4FB50F50DE8EDB53FF34C80931" + 97 "88A0512867DA2CCA04897759E587C244010DAF8664D59E8083D16C164789301F67A9F078" + 98 "060D834A2ADBD367575B68A8A842C2B02A89B3F31FCCEC8A22FE395795C5C6C7422B4E5D" + 99 "74A1E9A8F30E7759B9FC2D639C1F15673E84E93A5EF1506F4315383C38D45CBD1B14048F" + 100 "4721DC82326102818100D8114593AF415FB612DBF1923710D54D07486205A76A3B431949" + 101 "68C0DFF1F11EF0F61A4A337D5FD3741BBC9640E447B8B6B6C47C3AC1204357D3B0C55BA9" + 102 "286BDA73F629296F5FA9146D8976357D3C751E75148696A40B74685C82CE30902D639D72" + 103 "4FF24D5E2E9407EE34EDED2E3B4DF65AA9BCFEB6DF28D07BA6903F165768"); 104 105 106 private static byte[] hexToBytes(String s) { 107 int len = s.length(); 108 byte[] data = new byte[len / 2]; 109 for (int i = 0; i < len; i += 2) { 110 data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit( 111 s.charAt(i + 1), 16)); 112 } 113 return data; 114 } 115 116 @Override 117 protected void setUp() throws Exception { 118 mKeyStore = KeyStore.getInstance(); 119 if (mKeyStore.state() != KeyStore.State.UNINITIALIZED) { 120 mKeyStore.reset(); 121 } 122 assertEquals("KeyStore should be in an uninitialized state", 123 KeyStore.State.UNINITIALIZED, mKeyStore.state()); 124 super.setUp(); 125 } 126 127 @Override 128 protected void tearDown() throws Exception { 129 mKeyStore.reset(); 130 super.tearDown(); 131 } 132 133 public void testState() throws Exception { 134 assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state()); 135 } 136 137 public void testPassword() throws Exception { 138 assertTrue(mKeyStore.password(TEST_PASSWD)); 139 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 140 } 141 142 public void testGet() throws Exception { 143 assertNull(mKeyStore.get(TEST_KEYNAME)); 144 mKeyStore.password(TEST_PASSWD); 145 assertNull(mKeyStore.get(TEST_KEYNAME)); 146 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 147 KeyStore.FLAG_ENCRYPTED)); 148 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 149 } 150 151 public void testPut() throws Exception { 152 assertNull(mKeyStore.get(TEST_KEYNAME)); 153 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 154 KeyStore.FLAG_ENCRYPTED)); 155 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 156 mKeyStore.password(TEST_PASSWD); 157 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 158 KeyStore.FLAG_ENCRYPTED)); 159 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 160 } 161 162 public void testPut_grantedUid_Wifi() throws Exception { 163 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 164 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 165 KeyStore.FLAG_ENCRYPTED)); 166 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 167 mKeyStore.password(TEST_PASSWD); 168 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 169 KeyStore.FLAG_ENCRYPTED)); 170 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 171 } 172 173 public void testPut_ungrantedUid_Bluetooth() throws Exception { 174 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 175 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 176 KeyStore.FLAG_ENCRYPTED)); 177 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 178 mKeyStore.password(TEST_PASSWD); 179 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 180 KeyStore.FLAG_ENCRYPTED)); 181 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 182 } 183 184 public void testI18n() throws Exception { 185 assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, 186 KeyStore.FLAG_ENCRYPTED)); 187 assertFalse(mKeyStore.contains(TEST_I18N_KEY)); 188 mKeyStore.password(TEST_I18N_KEY); 189 assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, 190 KeyStore.FLAG_ENCRYPTED)); 191 assertTrue(mKeyStore.contains(TEST_I18N_KEY)); 192 } 193 194 public void testDelete() throws Exception { 195 assertFalse(mKeyStore.delete(TEST_KEYNAME)); 196 mKeyStore.password(TEST_PASSWD); 197 assertFalse(mKeyStore.delete(TEST_KEYNAME)); 198 199 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 200 KeyStore.FLAG_ENCRYPTED)); 201 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 202 assertTrue(mKeyStore.delete(TEST_KEYNAME)); 203 assertNull(mKeyStore.get(TEST_KEYNAME)); 204 } 205 206 public void testDelete_grantedUid_Wifi() throws Exception { 207 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); 208 mKeyStore.password(TEST_PASSWD); 209 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); 210 211 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 212 KeyStore.FLAG_ENCRYPTED)); 213 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 214 assertTrue(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); 215 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 216 } 217 218 public void testDelete_ungrantedUid_Bluetooth() throws Exception { 219 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); 220 mKeyStore.password(TEST_PASSWD); 221 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); 222 223 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 224 KeyStore.FLAG_ENCRYPTED)); 225 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 226 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); 227 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 228 } 229 230 public void testContains() throws Exception { 231 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 232 233 assertTrue(mKeyStore.password(TEST_PASSWD)); 234 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 235 236 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 237 KeyStore.FLAG_ENCRYPTED)); 238 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 239 } 240 241 public void testContains_grantedUid_Wifi() throws Exception { 242 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 243 244 assertTrue(mKeyStore.password(TEST_PASSWD)); 245 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 246 247 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 248 KeyStore.FLAG_ENCRYPTED)); 249 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 250 } 251 252 public void testContains_grantedUid_Bluetooth() throws Exception { 253 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 254 255 assertTrue(mKeyStore.password(TEST_PASSWD)); 256 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 257 258 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 259 KeyStore.FLAG_ENCRYPTED)); 260 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 261 } 262 263 public void testSaw() throws Exception { 264 String[] emptyResult = mKeyStore.saw(TEST_KEYNAME); 265 assertNotNull(emptyResult); 266 assertEquals(0, emptyResult.length); 267 268 mKeyStore.password(TEST_PASSWD); 269 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 270 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 271 272 String[] results = mKeyStore.saw(TEST_KEYNAME); 273 assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), 274 TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), 275 new HashSet(Arrays.asList(results))); 276 } 277 278 public void testSaw_ungrantedUid_Bluetooth() throws Exception { 279 String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); 280 assertNull(results1); 281 282 mKeyStore.password(TEST_PASSWD); 283 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 284 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 285 286 String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); 287 assertNull(results2); 288 } 289 290 public void testSaw_grantedUid_Wifi() throws Exception { 291 String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); 292 assertNotNull(results1); 293 assertEquals(0, results1.length); 294 295 mKeyStore.password(TEST_PASSWD); 296 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); 297 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); 298 299 String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); 300 assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), 301 TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), 302 new HashSet(Arrays.asList(results2))); 303 } 304 305 public void testSaw_grantedUid_Vpn() throws Exception { 306 String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); 307 assertNotNull(results1); 308 assertEquals(0, results1.length); 309 310 mKeyStore.password(TEST_PASSWD); 311 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); 312 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); 313 314 String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); 315 assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), 316 TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), 317 new HashSet(Arrays.asList(results2))); 318 } 319 320 public void testLock() throws Exception { 321 assertFalse(mKeyStore.lock()); 322 323 mKeyStore.password(TEST_PASSWD); 324 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 325 326 assertTrue(mKeyStore.lock()); 327 assertEquals(KeyStore.State.LOCKED, mKeyStore.state()); 328 } 329 330 public void testUnlock() throws Exception { 331 mKeyStore.password(TEST_PASSWD); 332 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 333 mKeyStore.lock(); 334 335 assertFalse(mKeyStore.unlock(TEST_PASSWD2)); 336 assertTrue(mKeyStore.unlock(TEST_PASSWD)); 337 } 338 339 public void testIsEmpty() throws Exception { 340 assertTrue(mKeyStore.isEmpty()); 341 mKeyStore.password(TEST_PASSWD); 342 assertTrue(mKeyStore.isEmpty()); 343 mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 344 assertFalse(mKeyStore.isEmpty()); 345 mKeyStore.reset(); 346 assertTrue(mKeyStore.isEmpty()); 347 } 348 349 public void testGenerate_NotInitialized_Fail() throws Exception { 350 assertFalse("Should fail when keystore is not initialized", 351 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 352 1024, KeyStore.FLAG_ENCRYPTED, null)); 353 } 354 355 public void testGenerate_Locked_Fail() throws Exception { 356 mKeyStore.password(TEST_PASSWD); 357 mKeyStore.lock(); 358 assertFalse("Should fail when keystore is locked", 359 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 360 1024, KeyStore.FLAG_ENCRYPTED, null)); 361 } 362 363 public void testGenerate_Success() throws Exception { 364 assertTrue(mKeyStore.password(TEST_PASSWD)); 365 366 assertTrue("Should be able to generate key when unlocked", 367 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 368 1024, KeyStore.FLAG_ENCRYPTED, null)); 369 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 370 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 371 } 372 373 public void testGenerate_grantedUid_Wifi_Success() throws Exception { 374 assertTrue(mKeyStore.password(TEST_PASSWD)); 375 376 assertTrue("Should be able to generate key when unlocked", 377 mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, NativeCrypto.EVP_PKEY_RSA, 378 1024, KeyStore.FLAG_ENCRYPTED, null)); 379 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 380 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 381 } 382 383 public void testGenerate_ungrantedUid_Bluetooth_Failure() throws Exception { 384 assertTrue(mKeyStore.password(TEST_PASSWD)); 385 386 assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID, 387 NativeCrypto.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null)); 388 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 389 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 390 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 391 } 392 393 public void testImport_Success() throws Exception { 394 assertTrue(mKeyStore.password(TEST_PASSWD)); 395 396 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 397 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 398 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 399 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 400 } 401 402 public void testImport_grantedUid_Wifi_Success() throws Exception { 403 assertTrue(mKeyStore.password(TEST_PASSWD)); 404 405 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 406 PRIVKEY_BYTES, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED)); 407 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 408 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 409 } 410 411 public void testImport_ungrantedUid_Bluetooth_Failure() throws Exception { 412 assertTrue(mKeyStore.password(TEST_PASSWD)); 413 414 assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID, 415 KeyStore.FLAG_ENCRYPTED)); 416 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 417 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 418 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 419 } 420 421 public void testImport_Failure_BadEncoding() throws Exception { 422 mKeyStore.password(TEST_PASSWD); 423 424 assertFalse("Invalid DER-encoded key should not be imported", mKeyStore.importKey( 425 TEST_KEYNAME, TEST_DATA, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 426 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 427 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 428 } 429 430 public void testSign_Success() throws Exception { 431 mKeyStore.password(TEST_PASSWD); 432 433 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 434 1024, KeyStore.FLAG_ENCRYPTED, null)); 435 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 436 final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); 437 438 assertNotNull("Signature should not be null", signature); 439 } 440 441 public void testVerify_Success() throws Exception { 442 mKeyStore.password(TEST_PASSWD); 443 444 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 445 1024, KeyStore.FLAG_ENCRYPTED, null)); 446 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 447 final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); 448 449 assertNotNull("Signature should not be null", signature); 450 451 assertTrue("Signature should verify with same data", 452 mKeyStore.verify(TEST_KEYNAME, TEST_DATA, signature)); 453 } 454 455 public void testSign_NotInitialized_Failure() throws Exception { 456 assertNull("Should not be able to sign without first initializing the keystore", 457 mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); 458 } 459 460 public void testSign_NotGenerated_Failure() throws Exception { 461 mKeyStore.password(TEST_PASSWD); 462 463 assertNull("Should not be able to sign without first generating keys", 464 mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); 465 } 466 467 public void testGrant_Generated_Success() throws Exception { 468 assertTrue("Password should work for keystore", 469 mKeyStore.password(TEST_PASSWD)); 470 471 assertTrue("Should be able to generate key for testcase", 472 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 473 1024, KeyStore.FLAG_ENCRYPTED, null)); 474 475 assertTrue("Should be able to grant key to other user", 476 mKeyStore.grant(TEST_KEYNAME, 0)); 477 } 478 479 public void testGrant_Imported_Success() throws Exception { 480 assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD)); 481 482 assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, 483 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 484 485 assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); 486 } 487 488 public void testGrant_NoKey_Failure() throws Exception { 489 assertTrue("Should be able to unlock keystore for test", 490 mKeyStore.password(TEST_PASSWD)); 491 492 assertFalse("Should not be able to grant without first initializing the keystore", 493 mKeyStore.grant(TEST_KEYNAME, 0)); 494 } 495 496 public void testGrant_NotInitialized_Failure() throws Exception { 497 assertFalse("Should not be able to grant without first initializing the keystore", 498 mKeyStore.grant(TEST_KEYNAME, 0)); 499 } 500 501 public void testUngrant_Generated_Success() throws Exception { 502 assertTrue("Password should work for keystore", 503 mKeyStore.password(TEST_PASSWD)); 504 505 assertTrue("Should be able to generate key for testcase", 506 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 507 1024, KeyStore.FLAG_ENCRYPTED, null)); 508 509 assertTrue("Should be able to grant key to other user", 510 mKeyStore.grant(TEST_KEYNAME, 0)); 511 512 assertTrue("Should be able to ungrant key to other user", 513 mKeyStore.ungrant(TEST_KEYNAME, 0)); 514 } 515 516 public void testUngrant_Imported_Success() throws Exception { 517 assertTrue("Password should work for keystore", 518 mKeyStore.password(TEST_PASSWD)); 519 520 assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, 521 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 522 523 assertTrue("Should be able to grant key to other user", 524 mKeyStore.grant(TEST_KEYNAME, 0)); 525 526 assertTrue("Should be able to ungrant key to other user", 527 mKeyStore.ungrant(TEST_KEYNAME, 0)); 528 } 529 530 public void testUngrant_NotInitialized_Failure() throws Exception { 531 assertFalse("Should fail to ungrant key when keystore not initialized", 532 mKeyStore.ungrant(TEST_KEYNAME, 0)); 533 } 534 535 public void testUngrant_NoGrant_Failure() throws Exception { 536 assertTrue("Password should work for keystore", 537 mKeyStore.password(TEST_PASSWD)); 538 539 assertTrue("Should be able to generate key for testcase", 540 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 541 1024, KeyStore.FLAG_ENCRYPTED, null)); 542 543 assertFalse("Should not be able to revoke not existent grant", 544 mKeyStore.ungrant(TEST_KEYNAME, 0)); 545 } 546 547 public void testUngrant_DoubleUngrant_Failure() throws Exception { 548 assertTrue("Password should work for keystore", 549 mKeyStore.password(TEST_PASSWD)); 550 551 assertTrue("Should be able to generate key for testcase", 552 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 553 1024, KeyStore.FLAG_ENCRYPTED, null)); 554 555 assertTrue("Should be able to grant key to other user", 556 mKeyStore.grant(TEST_KEYNAME, 0)); 557 558 assertTrue("Should be able to ungrant key to other user", 559 mKeyStore.ungrant(TEST_KEYNAME, 0)); 560 561 assertFalse("Should fail to ungrant key to other user second time", 562 mKeyStore.ungrant(TEST_KEYNAME, 0)); 563 } 564 565 public void testUngrant_DoubleGrantUngrant_Failure() throws Exception { 566 assertTrue("Password should work for keystore", 567 mKeyStore.password(TEST_PASSWD)); 568 569 assertTrue("Should be able to generate key for testcase", 570 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 571 1024, KeyStore.FLAG_ENCRYPTED, null)); 572 573 assertTrue("Should be able to grant key to other user", 574 mKeyStore.grant(TEST_KEYNAME, 0)); 575 576 assertTrue("Should be able to grant key to other user a second time", 577 mKeyStore.grant(TEST_KEYNAME, 0)); 578 579 assertTrue("Should be able to ungrant key to other user", 580 mKeyStore.ungrant(TEST_KEYNAME, 0)); 581 582 assertFalse("Should fail to ungrant key to other user second time", 583 mKeyStore.ungrant(TEST_KEYNAME, 0)); 584 } 585 586 public void testDuplicate_grantedUid_Wifi_Success() throws Exception { 587 assertTrue(mKeyStore.password(TEST_PASSWD)); 588 589 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 590 591 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 592 1024, KeyStore.FLAG_ENCRYPTED, null)); 593 594 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 595 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 596 597 // source doesn't exist 598 assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, -1, TEST_KEYNAME1, Process.WIFI_UID)); 599 assertFalse(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); 600 601 // Copy from current UID to granted UID 602 assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); 603 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 604 assertFalse(mKeyStore.contains(TEST_KEYNAME1)); 605 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 606 assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); 607 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); 608 609 // Copy from granted UID to same granted UID 610 assertTrue(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, 611 Process.WIFI_UID)); 612 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 613 assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); 614 assertTrue(mKeyStore.contains(TEST_KEYNAME2, Process.WIFI_UID)); 615 assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, 616 Process.WIFI_UID)); 617 618 assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); 619 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 620 assertFalse(mKeyStore.contains(TEST_KEYNAME1)); 621 assertTrue(mKeyStore.contains(TEST_KEYNAME2)); 622 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); 623 } 624 625 public void testDuplicate_ungrantedUid_Bluetooth_Failure() throws Exception { 626 assertTrue(mKeyStore.password(TEST_PASSWD)); 627 628 assertFalse(mKeyStore.contains(TEST_KEYNAME)); 629 630 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 631 1024, KeyStore.FLAG_ENCRYPTED, null)); 632 633 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 634 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 635 636 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, Process.BLUETOOTH_UID)); 637 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, Process.BLUETOOTH_UID, TEST_KEYNAME2, 638 Process.BLUETOOTH_UID)); 639 640 assertTrue(mKeyStore.contains(TEST_KEYNAME)); 641 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 642 } 643 644 /** 645 * The amount of time to allow before and after expected time for variance 646 * in timing tests. 647 */ 648 private static final long SLOP_TIME_MILLIS = 15000L; 649 650 public void testGetmtime_Success() throws Exception { 651 assertTrue("Password should work for keystore", 652 mKeyStore.password(TEST_PASSWD)); 653 654 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 655 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 656 657 long now = System.currentTimeMillis(); 658 long actual = mKeyStore.getmtime(TEST_KEYNAME); 659 660 long expectedAfter = now - SLOP_TIME_MILLIS; 661 long expectedBefore = now + SLOP_TIME_MILLIS; 662 663 assertLessThan("Time should be close to current time", expectedBefore, actual); 664 assertGreaterThan("Time should be close to current time", expectedAfter, actual); 665 } 666 667 private static void assertLessThan(String explanation, long expectedBefore, long actual) { 668 if (actual >= expectedBefore) { 669 throw new AssertionFailedError(explanation + ": actual=" + actual 670 + ", expected before: " + expectedBefore); 671 } 672 } 673 674 private static void assertGreaterThan(String explanation, long expectedAfter, long actual) { 675 if (actual <= expectedAfter) { 676 throw new AssertionFailedError(explanation + ": actual=" + actual 677 + ", expected after: " + expectedAfter); 678 } 679 } 680 681 public void testGetmtime_NonExist_Failure() throws Exception { 682 assertTrue("Password should work for keystore", 683 mKeyStore.password(TEST_PASSWD)); 684 685 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 686 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 687 688 assertEquals("-1 should be returned for non-existent key", 689 -1L, mKeyStore.getmtime(TEST_KEYNAME2)); 690 } 691 } 692
