1 /* 2 * Copyright 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <iostream> 18 19 #include <gtest/gtest.h> 20 21 #include <keymaster/wrapped_key.h> 22 23 #include "android_keymaster_test_utils.h" 24 25 using ::std::cout; 26 using ::std::endl; 27 using ::std::string; 28 29 namespace keymaster { 30 namespace test { 31 32 string test_wrapped_key = hex2str( 33 "3082015E020100048201005930C4FFE73B214575A66FB1DC07FD72F2508488F927926DB8DE8A78D780169FFC79728E" 34 "63BE14280C5481856CB51886BB1FF7D7F0BB73013DAE5386C7F63CD7D12E7FCC9AF89A7A52E68AEBB3CD3C08819FB2" 35 "A1D10EA717FF662D9FCF00194B7D7B75F6A898EF3295454642F697123758FB172EF015B515A2AC791BE35077346503" 36 "7D25B45375B7E00472C5250F7FD9053ECEA62D59EE3734C919A124A1659EF4F031F137DB661C0E846DFEE46C4CC85F" 37 "99B47708ADDEF2B21E1143F59A0EE12E0AB5ADF9E03C26642FC36905F38EE60A9B385FF4785FDF6611B60BD9DB283D" 38 "EDD4481DFCBCCBB51166F475A94898EC759BB9125520304FF82124559D27BE2B040CD796B02C370F1FA4CC0124F130" 39 "13020103300EA1023100A203020120A3030201200420CCD540855F833A5E1480BFD2D36FAF3AEEE15DF5BEABE2691B" 40 "C82DDE2A7AA910041094CD97F58DE55B737B60B3AD127B1C59"); 41 42 string test_tag = hex2str("94CD97F58DE55B737B60B3AD127B1C59"); 43 string test_iv = hex2str("D796B02C370F1FA4CC0124F1"); 44 string test_transit_key = 45 hex2str("78421A8124D7960B4CBFC8F4F16B421B3511A3D29CFB329C3CCD90724FD9E8E440" 46 "F0058F2035645EDAD7BCF62D0ED23D39B049069B2B0F8607F32B084804824A6620" 47 "F2658FC74ECBFCE9533FE220E981EF1E05170988CA5EB42480FCD711B7668140DF" 48 "5DC5D23DCAFC536A971DDB4FD65E5B5F7C01E5C13079CA03C301A28C2463885663" 49 "BD649400113A8AF4FDF0D3A8B1964D48D4B5EF696D6CE4F7EF943966E7CAB4A9EA" 50 "88AD0364E454452D5D5A2EFB57049C5EDDF6AEFB068B4D5A739E5B9ACFB3F0891B" 51 "972B1A1F65167EAC34FD73BDB3D60CE6886293F755A3EA6D6CF216CB00E3A28A05" 52 "9A41818BEFE3A159329A335CF3BA87B65C53D691FC12FF1911"); 53 string test_secure_key = 54 hex2str("CCD540855F833A5E1480BFD2D36FAF3AEEE15DF5BEABE2691BC82DDE2A7AA910"); 55 56 string blob2string(keymaster_blob_t& blob) { 57 string s(reinterpret_cast<const char*>(blob.data), blob.data_length); 58 return s; 59 } 60 61 string keyblob2string(keymaster_key_blob_t& blob) { 62 string s(reinterpret_cast<const char*>(blob.key_material), blob.key_material_size); 63 return s; 64 } 65 66 TEST(WrappedKeyTest, Simple) { 67 68 KeymasterKeyBlob asn1; 69 size_t asn1_len; 70 71 KeymasterBlob iv = {reinterpret_cast<const uint8_t*>(test_iv.c_str()), test_iv.size()}; 72 KeymasterKeyBlob tk = {reinterpret_cast<const uint8_t*>(test_transit_key.c_str()), 73 test_transit_key.size()}; 74 KeymasterKeyBlob secure_key = {reinterpret_cast<const uint8_t*>(test_secure_key.c_str()), 75 test_secure_key.size()}; 76 KeymasterBlob tag = {reinterpret_cast<const uint8_t*>(test_tag.c_str()), test_tag.size()}; 77 AuthorizationSet authorization_list = AuthorizationSetBuilder().AesEncryptionKey(256).build(); 78 79 EXPECT_EQ( 80 build_wrapped_key(tk, iv, KM_KEY_FORMAT_RAW, secure_key, tag, authorization_list, &asn1), 81 KM_ERROR_OK); 82 83 KeymasterBlob iv2; 84 KeymasterBlob tag2; 85 KeymasterBlob wrapped_key_description; 86 KeymasterKeyBlob secure_key2; 87 KeymasterKeyBlob transit_key2; 88 AuthorizationSet auth_list; 89 keymaster_key_format_t key_format; 90 EXPECT_EQ(parse_wrapped_key(asn1, &iv2, &transit_key2, &secure_key2, &tag2, &auth_list, 91 &key_format, &wrapped_key_description), 92 KM_ERROR_OK); 93 94 uint32_t key_size; 95 auth_list.GetTagValue(TAG_KEY_SIZE, &key_size); 96 EXPECT_EQ(key_size, (uint32_t)256); 97 98 keymaster_algorithm_t algorithm; 99 auth_list.GetTagValue(TAG_ALGORITHM, &algorithm); 100 EXPECT_EQ(algorithm, KM_ALGORITHM_AES); 101 102 EXPECT_EQ(key_format, (uint32_t)KM_KEY_FORMAT_RAW); 103 EXPECT_EQ(blob2string(tag2), test_tag); 104 EXPECT_EQ(blob2string(iv2), test_iv); 105 } 106 107 TEST(WrappedKeyTest, Unwrap) { 108 KeymasterKeyBlob wrapped_key = {reinterpret_cast<const uint8_t*>(test_wrapped_key.c_str()), 109 test_wrapped_key.size()}; 110 111 KeymasterKeyBlob secure_key; 112 KeymasterKeyBlob transit_key; 113 KeymasterBlob iv; 114 KeymasterBlob tag; 115 KeymasterBlob wrapped_key_description; 116 AuthorizationSet auth_list; 117 keymaster_key_format_t key_format; 118 EXPECT_EQ(parse_wrapped_key(wrapped_key, &iv, &transit_key, &secure_key, &tag, &auth_list, 119 &key_format, &wrapped_key_description), 120 KM_ERROR_OK); 121 122 EXPECT_EQ(blob2string(tag), test_tag); 123 EXPECT_EQ(blob2string(iv), test_iv); 124 EXPECT_EQ(keyblob2string(secure_key), test_secure_key); 125 } 126 127 } // namespace test 128 } // namespace keymaster 129
