1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "keymaster_test" 18#include <utils/Log.h> 19#include <utils/UniquePtr.h> 20 21#include <hardware/keymaster.h> 22 23#include <gtest/gtest.h> 24 25#include <openssl/bn.h> 26#include <openssl/evp.h> 27#include <openssl/x509.h> 28 29#include <fstream> 30#include <iostream> 31 32namespace android { 33 34class UniqueBlob : public UniquePtr<uint8_t[]> { 35public: 36 UniqueBlob(uint8_t* bytes, size_t length) : 37 UniquePtr<uint8_t[]>(bytes), mLength(length) { 38 } 39 40 bool operator==(const UniqueBlob &other) const { 41 if (other.length() != mLength) { 42 return false; 43 } 44 45 const uint8_t* mine = get(); 46 const uint8_t* theirs = other.get(); 47 48 for (size_t i = 0; i < mLength; i++) { 49 if (mine[i] != theirs[i]) { 50 return false; 51 } 52 } 53 54 return true; 55 } 56 57 size_t length() const { 58 return mLength; 59 } 60 61 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob); 62 63private: 64 size_t mLength; 65}; 66 67std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) { 68 const size_t length = blob.mLength; 69 stream << "Blob length=" << length << " < "; 70 71 const uint8_t* data = blob.get(); 72 for (size_t i = 0; i < length; i++) { 73 stream << std::hex << std::setw(2) << std::setfill('0') 74 << static_cast<unsigned int>(data[i]) << ' '; 75 } 76 stream << '>' << std::endl; 77 78 return stream; 79} 80 81class UniqueKey : public UniqueBlob { 82public: 83 UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) : 84 UniqueBlob(bytes, length), mDevice(dev) { 85 } 86 87 ~UniqueKey() { 88 if (mDevice != NULL && *mDevice != NULL) { 89 keymaster_device_t* dev = *mDevice; 90 if (dev->delete_keypair != NULL) { 91 dev->delete_keypair(dev, get(), length()); 92 } 93 } 94 } 95 96private: 97 keymaster_device_t** mDevice; 98}; 99 100struct BIGNUM_Delete { 101 void operator()(BIGNUM* p) const { 102 BN_free(p); 103 } 104}; 105typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 106 107struct EVP_PKEY_Delete { 108 void operator()(EVP_PKEY* p) const { 109 EVP_PKEY_free(p); 110 } 111}; 112typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 113 114struct PKCS8_PRIV_KEY_INFO_Delete { 115 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 116 PKCS8_PRIV_KEY_INFO_free(p); 117 } 118}; 119typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 120 121struct RSA_Delete { 122 void operator()(RSA* p) const { 123 RSA_free(p); 124 } 125}; 126typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; 127 128/* 129 * DER-encoded PKCS#8 format RSA key. Generated using: 130 * 131 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 132 */ 133static uint8_t TEST_KEY_1[] = { 134 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 135 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 136 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 137 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27, 138 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55, 139 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0, 140 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A, 141 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13, 142 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8, 143 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A, 144 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77, 145 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10, 146 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D, 147 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7, 148 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64, 149 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6, 150 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC, 151 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9, 152 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A, 153 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F, 154 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28, 155 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC, 156 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD, 157 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78, 158 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 159 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC, 160 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA, 161 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF, 162 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F, 163 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26, 164 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07, 165 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77, 166 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D, 167 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75, 168 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF, 169 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12, 170 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34, 171 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48, 172 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98, 173 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43, 174 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC, 175 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75, 176 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57, 177 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21, 178 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68, 179 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81, 180 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA, 181 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27, 182 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12, 183 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89, 184 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B, 185 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D, 186 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50, 187 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7, 188 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95, 189 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12, 190 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E, 191 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC, 192 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63, 193 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33, 194 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44, 195 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32, 196 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4, 197 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5, 198 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0, 199 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E, 200 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83, 201 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C, 202 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4, 203 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42, 204 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14, 205 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8, 206 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C, 207 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6, 208 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67, 209 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B, 210 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D, 211 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B, 212 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62, 213 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91, 214 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1, 215 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40, 216 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64, 217 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E, 218 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72, 219 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F, 220 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11, 221 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE, 222 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9, 223 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71, 224 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B, 225 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46, 226 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13, 227 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E, 228 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61, 229 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2, 230 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63, 231 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82, 232 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED, 233 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9, 234 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2, 235 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5, 236}; 237 238/* 239 * Generated using keys on the keyboard and lack of imagination. 240 */ 241static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF }; 242 243 244class KeymasterBaseTest : public ::testing::Test { 245public: 246 static void SetUpTestCase() { 247 const hw_module_t* mod; 248 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod)) 249 << "Should be able to find a keymaster hardware module"; 250 251 std::cout << "Using keymaster module: " << mod->name << std::endl; 252 253 ASSERT_EQ(0, keymaster_open(mod, &sDevice)) 254 << "Should be able to open the keymaster device"; 255 256 ASSERT_TRUE(sDevice->generate_keypair != NULL) 257 << "Should implement generate_keypair"; 258 259 ASSERT_TRUE(sDevice->import_keypair != NULL) 260 << "Should implement import_keypair"; 261 262 ASSERT_TRUE(sDevice->get_keypair_public != NULL) 263 << "Should implement get_keypair_public"; 264 265 ASSERT_TRUE(sDevice->sign_data != NULL) 266 << "Should implement sign_data"; 267 268 ASSERT_TRUE(sDevice->verify_data != NULL) 269 << "Should implement verify_data"; 270 } 271 272 static void TearDownTestCase() { 273 ASSERT_EQ(0, keymaster_close(sDevice)); 274 } 275 276protected: 277 static keymaster_device_t* sDevice; 278}; 279 280keymaster_device_t* KeymasterBaseTest::sDevice = NULL; 281 282class KeymasterTest : public KeymasterBaseTest { 283}; 284 285class KeymasterGenerateTest : public KeymasterBaseTest, 286 public ::testing::WithParamInterface<uint32_t> { 287}; 288 289TEST_P(KeymasterGenerateTest, GenerateKeyPair_RSA_Success) { 290 keymaster_keypair_t key_type = TYPE_RSA; 291 keymaster_rsa_keygen_params_t params = { 292 modulus_size: GetParam(), 293 public_exponent: RSA_F4, 294 }; 295 296 uint8_t* key_blob; 297 size_t key_blob_length; 298 299 EXPECT_EQ(0, 300 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 301 << "Should generate an RSA key with 512 bit modulus size"; 302 UniqueKey key(&sDevice, key_blob, key_blob_length); 303 304 uint8_t* x509_data = NULL; 305 size_t x509_data_length; 306 EXPECT_EQ(0, 307 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 308 &x509_data, &x509_data_length)) 309 << "Should be able to retrieve RSA public key successfully"; 310 UniqueBlob x509_blob(x509_data, x509_data_length); 311 ASSERT_FALSE(x509_blob.get() == NULL) 312 << "X509 data should be allocated"; 313 314 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 315 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 316 static_cast<long>(x509_blob.length()))); 317 318 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type)) 319 << "Generated key type should be of type RSA"; 320 321 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get())); 322 ASSERT_FALSE(rsa.get() == NULL) 323 << "Should be able to extract RSA key from EVP_PKEY"; 324 325 EXPECT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e)) 326 << "Exponent should be RSA_F4"; 327 328 EXPECT_EQ(GetParam() / 8, static_cast<uint32_t>(RSA_size(rsa.get()))) 329 << "Modulus size should be the specified parameter"; 330} 331 332INSTANTIATE_TEST_CASE_P(RSA, 333 KeymasterGenerateTest, 334 ::testing::Values(512, 1024, 2048)); 335 336TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) { 337 keymaster_keypair_t key_type = TYPE_RSA; 338 339 uint8_t* key_blob; 340 size_t key_blob_length; 341 342 EXPECT_EQ(-1, 343 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 344 << "Should not be able to generate an RSA key with null params"; 345} 346 347TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) { 348 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF); 349 350 uint8_t* key_blob; 351 size_t key_blob_length; 352 353 EXPECT_EQ(-1, 354 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 355 << "Should not generate an unknown key type"; 356} 357 358TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) { 359 uint8_t* key_blob; 360 size_t key_blob_length; 361 362 EXPECT_EQ(0, 363 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 364 &key_blob, &key_blob_length)) 365 << "Should successfully import an RSA key"; 366 UniqueKey key(&sDevice, key_blob, key_blob_length); 367 368 uint8_t* x509_data; 369 size_t x509_data_length; 370 EXPECT_EQ(0, 371 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 372 &x509_data, &x509_data_length)) 373 << "Should be able to retrieve RSA public key successfully"; 374 UniqueBlob x509_blob(x509_data, x509_data_length); 375 376 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 377 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 378 static_cast<long>(x509_blob.length()))); 379 380 EXPECT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA) 381 << "Generated key type should be of type RSA"; 382 383 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_KEY_1); 384 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 385 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 386 sizeof(TEST_KEY_1))); 387 388 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 389 390 EXPECT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 391 << "Expected and actual keys should match"; 392} 393 394TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) { 395 uint8_t* key_blob; 396 size_t key_blob_length; 397 398 EXPECT_EQ(-1, 399 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1), 400 &key_blob, &key_blob_length)) 401 << "Should not import an unknown key type"; 402} 403 404TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) { 405 uint8_t* key_blob; 406 size_t key_blob_length; 407 408 EXPECT_EQ(-1, 409 sDevice->import_keypair(sDevice, NULL, 0, 410 &key_blob, &key_blob_length)) 411 << "Should not import a null key"; 412} 413 414TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) { 415 uint8_t* key_blob; 416 size_t key_blob_length; 417 418 ASSERT_EQ(0, 419 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 420 &key_blob, &key_blob_length)) 421 << "Should successfully import an RSA key"; 422 UniqueKey key(&sDevice, key_blob, key_blob_length); 423 424 uint8_t* x509_data; 425 size_t x509_data_length; 426 EXPECT_EQ(0, 427 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 428 &x509_data, &x509_data_length)) 429 << "Should be able to retrieve RSA public key successfully"; 430 UniqueBlob x509_blob(x509_data, x509_data_length); 431} 432 433TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullKey_Failure) { 434 uint8_t* key_blob; 435 size_t key_blob_length; 436 437 uint8_t* x509_data = NULL; 438 size_t x509_data_length; 439 EXPECT_EQ(-1, 440 sDevice->get_keypair_public(sDevice, NULL, 0, 441 &x509_data, &x509_data_length)) 442 << "Should not be able to retrieve RSA public key from null key"; 443 UniqueBlob x509_blob(x509_data, x509_data_length); 444} 445 446TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) { 447 uint8_t* key_blob; 448 size_t key_blob_length; 449 450 ASSERT_EQ(0, 451 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 452 &key_blob, &key_blob_length)) 453 << "Should successfully import an RSA key"; 454 UniqueKey key(&sDevice, key_blob, key_blob_length); 455 456 EXPECT_EQ(-1, 457 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 458 NULL, NULL)) 459 << "Should not be able to succeed with NULL destination blob"; 460} 461 462TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) { 463 uint8_t* key_blob; 464 size_t key_blob_length; 465 466 EXPECT_EQ(0, 467 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 468 &key_blob, &key_blob_length)) 469 << "Should successfully import an RSA key"; 470 UniqueKey key(&sDevice, key_blob, key_blob_length); 471} 472 473TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) { 474 uint8_t* key_blob; 475 size_t key_blob_length; 476 477 /* 478 * This is only run if the module indicates it implements key deletion 479 * by implementing delete_keypair. 480 */ 481 if (sDevice->delete_keypair != NULL) { 482 ASSERT_EQ(0, 483 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 484 &key_blob, &key_blob_length)) 485 << "Should successfully import an RSA key"; 486 UniqueBlob blob(key_blob, key_blob_length); 487 488 EXPECT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 489 << "Should delete key after import"; 490 491 EXPECT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 492 << "Should not be able to delete key twice"; 493 } 494} 495 496TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) { 497 /* 498 * This is only run if the module indicates it implements key deletion 499 * by implementing delete_keypair. 500 */ 501 if (sDevice->delete_keypair != NULL) { 502 EXPECT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0)) 503 << "Should not be able to delete null key"; 504 } 505} 506 507/* 508 * DER-encoded PKCS#8 format RSA key. Generated using: 509 * 510 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 511 */ 512static uint8_t TEST_SIGN_KEY_1[] = { 513 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 514 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 515 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 516 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5, 517 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9, 518 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78, 519 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED, 520 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D, 521 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 522 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2, 523 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E, 524 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55, 525 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B, 526 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E, 527 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64, 528 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6, 529 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C, 530 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5, 531 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA, 532 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83, 533 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43, 534 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6, 535 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60, 536 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A, 537 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20, 538 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9, 539 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B, 540 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80, 541 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A, 542}; 543 544/* 545 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying 546 * the signature below in no padding mode: 547 * 548 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig 549 */ 550static uint8_t TEST_SIGN_DATA_1[] = { 551 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 552 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 553 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 554 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 555 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77, 556 0x6F, 0x72, 0x6C, 0x64, 557}; 558 559/* 560 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_KEY_1. Generated using: 561 * 562 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1 563 */ 564static uint8_t TEST_SIGN_SIGNATURE_1[] = { 565 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 566 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 567 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 568 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 569 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 570 0x79, 0xE4, 0x91, 0x40, 571}; 572 573/* 574 * Identical to TEST_SIGN_SIGNATURE_1 except the last octet is '1' instead of '0' 575 * This should fail any test. 576 */ 577static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = { 578 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 579 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 580 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 581 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 582 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 583 0x79, 0xE4, 0x91, 0x41, 584}; 585 586TEST_F(KeymasterTest, SignData_RSA_Raw_Success) { 587 uint8_t* key_blob; 588 size_t key_blob_length; 589 590 ASSERT_EQ(0, 591 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 592 &key_blob, &key_blob_length)) 593 << "Should successfully import an RSA key"; 594 UniqueKey key(&sDevice, key_blob, key_blob_length); 595 596 keymaster_rsa_sign_params_t params = { 597 digest_type: DIGEST_NONE, 598 padding_type: PADDING_NONE, 599 }; 600 601 uint8_t* sig; 602 size_t sig_length; 603 604 EXPECT_EQ(0, 605 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 606 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 607 &sig, &sig_length)) 608 << "Should sign data successfully"; 609 UniqueBlob sig_blob(sig, sig_length); 610 611 UniqueBlob expected_sig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)); 612 613 EXPECT_EQ(expected_sig, sig_blob) 614 << "Generated signature should match expected signature"; 615 616 // The expected signature is actually stack data, so don't let it try to free. 617 uint8_t* unused __attribute__((unused)) = expected_sig.release(); 618} 619 620TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) { 621 uint8_t* key_blob; 622 size_t key_blob_length; 623 624 ASSERT_EQ(0, 625 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 626 &key_blob, &key_blob_length)) 627 << "Should successfully import an RSA key"; 628 UniqueKey key(&sDevice, key_blob, key_blob_length); 629 630 keymaster_rsa_sign_params_t params = { 631 digest_type: DIGEST_NONE, 632 padding_type: PADDING_NONE, 633 }; 634 635 uint8_t* sig; 636 size_t sig_length; 637 638 EXPECT_EQ(-1, 639 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 640 TEST_KEY_1, sizeof(TEST_KEY_1), 641 &sig, &sig_length)) 642 << "Should not be able to do raw signature on incorrect size data"; 643} 644 645TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) { 646 keymaster_rsa_sign_params_t params = { 647 digest_type: DIGEST_NONE, 648 padding_type: PADDING_NONE, 649 }; 650 651 uint8_t* sig; 652 size_t sig_length; 653 654 EXPECT_EQ(-1, 655 sDevice->sign_data(sDevice, ¶ms, NULL, 0, 656 TEST_KEY_1, sizeof(TEST_KEY_1), 657 &sig, &sig_length)) 658 << "Should not be able to do raw signature on incorrect size data"; 659} 660 661TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) { 662 uint8_t* key_blob; 663 size_t key_blob_length; 664 665 ASSERT_EQ(0, 666 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 667 &key_blob, &key_blob_length)) 668 << "Should successfully import an RSA key"; 669 UniqueKey key(&sDevice, key_blob, key_blob_length); 670 671 keymaster_rsa_sign_params_t params = { 672 digest_type: DIGEST_NONE, 673 padding_type: PADDING_NONE, 674 }; 675 676 uint8_t* sig; 677 size_t sig_length; 678 679 EXPECT_EQ(-1, 680 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 681 NULL, 0, 682 &sig, &sig_length)) 683 << "Should error when input data is null"; 684} 685 686TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) { 687 uint8_t* key_blob; 688 size_t key_blob_length; 689 690 ASSERT_EQ(0, 691 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 692 &key_blob, &key_blob_length)) 693 << "Should successfully import an RSA key"; 694 UniqueKey key(&sDevice, key_blob, key_blob_length); 695 696 keymaster_rsa_sign_params_t params = { 697 digest_type: DIGEST_NONE, 698 padding_type: PADDING_NONE, 699 }; 700 701 uint8_t* sig; 702 size_t sig_length; 703 704 EXPECT_EQ(-1, 705 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 706 TEST_KEY_1, sizeof(TEST_KEY_1), 707 NULL, NULL)) 708 << "Should error when output is null"; 709} 710 711TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) { 712 uint8_t* key_blob; 713 size_t key_blob_length; 714 715 ASSERT_EQ(0, 716 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 717 &key_blob, &key_blob_length)) 718 << "Should successfully import an RSA key"; 719 UniqueKey key(&sDevice, key_blob, key_blob_length); 720 721 keymaster_rsa_sign_params_t params = { 722 digest_type: DIGEST_NONE, 723 padding_type: PADDING_NONE, 724 }; 725 726 EXPECT_EQ(0, 727 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 728 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 729 TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1))) 730 << "Should verify data successfully"; 731} 732 733TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) { 734 uint8_t* key_blob; 735 size_t key_blob_length; 736 737 ASSERT_EQ(0, 738 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 739 &key_blob, &key_blob_length)) 740 << "Should successfully import an RSA key"; 741 UniqueKey key(&sDevice, key_blob, key_blob_length); 742 743 keymaster_rsa_sign_params_t params = { 744 digest_type: DIGEST_NONE, 745 padding_type: PADDING_NONE, 746 }; 747 748 EXPECT_EQ(-1, 749 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 750 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 751 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 752 << "Should sign data successfully"; 753} 754 755TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) { 756 keymaster_rsa_sign_params_t params = { 757 digest_type: DIGEST_NONE, 758 padding_type: PADDING_NONE, 759 }; 760 761 EXPECT_EQ(-1, 762 sDevice->verify_data(sDevice, ¶ms, NULL, 0, 763 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 764 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 765 << "Should fail when key is null"; 766} 767 768TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) { 769 uint8_t* key_blob; 770 size_t key_blob_length; 771 772 ASSERT_EQ(0, 773 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 774 &key_blob, &key_blob_length)) 775 << "Should successfully import an RSA key"; 776 UniqueKey key(&sDevice, key_blob, key_blob_length); 777 778 keymaster_rsa_sign_params_t params = { 779 digest_type: DIGEST_NONE, 780 padding_type: PADDING_NONE, 781 }; 782 783 EXPECT_EQ(-1, 784 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 785 NULL, 0, 786 TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1))) 787 << "Should fail on null input"; 788} 789 790TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) { 791 uint8_t* key_blob; 792 size_t key_blob_length; 793 794 ASSERT_EQ(0, 795 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 796 &key_blob, &key_blob_length)) 797 << "Should successfully import an RSA key"; 798 UniqueKey key(&sDevice, key_blob, key_blob_length); 799 800 keymaster_rsa_sign_params_t params = { 801 digest_type: DIGEST_NONE, 802 padding_type: PADDING_NONE, 803 }; 804 805 EXPECT_EQ(-1, 806 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(), 807 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 808 NULL, 0)) 809 << "Should fail on null signature"; 810} 811 812TEST_F(KeymasterTest, EraseAll_Success) { 813 uint8_t *key1_blob, *key2_blob; 814 size_t key1_blob_length, key2_blob_length; 815 816 // Only test this if the device says it supports delete_all 817 if (sDevice->delete_all == NULL) { 818 return; 819 } 820 821 ASSERT_EQ(0, 822 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 823 &key1_blob, &key1_blob_length)) 824 << "Should successfully import an RSA key"; 825 UniqueKey key1(&sDevice, key1_blob, key1_blob_length); 826 827 ASSERT_EQ(0, 828 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 829 &key2_blob, &key2_blob_length)) 830 << "Should successfully import an RSA key"; 831 UniqueKey key2(&sDevice, key2_blob, key2_blob_length); 832 833 EXPECT_EQ(0, sDevice->delete_all(sDevice)) 834 << "Should erase all keys"; 835 836 key1.reset(); 837 838 uint8_t* x509_data; 839 size_t x509_data_length; 840 ASSERT_EQ(-1, 841 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length, 842 &x509_data, &x509_data_length)) 843 << "Should be able to retrieve RSA public key 1 successfully"; 844 845 ASSERT_EQ(-1, 846 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length, 847 &x509_data, &x509_data_length)) 848 << "Should be able to retrieve RSA public key 2 successfully"; 849} 850 851} 852