keymaster_test.cpp revision 4fd0db7cd15dc01d27d928feb5c7122c908fc70c
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "keymaster_test" 18#include <utils/Log.h> 19 20#include <hardware/keymaster.h> 21 22#include <gtest/gtest.h> 23 24#include <fstream> 25#include <iostream> 26#include <UniquePtr.h> 27 28namespace android { 29 30class UniqueBlob : public UniquePtr<uint8_t[]> { 31public: 32 UniqueBlob(uint8_t* bytes, size_t length) : 33 UniquePtr<uint8_t[]>(bytes), mLength(length) { 34 } 35 36 bool operator==(const UniqueBlob &other) const { 37 if (other.length() != mLength) { 38 return false; 39 } 40 41 const uint8_t* mine = get(); 42 const uint8_t* theirs = other.get(); 43 44 for (size_t i = 0; i < mLength; i++) { 45 if (mine[i] != theirs[i]) { 46 return false; 47 } 48 } 49 50 return true; 51 } 52 53 size_t length() const { 54 return mLength; 55 } 56 57 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob); 58 59private: 60 size_t mLength; 61}; 62 63std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) { 64 const size_t length = blob.mLength; 65 stream << "Blob length=" << length << " < "; 66 67 const uint8_t* data = blob.get(); 68 for (size_t i = 0; i < length; i++) { 69 stream << std::hex << std::setw(2) << std::setfill('0') 70 << static_cast<unsigned int>(data[i]) << ' '; 71 } 72 stream << '>' << std::endl; 73 74 return stream; 75} 76 77class UniqueKey : public UniqueBlob { 78public: 79 UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) : 80 UniqueBlob(bytes, length), mDevice(dev) { 81 } 82 83 ~UniqueKey() { 84 if (mDevice != NULL && *mDevice != NULL) { 85 keymaster_device_t* dev = *mDevice; 86 if (dev->delete_keypair != NULL) { 87 dev->delete_keypair(dev, get(), length()); 88 } 89 } 90 } 91 92private: 93 keymaster_device_t** mDevice; 94}; 95 96/* 97 * DER-encoded PKCS#8 format RSA key. Generated using: 98 * 99 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 100 */ 101static uint8_t TEST_KEY_1[] = { 102 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 103 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 104 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 105 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27, 106 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55, 107 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0, 108 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A, 109 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13, 110 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8, 111 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A, 112 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77, 113 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10, 114 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D, 115 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7, 116 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64, 117 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6, 118 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC, 119 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9, 120 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A, 121 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F, 122 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28, 123 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC, 124 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD, 125 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78, 126 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 127 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC, 128 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA, 129 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF, 130 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F, 131 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26, 132 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07, 133 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77, 134 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D, 135 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75, 136 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF, 137 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12, 138 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34, 139 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48, 140 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98, 141 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43, 142 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC, 143 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75, 144 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57, 145 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21, 146 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68, 147 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81, 148 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA, 149 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27, 150 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12, 151 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89, 152 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B, 153 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D, 154 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50, 155 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7, 156 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95, 157 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12, 158 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E, 159 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC, 160 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63, 161 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33, 162 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44, 163 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32, 164 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4, 165 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5, 166 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0, 167 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E, 168 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83, 169 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C, 170 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4, 171 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42, 172 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14, 173 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8, 174 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C, 175 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6, 176 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67, 177 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B, 178 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D, 179 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B, 180 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62, 181 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91, 182 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1, 183 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40, 184 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64, 185 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E, 186 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72, 187 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F, 188 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11, 189 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE, 190 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9, 191 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71, 192 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B, 193 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46, 194 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13, 195 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E, 196 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61, 197 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2, 198 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63, 199 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82, 200 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED, 201 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9, 202 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2, 203 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5, 204}; 205 206/* 207 * Generated using keys on the keyboard and lack of imagination. 208 */ 209static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF }; 210 211 212class KeymasterTest : public testing::Test { 213protected: 214 static void SetUpTestCase() { 215 const hw_module_t* mod; 216 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod)) 217 << "Should be able to find a keymaster hardware module"; 218 219 std::cout << "Using keymaster module: " << mod->name << std::endl; 220 221 ASSERT_EQ(0, keymaster_open(mod, &sDevice)) 222 << "Should be able to open the keymaster device"; 223 224 ASSERT_TRUE(sDevice->generate_keypair != NULL) 225 << "Should implement generate_keypair"; 226 227 ASSERT_TRUE(sDevice->import_keypair != NULL) 228 << "Should implement import_keypair"; 229 230 ASSERT_TRUE(sDevice->get_keypair_public != NULL) 231 << "Should implement get_keypair_public"; 232 233 ASSERT_TRUE(sDevice->sign_data != NULL) 234 << "Should implement sign_data"; 235 236 ASSERT_TRUE(sDevice->verify_data != NULL) 237 << "Should implement verify_data"; 238 } 239 240 static void TearDownTestCase() { 241 ASSERT_EQ(0, keymaster_close(sDevice)); 242 } 243 244 virtual void SetUp() { 245 } 246 247 virtual void TearDown() { 248 } 249 250 static keymaster_device_t* sDevice; 251}; 252 253keymaster_device_t* KeymasterTest::sDevice = NULL; 254 255TEST_F(KeymasterTest, GenerateKeyPair_RSA_512_Success) { 256 keymaster_keypair_t key_type = TYPE_RSA; 257 keymaster_rsa_keygen_params_t params = { 258 modulus_size: 512, 259 public_exponent: 0x10001L, 260 }; 261 262 uint8_t* key_blob; 263 size_t key_blob_length; 264 265 EXPECT_EQ(0, 266 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 267 << "Should generate an RSA key with 512 bit modulus size"; 268 UniqueKey key(&sDevice, key_blob, key_blob_length); 269} 270 271TEST_F(KeymasterTest, GenerateKeyPair_RSA_1024_Success) { 272 keymaster_keypair_t key_type = TYPE_RSA; 273 keymaster_rsa_keygen_params_t params = { 274 modulus_size: 1024, 275 public_exponent: 0x3L, 276 }; 277 278 uint8_t* key_blob; 279 size_t key_blob_length; 280 281 EXPECT_EQ(0, 282 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 283 << "Should generate an RSA key with 2048 bit modulus size"; 284 UniqueKey key(&sDevice, key_blob, key_blob_length); 285} 286 287TEST_F(KeymasterTest, GenerateKeyPair_RSA_2048_Success) { 288 keymaster_keypair_t key_type = TYPE_RSA; 289 keymaster_rsa_keygen_params_t params = { 290 modulus_size: 2048, 291 public_exponent: 0x3L, 292 }; 293 294 uint8_t* key_blob; 295 size_t key_blob_length; 296 297 EXPECT_EQ(0, 298 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 299 << "Should generate an RSA key with 2048 bit modulus size"; 300 UniqueKey key(&sDevice, key_blob, key_blob_length); 301} 302 303TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) { 304 keymaster_keypair_t key_type = TYPE_RSA; 305 306 uint8_t* key_blob; 307 size_t key_blob_length; 308 309 EXPECT_EQ(-1, 310 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 311 << "Should not be able to generate an RSA key with null params"; 312} 313 314TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) { 315 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF); 316 317 uint8_t* key_blob; 318 size_t key_blob_length; 319 320 EXPECT_EQ(-1, 321 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 322 << "Should not generate an unknown key type"; 323} 324 325TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) { 326 uint8_t* key_blob; 327 size_t key_blob_length; 328 329 EXPECT_EQ(0, 330 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 331 &key_blob, &key_blob_length)) 332 << "Should successfully import an RSA key"; 333 UniqueKey key(&sDevice, key_blob, key_blob_length); 334} 335 336TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) { 337 uint8_t* key_blob; 338 size_t key_blob_length; 339 340 EXPECT_EQ(-1, 341 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1), 342 &key_blob, &key_blob_length)) 343 << "Should not import an unknown key type"; 344} 345 346TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) { 347 uint8_t* key_blob; 348 size_t key_blob_length; 349 350 EXPECT_EQ(-1, 351 sDevice->import_keypair(sDevice, NULL, 0, 352 &key_blob, &key_blob_length)) 353 << "Should not import a null key"; 354} 355 356TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) { 357 uint8_t* key_blob; 358 size_t key_blob_length; 359 360 ASSERT_EQ(0, 361 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 362 &key_blob, &key_blob_length)) 363 << "Should successfully import an RSA key"; 364 UniqueKey key(&sDevice, key_blob, key_blob_length); 365 366 uint8_t* x509_data; 367 size_t x509_data_length; 368 EXPECT_EQ(0, 369 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 370 &x509_data, &x509_data_length)) 371 << "Should be able to retrieve RSA public key successfully"; 372 UniqueBlob x509_blob(x509_data, x509_data_length); 373} 374 375TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullKey_Failure) { 376 uint8_t* key_blob; 377 size_t key_blob_length; 378 379 uint8_t* x509_data = NULL; 380 size_t x509_data_length; 381 EXPECT_EQ(-1, 382 sDevice->get_keypair_public(sDevice, NULL, 0, 383 &x509_data, &x509_data_length)) 384 << "Should not be able to retrieve RSA public key from null key"; 385 UniqueBlob x509_blob(x509_data, x509_data_length); 386} 387 388TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) { 389 uint8_t* key_blob; 390 size_t key_blob_length; 391 392 ASSERT_EQ(0, 393 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 394 &key_blob, &key_blob_length)) 395 << "Should successfully import an RSA key"; 396 UniqueKey key(&sDevice, key_blob, key_blob_length); 397 398 EXPECT_EQ(-1, 399 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 400 NULL, NULL)) 401 << "Should not be able to succeed with NULL destination blob"; 402} 403 404TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) { 405 uint8_t* key_blob; 406 size_t key_blob_length; 407 408 EXPECT_EQ(0, 409 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 410 &key_blob, &key_blob_length)) 411 << "Should successfully import an RSA key"; 412 UniqueKey key(&sDevice, key_blob, key_blob_length); 413} 414 415TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) { 416 uint8_t* key_blob; 417 size_t key_blob_length; 418 419 /* 420 * This is only run if the module indicates it implements key deletion 421 * by implementing delete_keypair. 422 */ 423 if (sDevice->delete_keypair != NULL) { 424 ASSERT_EQ(0, 425 sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), 426 &key_blob, &key_blob_length)) 427 << "Should successfully import an RSA key"; 428 UniqueBlob blob(key_blob, key_blob_length); 429 430 EXPECT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 431 << "Should delete key after import"; 432 433 EXPECT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 434 << "Should not be able to delete key twice"; 435 } 436} 437 438TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) { 439 /* 440 * This is only run if the module indicates it implements key deletion 441 * by implementing delete_keypair. 442 */ 443 if (sDevice->delete_keypair != NULL) { 444 EXPECT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0)) 445 << "Should not be able to delete null key"; 446 } 447} 448 449/* 450 * DER-encoded PKCS#8 format RSA key. Generated using: 451 * 452 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 453 */ 454static uint8_t TEST_SIGN_KEY_1[] = { 455 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 456 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 457 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 458 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5, 459 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9, 460 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78, 461 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED, 462 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D, 463 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 464 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2, 465 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E, 466 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55, 467 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B, 468 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E, 469 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64, 470 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6, 471 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C, 472 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5, 473 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA, 474 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83, 475 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43, 476 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6, 477 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60, 478 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A, 479 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20, 480 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9, 481 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B, 482 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80, 483 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A, 484}; 485 486/* 487 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying 488 * the signature below in no padding mode: 489 * 490 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig 491 */ 492static uint8_t TEST_SIGN_DATA_1[] = { 493 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 494 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 495 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 496 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 497 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77, 498 0x6F, 0x72, 0x6C, 0x64, 499}; 500 501/* 502 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_KEY_1. Generated using: 503 * 504 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1 505 */ 506static uint8_t TEST_SIGN_SIGNATURE_1[] = { 507 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 508 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 509 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 510 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 511 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 512 0x79, 0xE4, 0x91, 0x40, 513}; 514 515/* 516 * Identical to TEST_SIGN_SIGNATURE_1 except the last octet is '1' instead of '0' 517 * This should fail any test. 518 */ 519static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = { 520 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 521 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 522 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 523 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 524 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 525 0x79, 0xE4, 0x91, 0x41, 526}; 527 528TEST_F(KeymasterTest, SignData_RSA_Raw_Success) { 529 uint8_t* key_blob; 530 size_t key_blob_length; 531 532 ASSERT_EQ(0, 533 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 534 &key_blob, &key_blob_length)) 535 << "Should successfully import an RSA key"; 536 UniqueKey key(&sDevice, key_blob, key_blob_length); 537 538 keymaster_rsa_sign_params_t params = { 539 digest_type: DIGEST_NONE, 540 padding_type: PADDING_NONE, 541 }; 542 543 uint8_t* sig; 544 size_t sig_length; 545 546 EXPECT_EQ(0, 547 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 548 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 549 &sig, &sig_length)) 550 << "Should sign data successfully"; 551 UniqueBlob sig_blob(sig, sig_length); 552 553 UniqueBlob expected_sig(TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1)); 554 555 EXPECT_EQ(expected_sig, sig_blob) 556 << "Generated signature should match expected signature"; 557 558 // The expected signature is actually stack data, so don't let it try to free. 559 uint8_t* unused __attribute__((unused)) = expected_sig.release(); 560} 561 562TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) { 563 uint8_t* key_blob; 564 size_t key_blob_length; 565 566 ASSERT_EQ(0, 567 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 568 &key_blob, &key_blob_length)) 569 << "Should successfully import an RSA key"; 570 UniqueKey key(&sDevice, key_blob, key_blob_length); 571 572 keymaster_rsa_sign_params_t params = { 573 digest_type: DIGEST_NONE, 574 padding_type: PADDING_NONE, 575 }; 576 577 uint8_t* sig; 578 size_t sig_length; 579 580 EXPECT_EQ(-1, 581 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 582 TEST_KEY_1, sizeof(TEST_KEY_1), 583 &sig, &sig_length)) 584 << "Should not be able to do raw signature on incorrect size data"; 585} 586 587TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) { 588 keymaster_rsa_sign_params_t params = { 589 digest_type: DIGEST_NONE, 590 padding_type: PADDING_NONE, 591 }; 592 593 uint8_t* sig; 594 size_t sig_length; 595 596 EXPECT_EQ(-1, 597 sDevice->sign_data(sDevice, ¶ms, NULL, 0, 598 TEST_KEY_1, sizeof(TEST_KEY_1), 599 &sig, &sig_length)) 600 << "Should not be able to do raw signature on incorrect size data"; 601} 602 603TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) { 604 uint8_t* key_blob; 605 size_t key_blob_length; 606 607 ASSERT_EQ(0, 608 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 609 &key_blob, &key_blob_length)) 610 << "Should successfully import an RSA key"; 611 UniqueKey key(&sDevice, key_blob, key_blob_length); 612 613 keymaster_rsa_sign_params_t params = { 614 digest_type: DIGEST_NONE, 615 padding_type: PADDING_NONE, 616 }; 617 618 uint8_t* sig; 619 size_t sig_length; 620 621 EXPECT_EQ(-1, 622 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 623 NULL, 0, 624 &sig, &sig_length)) 625 << "Should error when input data is null"; 626} 627 628TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) { 629 uint8_t* key_blob; 630 size_t key_blob_length; 631 632 ASSERT_EQ(0, 633 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 634 &key_blob, &key_blob_length)) 635 << "Should successfully import an RSA key"; 636 UniqueKey key(&sDevice, key_blob, key_blob_length); 637 638 keymaster_rsa_sign_params_t params = { 639 digest_type: DIGEST_NONE, 640 padding_type: PADDING_NONE, 641 }; 642 643 uint8_t* sig; 644 size_t sig_length; 645 646 EXPECT_EQ(-1, 647 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 648 TEST_KEY_1, sizeof(TEST_KEY_1), 649 NULL, NULL)) 650 << "Should error when output is null"; 651} 652 653TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) { 654 uint8_t* key_blob; 655 size_t key_blob_length; 656 657 ASSERT_EQ(0, 658 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 659 &key_blob, &key_blob_length)) 660 << "Should successfully import an RSA key"; 661 UniqueKey key(&sDevice, key_blob, key_blob_length); 662 663 keymaster_rsa_sign_params_t params = { 664 digest_type: DIGEST_NONE, 665 padding_type: PADDING_NONE, 666 }; 667 668 EXPECT_EQ(0, 669 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 670 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 671 TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1))) 672 << "Should verify data successfully"; 673} 674 675TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) { 676 uint8_t* key_blob; 677 size_t key_blob_length; 678 679 ASSERT_EQ(0, 680 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 681 &key_blob, &key_blob_length)) 682 << "Should successfully import an RSA key"; 683 UniqueKey key(&sDevice, key_blob, key_blob_length); 684 685 keymaster_rsa_sign_params_t params = { 686 digest_type: DIGEST_NONE, 687 padding_type: PADDING_NONE, 688 }; 689 690 EXPECT_EQ(-1, 691 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 692 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 693 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 694 << "Should sign data successfully"; 695} 696 697TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) { 698 keymaster_rsa_sign_params_t params = { 699 digest_type: DIGEST_NONE, 700 padding_type: PADDING_NONE, 701 }; 702 703 EXPECT_EQ(-1, 704 sDevice->verify_data(sDevice, ¶ms, NULL, 0, 705 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 706 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 707 << "Should fail when key is null"; 708} 709 710TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) { 711 uint8_t* key_blob; 712 size_t key_blob_length; 713 714 ASSERT_EQ(0, 715 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 716 &key_blob, &key_blob_length)) 717 << "Should successfully import an RSA key"; 718 UniqueKey key(&sDevice, key_blob, key_blob_length); 719 720 keymaster_rsa_sign_params_t params = { 721 digest_type: DIGEST_NONE, 722 padding_type: PADDING_NONE, 723 }; 724 725 EXPECT_EQ(-1, 726 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 727 NULL, 0, 728 TEST_SIGN_SIGNATURE_1, sizeof(TEST_SIGN_SIGNATURE_1))) 729 << "Should fail on null input"; 730} 731 732TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) { 733 uint8_t* key_blob; 734 size_t key_blob_length; 735 736 ASSERT_EQ(0, 737 sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), 738 &key_blob, &key_blob_length)) 739 << "Should successfully import an RSA key"; 740 UniqueKey key(&sDevice, key_blob, key_blob_length); 741 742 keymaster_rsa_sign_params_t params = { 743 digest_type: DIGEST_NONE, 744 padding_type: PADDING_NONE, 745 }; 746 747 EXPECT_EQ(-1, 748 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(), 749 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 750 NULL, 0)) 751 << "Should fail on null signature"; 752} 753 754} 755