1f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang/* 2f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * Copyright (C) 2009 The Android Open Source Project 3f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * 4f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * Licensed under the Apache License, Version 2.0 (the "License"); 5f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * you may not use this file except in compliance with the License. 6f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * You may obtain a copy of the License at 7f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * 8f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * http://www.apache.org/licenses/LICENSE-2.0 9f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * 10f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * Unless required by applicable law or agreed to in writing, software 11f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * distributed under the License is distributed on an "AS IS" BASIS, 12f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * See the License for the specific language governing permissions and 14f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * limitations under the License. 15f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang */ 16f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 1796ad6cb080d0721a433d2bcb201f4a4582bf1cafKenny Rootpackage android.security; 18f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 19f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wangimport android.app.Activity; 208827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.os.Binder; 218827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.os.IBinder; 2278ad849163a7b01073b46fbd7d818392720005d1Kenny Rootimport android.os.Process; 238827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.security.keymaster.ExportResult; 248827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.security.keymaster.KeyCharacteristics; 258827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.security.keymaster.KeymasterArguments; 265e73c0eec2bc77222a5a87fb2a135d8303836411Chad Brubakerimport android.security.keymaster.KeymasterBlob; 278827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.security.keymaster.KeymasterDefs; 288827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.security.keymaster.OperationResult; 29f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wangimport android.test.ActivityUnitTestCase; 30473c712b19bad992ab4eafcd43175fdce77b913dKenny Rootimport android.test.AssertionFailedError; 318827c8173281fea21325d88922471851e31200c4Chad Brubakerimport android.test.MoreAsserts; 32f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wangimport android.test.suitebuilder.annotation.MediumTest; 336bf52c4271bd0483174fe3755caedb778693791eAdam Langleyimport com.android.org.conscrypt.NativeConstants; 34d396a448b2e36e29598c954b64bfddef73f3fae0Elliott Hughesimport java.nio.charset.StandardCharsets; 355cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstromimport java.util.Arrays; 365cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstromimport java.util.HashSet; 37003a55a6713fd4c1fe63ae5cdb478a11016f46b4Chad Brubakerimport java.security.spec.RSAKeyGenParameterSpec; 38f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 39f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang/** 40f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * Junit / Instrumentation test case for KeyStore class 41f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * 42f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * Running the test suite: 43f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang * 4496ad6cb080d0721a433d2bcb201f4a4582bf1cafKenny Root * runtest keystore-unit 4596ad6cb080d0721a433d2bcb201f4a4582bf1cafKenny Root * 4696ad6cb080d0721a433d2bcb201f4a4582bf1cafKenny Root * Or this individual test case: 4796ad6cb080d0721a433d2bcb201f4a4582bf1cafKenny Root * 4896ad6cb080d0721a433d2bcb201f4a4582bf1cafKenny Root * runtest --path frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java 49f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang */ 50f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang@MediumTest 51f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wangpublic class KeyStoreTest extends ActivityUnitTestCase<Activity> { 52f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang private static final String TEST_PASSWD = "12345678"; 53f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang private static final String TEST_PASSWD2 = "87654321"; 545ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom private static final String TEST_KEYNAME = "test-key"; 555ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom private static final String TEST_KEYNAME1 = "test-key.1"; 562a5b147ec8fc1235af928042bdfb78170b18067bBrian Carlstrom private static final String TEST_KEYNAME2 = "test-key\02"; 57d396a448b2e36e29598c954b64bfddef73f3fae0Elliott Hughes private static final byte[] TEST_KEYVALUE = "test value".getBytes(StandardCharsets.UTF_8); 58f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 5934c47c855815d731e6deb55748ff690b0ec7b53fNick Kralevich // "Hello, World" in Chinese 605cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom private static final String TEST_I18N_KEY = "\u4F60\u597D, \u4E16\u754C"; 61d396a448b2e36e29598c954b64bfddef73f3fae0Elliott Hughes private static final byte[] TEST_I18N_VALUE = TEST_I18N_KEY.getBytes(StandardCharsets.UTF_8); 6234c47c855815d731e6deb55748ff690b0ec7b53fNick Kralevich 635423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root // Test vector data for signatures 64dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden private static final int RSA_KEY_SIZE = 1024; 65dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden private static final byte[] TEST_DATA = new byte[RSA_KEY_SIZE / 8]; 665ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom static { 675ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom for (int i = 0; i < TEST_DATA.length; i++) { 685ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom TEST_DATA[i] = (byte) i; 695ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom } 705ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom } 715423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 72f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang private KeyStore mKeyStore = null; 73f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 74f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang public KeyStoreTest() { 75f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang super(Activity.class); 76f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 77f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 785423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root private static final byte[] PRIVKEY_BYTES = hexToBytes( 795423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "308204BE020100300D06092A864886F70D0101010500048204A8308204A4020100028201" + 805423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "0100E0473E8AB8F2284FEB9E742FF9748FA118ED98633C92F52AEB7A2EBE0D3BE60329BE" + 815423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "766AD10EB6A515D0D2CFD9BEA7930F0C306537899F7958CD3E85B01F8818524D312584A9" + 825423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "4B251E3625B54141EDBFEE198808E1BB97FC7CB49B9EAAAF68E9C98D7D0EDC53BBC0FA00" + 835423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "34356D6305FBBCC3C7001405386ABBC873CB0F3EF7425F3D33DF7B315AE036D2A0B66AFD" + 845423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "47503B169BF36E3B5162515B715FDA83DEAF2C58AEB9ABFB3097C3CC9DD9DBE5EF296C17" + 855423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "6139028E8A671E63056D45F40188D2C4133490845DE52C2534E9C6B2478C07BDAE928823" + 865423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "B62D066C7770F9F63F3DBA247F530844747BE7AAA85D853B8BD244ACEC3DE3C89AB46453" + 875423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "AB4D24C3AC6902030100010282010037784776A5F17698F5AC960DFB83A1B67564E648BD" + 885423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "0597CF8AB8087186F2669C27A9ECBDD480F0197A80D07309E6C6A96F925331E57F8B4AC6" + 895423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "F4D45EDA45A23269C09FC428C07A4E6EDF738A15DEC97FABD2F2BB47A14F20EA72FCFE4C" + 905423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "36E01ADA77BD137CD8D4DA10BB162E94A4662971F175F985FA188F056CB97EE2816F43AB" + 915423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "9D3747612486CDA8C16196C30818A995EC85D38467791267B3BF21F273710A6925862576" + 925423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "841C5B6712C12D4BD20A2F3299ADB7C135DA5E9515ABDA76E7CAF2A3BE80551D073B78BF" + 935423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "1162C48AD2B7F4743A0238EE4D252F7D5E7E6533CCAE64CCB39360075A2FD1E034EC3AE5" + 945423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "CE9C408CCBF0E25E4114021687B3DD4754AE8102818100F541884BC3737B2922D4119EF4" + 955423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "5E2DEE2CD4CBB75F45505A157AA5009F99C73A2DF0724AC46024306332EA898177634546" + 965423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "5DC6DF1E0A6F140AFF3B7396E6A8994AC5DAA96873472FE37749D14EB3E075E629DBEB35" + 975423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "83338A6F3649D0A2654A7A42FD9AB6BFA4AC4D481D390BB229B064BDC311CC1BE1B63189" + 985423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "DA7C40CDECF2B102818100EA1A742DDB881CEDB7288C87E38D868DD7A409D15A43F445D5" + 995423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "377A0B5731DDBFCA2DAF28A8E13CD5C0AFCEC3347D74A39E235A3CD9633F274DE2B94F92" + 1005423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "DF43833911D9E9F1CF58F27DE2E08FF45964C720D3EC2139DC7CAFC912953CDECB2F355A" + 1015423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "2E2C35A50FAD754CB3B23166424BA3B6E3112A2B898C38C5C15EDB238693390281805182" + 1025423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "8F1EC6FD996029901BAF1D7E337BA5F0AF27E984EAD895ACE62BD7DF4EE45A224089F2CC" + 1035423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "151AF3CD173FCE0474BCB04F386A2CDCC0E0036BA2419F54579262D47100BE931984A3EF" + 1045423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "A05BECF141574DC079B3A95C4A83E6C43F3214D6DF32D512DE198085E531E616B83FD7DD" + 1055423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "9D1F4E2607C3333D07C55D107D1D3893587102818100DB4FB50F50DE8EDB53FF34C80931" + 1065423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "88A0512867DA2CCA04897759E587C244010DAF8664D59E8083D16C164789301F67A9F078" + 1075423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "060D834A2ADBD367575B68A8A842C2B02A89B3F31FCCEC8A22FE395795C5C6C7422B4E5D" + 1085423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "74A1E9A8F30E7759B9FC2D639C1F15673E84E93A5EF1506F4315383C38D45CBD1B14048F" + 1095423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "4721DC82326102818100D8114593AF415FB612DBF1923710D54D07486205A76A3B431949" + 1105423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "68C0DFF1F11EF0F61A4A337D5FD3741BBC9640E447B8B6B6C47C3AC1204357D3B0C55BA9" + 1115423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "286BDA73F629296F5FA9146D8976357D3C751E75148696A40B74685C82CE30902D639D72" + 1125423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root "4FF24D5E2E9407EE34EDED2E3B4DF65AA9BCFEB6DF28D07BA6903F165768"); 1135423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 1148827c8173281fea21325d88922471851e31200c4Chad Brubaker private static final byte[] AES256_BYTES = hexToBytes( 1158827c8173281fea21325d88922471851e31200c4Chad Brubaker "0CC175B9C0F1B6A831C399E269772661CEC520EA51EA0A47E87295FA3245A605"); 1165423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 1175423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root private static byte[] hexToBytes(String s) { 1185423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root int len = s.length(); 1195423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root byte[] data = new byte[len / 2]; 1205423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root for (int i = 0; i < len; i += 2) { 1215423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit( 1225423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root s.charAt(i + 1), 16)); 1235423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 1245423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root return data; 1255423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 1265423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 127f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang @Override 128f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang protected void setUp() throws Exception { 129f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang mKeyStore = KeyStore.getInstance(); 1305cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom if (mKeyStore.state() != KeyStore.State.UNINITIALIZED) { 1315cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom mKeyStore.reset(); 1325cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom } 1335423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertEquals("KeyStore should be in an uninitialized state", 1345423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root KeyStore.State.UNINITIALIZED, mKeyStore.state()); 135f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang super.setUp(); 136f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 137f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 138f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang @Override 139f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang protected void tearDown() throws Exception { 140f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang mKeyStore.reset(); 141f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang super.tearDown(); 142f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 143f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 14478ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testState() throws Exception { 1455cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state()); 146f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 147f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 148f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang public void testPassword() throws Exception { 149a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 1505cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 151f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 152f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 153bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom public void testGet() throws Exception { 154bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom assertNull(mKeyStore.get(TEST_KEYNAME)); 155a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 156bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom assertNull(mKeyStore.get(TEST_KEYNAME)); 157b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 158b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 159bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 160bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom } 161bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom 162f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang public void testPut() throws Exception { 163bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom assertNull(mKeyStore.get(TEST_KEYNAME)); 164b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 165b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 166f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertFalse(mKeyStore.contains(TEST_KEYNAME)); 167a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 168b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 169b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 170bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 171f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 172f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 17378ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testPut_grantedUid_Wifi() throws Exception { 17478ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 175b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 176b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 17778ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 178a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 179b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 180b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 18178ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 18278ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 18378ad849163a7b01073b46fbd7d818392720005d1Kenny Root 18478ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testPut_ungrantedUid_Bluetooth() throws Exception { 18578ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 186b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 187b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 18878ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 189a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 190b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 191b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 19278ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 19378ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 19478ad849163a7b01073b46fbd7d818392720005d1Kenny Root 19534c47c855815d731e6deb55748ff690b0ec7b53fNick Kralevich public void testI18n() throws Exception { 196b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, 197b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 1985cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertFalse(mKeyStore.contains(TEST_I18N_KEY)); 199a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_I18N_KEY); 200b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, 201b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 2025cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertTrue(mKeyStore.contains(TEST_I18N_KEY)); 20334c47c855815d731e6deb55748ff690b0ec7b53fNick Kralevich } 20434c47c855815d731e6deb55748ff690b0ec7b53fNick Kralevich 205f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang public void testDelete() throws Exception { 2065ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom assertFalse(mKeyStore.delete(TEST_KEYNAME)); 207a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 2085ea68db37fd5ad4e0ddc0745b4347e86f17f78dbBrian Carlstrom assertFalse(mKeyStore.delete(TEST_KEYNAME)); 209f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 210b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 211b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 212bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 213f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertTrue(mKeyStore.delete(TEST_KEYNAME)); 214bef5e5aabcb6ab440829f4418d1cbc268564eee0Brian Carlstrom assertNull(mKeyStore.get(TEST_KEYNAME)); 215f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 216f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 21778ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testDelete_grantedUid_Wifi() throws Exception { 21878ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); 219a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 22078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); 22178ad849163a7b01073b46fbd7d818392720005d1Kenny Root 222b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 223b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 22478ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 22578ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); 22678ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 22778ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 22878ad849163a7b01073b46fbd7d818392720005d1Kenny Root 22978ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testDelete_ungrantedUid_Bluetooth() throws Exception { 23078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); 231a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 23278ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); 23378ad849163a7b01073b46fbd7d818392720005d1Kenny Root 234b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 235b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 23678ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 23778ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); 23878ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 23978ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 24078ad849163a7b01073b46fbd7d818392720005d1Kenny Root 241f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang public void testContains() throws Exception { 242f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertFalse(mKeyStore.contains(TEST_KEYNAME)); 243f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 244a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 245f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertFalse(mKeyStore.contains(TEST_KEYNAME)); 246f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 247b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 248b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 249f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertTrue(mKeyStore.contains(TEST_KEYNAME)); 250f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 251f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 25278ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testContains_grantedUid_Wifi() throws Exception { 25378ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 25478ad849163a7b01073b46fbd7d818392720005d1Kenny Root 255a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 25678ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 25778ad849163a7b01073b46fbd7d818392720005d1Kenny Root 258b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, 259b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 26078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 26178ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 26278ad849163a7b01073b46fbd7d818392720005d1Kenny Root 26378ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testContains_grantedUid_Bluetooth() throws Exception { 26478ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 26578ad849163a7b01073b46fbd7d818392720005d1Kenny Root 266a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 26778ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 26878ad849163a7b01073b46fbd7d818392720005d1Kenny Root 269b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, 270b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 27178ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 27278ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 27378ad849163a7b01073b46fbd7d818392720005d1Kenny Root 2744350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin public void testList() throws Exception { 2754350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] emptyResult = mKeyStore.list(TEST_KEYNAME); 2765cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertNotNull(emptyResult); 2775cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertEquals(0, emptyResult.length); 278f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 279a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 280b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 281b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 282f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 2834350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] results = mKeyStore.list(TEST_KEYNAME); 2845cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), 2855cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), 2865cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom new HashSet(Arrays.asList(results))); 287f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 288f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 2894350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin public void testList_ungrantedUid_Bluetooth() throws Exception { 2904350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); 2916a5af8cf146aa1fd69449c1138c3e4008ac8b76bChad Brubaker assertEquals(0, results1.length); 29278ad849163a7b01073b46fbd7d818392720005d1Kenny Root 293a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 294b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 295b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 29678ad849163a7b01073b46fbd7d818392720005d1Kenny Root 2974350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); 2986a5af8cf146aa1fd69449c1138c3e4008ac8b76bChad Brubaker assertEquals(0, results2.length); 29978ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 30078ad849163a7b01073b46fbd7d818392720005d1Kenny Root 3014350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin public void testList_grantedUid_Wifi() throws Exception { 3024350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); 30378ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertNotNull(results1); 30478ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertEquals(0, results1.length); 30578ad849163a7b01073b46fbd7d818392720005d1Kenny Root 306a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 307b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); 308b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); 30978ad849163a7b01073b46fbd7d818392720005d1Kenny Root 3104350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); 31178ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), 31278ad849163a7b01073b46fbd7d818392720005d1Kenny Root TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), 31378ad849163a7b01073b46fbd7d818392720005d1Kenny Root new HashSet(Arrays.asList(results2))); 31478ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 31578ad849163a7b01073b46fbd7d818392720005d1Kenny Root 3164350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin public void testList_grantedUid_Vpn() throws Exception { 3174350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); 31878ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertNotNull(results1); 31978ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertEquals(0, results1.length); 32078ad849163a7b01073b46fbd7d818392720005d1Kenny Root 321a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 322b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); 323b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); 32478ad849163a7b01073b46fbd7d818392720005d1Kenny Root 3254350babc028822e8905190d88a9f5b8c6ffce8ecAlex Klyubin String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); 32678ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), 32778ad849163a7b01073b46fbd7d818392720005d1Kenny Root TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), 32878ad849163a7b01073b46fbd7d818392720005d1Kenny Root new HashSet(Arrays.asList(results2))); 32978ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 33078ad849163a7b01073b46fbd7d818392720005d1Kenny Root 331f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang public void testLock() throws Exception { 332f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertFalse(mKeyStore.lock()); 333f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 334a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 3355cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 336f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 337f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertTrue(mKeyStore.lock()); 3385cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertEquals(KeyStore.State.LOCKED, mKeyStore.state()); 339f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 340f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 341f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang public void testUnlock() throws Exception { 342a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 3435cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); 344f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang mKeyStore.lock(); 345f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang 346f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertFalse(mKeyStore.unlock(TEST_PASSWD2)); 347f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang assertTrue(mKeyStore.unlock(TEST_PASSWD)); 348f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang } 3495cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom 3505cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom public void testIsEmpty() throws Exception { 3515cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertTrue(mKeyStore.isEmpty()); 352a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 3535cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertTrue(mKeyStore.isEmpty()); 354b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); 3555cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertFalse(mKeyStore.isEmpty()); 3565cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom mKeyStore.reset(); 3575cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom assertTrue(mKeyStore.isEmpty()); 3585cfee3fabb3482c6a6df1c8b6f21e843cf214527Brian Carlstrom } 3595423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 3605423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testGenerate_NotInitialized_Fail() throws Exception { 3615423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertFalse("Should fail when keystore is not initialized", 3626bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 363dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 3645423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 3655423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 3665423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testGenerate_Locked_Fail() throws Exception { 367a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 3685423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.lock(); 369b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse("Should fail when keystore is locked", 3706bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 371dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 3725423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 3735423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 3745423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testGenerate_Success() throws Exception { 375a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 3765423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 3775423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to generate key when unlocked", 3786bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 379dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 38078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 38178ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 38278ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 38378ad849163a7b01073b46fbd7d818392720005d1Kenny Root 38478ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testGenerate_grantedUid_Wifi_Success() throws Exception { 385a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 38678ad849163a7b01073b46fbd7d818392720005d1Kenny Root 38778ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue("Should be able to generate key when unlocked", 3886bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, NativeConstants.EVP_PKEY_RSA, 389dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 39078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 39178ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME)); 39278ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 39378ad849163a7b01073b46fbd7d818392720005d1Kenny Root 39478ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testGenerate_ungrantedUid_Bluetooth_Failure() throws Exception { 395a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 39678ad849163a7b01073b46fbd7d818392720005d1Kenny Root 397f64386fc26efeb245fd90fabaa47b8c8bf9b4613Kenny Root assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID, 3986bf52c4271bd0483174fe3755caedb778693791eAdam Langley NativeConstants.EVP_PKEY_RSA, RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 39978ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 40078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 40178ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME)); 4025423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4035423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4045423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testImport_Success() throws Exception { 405a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 4065423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 407b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 408b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 40978ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 41078ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 41178ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 41278ad849163a7b01073b46fbd7d818392720005d1Kenny Root 41378ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testImport_grantedUid_Wifi_Success() throws Exception { 414a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 41578ad849163a7b01073b46fbd7d818392720005d1Kenny Root 416b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 417b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root PRIVKEY_BYTES, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED)); 41878ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 41978ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME)); 42078ad849163a7b01073b46fbd7d818392720005d1Kenny Root } 42178ad849163a7b01073b46fbd7d818392720005d1Kenny Root 42278ad849163a7b01073b46fbd7d818392720005d1Kenny Root public void testImport_ungrantedUid_Bluetooth_Failure() throws Exception { 423a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 42478ad849163a7b01073b46fbd7d818392720005d1Kenny Root 425b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID, 426b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root KeyStore.FLAG_ENCRYPTED)); 42778ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 42878ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 42978ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME)); 4305423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4315423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4325423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testImport_Failure_BadEncoding() throws Exception { 433a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 4345423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 435b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertFalse("Invalid DER-encoded key should not be imported", mKeyStore.importKey( 436b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root TEST_KEYNAME, TEST_DATA, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 43778ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME)); 43878ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 4395423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4405423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4415423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testSign_Success() throws Exception { 442a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 4435423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4446bf52c4271bd0483174fe3755caedb778693791eAdam Langley assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 445dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 44678ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 4475423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); 4485423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4495423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertNotNull("Signature should not be null", signature); 4505423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4515423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4525423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testVerify_Success() throws Exception { 453a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 4545423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4556bf52c4271bd0483174fe3755caedb778693791eAdam Langley assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 456dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 45778ad849163a7b01073b46fbd7d818392720005d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 4585423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); 4595423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4605423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertNotNull("Signature should not be null", signature); 4615423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4625423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Signature should verify with same data", 4635423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.verify(TEST_KEYNAME, TEST_DATA, signature)); 4645423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4655423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4665423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testSign_NotInitialized_Failure() throws Exception { 4675423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertNull("Should not be able to sign without first initializing the keystore", 4685423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); 4695423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4705423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4715423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testSign_NotGenerated_Failure() throws Exception { 472a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 4735423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4745423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertNull("Should not be able to sign without first generating keys", 4755423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); 4765423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4775423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4785423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testGrant_Generated_Success() throws Exception { 4795423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Password should work for keystore", 480a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 4815423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4825423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to generate key for testcase", 4836bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 484dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 4855423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4865423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to grant key to other user", 4875423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 4885423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4895423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4905423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testGrant_Imported_Success() throws Exception { 491a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue("Password should work for keystore", mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 4925423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 493b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, 494b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 4955423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4965423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); 4975423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 4985423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 4995423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testGrant_NoKey_Failure() throws Exception { 5005423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to unlock keystore for test", 501a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 5025423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5035423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertFalse("Should not be able to grant without first initializing the keystore", 5045423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 5055423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 5065423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5075423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testGrant_NotInitialized_Failure() throws Exception { 5085423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertFalse("Should not be able to grant without first initializing the keystore", 5095423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 5105423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 5115423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5125423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testUngrant_Generated_Success() throws Exception { 5135423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Password should work for keystore", 514a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 5155423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5165423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to generate key for testcase", 5176bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 518dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 5195423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5205423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to grant key to other user", 5215423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 5225423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5235423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to ungrant key to other user", 5245423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5255423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 5265423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5275423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testUngrant_Imported_Success() throws Exception { 5285423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Password should work for keystore", 529a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 5305423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 531b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, 532b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 5335423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5345423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to grant key to other user", 5355423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 5365423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5375423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to ungrant key to other user", 5385423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5395423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 5405423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5415423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testUngrant_NotInitialized_Failure() throws Exception { 5425423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertFalse("Should fail to ungrant key when keystore not initialized", 5435423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5445423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 5455423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5465423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testUngrant_NoGrant_Failure() throws Exception { 5475423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Password should work for keystore", 548a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 5495423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5505423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to generate key for testcase", 5516bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 552dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 5535423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5545423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertFalse("Should not be able to revoke not existent grant", 5555423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5565423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 5575423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5585423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testUngrant_DoubleUngrant_Failure() throws Exception { 5595423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Password should work for keystore", 560a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 5615423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5625423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to generate key for testcase", 5636bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 564dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 5655423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5665423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to grant key to other user", 5675423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 5685423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5695423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to ungrant key to other user", 5705423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5715423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5725423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertFalse("Should fail to ungrant key to other user second time", 5735423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5745423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 5755423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5765423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root public void testUngrant_DoubleGrantUngrant_Failure() throws Exception { 5775423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Password should work for keystore", 578a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 5795423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5805423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to generate key for testcase", 5816bf52c4271bd0483174fe3755caedb778693791eAdam Langley mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 582dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 5835423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5845423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to grant key to other user", 5855423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 5865423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5875423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to grant key to other user a second time", 5885423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.grant(TEST_KEYNAME, 0)); 5895423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5905423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertTrue("Should be able to ungrant key to other user", 5915423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5925423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root 5935423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root assertFalse("Should fail to ungrant key to other user second time", 5945423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root mKeyStore.ungrant(TEST_KEYNAME, 0)); 5955423e68d5dbe048ec6f042cce52a33f94184e9fbKenny Root } 596473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 5975f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root public void testDuplicate_grantedUid_Wifi_Success() throws Exception { 598a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 599bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 600bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME)); 601bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 6026bf52c4271bd0483174fe3755caedb778693791eAdam Langley assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 603dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 604bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 605bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 606bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 607bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 6085f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root // source doesn't exist 6095f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, -1, TEST_KEYNAME1, Process.WIFI_UID)); 6105f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); 611bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 6125f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root // Copy from current UID to granted UID 6135f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); 6145f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 6155f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME1)); 6165f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 6175f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); 6185f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); 6195f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root 6205f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root // Copy from granted UID to same granted UID 6215f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, 6225f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root Process.WIFI_UID)); 6235f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); 6245f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); 6255f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME2, Process.WIFI_UID)); 6265f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, 6275f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root Process.WIFI_UID)); 6285f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root 6295f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); 6305f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 6315f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME1)); 6325f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME2)); 6335f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); 634bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root } 635bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 6365f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root public void testDuplicate_ungrantedUid_Bluetooth_Failure() throws Exception { 637a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 638bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 639bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME)); 640bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 6416bf52c4271bd0483174fe3755caedb778693791eAdam Langley assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 642dc8bc1160cd97ca113636ca2b4adda21e031b5bdShawn Willden RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); 643bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 644bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 645bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 646bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 6475f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, Process.BLUETOOTH_UID)); 6485f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root assertFalse(mKeyStore.duplicate(TEST_KEYNAME, Process.BLUETOOTH_UID, TEST_KEYNAME2, 6495f1d965f7d7e1df50981ffed8faa11fbcc17ca22Kenny Root Process.BLUETOOTH_UID)); 650bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 651bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertTrue(mKeyStore.contains(TEST_KEYNAME)); 652bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); 653bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root } 654bd79419ef84ae31f3765721b50aa413fa462d1d1Kenny Root 655473c712b19bad992ab4eafcd43175fdce77b913dKenny Root /** 656473c712b19bad992ab4eafcd43175fdce77b913dKenny Root * The amount of time to allow before and after expected time for variance 657473c712b19bad992ab4eafcd43175fdce77b913dKenny Root * in timing tests. 658473c712b19bad992ab4eafcd43175fdce77b913dKenny Root */ 659473c712b19bad992ab4eafcd43175fdce77b913dKenny Root private static final long SLOP_TIME_MILLIS = 15000L; 660473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 661473c712b19bad992ab4eafcd43175fdce77b913dKenny Root public void testGetmtime_Success() throws Exception { 662473c712b19bad992ab4eafcd43175fdce77b913dKenny Root assertTrue("Password should work for keystore", 663a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 664473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 665b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 666b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 667473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 668473c712b19bad992ab4eafcd43175fdce77b913dKenny Root long now = System.currentTimeMillis(); 669473c712b19bad992ab4eafcd43175fdce77b913dKenny Root long actual = mKeyStore.getmtime(TEST_KEYNAME); 670473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 671473c712b19bad992ab4eafcd43175fdce77b913dKenny Root long expectedAfter = now - SLOP_TIME_MILLIS; 672473c712b19bad992ab4eafcd43175fdce77b913dKenny Root long expectedBefore = now + SLOP_TIME_MILLIS; 673473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 674473c712b19bad992ab4eafcd43175fdce77b913dKenny Root assertLessThan("Time should be close to current time", expectedBefore, actual); 675473c712b19bad992ab4eafcd43175fdce77b913dKenny Root assertGreaterThan("Time should be close to current time", expectedAfter, actual); 676473c712b19bad992ab4eafcd43175fdce77b913dKenny Root } 677473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 678473c712b19bad992ab4eafcd43175fdce77b913dKenny Root private static void assertLessThan(String explanation, long expectedBefore, long actual) { 679473c712b19bad992ab4eafcd43175fdce77b913dKenny Root if (actual >= expectedBefore) { 680473c712b19bad992ab4eafcd43175fdce77b913dKenny Root throw new AssertionFailedError(explanation + ": actual=" + actual 681473c712b19bad992ab4eafcd43175fdce77b913dKenny Root + ", expected before: " + expectedBefore); 682473c712b19bad992ab4eafcd43175fdce77b913dKenny Root } 683473c712b19bad992ab4eafcd43175fdce77b913dKenny Root } 684473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 685473c712b19bad992ab4eafcd43175fdce77b913dKenny Root private static void assertGreaterThan(String explanation, long expectedAfter, long actual) { 686473c712b19bad992ab4eafcd43175fdce77b913dKenny Root if (actual <= expectedAfter) { 687473c712b19bad992ab4eafcd43175fdce77b913dKenny Root throw new AssertionFailedError(explanation + ": actual=" + actual 688473c712b19bad992ab4eafcd43175fdce77b913dKenny Root + ", expected after: " + expectedAfter); 689473c712b19bad992ab4eafcd43175fdce77b913dKenny Root } 690473c712b19bad992ab4eafcd43175fdce77b913dKenny Root } 691473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 692473c712b19bad992ab4eafcd43175fdce77b913dKenny Root public void testGetmtime_NonExist_Failure() throws Exception { 693473c712b19bad992ab4eafcd43175fdce77b913dKenny Root assertTrue("Password should work for keystore", 694a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD)); 695473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 696b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, 697b2c0ff64d8ff92dab53e969a44fa12427d145952Kenny Root PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); 698473c712b19bad992ab4eafcd43175fdce77b913dKenny Root 699473c712b19bad992ab4eafcd43175fdce77b913dKenny Root assertEquals("-1 should be returned for non-existent key", 700473c712b19bad992ab4eafcd43175fdce77b913dKenny Root -1L, mKeyStore.getmtime(TEST_KEYNAME2)); 701473c712b19bad992ab4eafcd43175fdce77b913dKenny Root } 7028827c8173281fea21325d88922471851e31200c4Chad Brubaker 7038827c8173281fea21325d88922471851e31200c4Chad Brubaker private KeyCharacteristics generateRsaKey(String name) throws Exception { 7048827c8173281fea21325d88922471851e31200c4Chad Brubaker KeymasterArguments args = new KeymasterArguments(); 705ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); 706ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); 707ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); 708ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 709ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); 710ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); 711ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); 7128827c8173281fea21325d88922471851e31200c4Chad Brubaker 7138827c8173281fea21325d88922471851e31200c4Chad Brubaker KeyCharacteristics outCharacteristics = new KeyCharacteristics(); 714dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); 7158827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); 7168827c8173281fea21325d88922471851e31200c4Chad Brubaker return outCharacteristics; 7178827c8173281fea21325d88922471851e31200c4Chad Brubaker } 7188827c8173281fea21325d88922471851e31200c4Chad Brubaker 7198827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testGenerateKey() throws Exception { 7208827c8173281fea21325d88922471851e31200c4Chad Brubaker generateRsaKey("test"); 7218827c8173281fea21325d88922471851e31200c4Chad Brubaker mKeyStore.delete("test"); 7228827c8173281fea21325d88922471851e31200c4Chad Brubaker } 723dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker 724dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker public void testGenerateRsaWithEntropy() throws Exception { 725dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker byte[] entropy = new byte[] {1,2,3,4,5}; 726dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker String name = "test"; 727dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker KeymasterArguments args = new KeymasterArguments(); 728ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); 729ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); 730ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); 731ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 732ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); 733ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); 734ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); 735dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker 736dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker KeyCharacteristics outCharacteristics = new KeyCharacteristics(); 737dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker int result = mKeyStore.generateKey(name, args, entropy, 0, outCharacteristics); 738dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker assertEquals("generateKey should succeed", KeyStore.NO_ERROR, result); 739dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker } 740dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker 7418827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testGenerateAndDelete() throws Exception { 7428827c8173281fea21325d88922471851e31200c4Chad Brubaker generateRsaKey("test"); 7438827c8173281fea21325d88922471851e31200c4Chad Brubaker assertTrue("delete should succeed", mKeyStore.delete("test")); 7448827c8173281fea21325d88922471851e31200c4Chad Brubaker } 7458827c8173281fea21325d88922471851e31200c4Chad Brubaker 7468827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testGetKeyCharacteristicsSuccess() throws Exception { 747a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(TEST_PASSWD); 7488827c8173281fea21325d88922471851e31200c4Chad Brubaker String name = "test"; 7498827c8173281fea21325d88922471851e31200c4Chad Brubaker KeyCharacteristics gen = generateRsaKey(name); 7508827c8173281fea21325d88922471851e31200c4Chad Brubaker KeyCharacteristics call = new KeyCharacteristics(); 7518827c8173281fea21325d88922471851e31200c4Chad Brubaker int result = mKeyStore.getKeyCharacteristics(name, null, null, call); 7528827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("getKeyCharacteristics should succeed", KeyStore.NO_ERROR, result); 7538827c8173281fea21325d88922471851e31200c4Chad Brubaker mKeyStore.delete("test"); 7548827c8173281fea21325d88922471851e31200c4Chad Brubaker } 7558827c8173281fea21325d88922471851e31200c4Chad Brubaker 7568827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testAppId() throws Exception { 7578827c8173281fea21325d88922471851e31200c4Chad Brubaker String name = "test"; 7585e73c0eec2bc77222a5a87fb2a135d8303836411Chad Brubaker byte[] id = new byte[] {0x01, 0x02, 0x03}; 7598827c8173281fea21325d88922471851e31200c4Chad Brubaker KeymasterArguments args = new KeymasterArguments(); 760ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); 761ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); 762ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); 763ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 764ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); 765ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB); 766ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); 767ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addBytes(KeymasterDefs.KM_TAG_APPLICATION_ID, id); 768ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedLong(KeymasterDefs.KM_TAG_RSA_PUBLIC_EXPONENT, RSAKeyGenParameterSpec.F4); 7698827c8173281fea21325d88922471851e31200c4Chad Brubaker 7708827c8173281fea21325d88922471851e31200c4Chad Brubaker KeyCharacteristics outCharacteristics = new KeyCharacteristics(); 771dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker int result = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); 7728827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); 7738827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("getKeyCharacteristics should fail without application ID", 7748827c8173281fea21325d88922471851e31200c4Chad Brubaker KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, 7758827c8173281fea21325d88922471851e31200c4Chad Brubaker mKeyStore.getKeyCharacteristics(name, null, null, outCharacteristics)); 7768827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("getKeyCharacteristics should succeed with application ID", 7778827c8173281fea21325d88922471851e31200c4Chad Brubaker KeyStore.NO_ERROR, 7785e73c0eec2bc77222a5a87fb2a135d8303836411Chad Brubaker mKeyStore.getKeyCharacteristics(name, new KeymasterBlob(id), null, 7798827c8173281fea21325d88922471851e31200c4Chad Brubaker outCharacteristics)); 7808827c8173281fea21325d88922471851e31200c4Chad Brubaker } 7818827c8173281fea21325d88922471851e31200c4Chad Brubaker 7828827c8173281fea21325d88922471851e31200c4Chad Brubaker 7838827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testExportRsa() throws Exception { 7848827c8173281fea21325d88922471851e31200c4Chad Brubaker String name = "test"; 7858827c8173281fea21325d88922471851e31200c4Chad Brubaker generateRsaKey(name); 7868827c8173281fea21325d88922471851e31200c4Chad Brubaker ExportResult result = mKeyStore.exportKey(name, KeymasterDefs.KM_KEY_FORMAT_X509, null, 7878827c8173281fea21325d88922471851e31200c4Chad Brubaker null); 7888827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Export success", KeyStore.NO_ERROR, result.resultCode); 7898827c8173281fea21325d88922471851e31200c4Chad Brubaker // TODO: Verify we have an RSA public key that's well formed. 7908827c8173281fea21325d88922471851e31200c4Chad Brubaker } 7918827c8173281fea21325d88922471851e31200c4Chad Brubaker 79255f7c2770faade3543bebd833124f2f15c0f7455Alex Klyubin public void testAesGcmEncryptSuccess() throws Exception { 7938827c8173281fea21325d88922471851e31200c4Chad Brubaker String name = "test"; 7948827c8173281fea21325d88922471851e31200c4Chad Brubaker KeymasterArguments args = new KeymasterArguments(); 795ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); 796ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); 797ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); 798ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 799ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); 800ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM); 801ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); 8028827c8173281fea21325d88922471851e31200c4Chad Brubaker 8038827c8173281fea21325d88922471851e31200c4Chad Brubaker KeyCharacteristics outCharacteristics = new KeyCharacteristics(); 804dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); 8058827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); 8068827c8173281fea21325d88922471851e31200c4Chad Brubaker 8078827c8173281fea21325d88922471851e31200c4Chad Brubaker args = new KeymasterArguments(); 808ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); 809ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM); 810ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 811ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 128); 8128827c8173281fea21325d88922471851e31200c4Chad Brubaker OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, 813966486e134c901ea61195b352fdd81476b3639b4Chad Brubaker true, args, null); 8148827c8173281fea21325d88922471851e31200c4Chad Brubaker IBinder token = result.token; 8158827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); 8168827c8173281fea21325d88922471851e31200c4Chad Brubaker result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); 8178827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode); 8188827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Finish should succeed", KeyStore.NO_ERROR, 8198827c8173281fea21325d88922471851e31200c4Chad Brubaker mKeyStore.finish(token, null, null).resultCode); 8200fe70813e03891a2fe0efdc16cd289d646205682Alex Klyubin // TODO: Assert that an AEAD tag was returned by finish 8218827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8228827c8173281fea21325d88922471851e31200c4Chad Brubaker 8238827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testBadToken() throws Exception { 8248827c8173281fea21325d88922471851e31200c4Chad Brubaker IBinder token = new Binder(); 8258827c8173281fea21325d88922471851e31200c4Chad Brubaker OperationResult result = mKeyStore.update(token, null, new byte[] {0x01}); 8268827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Update with invalid token should fail", 8278827c8173281fea21325d88922471851e31200c4Chad Brubaker KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE, result.resultCode); 8288827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8298827c8173281fea21325d88922471851e31200c4Chad Brubaker 8308827c8173281fea21325d88922471851e31200c4Chad Brubaker private int importAesKey(String name, byte[] key, int size, int mode) { 8318827c8173281fea21325d88922471851e31200c4Chad Brubaker KeymasterArguments args = new KeymasterArguments(); 832ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); 833ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); 834ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); 835ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 836ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, mode); 837ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, size); 838ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); 8398827c8173281fea21325d88922471851e31200c4Chad Brubaker return mKeyStore.importKey(name, args, KeymasterDefs.KM_KEY_FORMAT_RAW, key, 0, 8408827c8173281fea21325d88922471851e31200c4Chad Brubaker new KeyCharacteristics()); 8418827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8428827c8173281fea21325d88922471851e31200c4Chad Brubaker private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) { 8438827c8173281fea21325d88922471851e31200c4Chad Brubaker OperationResult result = mKeyStore.begin(name, purpose, 844966486e134c901ea61195b352fdd81476b3639b4Chad Brubaker true, beginArgs, null); 8458827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); 8468827c8173281fea21325d88922471851e31200c4Chad Brubaker IBinder token = result.token; 8478827c8173281fea21325d88922471851e31200c4Chad Brubaker result = mKeyStore.update(token, null, in); 8488827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode); 8498827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("All data should be consumed", in.length, result.inputConsumed); 8508827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Finish should succeed", KeyStore.NO_ERROR, 8518827c8173281fea21325d88922471851e31200c4Chad Brubaker mKeyStore.finish(token, null, null).resultCode); 8528827c8173281fea21325d88922471851e31200c4Chad Brubaker return result.output; 8538827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8548827c8173281fea21325d88922471851e31200c4Chad Brubaker 8558827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testImportAes() throws Exception { 8568827c8173281fea21325d88922471851e31200c4Chad Brubaker int result = importAesKey("aes", AES256_BYTES, 256, KeymasterDefs.KM_MODE_ECB); 8578827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("import should succeed", KeyStore.NO_ERROR, result); 8588827c8173281fea21325d88922471851e31200c4Chad Brubaker mKeyStore.delete("aes"); 8598827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8608827c8173281fea21325d88922471851e31200c4Chad Brubaker 8618827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testAes256Ecb() throws Exception { 8628827c8173281fea21325d88922471851e31200c4Chad Brubaker byte[] key = 8638827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"); 8648827c8173281fea21325d88922471851e31200c4Chad Brubaker String name = "aes"; 8658827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals(KeyStore.NO_ERROR, importAesKey(name, key, 256, KeymasterDefs.KM_MODE_ECB)); 8668827c8173281fea21325d88922471851e31200c4Chad Brubaker byte[][] testVectors = new byte[][] { 8678827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("6bc1bee22e409f96e93d7e117393172a"), 8688827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("ae2d8a571e03ac9c9eb76fac45af8e51"), 8698827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("30c81c46a35ce411e5fbc1191a0a52ef"), 8708827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("f69f2445df4f9b17ad2b417be66c3710")}; 8718827c8173281fea21325d88922471851e31200c4Chad Brubaker byte[][] cipherVectors = new byte[][] { 8728827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("f3eed1bdb5d2a03c064b5a7e3db181f8"), 8738827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("591ccb10d410ed26dc5ba74a31362870"), 8748827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("b6ed21b99ca6f4f9f153e7b1beafed1d"), 8758827c8173281fea21325d88922471851e31200c4Chad Brubaker hexToBytes("23304b7a39f9f3ff067d8d8f9e24ecc7")}; 876292102459b07188b72575260b693fa962654aa19Alex Klyubin KeymasterArguments beginArgs = new KeymasterArguments(); 877ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin beginArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); 878ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin beginArgs.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB); 879ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin beginArgs.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 8808827c8173281fea21325d88922471851e31200c4Chad Brubaker for (int i = 0; i < testVectors.length; i++) { 8818827c8173281fea21325d88922471851e31200c4Chad Brubaker byte[] cipherText = doOperation(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, testVectors[i], 882292102459b07188b72575260b693fa962654aa19Alex Klyubin beginArgs); 8838827c8173281fea21325d88922471851e31200c4Chad Brubaker MoreAsserts.assertEquals(cipherVectors[i], cipherText); 8848827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8858827c8173281fea21325d88922471851e31200c4Chad Brubaker for (int i = 0; i < testVectors.length; i++) { 8868827c8173281fea21325d88922471851e31200c4Chad Brubaker byte[] plainText = doOperation(name, KeymasterDefs.KM_PURPOSE_DECRYPT, 887292102459b07188b72575260b693fa962654aa19Alex Klyubin cipherVectors[i], beginArgs); 8888827c8173281fea21325d88922471851e31200c4Chad Brubaker MoreAsserts.assertEquals(testVectors[i], plainText); 8898827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8908827c8173281fea21325d88922471851e31200c4Chad Brubaker } 8918827c8173281fea21325d88922471851e31200c4Chad Brubaker 8928827c8173281fea21325d88922471851e31200c4Chad Brubaker // This is a very implementation specific test and should be thrown out eventually, however it 8938827c8173281fea21325d88922471851e31200c4Chad Brubaker // is nice for now to test that keystore is properly pruning operations. 8948827c8173281fea21325d88922471851e31200c4Chad Brubaker public void testOperationPruning() throws Exception { 8958827c8173281fea21325d88922471851e31200c4Chad Brubaker String name = "test"; 8968827c8173281fea21325d88922471851e31200c4Chad Brubaker KeymasterArguments args = new KeymasterArguments(); 897ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); 898ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); 899ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); 900ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 901ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); 902ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_CTR); 903ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); 9048827c8173281fea21325d88922471851e31200c4Chad Brubaker 9058827c8173281fea21325d88922471851e31200c4Chad Brubaker KeyCharacteristics outCharacteristics = new KeyCharacteristics(); 906dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); 9078827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); 9088827c8173281fea21325d88922471851e31200c4Chad Brubaker 9098827c8173281fea21325d88922471851e31200c4Chad Brubaker args = new KeymasterArguments(); 910ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); 911ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_CTR); 912ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); 9138827c8173281fea21325d88922471851e31200c4Chad Brubaker OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, 914966486e134c901ea61195b352fdd81476b3639b4Chad Brubaker true, args, null); 9158827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); 9168827c8173281fea21325d88922471851e31200c4Chad Brubaker IBinder first = result.token; 9178827c8173281fea21325d88922471851e31200c4Chad Brubaker // Implementation detail: softkeymaster supports 16 concurrent operations 9188827c8173281fea21325d88922471851e31200c4Chad Brubaker for (int i = 0; i < 16; i++) { 919966486e134c901ea61195b352fdd81476b3639b4Chad Brubaker result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, null); 9208827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); 9218827c8173281fea21325d88922471851e31200c4Chad Brubaker } 9228827c8173281fea21325d88922471851e31200c4Chad Brubaker // At this point the first operation should be pruned. 9238827c8173281fea21325d88922471851e31200c4Chad Brubaker assertEquals("Operation should be pruned", KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE, 9248827c8173281fea21325d88922471851e31200c4Chad Brubaker mKeyStore.update(first, null, new byte[] {0x01}).resultCode); 9258827c8173281fea21325d88922471851e31200c4Chad Brubaker } 926ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker 927ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker public void testAuthNeeded() throws Exception { 928ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker String name = "test"; 929ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker KeymasterArguments args = new KeymasterArguments(); 930ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); 931ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); 932ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); 933ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_PKCS7); 934ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addUnsignedInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); 935ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB); 936ae6cb7aad56bb006769cd8a69b92af7236644fc1Alex Klyubin args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 1); 937ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker 938ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker KeyCharacteristics outCharacteristics = new KeyCharacteristics(); 939ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics); 940ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); 941ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, 942966486e134c901ea61195b352fdd81476b3639b4Chad Brubaker true, args, null); 9437a882b5d8d64daaad9377ac7cb5c606aac8c4072Chad Brubaker assertEquals("Begin should expect authorization", KeyStore.OP_AUTH_NEEDED, 9447a882b5d8d64daaad9377ac7cb5c606aac8c4072Chad Brubaker result.resultCode); 945ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker IBinder token = result.token; 946ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); 947ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker assertEquals("Update should require authorization", 948ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED, result.resultCode); 949ce7ad24b6337135fd7b6ed169bb5c517d044f041Chad Brubaker } 950a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker 951a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker public void testPasswordRemovalEncryptedEntry() throws Exception { 952a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged("test"); 953a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 954a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker KeyStore.FLAG_ENCRYPTED)); 955a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.contains(TEST_KEYNAME)); 956a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 957a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(""); 958a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker // Removing the password should have deleted all entries using FLAG_ENCRYPTED 959a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertNull(mKeyStore.get(TEST_KEYNAME)); 960a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertFalse(mKeyStore.contains(TEST_KEYNAME)); 961a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker } 962a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker 963a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker public void testPasswordRemovalUnencryptedEntry() throws Exception { 964a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged("test"); 965a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, 966a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker KeyStore.FLAG_NONE)); 967a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.contains(TEST_KEYNAME)); 968a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 969a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker mKeyStore.onUserPasswordChanged(""); 970a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker // Removing the password should not delete unencrypted entries. 971a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(mKeyStore.contains(TEST_KEYNAME)); 972a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); 973a91a8504191d91d288c55821caa5bf00c9be26a2Chad Brubaker } 974f35e9663d7bdae523953185b4ad6b6f9e8e7d6caChung-yih Wang} 975