1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <fcntl.h> 18#include <stdlib.h> 19#include <unistd.h> 20#include <sys/mman.h> 21#include <sys/stat.h> 22#include <sys/types.h> 23 24#include <fstream> 25#include <iostream> 26 27#include <gtest/gtest.h> 28 29#include <openssl/bn.h> 30#include <openssl/evp.h> 31#include <openssl/x509.h> 32 33#define LOG_TAG "keymaster_test" 34#include <utils/Log.h> 35 36#include <UniquePtr.h> 37 38#include <hardware/keymaster0.h> 39 40namespace android { 41 42class UniqueBlob : public UniquePtr<uint8_t[]> { 43public: 44 explicit UniqueBlob(size_t length) : 45 mLength(length) { 46 } 47 48 UniqueBlob(uint8_t* bytes, size_t length) : 49 UniquePtr<uint8_t[]>(bytes), mLength(length) { 50 } 51 52 bool operator==(const UniqueBlob &other) const { 53 if (other.length() != mLength) { 54 return false; 55 } 56 57 const uint8_t* mine = get(); 58 const uint8_t* theirs = other.get(); 59 60 for (size_t i = 0; i < mLength; i++) { 61 if (mine[i] != theirs[i]) { 62 return false; 63 } 64 } 65 66 return true; 67 } 68 69 size_t length() const { 70 return mLength; 71 } 72 73 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob); 74 75private: 76 size_t mLength; 77}; 78 79std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) { 80 const size_t length = blob.mLength; 81 stream << "Blob length=" << length << " < "; 82 83 const uint8_t* data = blob.get(); 84 for (size_t i = 0; i < length; i++) { 85 stream << std::hex << std::setw(2) << std::setfill('0') 86 << static_cast<unsigned int>(data[i]) << ' '; 87 } 88 stream << '>' << std::endl; 89 90 return stream; 91} 92 93class UniqueKey : public UniqueBlob { 94public: 95 UniqueKey(keymaster0_device_t** dev, uint8_t* bytes, size_t length) : 96 UniqueBlob(bytes, length), mDevice(dev) { 97 } 98 99 ~UniqueKey() { 100 if (mDevice != NULL && *mDevice != NULL) { 101 keymaster0_device_t* dev = *mDevice; 102 if (dev->delete_keypair != NULL) { 103 dev->delete_keypair(dev, get(), length()); 104 } 105 } 106 } 107 108private: 109 keymaster0_device_t** mDevice; 110}; 111 112class UniqueReadOnlyBlob { 113public: 114 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) : 115 mDataSize(dataSize) { 116 int pageSize = sysconf(_SC_PAGE_SIZE); 117 if (pageSize == -1) { 118 return; 119 } 120 121 int fd = open("/dev/zero", O_RDONLY); 122 if (fd == -1) { 123 return; 124 } 125 126 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1); 127 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE, 128 MAP_PRIVATE, fd, 0); 129 close(fd); 130 131 if (buffer == NULL) { 132 return; 133 } 134 135 memcpy(buffer, data, dataSize); 136 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) { 137 munmap(buffer, mBufferSize); 138 return; 139 } 140 141 mBuffer = buffer; 142 } 143 144 ~UniqueReadOnlyBlob() { 145 munmap(mBuffer, mBufferSize); 146 } 147 148 uint8_t* get() const { 149 return mBuffer; 150 } 151 152 size_t length() const { 153 return mDataSize; 154 } 155 156private: 157 uint8_t* mBuffer; 158 size_t mBufferSize; 159 size_t mDataSize; 160}; 161 162struct BIGNUM_Delete { 163 void operator()(BIGNUM* p) const { 164 BN_free(p); 165 } 166}; 167typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 168 169struct EVP_PKEY_Delete { 170 void operator()(EVP_PKEY* p) const { 171 EVP_PKEY_free(p); 172 } 173}; 174typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 175 176struct PKCS8_PRIV_KEY_INFO_Delete { 177 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 178 PKCS8_PRIV_KEY_INFO_free(p); 179 } 180}; 181typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 182 183struct RSA_Delete { 184 void operator()(RSA* p) const { 185 RSA_free(p); 186 } 187}; 188typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; 189 190struct EC_KEY_Delete { 191 void operator()(EC_KEY* p) const { 192 EC_KEY_free(p); 193 } 194}; 195typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY; 196 197 198/* 199 * DER-encoded PKCS#8 format RSA key. Generated using: 200 * 201 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 202 */ 203static uint8_t TEST_RSA_KEY_1[] = { 204 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 205 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 206 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 207 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27, 208 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55, 209 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0, 210 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A, 211 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13, 212 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8, 213 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A, 214 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77, 215 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10, 216 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D, 217 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7, 218 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64, 219 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6, 220 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC, 221 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9, 222 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A, 223 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F, 224 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28, 225 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC, 226 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD, 227 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78, 228 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 229 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC, 230 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA, 231 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF, 232 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F, 233 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26, 234 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07, 235 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77, 236 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D, 237 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75, 238 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF, 239 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12, 240 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34, 241 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48, 242 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98, 243 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43, 244 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC, 245 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75, 246 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57, 247 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21, 248 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68, 249 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81, 250 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA, 251 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27, 252 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12, 253 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89, 254 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B, 255 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D, 256 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50, 257 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7, 258 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95, 259 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12, 260 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E, 261 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC, 262 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63, 263 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33, 264 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44, 265 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32, 266 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4, 267 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5, 268 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0, 269 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E, 270 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83, 271 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C, 272 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4, 273 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42, 274 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14, 275 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8, 276 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C, 277 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6, 278 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67, 279 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B, 280 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D, 281 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B, 282 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62, 283 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91, 284 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1, 285 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40, 286 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64, 287 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E, 288 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72, 289 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F, 290 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11, 291 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE, 292 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9, 293 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71, 294 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B, 295 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46, 296 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13, 297 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E, 298 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61, 299 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2, 300 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63, 301 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82, 302 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED, 303 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9, 304 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2, 305 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5, 306}; 307 308/* 309 * DER-encoded PKCS#8 format EC key. Generated using: 310 * 311 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 312 */ 313static uint8_t TEST_EC_KEY_1[] = { 314 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 315 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 316 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20, 317 0x25, 0xAC, 0x77, 0x2B, 0x04, 0x33, 0xC8, 0x16, 0x59, 0xA3, 0xC7, 0xE7, 318 0x11, 0x42, 0xD0, 0x11, 0x71, 0x30, 0x7B, 0xB8, 0xD2, 0x67, 0xFF, 0x9C, 319 0x5F, 0x50, 0x2E, 0xAB, 0x67, 0xD4, 0x17, 0x51, 0xA1, 0x44, 0x03, 0x42, 320 0x00, 0x04, 0xCF, 0xCE, 0xB8, 0x7F, 0x88, 0x36, 0xC4, 0xF8, 0x51, 0x29, 321 0xE2, 0xA7, 0x21, 0xC3, 0x3B, 0xFF, 0x88, 0xE3, 0x87, 0x98, 0xD1, 0xA6, 322 0x4B, 0xB3, 0x4B, 0xD5, 0x44, 0xF8, 0xE0, 0x43, 0x6B, 0x50, 0x74, 0xFB, 323 0xB0, 0xAD, 0x41, 0x1C, 0x11, 0x9D, 0xC6, 0x1E, 0x83, 0x8C, 0x49, 0xCA, 324 0xBE, 0xC6, 0xCE, 0xB6, 0xC9, 0xA1, 0xBF, 0x69, 0xA9, 0xA0, 0xA3, 0x80, 325 0x14, 0x39, 0x57, 0x94, 0xDA, 0x5D 326}; 327 328 329/* 330 * Generated using keys on the keyboard and lack of imagination. 331 */ 332static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF }; 333 334 335class KeymasterBaseTest : public ::testing::Test { 336public: 337 static void SetUpTestCase() { 338 const hw_module_t* mod; 339 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod)) 340 << "Should be able to find a keymaster hardware module"; 341 342 std::cout << "Using keymaster module: " << mod->name << std::endl; 343 344 ASSERT_EQ(0, keymaster0_open(mod, &sDevice)) 345 << "Should be able to open the keymaster device"; 346 347 ASSERT_EQ(KEYMASTER_MODULE_API_VERSION_0_2, mod->module_api_version) 348 << "Keymaster should implement API version 2"; 349 350 ASSERT_TRUE(sDevice->generate_keypair != NULL) 351 << "Should implement generate_keypair"; 352 353 ASSERT_TRUE(sDevice->import_keypair != NULL) 354 << "Should implement import_keypair"; 355 356 ASSERT_TRUE(sDevice->get_keypair_public != NULL) 357 << "Should implement get_keypair_public"; 358 359 ASSERT_TRUE(sDevice->sign_data != NULL) 360 << "Should implement sign_data"; 361 362 ASSERT_TRUE(sDevice->verify_data != NULL) 363 << "Should implement verify_data"; 364 } 365 366 static void TearDownTestCase() { 367 ASSERT_EQ(0, keymaster0_close(sDevice)); 368 } 369 370protected: 371 static keymaster0_device_t* sDevice; 372}; 373 374keymaster0_device_t* KeymasterBaseTest::sDevice = NULL; 375 376class KeymasterTest : public KeymasterBaseTest { 377}; 378 379class KeymasterAllTypesTest : public KeymasterBaseTest, 380 public ::testing::WithParamInterface<keymaster_keypair_t> { 381}; 382 383class KeymasterGenerateRSATest : public KeymasterBaseTest, 384 public ::testing::WithParamInterface<uint32_t> { 385}; 386 387class KeymasterGenerateDSATest : public KeymasterBaseTest, 388 public ::testing::WithParamInterface<uint32_t> { 389}; 390 391class KeymasterGenerateECTest : public KeymasterBaseTest, 392 public ::testing::WithParamInterface<uint32_t> { 393}; 394 395TEST_P(KeymasterGenerateRSATest, GenerateKeyPair_RSA_Success) { 396 keymaster_keypair_t key_type = TYPE_RSA; 397 keymaster_rsa_keygen_params_t params = { 398 .modulus_size = GetParam(), 399 .public_exponent = RSA_F4, 400 }; 401 402 uint8_t* key_blob; 403 size_t key_blob_length; 404 405 ASSERT_EQ(0, 406 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 407 << "Should generate an RSA key with " << GetParam() << " bit modulus size"; 408 UniqueKey key(&sDevice, key_blob, key_blob_length); 409 410 uint8_t* x509_data = NULL; 411 size_t x509_data_length; 412 ASSERT_EQ(0, 413 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 414 &x509_data, &x509_data_length)) 415 << "Should be able to retrieve RSA public key successfully"; 416 UniqueBlob x509_blob(x509_data, x509_data_length); 417 ASSERT_FALSE(x509_blob.get() == NULL) 418 << "X509 data should be allocated"; 419 420 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 421 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 422 static_cast<long>(x509_blob.length()))); 423 424 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type)) 425 << "Generated key type should be of type RSA"; 426 427 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get())); 428 ASSERT_FALSE(rsa.get() == NULL) 429 << "Should be able to extract RSA key from EVP_PKEY"; 430 431 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e)) 432 << "Exponent should be RSA_F4"; 433 434 ASSERT_EQ((GetParam() + 7) / 8, static_cast<uint32_t>(RSA_size(rsa.get()))) 435 << "Modulus size should be the specified parameter"; 436} 437 438INSTANTIATE_TEST_CASE_P(RSA, 439 KeymasterGenerateRSATest, 440 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U)); 441 442 443TEST_P(KeymasterGenerateECTest, GenerateKeyPair_EC_Success) { 444 keymaster_keypair_t key_type = TYPE_EC; 445 keymaster_ec_keygen_params_t params = { 446 .field_size = GetParam(), 447 }; 448 449 uint8_t* key_blob; 450 size_t key_blob_length; 451 452 ASSERT_EQ(0, 453 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 454 << "Should generate an EC key with " << GetParam() << " field size"; 455 UniqueKey key(&sDevice, key_blob, key_blob_length); 456 457 uint8_t* x509_data = NULL; 458 size_t x509_data_length; 459 ASSERT_EQ(0, 460 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 461 &x509_data, &x509_data_length)) 462 << "Should be able to retrieve EC public key successfully"; 463 UniqueBlob x509_blob(x509_data, x509_data_length); 464 ASSERT_FALSE(x509_blob.get() == NULL) 465 << "X509 data should be allocated"; 466 467 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 468 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 469 static_cast<long>(x509_blob.length()))); 470 471 ASSERT_EQ(EVP_PKEY_EC, EVP_PKEY_type(actual.get()->type)) 472 << "Generated key type should be of type EC"; 473 474 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(actual.get())); 475 ASSERT_FALSE(ecKey.get() == NULL) 476 << "Should be able to extract EC key from EVP_PKEY"; 477 478 ASSERT_FALSE(EC_KEY_get0_group(ecKey.get()) == NULL) 479 << "EC key should have a EC_GROUP"; 480 481 ASSERT_TRUE(EC_KEY_check_key(ecKey.get())) 482 << "EC key should check correctly"; 483} 484 485INSTANTIATE_TEST_CASE_P(EC, 486 KeymasterGenerateECTest, 487 ::testing::Values(192U, 224U, 256U, 384U, 521U)); 488 489 490TEST_P(KeymasterAllTypesTest, GenerateKeyPair_NullParams_Failure) { 491 keymaster_keypair_t key_type = GetParam(); 492 493 uint8_t* key_blob; 494 size_t key_blob_length; 495 496 ASSERT_EQ(-1, 497 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 498 << "Should not be able to generate a key with null params"; 499} 500 501INSTANTIATE_TEST_CASE_P(Types, 502 KeymasterAllTypesTest, 503 ::testing::Values(TYPE_RSA, TYPE_DSA, TYPE_EC)); 504 505TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) { 506 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF); 507 508 uint8_t* key_blob; 509 size_t key_blob_length; 510 511 ASSERT_EQ(-1, 512 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 513 << "Should not generate an unknown key type"; 514} 515 516TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) { 517 uint8_t* key_blob; 518 size_t key_blob_length; 519 520 ASSERT_EQ(0, 521 sDevice->import_keypair(sDevice, TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1), 522 &key_blob, &key_blob_length)) 523 << "Should successfully import an RSA key"; 524 UniqueKey key(&sDevice, key_blob, key_blob_length); 525 526 uint8_t* x509_data; 527 size_t x509_data_length; 528 ASSERT_EQ(0, 529 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 530 &x509_data, &x509_data_length)) 531 << "Should be able to retrieve RSA public key successfully"; 532 UniqueBlob x509_blob(x509_data, x509_data_length); 533 534 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 535 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 536 static_cast<long>(x509_blob.length()))); 537 538 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA) 539 << "Generated key type should be of type RSA"; 540 541 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_RSA_KEY_1); 542 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 543 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 544 sizeof(TEST_RSA_KEY_1))); 545 546 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 547 548 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 549 << "Expected and actual keys should match"; 550} 551 552TEST_F(KeymasterTest, ImportKeyPair_EC_Success) { 553 uint8_t* key_blob; 554 size_t key_blob_length; 555 556 ASSERT_EQ(0, 557 sDevice->import_keypair(sDevice, TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1), 558 &key_blob, &key_blob_length)) 559 << "Should successfully import an EC key"; 560 UniqueKey key(&sDevice, key_blob, key_blob_length); 561 562 uint8_t* x509_data; 563 size_t x509_data_length; 564 ASSERT_EQ(0, 565 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 566 &x509_data, &x509_data_length)) 567 << "Should be able to retrieve EC public key successfully"; 568 UniqueBlob x509_blob(x509_data, x509_data_length); 569 570 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 571 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 572 static_cast<long>(x509_blob.length()))); 573 574 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_EC) 575 << "Generated key type should be of type EC"; 576 577 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_EC_KEY_1); 578 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 579 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 580 sizeof(TEST_EC_KEY_1))); 581 582 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 583 584 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 585 << "Expected and actual keys should match"; 586} 587 588TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) { 589 uint8_t* key_blob; 590 size_t key_blob_length; 591 592 ASSERT_EQ(-1, 593 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1), 594 &key_blob, &key_blob_length)) 595 << "Should not import an unknown key type"; 596} 597 598TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) { 599 uint8_t* key_blob; 600 size_t key_blob_length; 601 602 ASSERT_EQ(-1, 603 sDevice->import_keypair(sDevice, NULL, 0, 604 &key_blob, &key_blob_length)) 605 << "Should not import a null key"; 606} 607 608TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) { 609 uint8_t* key_blob; 610 size_t key_blob_length; 611 612 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 613 ASSERT_TRUE(testKey.get() != NULL); 614 615 ASSERT_EQ(0, 616 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 617 &key_blob, &key_blob_length)) 618 << "Should successfully import an RSA key"; 619 UniqueKey key(&sDevice, key_blob, key_blob_length); 620 621 uint8_t* x509_data; 622 size_t x509_data_length; 623 ASSERT_EQ(0, 624 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 625 &x509_data, &x509_data_length)) 626 << "Should be able to retrieve RSA public key successfully"; 627 UniqueBlob x509_blob(x509_data, x509_data_length); 628} 629 630TEST_F(KeymasterTest, GetKeypairPublic_EC_Success) { 631 uint8_t* key_blob; 632 size_t key_blob_length; 633 634 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1)); 635 ASSERT_TRUE(testKey.get() != NULL); 636 637 ASSERT_EQ(0, 638 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 639 &key_blob, &key_blob_length)) 640 << "Should successfully import an EC key"; 641 UniqueKey key(&sDevice, key_blob, key_blob_length); 642 643 uint8_t* x509_data; 644 size_t x509_data_length; 645 ASSERT_EQ(0, 646 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 647 &x509_data, &x509_data_length)) 648 << "Should be able to retrieve EC public key successfully"; 649 UniqueBlob x509_blob(x509_data, x509_data_length); 650} 651 652TEST_F(KeymasterTest, GetKeypairPublic_NullKey_Failure) { 653 uint8_t* key_blob; 654 size_t key_blob_length; 655 656 uint8_t* x509_data = NULL; 657 size_t x509_data_length; 658 ASSERT_EQ(-1, 659 sDevice->get_keypair_public(sDevice, NULL, 0, 660 &x509_data, &x509_data_length)) 661 << "Should not be able to retrieve public key from null key"; 662 UniqueBlob x509_blob(x509_data, x509_data_length); 663} 664 665TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) { 666 uint8_t* key_blob; 667 size_t key_blob_length; 668 669 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 670 ASSERT_TRUE(testKey.get() != NULL); 671 672 ASSERT_EQ(0, 673 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 674 &key_blob, &key_blob_length)) 675 << "Should successfully import an RSA key"; 676 UniqueKey key(&sDevice, key_blob, key_blob_length); 677 678 ASSERT_EQ(-1, 679 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 680 NULL, NULL)) 681 << "Should not be able to succeed with NULL destination blob"; 682} 683 684TEST_F(KeymasterTest, GetKeypairPublic_EC_NullDestination_Failure) { 685 uint8_t* key_blob; 686 size_t key_blob_length; 687 688 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1)); 689 ASSERT_TRUE(testKey.get() != NULL); 690 691 ASSERT_EQ(0, 692 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 693 &key_blob, &key_blob_length)) 694 << "Should successfully import an RSA key"; 695 UniqueKey key(&sDevice, key_blob, key_blob_length); 696 697 ASSERT_EQ(-1, 698 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 699 NULL, NULL)) 700 << "Should not be able to succeed with NULL destination blob"; 701} 702 703TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) { 704 uint8_t* key_blob; 705 size_t key_blob_length; 706 707 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 708 ASSERT_TRUE(testKey.get() != NULL); 709 710 ASSERT_EQ(0, 711 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 712 &key_blob, &key_blob_length)) 713 << "Should successfully import an RSA key"; 714 UniqueKey key(&sDevice, key_blob, key_blob_length); 715} 716 717TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) { 718 uint8_t* key_blob; 719 size_t key_blob_length; 720 721 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 722 ASSERT_TRUE(testKey.get() != NULL); 723 724 /* 725 * This is only run if the module indicates it implements key deletion 726 * by implementing delete_keypair. 727 */ 728 if (sDevice->delete_keypair != NULL) { 729 ASSERT_EQ(0, 730 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 731 &key_blob, &key_blob_length)) 732 << "Should successfully import an RSA key"; 733 UniqueBlob blob(key_blob, key_blob_length); 734 735 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 736 << "Should delete key after import"; 737 738 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 739 << "Should not be able to delete key twice"; 740 } 741} 742 743TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) { 744 /* 745 * This is only run if the module indicates it implements key deletion 746 * by implementing delete_keypair. 747 */ 748 if (sDevice->delete_keypair != NULL) { 749 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0)) 750 << "Should not be able to delete null key"; 751 } 752} 753 754/* 755 * DER-encoded PKCS#8 format RSA key. Generated using: 756 * 757 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 758 */ 759static uint8_t TEST_SIGN_RSA_KEY_1[] = { 760 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 761 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 762 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 763 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5, 764 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9, 765 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78, 766 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED, 767 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D, 768 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 769 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2, 770 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E, 771 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55, 772 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B, 773 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E, 774 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64, 775 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6, 776 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C, 777 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5, 778 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA, 779 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83, 780 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43, 781 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6, 782 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60, 783 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A, 784 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20, 785 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9, 786 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B, 787 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80, 788 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A, 789}; 790 791/* 792 * DER-encoded PKCS#8 format EC key. Generated using: 793 * 794 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 795 */ 796static uint8_t TEST_SIGN_EC_KEY_1[] = { 797 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 798 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 799 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20, 800 0x9E, 0x66, 0x11, 0x6A, 0x89, 0xF5, 0x78, 0x57, 0xF3, 0x35, 0xA2, 0x46, 801 0x09, 0x06, 0x4B, 0x4D, 0x81, 0xEC, 0xD3, 0x9B, 0x0A, 0xC4, 0x68, 0x06, 802 0xB8, 0x42, 0x24, 0x5E, 0x74, 0x2C, 0x62, 0x79, 0xA1, 0x44, 0x03, 0x42, 803 0x00, 0x04, 0x35, 0xB5, 0x9A, 0x5C, 0xE5, 0x52, 0x35, 0xF2, 0x10, 0x6C, 804 0xD9, 0x98, 0x67, 0xED, 0x5E, 0xCB, 0x6B, 0xB8, 0x96, 0x5E, 0x54, 0x7C, 805 0x34, 0x2A, 0xA3, 0x3B, 0xF3, 0xD1, 0x39, 0x48, 0x36, 0x7A, 0xEA, 0xD8, 806 0xCA, 0xDD, 0x40, 0x8F, 0xE9, 0xE0, 0x95, 0x2E, 0x3F, 0x95, 0x0F, 0x14, 807 0xD6, 0x14, 0x78, 0xB5, 0xAD, 0x17, 0xD2, 0x5A, 0x41, 0x96, 0x99, 0x20, 808 0xC7, 0x5B, 0x0F, 0x60, 0xFD, 0xBA 809}; 810 811/* 812 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying 813 * the signature below in no padding mode: 814 * 815 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig 816 */ 817static uint8_t TEST_SIGN_DATA_1[] = { 818 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 819 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 820 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 821 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 822 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77, 823 0x6F, 0x72, 0x6C, 0x64, 824}; 825 826/* 827 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_RSA_KEY_1. Generated using: 828 * 829 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1 830 */ 831static uint8_t TEST_SIGN_RSA_SIGNATURE_1[] = { 832 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 833 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 834 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 835 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 836 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 837 0x79, 0xE4, 0x91, 0x40, 838}; 839 840/* 841 * Identical to TEST_SIGN_RSA_SIGNATURE_1 except the last octet is '1' instead of '0' 842 * This should fail any test. 843 */ 844static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = { 845 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 846 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 847 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 848 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 849 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 850 0x79, 0xE4, 0x91, 0x41, 851}; 852 853TEST_F(KeymasterTest, SignData_RSA_Raw_Success) { 854 uint8_t* key_blob; 855 size_t key_blob_length; 856 857 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 858 ASSERT_TRUE(testKey.get() != NULL); 859 860 ASSERT_EQ(0, 861 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 862 &key_blob, &key_blob_length)) 863 << "Should successfully import an RSA key"; 864 UniqueKey key(&sDevice, key_blob, key_blob_length); 865 866 keymaster_rsa_sign_params_t params = { 867 .digest_type = DIGEST_NONE, 868 .padding_type = PADDING_NONE, 869 }; 870 871 uint8_t* sig; 872 size_t sig_length; 873 874 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 875 ASSERT_TRUE(testData.get() != NULL); 876 877 ASSERT_EQ(0, 878 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 879 testData.get(), testData.length(), 880 &sig, &sig_length)) 881 << "Should sign data successfully"; 882 UniqueBlob sig_blob(sig, sig_length); 883 884 UniqueBlob expected_sig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 885 886 ASSERT_EQ(expected_sig, sig_blob) 887 << "Generated signature should match expected signature"; 888 889 // The expected signature is actually stack data, so don't let it try to free. 890 uint8_t* unused __attribute__((unused)) = expected_sig.release(); 891} 892 893TEST_F(KeymasterTest, SignData_EC_Success) { 894 uint8_t* key_blob; 895 size_t key_blob_length; 896 897 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 898 ASSERT_TRUE(testKey.get() != NULL); 899 900 ASSERT_EQ(0, 901 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 902 &key_blob, &key_blob_length)) 903 << "Should successfully import an EC key"; 904 UniqueKey key(&sDevice, key_blob, key_blob_length); 905 906 keymaster_ec_sign_params_t params = { 907 .digest_type = DIGEST_NONE, 908 }; 909 910 uint8_t* sig; 911 size_t sig_length; 912 913 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 914 ASSERT_TRUE(testData.get() != NULL); 915 916 ASSERT_EQ(0, 917 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 918 testData.get(), testData.length(), 919 &sig, &sig_length)) 920 << "Should sign data successfully"; 921 UniqueBlob sig_blob(sig, sig_length); 922 923 uint8_t* x509_data; 924 size_t x509_data_length; 925 ASSERT_EQ(0, 926 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 927 &x509_data, &x509_data_length)) 928 << "Should be able to retrieve RSA public key successfully"; 929 UniqueBlob x509_blob(x509_data, x509_data_length); 930 931 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 932 Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 933 static_cast<long>(x509_blob.length()))); 934 935 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get())); 936 937 ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get())) 938 << "Signature should verify"; 939} 940 941TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) { 942 uint8_t* key_blob; 943 size_t key_blob_length; 944 945 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 946 ASSERT_TRUE(testKey.get() != NULL); 947 948 ASSERT_EQ(0, 949 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 950 &key_blob, &key_blob_length)) 951 << "Should successfully import an RSA key"; 952 UniqueKey key(&sDevice, key_blob, key_blob_length); 953 954 keymaster_rsa_sign_params_t params = { 955 .digest_type = DIGEST_NONE, 956 .padding_type = PADDING_NONE, 957 }; 958 959 uint8_t* sig; 960 size_t sig_length; 961 962 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 963 ASSERT_TRUE(testData.get() != NULL); 964 965 ASSERT_EQ(-1, 966 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 967 testData.get(), testData.length(), 968 &sig, &sig_length)) 969 << "Should not be able to do raw signature on incorrect size data"; 970} 971 972TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) { 973 keymaster_rsa_sign_params_t params = { 974 .digest_type = DIGEST_NONE, 975 .padding_type = PADDING_NONE, 976 }; 977 978 uint8_t* sig; 979 size_t sig_length; 980 981 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 982 ASSERT_TRUE(testData.get() != NULL); 983 984 ASSERT_EQ(-1, 985 sDevice->sign_data(sDevice, ¶ms, NULL, 0, 986 testData.get(), testData.length(), 987 &sig, &sig_length)) 988 << "Should not be able to do raw signature on incorrect size data"; 989} 990 991TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) { 992 uint8_t* key_blob; 993 size_t key_blob_length; 994 995 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 996 ASSERT_TRUE(testKey.get() != NULL); 997 998 ASSERT_EQ(0, 999 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1000 &key_blob, &key_blob_length)) 1001 << "Should successfully import an RSA key"; 1002 UniqueKey key(&sDevice, key_blob, key_blob_length); 1003 1004 keymaster_rsa_sign_params_t params = { 1005 .digest_type = DIGEST_NONE, 1006 .padding_type = PADDING_NONE, 1007 }; 1008 1009 uint8_t* sig; 1010 size_t sig_length; 1011 1012 ASSERT_EQ(-1, 1013 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1014 NULL, 0, 1015 &sig, &sig_length)) 1016 << "Should error when input data is null"; 1017} 1018 1019TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) { 1020 uint8_t* key_blob; 1021 size_t key_blob_length; 1022 1023 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1024 ASSERT_TRUE(testKey.get() != NULL); 1025 1026 ASSERT_EQ(0, 1027 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1028 &key_blob, &key_blob_length)) 1029 << "Should successfully import an RSA key"; 1030 UniqueKey key(&sDevice, key_blob, key_blob_length); 1031 1032 keymaster_rsa_sign_params_t params = { 1033 .digest_type = DIGEST_NONE, 1034 .padding_type = PADDING_NONE, 1035 }; 1036 1037 uint8_t* sig; 1038 size_t sig_length; 1039 1040 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 1041 ASSERT_TRUE(testData.get() != NULL); 1042 1043 ASSERT_EQ(-1, 1044 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1045 testData.get(), testData.length(), 1046 NULL, NULL)) 1047 << "Should error when output is null"; 1048} 1049 1050TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) { 1051 uint8_t* key_blob; 1052 size_t key_blob_length; 1053 1054 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1055 ASSERT_TRUE(testKey.get() != NULL); 1056 1057 ASSERT_EQ(0, 1058 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1059 &key_blob, &key_blob_length)) 1060 << "Should successfully import an RSA key"; 1061 UniqueKey key(&sDevice, key_blob, key_blob_length); 1062 1063 keymaster_rsa_sign_params_t params = { 1064 .digest_type = DIGEST_NONE, 1065 .padding_type = PADDING_NONE, 1066 }; 1067 1068 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1069 ASSERT_TRUE(testData.get() != NULL); 1070 1071 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 1072 ASSERT_TRUE(testSig.get() != NULL); 1073 1074 ASSERT_EQ(0, 1075 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1076 testData.get(), testData.length(), 1077 testSig.get(), testSig.length())) 1078 << "Should verify data successfully"; 1079} 1080 1081TEST_F(KeymasterTest, VerifyData_EC_Raw_Success) { 1082 uint8_t* key_blob; 1083 size_t key_blob_length; 1084 1085 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 1086 ASSERT_TRUE(testKey.get() != NULL); 1087 1088 ASSERT_EQ(0, 1089 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1090 &key_blob, &key_blob_length)) 1091 << "Should successfully import an RSA key"; 1092 UniqueKey key(&sDevice, key_blob, key_blob_length); 1093 1094 keymaster_ec_sign_params_t params = { 1095 .digest_type = DIGEST_NONE, 1096 }; 1097 1098 uint8_t* sig; 1099 size_t sig_length; 1100 1101 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1102 ASSERT_TRUE(testData.get() != NULL); 1103 1104 ASSERT_EQ(0, 1105 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1106 testData.get(), testData.length(), 1107 &sig, &sig_length)) 1108 << "Should sign data successfully"; 1109 UniqueBlob sig_blob(sig, sig_length); 1110 1111 ASSERT_EQ(0, 1112 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1113 testData.get(), testData.length(), 1114 sig_blob.get(), sig_blob.length())) 1115 << "Should verify data successfully"; 1116} 1117 1118TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) { 1119 uint8_t* key_blob; 1120 size_t key_blob_length; 1121 1122 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1123 ASSERT_TRUE(testKey.get() != NULL); 1124 1125 ASSERT_EQ(0, 1126 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1127 &key_blob, &key_blob_length)) 1128 << "Should successfully import an RSA key"; 1129 UniqueKey key(&sDevice, key_blob, key_blob_length); 1130 1131 keymaster_rsa_sign_params_t params = { 1132 .digest_type = DIGEST_NONE, 1133 .padding_type = PADDING_NONE, 1134 }; 1135 1136 ASSERT_EQ(-1, 1137 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1138 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 1139 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 1140 << "Should sign data successfully"; 1141} 1142 1143TEST_F(KeymasterTest, VerifyData_EC_Raw_BadSignature_Failure) { 1144 uint8_t* key_blob; 1145 size_t key_blob_length; 1146 1147 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 1148 ASSERT_TRUE(testKey.get() != NULL); 1149 1150 ASSERT_EQ(0, 1151 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1152 &key_blob, &key_blob_length)) 1153 << "Should successfully import an RSA key"; 1154 UniqueKey key(&sDevice, key_blob, key_blob_length); 1155 1156 keymaster_ec_sign_params_t params = { 1157 .digest_type = DIGEST_NONE, 1158 }; 1159 1160 ASSERT_EQ(-1, 1161 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1162 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 1163 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 1164 << "Should sign data successfully"; 1165} 1166 1167TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) { 1168 keymaster_rsa_sign_params_t params = { 1169 .digest_type = DIGEST_NONE, 1170 .padding_type = PADDING_NONE, 1171 }; 1172 1173 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1174 ASSERT_TRUE(testData.get() != NULL); 1175 1176 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)); 1177 ASSERT_TRUE(testSig.get() != NULL); 1178 1179 ASSERT_EQ(-1, 1180 sDevice->verify_data(sDevice, ¶ms, NULL, 0, 1181 testData.get(), testData.length(), 1182 testSig.get(), testSig.length())) 1183 << "Should fail when key is null"; 1184} 1185 1186TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) { 1187 uint8_t* key_blob; 1188 size_t key_blob_length; 1189 1190 ASSERT_EQ(0, 1191 sDevice->import_keypair(sDevice, TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1), 1192 &key_blob, &key_blob_length)) 1193 << "Should successfully import an RSA key"; 1194 UniqueKey key(&sDevice, key_blob, key_blob_length); 1195 1196 keymaster_rsa_sign_params_t params = { 1197 .digest_type = DIGEST_NONE, 1198 .padding_type = PADDING_NONE, 1199 }; 1200 1201 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 1202 ASSERT_TRUE(testSig.get() != NULL); 1203 1204 ASSERT_EQ(-1, 1205 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1206 NULL, 0, 1207 testSig.get(), testSig.length())) 1208 << "Should fail on null input"; 1209} 1210 1211TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) { 1212 uint8_t* key_blob; 1213 size_t key_blob_length; 1214 1215 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1216 ASSERT_TRUE(testKey.get() != NULL); 1217 1218 ASSERT_EQ(0, 1219 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1220 &key_blob, &key_blob_length)) 1221 << "Should successfully import an RSA key"; 1222 UniqueKey key(&sDevice, key_blob, key_blob_length); 1223 1224 keymaster_rsa_sign_params_t params = { 1225 .digest_type = DIGEST_NONE, 1226 .padding_type = PADDING_NONE, 1227 }; 1228 1229 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1230 ASSERT_TRUE(testData.get() != NULL); 1231 1232 ASSERT_EQ(-1, 1233 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(), 1234 testData.get(), testData.length(), 1235 NULL, 0)) 1236 << "Should fail on null signature"; 1237} 1238 1239TEST_F(KeymasterTest, EraseAll_Success) { 1240 uint8_t *key1_blob, *key2_blob; 1241 size_t key1_blob_length, key2_blob_length; 1242 1243 // Only test this if the device says it supports delete_all 1244 if (sDevice->delete_all == NULL) { 1245 return; 1246 } 1247 1248 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1249 ASSERT_TRUE(testKey.get() != NULL); 1250 1251 ASSERT_EQ(0, 1252 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1253 &key1_blob, &key1_blob_length)) 1254 << "Should successfully import an RSA key"; 1255 UniqueKey key1(&sDevice, key1_blob, key1_blob_length); 1256 1257 UniqueReadOnlyBlob testKey2(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1258 ASSERT_TRUE(testKey2.get() != NULL); 1259 1260 ASSERT_EQ(0, 1261 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(), 1262 &key2_blob, &key2_blob_length)) 1263 << "Should successfully import an RSA key"; 1264 UniqueKey key2(&sDevice, key2_blob, key2_blob_length); 1265 1266 ASSERT_EQ(0, sDevice->delete_all(sDevice)) 1267 << "Should erase all keys"; 1268 1269 key1.reset(); 1270 1271 uint8_t* x509_data; 1272 size_t x509_data_length; 1273 ASSERT_EQ(-1, 1274 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length, 1275 &x509_data, &x509_data_length)) 1276 << "Should be able to retrieve RSA public key 1 successfully"; 1277 1278 ASSERT_EQ(-1, 1279 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length, 1280 &x509_data, &x509_data_length)) 1281 << "Should be able to retrieve RSA public key 2 successfully"; 1282} 1283 1284} 1285