1b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales/* 2b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * Copyright 2014 The Android Open Source Project 3b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * 4b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * Licensed under the Apache License, Version 2.0 (the "License"); 5b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * you may not use this file except in compliance with the License. 6b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * You may obtain a copy of the License at 7b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * 8b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * http://www.apache.org/licenses/LICENSE-2.0 9b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * 10b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * Unless required by applicable law or agreed to in writing, software 11b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * distributed under the License is distributed on an "AS IS" BASIS, 12b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * See the License for the specific language governing permissions and 14b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales * limitations under the License. 15b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales */ 16b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 17502060311670688efde282f220a469480032e967Jocelyn Bohr#include <keymaster/keymaster_configuration.h> 18502060311670688efde282f220a469480032e967Jocelyn Bohr 19b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales#include <stdio.h> 20502060311670688efde282f220a469480032e967Jocelyn Bohr#include <memory> 21b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 22b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales#include <openssl/evp.h> 23b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales#include <openssl/x509.h> 24b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 25b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales#include "trusty_keymaster_device.h" 26b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 27b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesusing keymaster::TrustyKeymasterDevice; 28b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 29b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesunsigned char rsa_privkey_pk8_der[] = { 30b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 31b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, 32b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34, 0x81, 0x2d, 0x5a, 33b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01, 0xf2, 0x34, 0x22, 0x6c, 34b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41, 0x7b, 0x71, 0xc0, 0xb6, 0xa4, 35b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9, 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff, 36b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7, 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57, 37b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e, 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5, 38b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12, 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f, 39b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d, 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28, 40b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x07, 0x45, 0xea, 0x6d, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0, 41b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x4d, 0x9c, 0xae, 0x37, 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55, 42b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x89, 0x9f, 0xfb, 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab, 43b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x02, 0x97, 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed, 44b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x0f, 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57, 45b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0, 0x80, 46b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac, 0xe7, 0x24, 47b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a, 0xb5, 0x91, 0x2c, 48b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80, 0x81, 0x02, 0x41, 0x00, 49b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0, 0x1a, 0xce, 0xaa, 0xf1, 0x30, 50b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf, 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d, 51b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb, 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c, 52b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85, 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55, 53b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83, 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31, 54b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a, 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b, 55b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xc9, 0x30, 0xdb, 0xe5, 0x63, 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6, 56b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xcd, 0xef, 0xd3, 0x24, 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5, 57b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x01, 0xfd, 0x91, 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1, 58b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x44, 0x11, 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78, 59b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xcc, 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea, 60b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f, 0xa8, 61b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d, 0x15, 0x18, 62b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc, 0x86, 0x94, 0x04, 63b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45, 0x26, 0xd3, 0x28, 0xc1, 64b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d, 0xec, 0x25, 0x08, 0x92, 0xdb, 65b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77, 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d, 66b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d, 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f, 67b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24, 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a, 68b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98, 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c, 69b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3, 0x34, 0x92, 0xd6}; 70b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesunsigned int rsa_privkey_pk8_der_len = 633; 71b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 72b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesunsigned char dsa_privkey_pk8_der[] = { 73b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48, 74b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3, 0xe9, 0xb6, 75b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad, 0xbc, 0xc9, 0xd1, 76b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8, 0xe0, 0x26, 0x44, 0x19, 77b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde, 0xe5, 0x4f, 0x48, 0x15, 0x01, 78b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8, 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c, 79b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d, 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b, 80b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2, 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7, 81b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda, 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec, 82b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24, 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb, 83b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xea, 0x17, 0xd2, 0x09, 0xb3, 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71, 84b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x68, 0xf7, 0xe3, 0x02, 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b, 85b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xf6, 0xcd, 0xd6, 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06, 86b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x88, 0xb1, 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8, 87b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x11, 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84, 88b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80, 0xca, 89b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62, 0x75, 0x8b, 90b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf, 0x72, 0x9a, 0x67, 91b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a, 0xba, 0x3b, 0xa8, 0x00, 92b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00, 0x81, 0x9d, 0xfd, 0x53, 0x0c, 93b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33, 0x91, 0x84, 0xbe, 0xad, 0x81}; 94b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesunsigned int dsa_privkey_pk8_der_len = 335; 95b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 96b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesunsigned char ec_privkey_pk8_der[] = { 97b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 98b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 99b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa, 100b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81, 101b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, 102b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xc2, 0x54, 0x61, 0x68, 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e, 103b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0x3b, 0xdd, 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e, 104b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, 0x33, 0x76, 105b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe}; 106b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesunsigned int ec_privkey_pk8_der_len = 138; 107b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 108502060311670688efde282f220a469480032e967Jocelyn Bohrkeymaster_key_param_t ec_params[] = { 109502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_EC), 110502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_long(KM_TAG_EC_CURVE, KM_EC_CURVE_P_521), 111502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN), 112502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY), 113502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), 114502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED), 115502060311670688efde282f220a469480032e967Jocelyn Bohr}; 116502060311670688efde282f220a469480032e967Jocelyn Bohrkeymaster_key_param_set_t ec_param_set = {ec_params, sizeof(ec_params) / sizeof(*ec_params)}; 117502060311670688efde282f220a469480032e967Jocelyn Bohr 118502060311670688efde282f220a469480032e967Jocelyn Bohrkeymaster_key_param_t rsa_params[] = { 119502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA), 120502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_int(KM_TAG_KEY_SIZE, 1024), 121502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, 65537), 122502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN), 123502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY), 124502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE), 125502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), 126502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED), 127502060311670688efde282f220a469480032e967Jocelyn Bohr}; 128502060311670688efde282f220a469480032e967Jocelyn Bohrkeymaster_key_param_set_t rsa_param_set = {rsa_params, sizeof(rsa_params) / sizeof(*rsa_params)}; 129502060311670688efde282f220a469480032e967Jocelyn Bohr 130b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesstruct EVP_PKEY_Delete { 131b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); } 132b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales}; 133b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 134b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesstruct EVP_PKEY_CTX_Delete { 135b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); } 136b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales}; 137b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 138502060311670688efde282f220a469480032e967Jocelyn Bohrstatic bool do_operation(TrustyKeymasterDevice* device, keymaster_purpose_t purpose, 139502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_key_blob_t* key, keymaster_blob_t* input, 140502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t* signature, keymaster_blob_t* output) { 141502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_key_param_t params[] = { 142502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE), 143502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), 144502060311670688efde282f220a469480032e967Jocelyn Bohr }; 145502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)}; 146502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_operation_handle_t op_handle; 147502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_error_t error = device->begin(purpose, key, ¶m_set, nullptr, &op_handle); 148502060311670688efde282f220a469480032e967Jocelyn Bohr if (error != KM_ERROR_OK) { 149502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Keymaster begin() failed: %d\n", error); 150502060311670688efde282f220a469480032e967Jocelyn Bohr return false; 151502060311670688efde282f220a469480032e967Jocelyn Bohr } 152502060311670688efde282f220a469480032e967Jocelyn Bohr size_t input_consumed; 153502060311670688efde282f220a469480032e967Jocelyn Bohr error = device->update(op_handle, nullptr, input, &input_consumed, nullptr, nullptr); 154502060311670688efde282f220a469480032e967Jocelyn Bohr if (error != KM_ERROR_OK) { 155502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Keymaster update() failed: %d\n", error); 156502060311670688efde282f220a469480032e967Jocelyn Bohr return false; 157502060311670688efde282f220a469480032e967Jocelyn Bohr } 158502060311670688efde282f220a469480032e967Jocelyn Bohr if (input_consumed != input->data_length) { 159502060311670688efde282f220a469480032e967Jocelyn Bohr // This should never happen. If it does, it's a bug in the keymaster implementation. 160502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Keymaster update() did not consume all data.\n"); 161502060311670688efde282f220a469480032e967Jocelyn Bohr device->abort(op_handle); 162502060311670688efde282f220a469480032e967Jocelyn Bohr return false; 163502060311670688efde282f220a469480032e967Jocelyn Bohr } 164502060311670688efde282f220a469480032e967Jocelyn Bohr error = device->finish(op_handle, nullptr, nullptr, signature, nullptr, output); 165502060311670688efde282f220a469480032e967Jocelyn Bohr if (error != KM_ERROR_OK) { 166502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Keymaster finish() failed: %d\n", error); 167502060311670688efde282f220a469480032e967Jocelyn Bohr return false; 168502060311670688efde282f220a469480032e967Jocelyn Bohr } 169502060311670688efde282f220a469480032e967Jocelyn Bohr return true; 170502060311670688efde282f220a469480032e967Jocelyn Bohr} 171502060311670688efde282f220a469480032e967Jocelyn Bohr 172b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesstatic bool test_import_rsa(TrustyKeymasterDevice* device) { 173b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("===================\n"); 174b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("= RSA Import Test =\n"); 175b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("===================\n\n"); 176b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 177b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Importing RSA keypair === \n"); 178502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_key_blob_t key; 179502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t private_key = {rsa_privkey_pk8_der, rsa_privkey_pk8_der_len}; 180502060311670688efde282f220a469480032e967Jocelyn Bohr int error = device->import_key(&rsa_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr); 181b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (error != KM_ERROR_OK) { 182502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error importing RSA key: %d\n\n", error); 183b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 184b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 185502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> key_deleter(key.key_material); 186b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 187b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Signing with imported RSA key ===\n"); 188b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales size_t message_len = 1024 / 8; 189502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]); 190b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales memset(message.get(), 'a', message_len); 191502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t input = {message.get(), message_len}, signature; 192502060311670688efde282f220a469480032e967Jocelyn Bohr 193502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) { 194502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error signing data with imported RSA key\n\n"); 195b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 196b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 197502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> signature_deleter(signature.data); 198b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 199b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Verifying with imported RSA key === \n"); 200502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) { 201502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error verifying data with imported RSA key\n\n"); 202b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 203b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 204b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 205b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("\n"); 206b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return true; 207b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales} 208b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 209b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesstatic bool test_rsa(TrustyKeymasterDevice* device) { 210b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("============\n"); 211b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("= RSA Test =\n"); 212b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("============\n\n"); 213b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 214b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Generating RSA key pair ===\n"); 215502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_key_blob_t key; 216502060311670688efde282f220a469480032e967Jocelyn Bohr int error = device->generate_key(&rsa_param_set, &key, nullptr); 217b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (error != KM_ERROR_OK) { 218b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Error generating RSA key pair: %d\n\n", error); 219b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 220b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 221502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> key_deleter(key.key_material); 222b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 223b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Signing with RSA key === \n"); 224502060311670688efde282f220a469480032e967Jocelyn Bohr size_t message_len = 1024 / 8; 225502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]); 226b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales memset(message.get(), 'a', message_len); 227502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t input = {message.get(), message_len}, signature; 228502060311670688efde282f220a469480032e967Jocelyn Bohr 229502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) { 230502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error signing data with RSA key\n\n"); 231b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 232b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 233502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> signature_deleter(signature.data); 234b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 235b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Verifying with RSA key === \n"); 236502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) { 237502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error verifying data with RSA key\n\n"); 238b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 239b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 240b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 241b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Exporting RSA public key ===\n"); 242502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t exported_key; 243502060311670688efde282f220a469480032e967Jocelyn Bohr error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key); 244b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (error != KM_ERROR_OK) { 245b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Error exporting RSA public key: %d\n\n", error); 246b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 247b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 248b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 249b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Verifying with exported key ===\n"); 250502060311670688efde282f220a469480032e967Jocelyn Bohr const uint8_t* tmp = exported_key.data; 251502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey( 252502060311670688efde282f220a469480032e967Jocelyn Bohr d2i_PUBKEY(NULL, &tmp, exported_key.data_length)); 253502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL)); 254b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (EVP_PKEY_verify_init(ctx.get()) != 1) { 255502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error initializing openss EVP context\n\n"); 256b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 257b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 258b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { 259502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Exported key was the wrong type?!?\n\n"); 260b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 261b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 262b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 263b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING); 264502060311670688efde282f220a469480032e967Jocelyn Bohr if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(), 265502060311670688efde282f220a469480032e967Jocelyn Bohr message_len) != 1) { 266502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Verification with exported pubkey failed.\n\n"); 267b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 268b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } else { 269b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Verification succeeded\n"); 270b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 271b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 272b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("\n"); 273b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return true; 274b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales} 275b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 276b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesstatic bool test_import_ecdsa(TrustyKeymasterDevice* device) { 277b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=====================\n"); 278b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("= ECDSA Import Test =\n"); 279b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=====================\n\n"); 280b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 281b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Importing ECDSA keypair === \n"); 282502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_key_blob_t key; 283502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t private_key = {ec_privkey_pk8_der, ec_privkey_pk8_der_len}; 284502060311670688efde282f220a469480032e967Jocelyn Bohr int error = device->import_key(&ec_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr); 285b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (error != KM_ERROR_OK) { 286502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error importing ECDSA key: %d\n\n", error); 287b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 288b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 289502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> deleter(key.key_material); 290b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 291b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Signing with imported ECDSA key ===\n"); 292b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales keymaster_ec_sign_params_t sign_params = {DIGEST_NONE}; 293b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales size_t message_len = 30 /* arbitrary */; 294502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]); 295b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales memset(message.get(), 'a', message_len); 296502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t input = {message.get(), message_len}, signature; 297502060311670688efde282f220a469480032e967Jocelyn Bohr 298502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) { 299502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error signing data with imported ECDSA key\n\n"); 300b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 301b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 302502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> signature_deleter(signature.data); 303b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 304b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Verifying with imported ECDSA key === \n"); 305502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) { 306502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error verifying data with imported ECDSA key\n\n"); 307b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 308b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 309b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 310b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("\n"); 311b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return true; 312b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales} 313b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 314b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesstatic bool test_ecdsa(TrustyKeymasterDevice* device) { 315b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("==============\n"); 316b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("= ECDSA Test =\n"); 317b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("==============\n\n"); 318b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 319b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Generating ECDSA key pair ===\n"); 320502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_key_blob_t key; 321502060311670688efde282f220a469480032e967Jocelyn Bohr int error = device->generate_key(&ec_param_set, &key, nullptr); 322502060311670688efde282f220a469480032e967Jocelyn Bohr if (error != KM_ERROR_OK) { 323b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Error generating ECDSA key pair: %d\n\n", error); 324b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 325b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 326502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> key_deleter(key.key_material); 327b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 328b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Signing with ECDSA key === \n"); 329b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales size_t message_len = 30 /* arbitrary */; 330502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]); 331b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales memset(message.get(), 'a', message_len); 332502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t input = {message.get(), message_len}, signature; 333502060311670688efde282f220a469480032e967Jocelyn Bohr 334502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) { 335502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error signing data with ECDSA key\n\n"); 336b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 337b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 338502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<const uint8_t[]> signature_deleter(signature.data); 339b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 340b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Verifying with ECDSA key === \n"); 341502060311670688efde282f220a469480032e967Jocelyn Bohr if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) { 342502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error verifying data with ECDSA key\n\n"); 343b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 344b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 345b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 346b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Exporting ECDSA public key ===\n"); 347502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster_blob_t exported_key; 348502060311670688efde282f220a469480032e967Jocelyn Bohr error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key); 349b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (error != KM_ERROR_OK) { 350b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Error exporting ECDSA public key: %d\n\n", error); 351b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 352b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 353b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 354b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("=== Verifying with exported key ===\n"); 355502060311670688efde282f220a469480032e967Jocelyn Bohr const uint8_t* tmp = exported_key.data; 356502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey( 357502060311670688efde282f220a469480032e967Jocelyn Bohr d2i_PUBKEY(NULL, &tmp, exported_key.data_length)); 358502060311670688efde282f220a469480032e967Jocelyn Bohr std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL)); 359b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (EVP_PKEY_verify_init(ctx.get()) != 1) { 360502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Error initializing openssl EVP context\n\n"); 361b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 362b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 363b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) { 364502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Exported key was the wrong type?!?\n\n"); 365b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 366b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 367b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 368502060311670688efde282f220a469480032e967Jocelyn Bohr if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(), 369502060311670688efde282f220a469480032e967Jocelyn Bohr message_len) != 1) { 370502060311670688efde282f220a469480032e967Jocelyn Bohr printf("Verification with exported pubkey failed.\n\n"); 371b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return false; 372b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } else { 373b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Verification succeeded\n"); 374b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 375b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 376b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("\n"); 377b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return true; 378b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales} 379b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 380b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Moralesint main(void) { 381b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales TrustyKeymasterDevice device(NULL); 382502060311670688efde282f220a469480032e967Jocelyn Bohr keymaster::ConfigureDevice(reinterpret_cast<keymaster2_device_t*>(&device)); 383b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (device.session_error() != KM_ERROR_OK) { 384b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Failed to initialize Trusty session: %d\n", device.session_error()); 385b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return 1; 386b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 387b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("Trusty session initialized\n"); 388b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 389b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales bool success = true; 390b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales success &= test_rsa(&device); 391b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales success &= test_import_rsa(&device); 392b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales success &= test_ecdsa(&device); 393b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales success &= test_import_ecdsa(&device); 394b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 395b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales if (success) { 396b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("\nTESTS PASSED!\n"); 397b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } else { 398b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales printf("\n!!!!TESTS FAILED!!!\n"); 399b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales } 400b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales 401b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales return success ? 0 : 1; 402b33c9b8ffa5e687a08311eae917c50fd615020d0Andres Morales} 403