1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <fcntl.h>
18 #include <stdlib.h>
19 #include <unistd.h>
20 #include <sys/mman.h>
21 #include <sys/stat.h>
22 #include <sys/types.h>
23
24 #include <fstream>
25 #include <iostream>
26 #include <memory>
27
28 #include <gtest/gtest.h>
29
30 #include <openssl/bn.h>
31 #include <openssl/evp.h>
32 #include <openssl/pkcs8.h>
33 #include <openssl/x509.h>
34
35 #define LOG_TAG "keymaster_test"
36 #include <utils/Log.h>
37
38 #include <hardware/keymaster0.h>
39
40 namespace android {
41
42 class UniqueBlob : public std::unique_ptr<uint8_t[]> {
43 public:
UniqueBlob(size_t length)44 explicit UniqueBlob(size_t length) :
45 mLength(length) {
46 }
47
UniqueBlob(uint8_t * bytes,size_t length)48 UniqueBlob(uint8_t* bytes, size_t length) :
49 std::unique_ptr<uint8_t[]>(bytes), mLength(length) {
50 }
51
operator ==(const UniqueBlob & other) const52 bool operator==(const UniqueBlob &other) const {
53 if (other.length() != mLength) {
54 return false;
55 }
56
57 const uint8_t* mine = get();
58 const uint8_t* theirs = other.get();
59
60 for (size_t i = 0; i < mLength; i++) {
61 if (mine[i] != theirs[i]) {
62 return false;
63 }
64 }
65
66 return true;
67 }
68
length() const69 size_t length() const {
70 return mLength;
71 }
72
73 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob);
74
75 private:
76 size_t mLength;
77 };
78
operator <<(std::ostream & stream,const UniqueBlob & blob)79 std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) {
80 const size_t length = blob.mLength;
81 stream << "Blob length=" << length << " < ";
82
83 const uint8_t* data = blob.get();
84 for (size_t i = 0; i < length; i++) {
85 stream << std::hex << std::setw(2) << std::setfill('0')
86 << static_cast<unsigned int>(data[i]) << ' ';
87 }
88 stream << '>' << std::endl;
89
90 return stream;
91 }
92
93 class UniqueKey : public UniqueBlob {
94 public:
UniqueKey(keymaster0_device_t ** dev,uint8_t * bytes,size_t length)95 UniqueKey(keymaster0_device_t** dev, uint8_t* bytes, size_t length) :
96 UniqueBlob(bytes, length), mDevice(dev) {
97 }
98
~UniqueKey()99 ~UniqueKey() {
100 if (mDevice != NULL && *mDevice != NULL) {
101 keymaster0_device_t* dev = *mDevice;
102 if (dev->delete_keypair != NULL) {
103 dev->delete_keypair(dev, get(), length());
104 }
105 }
106 }
107
108 private:
109 keymaster0_device_t** mDevice;
110 };
111
112 class UniqueReadOnlyBlob {
113 public:
UniqueReadOnlyBlob(uint8_t * data,size_t dataSize)114 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) :
115 mDataSize(dataSize) {
116 int pageSize = sysconf(_SC_PAGE_SIZE);
117 if (pageSize == -1) {
118 return;
119 }
120
121 int fd = open("/dev/zero", O_RDONLY);
122 if (fd == -1) {
123 return;
124 }
125
126 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1);
127 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE,
128 MAP_PRIVATE, fd, 0);
129 close(fd);
130
131 if (buffer == NULL) {
132 return;
133 }
134
135 memcpy(buffer, data, dataSize);
136 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) {
137 munmap(buffer, mBufferSize);
138 return;
139 }
140
141 mBuffer = buffer;
142 }
143
~UniqueReadOnlyBlob()144 ~UniqueReadOnlyBlob() {
145 munmap(mBuffer, mBufferSize);
146 }
147
get() const148 uint8_t* get() const {
149 return mBuffer;
150 }
151
length() const152 size_t length() const {
153 return mDataSize;
154 }
155
156 private:
157 uint8_t* mBuffer;
158 size_t mBufferSize;
159 size_t mDataSize;
160 };
161
162
163 /*
164 * DER-encoded PKCS#8 format RSA key. Generated using:
165 *
166 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
167 */
168 static uint8_t TEST_RSA_KEY_1[] = {
169 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
170 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
171 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
172 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27,
173 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55,
174 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0,
175 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A,
176 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13,
177 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8,
178 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A,
179 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77,
180 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10,
181 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D,
182 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7,
183 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64,
184 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6,
185 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC,
186 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9,
187 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A,
188 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F,
189 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28,
190 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC,
191 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD,
192 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78,
193 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
194 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC,
195 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA,
196 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF,
197 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F,
198 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26,
199 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07,
200 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77,
201 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D,
202 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75,
203 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF,
204 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12,
205 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34,
206 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48,
207 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98,
208 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43,
209 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC,
210 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75,
211 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57,
212 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21,
213 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68,
214 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81,
215 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA,
216 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27,
217 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12,
218 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89,
219 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B,
220 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D,
221 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50,
222 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7,
223 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95,
224 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12,
225 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E,
226 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC,
227 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63,
228 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33,
229 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44,
230 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32,
231 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4,
232 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5,
233 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0,
234 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E,
235 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83,
236 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C,
237 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4,
238 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42,
239 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14,
240 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8,
241 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C,
242 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6,
243 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67,
244 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B,
245 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D,
246 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B,
247 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62,
248 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91,
249 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1,
250 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40,
251 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64,
252 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E,
253 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72,
254 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F,
255 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11,
256 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE,
257 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9,
258 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71,
259 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B,
260 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46,
261 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13,
262 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E,
263 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61,
264 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2,
265 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63,
266 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82,
267 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED,
268 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9,
269 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2,
270 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5,
271 };
272
273 /*
274 * DER-encoded PKCS#8 format EC key. Generated using:
275 *
276 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
277 */
278 static uint8_t TEST_EC_KEY_1[] = {
279 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86,
280 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
281 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20,
282 0x25, 0xAC, 0x77, 0x2B, 0x04, 0x33, 0xC8, 0x16, 0x59, 0xA3, 0xC7, 0xE7,
283 0x11, 0x42, 0xD0, 0x11, 0x71, 0x30, 0x7B, 0xB8, 0xD2, 0x67, 0xFF, 0x9C,
284 0x5F, 0x50, 0x2E, 0xAB, 0x67, 0xD4, 0x17, 0x51, 0xA1, 0x44, 0x03, 0x42,
285 0x00, 0x04, 0xCF, 0xCE, 0xB8, 0x7F, 0x88, 0x36, 0xC4, 0xF8, 0x51, 0x29,
286 0xE2, 0xA7, 0x21, 0xC3, 0x3B, 0xFF, 0x88, 0xE3, 0x87, 0x98, 0xD1, 0xA6,
287 0x4B, 0xB3, 0x4B, 0xD5, 0x44, 0xF8, 0xE0, 0x43, 0x6B, 0x50, 0x74, 0xFB,
288 0xB0, 0xAD, 0x41, 0x1C, 0x11, 0x9D, 0xC6, 0x1E, 0x83, 0x8C, 0x49, 0xCA,
289 0xBE, 0xC6, 0xCE, 0xB6, 0xC9, 0xA1, 0xBF, 0x69, 0xA9, 0xA0, 0xA3, 0x80,
290 0x14, 0x39, 0x57, 0x94, 0xDA, 0x5D
291 };
292
293
294 /*
295 * Generated using keys on the keyboard and lack of imagination.
296 */
297 static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF };
298
299
300 class KeymasterBaseTest : public ::testing::Test {
301 public:
SetUpTestCase()302 static void SetUpTestCase() {
303 const hw_module_t* mod;
304 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod))
305 << "Should be able to find a keymaster hardware module";
306
307 std::cout << "Using keymaster module: " << mod->name << std::endl;
308
309 ASSERT_EQ(0, keymaster0_open(mod, &sDevice))
310 << "Should be able to open the keymaster device";
311
312 ASSERT_EQ(KEYMASTER_MODULE_API_VERSION_0_2, mod->module_api_version)
313 << "Keymaster should implement API version 2";
314
315 ASSERT_TRUE(sDevice->generate_keypair != NULL)
316 << "Should implement generate_keypair";
317
318 ASSERT_TRUE(sDevice->import_keypair != NULL)
319 << "Should implement import_keypair";
320
321 ASSERT_TRUE(sDevice->get_keypair_public != NULL)
322 << "Should implement get_keypair_public";
323
324 ASSERT_TRUE(sDevice->sign_data != NULL)
325 << "Should implement sign_data";
326
327 ASSERT_TRUE(sDevice->verify_data != NULL)
328 << "Should implement verify_data";
329 }
330
TearDownTestCase()331 static void TearDownTestCase() {
332 ASSERT_EQ(0, keymaster0_close(sDevice));
333 }
334
335 protected:
336 static keymaster0_device_t* sDevice;
337 };
338
339 keymaster0_device_t* KeymasterBaseTest::sDevice = NULL;
340
341 class KeymasterTest : public KeymasterBaseTest {
342 };
343
344 class KeymasterAllTypesTest : public KeymasterBaseTest,
345 public ::testing::WithParamInterface<keymaster_keypair_t> {
346 };
347
348 class KeymasterGenerateRSATest : public KeymasterBaseTest,
349 public ::testing::WithParamInterface<uint32_t> {
350 };
351
352 class KeymasterGenerateDSATest : public KeymasterBaseTest,
353 public ::testing::WithParamInterface<uint32_t> {
354 };
355
356 class KeymasterGenerateECTest : public KeymasterBaseTest,
357 public ::testing::WithParamInterface<uint32_t> {
358 };
359
TEST_P(KeymasterGenerateRSATest,GenerateKeyPair_RSA_Success)360 TEST_P(KeymasterGenerateRSATest, GenerateKeyPair_RSA_Success) {
361 keymaster_keypair_t key_type = TYPE_RSA;
362 keymaster_rsa_keygen_params_t params = {
363 .modulus_size = GetParam(),
364 .public_exponent = RSA_F4,
365 };
366
367 uint8_t* key_blob;
368 size_t key_blob_length;
369
370 ASSERT_EQ(0,
371 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length))
372 << "Should generate an RSA key with " << GetParam() << " bit modulus size";
373 UniqueKey key(&sDevice, key_blob, key_blob_length);
374
375 uint8_t* x509_data = NULL;
376 size_t x509_data_length;
377 ASSERT_EQ(0,
378 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
379 &x509_data, &x509_data_length))
380 << "Should be able to retrieve RSA public key successfully";
381 UniqueBlob x509_blob(x509_data, x509_data_length);
382 ASSERT_FALSE(x509_blob.get() == NULL)
383 << "X509 data should be allocated";
384
385 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
386 bssl::UniquePtr<EVP_PKEY> actual(d2i_PUBKEY(NULL, &tmp,
387 static_cast<long>(x509_blob.length())));
388
389 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type))
390 << "Generated key type should be of type RSA";
391
392 bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(actual.get()));
393 ASSERT_FALSE(rsa.get() == NULL)
394 << "Should be able to extract RSA key from EVP_PKEY";
395
396 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e))
397 << "Exponent should be RSA_F4";
398
399 ASSERT_EQ((GetParam() + 7) / 8, static_cast<uint32_t>(RSA_size(rsa.get())))
400 << "Modulus size should be the specified parameter";
401 }
402
403 INSTANTIATE_TEST_CASE_P(RSA,
404 KeymasterGenerateRSATest,
405 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U));
406
407
TEST_P(KeymasterGenerateECTest,GenerateKeyPair_EC_Success)408 TEST_P(KeymasterGenerateECTest, GenerateKeyPair_EC_Success) {
409 keymaster_keypair_t key_type = TYPE_EC;
410 keymaster_ec_keygen_params_t params = {
411 .field_size = GetParam(),
412 };
413
414 uint8_t* key_blob;
415 size_t key_blob_length;
416
417 ASSERT_EQ(0,
418 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length))
419 << "Should generate an EC key with " << GetParam() << " field size";
420 UniqueKey key(&sDevice, key_blob, key_blob_length);
421
422 uint8_t* x509_data = NULL;
423 size_t x509_data_length;
424 ASSERT_EQ(0,
425 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
426 &x509_data, &x509_data_length))
427 << "Should be able to retrieve EC public key successfully";
428 UniqueBlob x509_blob(x509_data, x509_data_length);
429 ASSERT_FALSE(x509_blob.get() == NULL)
430 << "X509 data should be allocated";
431
432 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
433 bssl::UniquePtr<EVP_PKEY> actual(d2i_PUBKEY(NULL, &tmp,
434 static_cast<long>(x509_blob.length())));
435
436 ASSERT_EQ(EVP_PKEY_EC, EVP_PKEY_type(actual.get()->type))
437 << "Generated key type should be of type EC";
438
439 bssl::UniquePtr<EC_KEY> ecKey(EVP_PKEY_get1_EC_KEY(actual.get()));
440 ASSERT_FALSE(ecKey.get() == NULL)
441 << "Should be able to extract EC key from EVP_PKEY";
442
443 ASSERT_FALSE(EC_KEY_get0_group(ecKey.get()) == NULL)
444 << "EC key should have a EC_GROUP";
445
446 ASSERT_TRUE(EC_KEY_check_key(ecKey.get()))
447 << "EC key should check correctly";
448 }
449
450 INSTANTIATE_TEST_CASE_P(EC,
451 KeymasterGenerateECTest,
452 ::testing::Values(192U, 224U, 256U, 384U, 521U));
453
454
TEST_P(KeymasterAllTypesTest,GenerateKeyPair_NullParams_Failure)455 TEST_P(KeymasterAllTypesTest, GenerateKeyPair_NullParams_Failure) {
456 keymaster_keypair_t key_type = GetParam();
457
458 uint8_t* key_blob;
459 size_t key_blob_length;
460
461 ASSERT_EQ(-1,
462 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
463 << "Should not be able to generate a key with null params";
464 }
465
466 INSTANTIATE_TEST_CASE_P(Types,
467 KeymasterAllTypesTest,
468 ::testing::Values(TYPE_RSA, TYPE_DSA, TYPE_EC));
469
TEST_F(KeymasterTest,GenerateKeyPair_UnknownType_Failure)470 TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) {
471 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF);
472
473 uint8_t* key_blob;
474 size_t key_blob_length;
475
476 ASSERT_EQ(-1,
477 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length))
478 << "Should not generate an unknown key type";
479 }
480
TEST_F(KeymasterTest,ImportKeyPair_RSA_Success)481 TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) {
482 uint8_t* key_blob;
483 size_t key_blob_length;
484
485 ASSERT_EQ(0,
486 sDevice->import_keypair(sDevice, TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1),
487 &key_blob, &key_blob_length))
488 << "Should successfully import an RSA key";
489 UniqueKey key(&sDevice, key_blob, key_blob_length);
490
491 uint8_t* x509_data;
492 size_t x509_data_length;
493 ASSERT_EQ(0,
494 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
495 &x509_data, &x509_data_length))
496 << "Should be able to retrieve RSA public key successfully";
497 UniqueBlob x509_blob(x509_data, x509_data_length);
498
499 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
500 bssl::UniquePtr<EVP_PKEY> actual(d2i_PUBKEY(NULL, &tmp,
501 static_cast<long>(x509_blob.length())));
502
503 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA)
504 << "Generated key type should be of type RSA";
505
506 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_RSA_KEY_1);
507 bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> expectedPkcs8(
508 d2i_PKCS8_PRIV_KEY_INFO(NULL, &expectedTmp,
509 sizeof(TEST_RSA_KEY_1)));
510
511 bssl::UniquePtr<EVP_PKEY> expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
512
513 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
514 << "Expected and actual keys should match";
515 }
516
TEST_F(KeymasterTest,ImportKeyPair_EC_Success)517 TEST_F(KeymasterTest, ImportKeyPair_EC_Success) {
518 uint8_t* key_blob;
519 size_t key_blob_length;
520
521 ASSERT_EQ(0,
522 sDevice->import_keypair(sDevice, TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1),
523 &key_blob, &key_blob_length))
524 << "Should successfully import an EC key";
525 UniqueKey key(&sDevice, key_blob, key_blob_length);
526
527 uint8_t* x509_data;
528 size_t x509_data_length;
529 ASSERT_EQ(0,
530 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
531 &x509_data, &x509_data_length))
532 << "Should be able to retrieve EC public key successfully";
533 UniqueBlob x509_blob(x509_data, x509_data_length);
534
535 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
536 bssl::UniquePtr<EVP_PKEY> actual(d2i_PUBKEY(NULL, &tmp,
537 static_cast<long>(x509_blob.length())));
538
539 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_EC)
540 << "Generated key type should be of type EC";
541
542 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_EC_KEY_1);
543 bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> expectedPkcs8(
544 d2i_PKCS8_PRIV_KEY_INFO(NULL, &expectedTmp,
545 sizeof(TEST_EC_KEY_1)));
546
547 bssl::UniquePtr<EVP_PKEY> expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
548
549 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
550 << "Expected and actual keys should match";
551 }
552
TEST_F(KeymasterTest,ImportKeyPair_BogusKey_Failure)553 TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) {
554 uint8_t* key_blob;
555 size_t key_blob_length;
556
557 ASSERT_EQ(-1,
558 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1),
559 &key_blob, &key_blob_length))
560 << "Should not import an unknown key type";
561 }
562
TEST_F(KeymasterTest,ImportKeyPair_NullKey_Failure)563 TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) {
564 uint8_t* key_blob;
565 size_t key_blob_length;
566
567 ASSERT_EQ(-1,
568 sDevice->import_keypair(sDevice, NULL, 0,
569 &key_blob, &key_blob_length))
570 << "Should not import a null key";
571 }
572
TEST_F(KeymasterTest,GetKeypairPublic_RSA_Success)573 TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) {
574 uint8_t* key_blob;
575 size_t key_blob_length;
576
577 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
578 ASSERT_TRUE(testKey.get() != NULL);
579
580 ASSERT_EQ(0,
581 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
582 &key_blob, &key_blob_length))
583 << "Should successfully import an RSA key";
584 UniqueKey key(&sDevice, key_blob, key_blob_length);
585
586 uint8_t* x509_data;
587 size_t x509_data_length;
588 ASSERT_EQ(0,
589 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
590 &x509_data, &x509_data_length))
591 << "Should be able to retrieve RSA public key successfully";
592 UniqueBlob x509_blob(x509_data, x509_data_length);
593 }
594
TEST_F(KeymasterTest,GetKeypairPublic_EC_Success)595 TEST_F(KeymasterTest, GetKeypairPublic_EC_Success) {
596 uint8_t* key_blob;
597 size_t key_blob_length;
598
599 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1));
600 ASSERT_TRUE(testKey.get() != NULL);
601
602 ASSERT_EQ(0,
603 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
604 &key_blob, &key_blob_length))
605 << "Should successfully import an EC key";
606 UniqueKey key(&sDevice, key_blob, key_blob_length);
607
608 uint8_t* x509_data;
609 size_t x509_data_length;
610 ASSERT_EQ(0,
611 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
612 &x509_data, &x509_data_length))
613 << "Should be able to retrieve EC public key successfully";
614 UniqueBlob x509_blob(x509_data, x509_data_length);
615 }
616
TEST_F(KeymasterTest,GetKeypairPublic_NullKey_Failure)617 TEST_F(KeymasterTest, GetKeypairPublic_NullKey_Failure) {
618 uint8_t* x509_data = NULL;
619 size_t x509_data_length;
620 ASSERT_EQ(-1,
621 sDevice->get_keypair_public(sDevice, NULL, 0,
622 &x509_data, &x509_data_length))
623 << "Should not be able to retrieve public key from null key";
624 UniqueBlob x509_blob(x509_data, x509_data_length);
625 }
626
TEST_F(KeymasterTest,GetKeypairPublic_RSA_NullDestination_Failure)627 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) {
628 uint8_t* key_blob;
629 size_t key_blob_length;
630
631 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
632 ASSERT_TRUE(testKey.get() != NULL);
633
634 ASSERT_EQ(0,
635 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
636 &key_blob, &key_blob_length))
637 << "Should successfully import an RSA key";
638 UniqueKey key(&sDevice, key_blob, key_blob_length);
639
640 ASSERT_EQ(-1,
641 sDevice->get_keypair_public(sDevice, key.get(), key.length(),
642 NULL, NULL))
643 << "Should not be able to succeed with NULL destination blob";
644 }
645
TEST_F(KeymasterTest,GetKeypairPublic_EC_NullDestination_Failure)646 TEST_F(KeymasterTest, GetKeypairPublic_EC_NullDestination_Failure) {
647 uint8_t* key_blob;
648 size_t key_blob_length;
649
650 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1));
651 ASSERT_TRUE(testKey.get() != NULL);
652
653 ASSERT_EQ(0,
654 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
655 &key_blob, &key_blob_length))
656 << "Should successfully import an RSA key";
657 UniqueKey key(&sDevice, key_blob, key_blob_length);
658
659 ASSERT_EQ(-1,
660 sDevice->get_keypair_public(sDevice, key.get(), key.length(),
661 NULL, NULL))
662 << "Should not be able to succeed with NULL destination blob";
663 }
664
TEST_F(KeymasterTest,DeleteKeyPair_RSA_Success)665 TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) {
666 uint8_t* key_blob;
667 size_t key_blob_length;
668
669 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
670 ASSERT_TRUE(testKey.get() != NULL);
671
672 ASSERT_EQ(0,
673 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
674 &key_blob, &key_blob_length))
675 << "Should successfully import an RSA key";
676 UniqueKey key(&sDevice, key_blob, key_blob_length);
677 }
678
TEST_F(KeymasterTest,DeleteKeyPair_RSA_DoubleDelete_Failure)679 TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) {
680 uint8_t* key_blob;
681 size_t key_blob_length;
682
683 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
684 ASSERT_TRUE(testKey.get() != NULL);
685
686 /*
687 * This is only run if the module indicates it implements key deletion
688 * by implementing delete_keypair.
689 */
690 if (sDevice->delete_keypair != NULL) {
691 ASSERT_EQ(0,
692 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
693 &key_blob, &key_blob_length))
694 << "Should successfully import an RSA key";
695 UniqueBlob blob(key_blob, key_blob_length);
696
697 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
698 << "Should delete key after import";
699
700 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length))
701 << "Should not be able to delete key twice";
702 }
703 }
704
TEST_F(KeymasterTest,DeleteKeyPair_RSA_NullKey_Failure)705 TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) {
706 /*
707 * This is only run if the module indicates it implements key deletion
708 * by implementing delete_keypair.
709 */
710 if (sDevice->delete_keypair != NULL) {
711 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0))
712 << "Should not be able to delete null key";
713 }
714 }
715
716 /*
717 * DER-encoded PKCS#8 format RSA key. Generated using:
718 *
719 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
720 */
721 static uint8_t TEST_SIGN_RSA_KEY_1[] = {
722 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A,
723 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
724 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
725 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5,
726 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9,
727 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78,
728 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED,
729 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D,
730 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00,
731 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2,
732 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E,
733 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55,
734 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B,
735 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E,
736 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64,
737 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6,
738 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C,
739 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5,
740 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA,
741 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83,
742 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43,
743 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6,
744 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60,
745 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A,
746 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20,
747 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9,
748 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B,
749 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80,
750 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A,
751 };
752
753 /*
754 * DER-encoded PKCS#8 format EC key. Generated using:
755 *
756 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1
757 */
758 static uint8_t TEST_SIGN_EC_KEY_1[] = {
759 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86,
760 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
761 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20,
762 0x9E, 0x66, 0x11, 0x6A, 0x89, 0xF5, 0x78, 0x57, 0xF3, 0x35, 0xA2, 0x46,
763 0x09, 0x06, 0x4B, 0x4D, 0x81, 0xEC, 0xD3, 0x9B, 0x0A, 0xC4, 0x68, 0x06,
764 0xB8, 0x42, 0x24, 0x5E, 0x74, 0x2C, 0x62, 0x79, 0xA1, 0x44, 0x03, 0x42,
765 0x00, 0x04, 0x35, 0xB5, 0x9A, 0x5C, 0xE5, 0x52, 0x35, 0xF2, 0x10, 0x6C,
766 0xD9, 0x98, 0x67, 0xED, 0x5E, 0xCB, 0x6B, 0xB8, 0x96, 0x5E, 0x54, 0x7C,
767 0x34, 0x2A, 0xA3, 0x3B, 0xF3, 0xD1, 0x39, 0x48, 0x36, 0x7A, 0xEA, 0xD8,
768 0xCA, 0xDD, 0x40, 0x8F, 0xE9, 0xE0, 0x95, 0x2E, 0x3F, 0x95, 0x0F, 0x14,
769 0xD6, 0x14, 0x78, 0xB5, 0xAD, 0x17, 0xD2, 0x5A, 0x41, 0x96, 0x99, 0x20,
770 0xC7, 0x5B, 0x0F, 0x60, 0xFD, 0xBA
771 };
772
773 /*
774 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying
775 * the signature below in no padding mode:
776 *
777 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig
778 */
779 static uint8_t TEST_SIGN_DATA_1[] = {
780 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
781 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
782 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
783 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
784 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77,
785 0x6F, 0x72, 0x6C, 0x64,
786 };
787
788 /*
789 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_RSA_KEY_1. Generated using:
790 *
791 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1
792 */
793 static uint8_t TEST_SIGN_RSA_SIGNATURE_1[] = {
794 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
795 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
796 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
797 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
798 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
799 0x79, 0xE4, 0x91, 0x40,
800 };
801
802 /*
803 * Identical to TEST_SIGN_RSA_SIGNATURE_1 except the last octet is '1' instead of '0'
804 * This should fail any test.
805 */
806 static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = {
807 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76,
808 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2,
809 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A,
810 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9,
811 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF,
812 0x79, 0xE4, 0x91, 0x41,
813 };
814
TEST_F(KeymasterTest,SignData_RSA_Raw_Success)815 TEST_F(KeymasterTest, SignData_RSA_Raw_Success) {
816 uint8_t* key_blob;
817 size_t key_blob_length;
818
819 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
820 ASSERT_TRUE(testKey.get() != NULL);
821
822 ASSERT_EQ(0,
823 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
824 &key_blob, &key_blob_length))
825 << "Should successfully import an RSA key";
826 UniqueKey key(&sDevice, key_blob, key_blob_length);
827
828 keymaster_rsa_sign_params_t params = {
829 .digest_type = DIGEST_NONE,
830 .padding_type = PADDING_NONE,
831 };
832
833 uint8_t* sig;
834 size_t sig_length;
835
836 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
837 ASSERT_TRUE(testData.get() != NULL);
838
839 ASSERT_EQ(0,
840 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
841 testData.get(), testData.length(),
842 &sig, &sig_length))
843 << "Should sign data successfully";
844 UniqueBlob sig_blob(sig, sig_length);
845
846 UniqueBlob expected_sig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1));
847
848 ASSERT_EQ(expected_sig, sig_blob)
849 << "Generated signature should match expected signature";
850
851 // The expected signature is actually stack data, so don't let it try to free.
852 uint8_t* unused __attribute__((unused)) = expected_sig.release();
853 }
854
TEST_F(KeymasterTest,SignData_EC_Success)855 TEST_F(KeymasterTest, SignData_EC_Success) {
856 uint8_t* key_blob;
857 size_t key_blob_length;
858
859 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));
860 ASSERT_TRUE(testKey.get() != NULL);
861
862 ASSERT_EQ(0,
863 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
864 &key_blob, &key_blob_length))
865 << "Should successfully import an EC key";
866 UniqueKey key(&sDevice, key_blob, key_blob_length);
867
868 keymaster_ec_sign_params_t params = {
869 .digest_type = DIGEST_NONE,
870 };
871
872 uint8_t* sig;
873 size_t sig_length;
874
875 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
876 ASSERT_TRUE(testData.get() != NULL);
877
878 ASSERT_EQ(0,
879 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
880 testData.get(), testData.length(),
881 &sig, &sig_length))
882 << "Should sign data successfully";
883 UniqueBlob sig_blob(sig, sig_length);
884
885 uint8_t* x509_data;
886 size_t x509_data_length;
887 ASSERT_EQ(0,
888 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
889 &x509_data, &x509_data_length))
890 << "Should be able to retrieve RSA public key successfully";
891 UniqueBlob x509_blob(x509_data, x509_data_length);
892
893 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
894 bssl::UniquePtr<EVP_PKEY> expected(d2i_PUBKEY(NULL, &tmp,
895 static_cast<long>(x509_blob.length())));
896
897 bssl::UniquePtr<EC_KEY> ecKey(EVP_PKEY_get1_EC_KEY(expected.get()));
898
899 ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get()))
900 << "Signature should verify";
901 }
902
TEST_F(KeymasterTest,SignData_RSA_Raw_InvalidSizeInput_Failure)903 TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) {
904 uint8_t* key_blob;
905 size_t key_blob_length;
906
907 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
908 ASSERT_TRUE(testKey.get() != NULL);
909
910 ASSERT_EQ(0,
911 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
912 &key_blob, &key_blob_length))
913 << "Should successfully import an RSA key";
914 UniqueKey key(&sDevice, key_blob, key_blob_length);
915
916 keymaster_rsa_sign_params_t params = {
917 .digest_type = DIGEST_NONE,
918 .padding_type = PADDING_NONE,
919 };
920
921 uint8_t* sig;
922 size_t sig_length;
923
924 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
925 ASSERT_TRUE(testData.get() != NULL);
926
927 ASSERT_EQ(-1,
928 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
929 testData.get(), testData.length(),
930 &sig, &sig_length))
931 << "Should not be able to do raw signature on incorrect size data";
932 }
933
TEST_F(KeymasterTest,SignData_RSA_Raw_NullKey_Failure)934 TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) {
935 keymaster_rsa_sign_params_t params = {
936 .digest_type = DIGEST_NONE,
937 .padding_type = PADDING_NONE,
938 };
939
940 uint8_t* sig;
941 size_t sig_length;
942
943 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
944 ASSERT_TRUE(testData.get() != NULL);
945
946 ASSERT_EQ(-1,
947 sDevice->sign_data(sDevice, ¶ms, NULL, 0,
948 testData.get(), testData.length(),
949 &sig, &sig_length))
950 << "Should not be able to do raw signature on incorrect size data";
951 }
952
TEST_F(KeymasterTest,SignData_RSA_Raw_NullInput_Failure)953 TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) {
954 uint8_t* key_blob;
955 size_t key_blob_length;
956
957 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
958 ASSERT_TRUE(testKey.get() != NULL);
959
960 ASSERT_EQ(0,
961 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
962 &key_blob, &key_blob_length))
963 << "Should successfully import an RSA key";
964 UniqueKey key(&sDevice, key_blob, key_blob_length);
965
966 keymaster_rsa_sign_params_t params = {
967 .digest_type = DIGEST_NONE,
968 .padding_type = PADDING_NONE,
969 };
970
971 uint8_t* sig;
972 size_t sig_length;
973
974 ASSERT_EQ(-1,
975 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
976 NULL, 0,
977 &sig, &sig_length))
978 << "Should error when input data is null";
979 }
980
TEST_F(KeymasterTest,SignData_RSA_Raw_NullOutput_Failure)981 TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) {
982 uint8_t* key_blob;
983 size_t key_blob_length;
984
985 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
986 ASSERT_TRUE(testKey.get() != NULL);
987
988 ASSERT_EQ(0,
989 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
990 &key_blob, &key_blob_length))
991 << "Should successfully import an RSA key";
992 UniqueKey key(&sDevice, key_blob, key_blob_length);
993
994 keymaster_rsa_sign_params_t params = {
995 .digest_type = DIGEST_NONE,
996 .padding_type = PADDING_NONE,
997 };
998
999 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1));
1000 ASSERT_TRUE(testData.get() != NULL);
1001
1002 ASSERT_EQ(-1,
1003 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
1004 testData.get(), testData.length(),
1005 NULL, NULL))
1006 << "Should error when output is null";
1007 }
1008
TEST_F(KeymasterTest,VerifyData_RSA_Raw_Success)1009 TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) {
1010 uint8_t* key_blob;
1011 size_t key_blob_length;
1012
1013 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1014 ASSERT_TRUE(testKey.get() != NULL);
1015
1016 ASSERT_EQ(0,
1017 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1018 &key_blob, &key_blob_length))
1019 << "Should successfully import an RSA key";
1020 UniqueKey key(&sDevice, key_blob, key_blob_length);
1021
1022 keymaster_rsa_sign_params_t params = {
1023 .digest_type = DIGEST_NONE,
1024 .padding_type = PADDING_NONE,
1025 };
1026
1027 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1028 ASSERT_TRUE(testData.get() != NULL);
1029
1030 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1));
1031 ASSERT_TRUE(testSig.get() != NULL);
1032
1033 ASSERT_EQ(0,
1034 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1035 testData.get(), testData.length(),
1036 testSig.get(), testSig.length()))
1037 << "Should verify data successfully";
1038 }
1039
TEST_F(KeymasterTest,VerifyData_EC_Raw_Success)1040 TEST_F(KeymasterTest, VerifyData_EC_Raw_Success) {
1041 uint8_t* key_blob;
1042 size_t key_blob_length;
1043
1044 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));
1045 ASSERT_TRUE(testKey.get() != NULL);
1046
1047 ASSERT_EQ(0,
1048 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1049 &key_blob, &key_blob_length))
1050 << "Should successfully import an RSA key";
1051 UniqueKey key(&sDevice, key_blob, key_blob_length);
1052
1053 keymaster_ec_sign_params_t params = {
1054 .digest_type = DIGEST_NONE,
1055 };
1056
1057 uint8_t* sig;
1058 size_t sig_length;
1059
1060 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1061 ASSERT_TRUE(testData.get() != NULL);
1062
1063 ASSERT_EQ(0,
1064 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length,
1065 testData.get(), testData.length(),
1066 &sig, &sig_length))
1067 << "Should sign data successfully";
1068 UniqueBlob sig_blob(sig, sig_length);
1069
1070 ASSERT_EQ(0,
1071 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1072 testData.get(), testData.length(),
1073 sig_blob.get(), sig_blob.length()))
1074 << "Should verify data successfully";
1075 }
1076
TEST_F(KeymasterTest,VerifyData_RSA_Raw_BadSignature_Failure)1077 TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) {
1078 uint8_t* key_blob;
1079 size_t key_blob_length;
1080
1081 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1082 ASSERT_TRUE(testKey.get() != NULL);
1083
1084 ASSERT_EQ(0,
1085 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1086 &key_blob, &key_blob_length))
1087 << "Should successfully import an RSA key";
1088 UniqueKey key(&sDevice, key_blob, key_blob_length);
1089
1090 keymaster_rsa_sign_params_t params = {
1091 .digest_type = DIGEST_NONE,
1092 .padding_type = PADDING_NONE,
1093 };
1094
1095 ASSERT_EQ(-1,
1096 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1097 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
1098 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
1099 << "Should sign data successfully";
1100 }
1101
TEST_F(KeymasterTest,VerifyData_EC_Raw_BadSignature_Failure)1102 TEST_F(KeymasterTest, VerifyData_EC_Raw_BadSignature_Failure) {
1103 uint8_t* key_blob;
1104 size_t key_blob_length;
1105
1106 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1));
1107 ASSERT_TRUE(testKey.get() != NULL);
1108
1109 ASSERT_EQ(0,
1110 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1111 &key_blob, &key_blob_length))
1112 << "Should successfully import an RSA key";
1113 UniqueKey key(&sDevice, key_blob, key_blob_length);
1114
1115 keymaster_ec_sign_params_t params = {
1116 .digest_type = DIGEST_NONE,
1117 };
1118
1119 ASSERT_EQ(-1,
1120 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1121 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1),
1122 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)))
1123 << "Should sign data successfully";
1124 }
1125
TEST_F(KeymasterTest,VerifyData_RSA_Raw_NullKey_Failure)1126 TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) {
1127 keymaster_rsa_sign_params_t params = {
1128 .digest_type = DIGEST_NONE,
1129 .padding_type = PADDING_NONE,
1130 };
1131
1132 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1133 ASSERT_TRUE(testData.get() != NULL);
1134
1135 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1));
1136 ASSERT_TRUE(testSig.get() != NULL);
1137
1138 ASSERT_EQ(-1,
1139 sDevice->verify_data(sDevice, ¶ms, NULL, 0,
1140 testData.get(), testData.length(),
1141 testSig.get(), testSig.length()))
1142 << "Should fail when key is null";
1143 }
1144
TEST_F(KeymasterTest,VerifyData_RSA_NullInput_Failure)1145 TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) {
1146 uint8_t* key_blob;
1147 size_t key_blob_length;
1148
1149 ASSERT_EQ(0,
1150 sDevice->import_keypair(sDevice, TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1),
1151 &key_blob, &key_blob_length))
1152 << "Should successfully import an RSA key";
1153 UniqueKey key(&sDevice, key_blob, key_blob_length);
1154
1155 keymaster_rsa_sign_params_t params = {
1156 .digest_type = DIGEST_NONE,
1157 .padding_type = PADDING_NONE,
1158 };
1159
1160 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1));
1161 ASSERT_TRUE(testSig.get() != NULL);
1162
1163 ASSERT_EQ(-1,
1164 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length,
1165 NULL, 0,
1166 testSig.get(), testSig.length()))
1167 << "Should fail on null input";
1168 }
1169
TEST_F(KeymasterTest,VerifyData_RSA_NullSignature_Failure)1170 TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) {
1171 uint8_t* key_blob;
1172 size_t key_blob_length;
1173
1174 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1175 ASSERT_TRUE(testKey.get() != NULL);
1176
1177 ASSERT_EQ(0,
1178 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1179 &key_blob, &key_blob_length))
1180 << "Should successfully import an RSA key";
1181 UniqueKey key(&sDevice, key_blob, key_blob_length);
1182
1183 keymaster_rsa_sign_params_t params = {
1184 .digest_type = DIGEST_NONE,
1185 .padding_type = PADDING_NONE,
1186 };
1187
1188 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1));
1189 ASSERT_TRUE(testData.get() != NULL);
1190
1191 ASSERT_EQ(-1,
1192 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(),
1193 testData.get(), testData.length(),
1194 NULL, 0))
1195 << "Should fail on null signature";
1196 }
1197
TEST_F(KeymasterTest,EraseAll_Success)1198 TEST_F(KeymasterTest, EraseAll_Success) {
1199 uint8_t *key1_blob, *key2_blob;
1200 size_t key1_blob_length, key2_blob_length;
1201
1202 // Only test this if the device says it supports delete_all
1203 if (sDevice->delete_all == NULL) {
1204 return;
1205 }
1206
1207 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1208 ASSERT_TRUE(testKey.get() != NULL);
1209
1210 ASSERT_EQ(0,
1211 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(),
1212 &key1_blob, &key1_blob_length))
1213 << "Should successfully import an RSA key";
1214 UniqueKey key1(&sDevice, key1_blob, key1_blob_length);
1215
1216 UniqueReadOnlyBlob testKey2(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1));
1217 ASSERT_TRUE(testKey2.get() != NULL);
1218
1219 ASSERT_EQ(0,
1220 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(),
1221 &key2_blob, &key2_blob_length))
1222 << "Should successfully import an RSA key";
1223 UniqueKey key2(&sDevice, key2_blob, key2_blob_length);
1224
1225 ASSERT_EQ(0, sDevice->delete_all(sDevice))
1226 << "Should erase all keys";
1227
1228 key1.reset();
1229
1230 uint8_t* x509_data;
1231 size_t x509_data_length;
1232 ASSERT_EQ(-1,
1233 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length,
1234 &x509_data, &x509_data_length))
1235 << "Should be able to retrieve RSA public key 1 successfully";
1236
1237 ASSERT_EQ(-1,
1238 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length,
1239 &x509_data, &x509_data_length))
1240 << "Should be able to retrieve RSA public key 2 successfully";
1241 }
1242
1243 }
1244