1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <fcntl.h> 18 #include <stdlib.h> 19 #include <unistd.h> 20 #include <sys/mman.h> 21 #include <sys/stat.h> 22 #include <sys/types.h> 23 24 #include <fstream> 25 #include <iostream> 26 #include <memory> 27 28 #include <gtest/gtest.h> 29 30 #include <openssl/bn.h> 31 #include <openssl/evp.h> 32 #include <openssl/x509.h> 33 34 #define LOG_TAG "keymaster_test" 35 #include <utils/Log.h> 36 37 #include <hardware/keymaster0.h> 38 39 namespace android { 40 41 class UniqueBlob : public std::unique_ptr<uint8_t[]> { 42 public: 43 explicit UniqueBlob(size_t length) : 44 mLength(length) { 45 } 46 47 UniqueBlob(uint8_t* bytes, size_t length) : 48 std::unique_ptr<uint8_t[]>(bytes), mLength(length) { 49 } 50 51 bool operator==(const UniqueBlob &other) const { 52 if (other.length() != mLength) { 53 return false; 54 } 55 56 const uint8_t* mine = get(); 57 const uint8_t* theirs = other.get(); 58 59 for (size_t i = 0; i < mLength; i++) { 60 if (mine[i] != theirs[i]) { 61 return false; 62 } 63 } 64 65 return true; 66 } 67 68 size_t length() const { 69 return mLength; 70 } 71 72 friend std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob); 73 74 private: 75 size_t mLength; 76 }; 77 78 std::ostream &operator<<(std::ostream &stream, const UniqueBlob& blob) { 79 const size_t length = blob.mLength; 80 stream << "Blob length=" << length << " < "; 81 82 const uint8_t* data = blob.get(); 83 for (size_t i = 0; i < length; i++) { 84 stream << std::hex << std::setw(2) << std::setfill('0') 85 << static_cast<unsigned int>(data[i]) << ' '; 86 } 87 stream << '>' << std::endl; 88 89 return stream; 90 } 91 92 class UniqueKey : public UniqueBlob { 93 public: 94 UniqueKey(keymaster0_device_t** dev, uint8_t* bytes, size_t length) : 95 UniqueBlob(bytes, length), mDevice(dev) { 96 } 97 98 ~UniqueKey() { 99 if (mDevice != NULL && *mDevice != NULL) { 100 keymaster0_device_t* dev = *mDevice; 101 if (dev->delete_keypair != NULL) { 102 dev->delete_keypair(dev, get(), length()); 103 } 104 } 105 } 106 107 private: 108 keymaster0_device_t** mDevice; 109 }; 110 111 class UniqueReadOnlyBlob { 112 public: 113 UniqueReadOnlyBlob(uint8_t* data, size_t dataSize) : 114 mDataSize(dataSize) { 115 int pageSize = sysconf(_SC_PAGE_SIZE); 116 if (pageSize == -1) { 117 return; 118 } 119 120 int fd = open("/dev/zero", O_RDONLY); 121 if (fd == -1) { 122 return; 123 } 124 125 mBufferSize = (dataSize + pageSize - 1) & ~(pageSize - 1); 126 uint8_t* buffer = (uint8_t*) mmap(NULL, mBufferSize, PROT_READ | PROT_WRITE, 127 MAP_PRIVATE, fd, 0); 128 close(fd); 129 130 if (buffer == NULL) { 131 return; 132 } 133 134 memcpy(buffer, data, dataSize); 135 if (mprotect(buffer, mBufferSize, PROT_READ) == -1) { 136 munmap(buffer, mBufferSize); 137 return; 138 } 139 140 mBuffer = buffer; 141 } 142 143 ~UniqueReadOnlyBlob() { 144 munmap(mBuffer, mBufferSize); 145 } 146 147 uint8_t* get() const { 148 return mBuffer; 149 } 150 151 size_t length() const { 152 return mDataSize; 153 } 154 155 private: 156 uint8_t* mBuffer; 157 size_t mBufferSize; 158 size_t mDataSize; 159 }; 160 161 struct BIGNUM_Delete { 162 void operator()(BIGNUM* p) const { 163 BN_free(p); 164 } 165 }; 166 typedef std::unique_ptr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 167 168 struct EVP_PKEY_Delete { 169 void operator()(EVP_PKEY* p) const { 170 EVP_PKEY_free(p); 171 } 172 }; 173 typedef std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 174 175 struct PKCS8_PRIV_KEY_INFO_Delete { 176 void operator()(PKCS8_PRIV_KEY_INFO* p) const { 177 PKCS8_PRIV_KEY_INFO_free(p); 178 } 179 }; 180 typedef std::unique_ptr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 181 182 struct RSA_Delete { 183 void operator()(RSA* p) const { 184 RSA_free(p); 185 } 186 }; 187 typedef std::unique_ptr<RSA, RSA_Delete> Unique_RSA; 188 189 struct EC_KEY_Delete { 190 void operator()(EC_KEY* p) const { 191 EC_KEY_free(p); 192 } 193 }; 194 typedef std::unique_ptr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY; 195 196 197 /* 198 * DER-encoded PKCS#8 format RSA key. Generated using: 199 * 200 * openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 201 */ 202 static uint8_t TEST_RSA_KEY_1[] = { 203 0x30, 0x82, 0x04, 0xBE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 204 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 205 0x04, 0xA8, 0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 206 0x01, 0x00, 0xD8, 0x58, 0xD4, 0x9F, 0xC0, 0xE8, 0xF0, 0xFF, 0x87, 0x27, 207 0x43, 0xE6, 0x2E, 0xE6, 0x9A, 0x42, 0x3B, 0x39, 0x94, 0x84, 0x43, 0x55, 208 0x8D, 0x20, 0x5B, 0x71, 0x88, 0xE6, 0xD1, 0x62, 0xC8, 0xF2, 0x20, 0xD0, 209 0x75, 0x13, 0x83, 0xA3, 0x5D, 0x19, 0xA8, 0x62, 0xD0, 0x5F, 0x3E, 0x8A, 210 0x7C, 0x0E, 0x26, 0xA9, 0xFF, 0xB2, 0x5E, 0x63, 0xAA, 0x3C, 0x8D, 0x13, 211 0x41, 0xAA, 0xD5, 0x03, 0x01, 0x01, 0x53, 0xC9, 0x02, 0x1C, 0xEC, 0xE8, 212 0xC4, 0x70, 0x3F, 0x43, 0xE5, 0x51, 0xD0, 0x6E, 0x52, 0x0B, 0xC4, 0x0A, 213 0xA3, 0x61, 0xDE, 0xE3, 0x72, 0x0C, 0x94, 0xF1, 0x1C, 0x2D, 0x36, 0x77, 214 0xBB, 0x16, 0xA8, 0x63, 0x4B, 0xD1, 0x07, 0x00, 0x42, 0x2D, 0x2B, 0x10, 215 0x80, 0x45, 0xF3, 0x0C, 0xF9, 0xC5, 0xAC, 0xCC, 0x64, 0x87, 0xFD, 0x5D, 216 0xC8, 0x51, 0xD4, 0x1C, 0x9E, 0x6E, 0x9B, 0xC4, 0x27, 0x5E, 0x73, 0xA7, 217 0x2A, 0xF6, 0x90, 0x42, 0x0C, 0x34, 0x93, 0xB7, 0x02, 0x19, 0xA9, 0x64, 218 0x6C, 0x46, 0x3B, 0x40, 0x02, 0x2F, 0x54, 0x69, 0x79, 0x26, 0x7D, 0xF6, 219 0x85, 0x90, 0x01, 0xD0, 0x21, 0x07, 0xD0, 0x14, 0x00, 0x65, 0x9C, 0xAC, 220 0x24, 0xE8, 0x78, 0x42, 0x3B, 0x90, 0x75, 0x19, 0x55, 0x11, 0x4E, 0xD9, 221 0xE6, 0x97, 0x87, 0xBC, 0x8D, 0x2C, 0x9B, 0xF0, 0x1F, 0x14, 0xEB, 0x6A, 222 0x57, 0xCE, 0x78, 0xAD, 0xCE, 0xD9, 0xFB, 0xB9, 0xA1, 0xEF, 0x0C, 0x1F, 223 0xDD, 0xE3, 0x5B, 0x73, 0xA0, 0xEC, 0x37, 0x9C, 0xE1, 0xFD, 0x86, 0x28, 224 0xC3, 0x4A, 0x42, 0xD0, 0xA3, 0xFE, 0x57, 0x09, 0x29, 0xD8, 0xF6, 0xEC, 225 0xE3, 0xC0, 0x71, 0x7C, 0x29, 0x27, 0xC2, 0xD1, 0x3E, 0x22, 0xBC, 0xBD, 226 0x5A, 0x85, 0x41, 0xF6, 0x15, 0xDA, 0x0C, 0x58, 0x5A, 0x61, 0x5B, 0x78, 227 0xB8, 0xAA, 0xEC, 0x5C, 0x1C, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 228 0x82, 0x01, 0x00, 0x1D, 0x10, 0x31, 0xE0, 0x14, 0x26, 0x36, 0xD9, 0xDC, 229 0xEA, 0x25, 0x70, 0xF2, 0xB3, 0xFF, 0xDD, 0x0D, 0xDF, 0xBA, 0x57, 0xDA, 230 0x43, 0xCF, 0xE5, 0x9C, 0xE3, 0x2F, 0xA4, 0xF2, 0x53, 0xF6, 0xF2, 0xAF, 231 0xFD, 0xD0, 0xFC, 0x82, 0x1E, 0x9C, 0x0F, 0x2A, 0x53, 0xBB, 0xF2, 0x4F, 232 0x90, 0x83, 0x01, 0xD3, 0xA7, 0xDA, 0xB5, 0xB7, 0x80, 0x64, 0x0A, 0x26, 233 0x59, 0x83, 0xE4, 0xD3, 0x20, 0xC8, 0x2D, 0xC9, 0x77, 0xA3, 0x55, 0x07, 234 0x6E, 0x6D, 0x95, 0x36, 0xAA, 0x84, 0x4F, 0xED, 0x54, 0x24, 0xA9, 0x77, 235 0xF8, 0x85, 0xE2, 0x4B, 0xF2, 0xFA, 0x0B, 0x3E, 0xA6, 0xF5, 0x46, 0x0D, 236 0x9F, 0x1F, 0xFE, 0xF7, 0x37, 0xFF, 0xA3, 0x60, 0xF1, 0x63, 0xF2, 0x75, 237 0x6A, 0x8E, 0x10, 0xD7, 0x89, 0xD2, 0xB3, 0xFF, 0x76, 0xA5, 0xBA, 0xAF, 238 0x0A, 0xBE, 0x32, 0x5F, 0xF0, 0x48, 0x48, 0x4B, 0x9C, 0x9A, 0x3D, 0x12, 239 0xA7, 0xD2, 0x07, 0xC7, 0x59, 0x32, 0x94, 0x95, 0x65, 0x2F, 0x87, 0x34, 240 0x76, 0xBA, 0x7C, 0x08, 0x4B, 0xAB, 0xA6, 0x24, 0xDF, 0x64, 0xDB, 0x48, 241 0x63, 0x42, 0x06, 0xE2, 0x2C, 0x3D, 0xFB, 0xE5, 0x47, 0x81, 0x94, 0x98, 242 0xF7, 0x32, 0x4B, 0x28, 0xEB, 0x42, 0xB8, 0xE9, 0x8E, 0xFC, 0xC9, 0x43, 243 0xC9, 0x47, 0xE6, 0xE7, 0x1C, 0xDC, 0x71, 0xEF, 0x4D, 0x8A, 0xB1, 0xFC, 244 0x45, 0x37, 0xEC, 0xB3, 0x16, 0x88, 0x5B, 0xE2, 0xEC, 0x8B, 0x6B, 0x75, 245 0x16, 0xBE, 0x6B, 0xF8, 0x2C, 0xF8, 0xC9, 0xD1, 0xF7, 0x55, 0x87, 0x57, 246 0x5F, 0xDE, 0xF4, 0x7E, 0x72, 0x13, 0x06, 0x2A, 0x21, 0xB7, 0x78, 0x21, 247 0x05, 0xFD, 0xE2, 0x5F, 0x7B, 0x7C, 0xF0, 0x26, 0x2B, 0x75, 0x7F, 0x68, 248 0xF9, 0xA6, 0x98, 0xFD, 0x54, 0x0E, 0xCC, 0x22, 0x41, 0x7F, 0x29, 0x81, 249 0x2F, 0xA3, 0x3C, 0x3D, 0x64, 0xC8, 0x41, 0x02, 0x81, 0x81, 0x00, 0xFA, 250 0xFA, 0xE4, 0x2E, 0x30, 0xF0, 0x7A, 0x8D, 0x95, 0xB8, 0x39, 0x58, 0x27, 251 0x0F, 0x89, 0x0C, 0xDF, 0xFE, 0x2F, 0x55, 0x3B, 0x6F, 0xDD, 0x5F, 0x12, 252 0xB3, 0xD1, 0xCF, 0x5B, 0x8D, 0xB6, 0x10, 0x1C, 0x87, 0x0C, 0x30, 0x89, 253 0x2D, 0xBB, 0xB8, 0xA1, 0x78, 0x0F, 0x54, 0xA6, 0x36, 0x46, 0x05, 0x8B, 254 0x5A, 0xFF, 0x48, 0x03, 0x13, 0xAE, 0x95, 0x96, 0x5D, 0x6C, 0xDA, 0x5D, 255 0xF7, 0xAD, 0x1D, 0x33, 0xED, 0x23, 0xF5, 0x4B, 0x03, 0x78, 0xE7, 0x50, 256 0xD1, 0x2D, 0x95, 0x22, 0x35, 0x02, 0x5B, 0x4A, 0x4E, 0x73, 0xC9, 0xB7, 257 0x05, 0xC4, 0x21, 0x86, 0x1F, 0x1E, 0x40, 0x83, 0xBC, 0x8A, 0x3A, 0x95, 258 0x24, 0x62, 0xF4, 0x58, 0x38, 0x64, 0x4A, 0x89, 0x8A, 0x27, 0x59, 0x12, 259 0x9D, 0x21, 0xC3, 0xA6, 0x42, 0x1E, 0x2A, 0x3F, 0xD8, 0x65, 0x1F, 0x6E, 260 0x3E, 0x4D, 0x5C, 0xCC, 0xEA, 0x8E, 0x15, 0x02, 0x81, 0x81, 0x00, 0xDC, 261 0xAC, 0x9B, 0x00, 0xDB, 0xF9, 0xB2, 0xBF, 0xC4, 0x5E, 0xB6, 0xB7, 0x63, 262 0xEB, 0x13, 0x4B, 0xE2, 0xA6, 0xC8, 0x72, 0x90, 0xD8, 0xC2, 0x33, 0x33, 263 0xF0, 0x66, 0x75, 0xBD, 0x50, 0x7C, 0xA4, 0x8F, 0x82, 0xFB, 0xFF, 0x44, 264 0x3B, 0xE7, 0x15, 0x3A, 0x0C, 0x7A, 0xF8, 0x92, 0x86, 0x4A, 0x79, 0x32, 265 0x08, 0x82, 0x1D, 0x6A, 0xBA, 0xAD, 0x8A, 0xB3, 0x3D, 0x7F, 0xA5, 0xB4, 266 0x6F, 0x67, 0x86, 0x7E, 0xB2, 0x9C, 0x2A, 0xF6, 0x7C, 0x49, 0x21, 0xC5, 267 0x3F, 0x00, 0x3F, 0x9B, 0xF7, 0x0F, 0x6C, 0x35, 0x80, 0x75, 0x73, 0xC0, 268 0xF8, 0x3E, 0x30, 0x5F, 0x74, 0x2F, 0x15, 0x41, 0xEA, 0x0F, 0xCE, 0x0E, 269 0x18, 0x17, 0x68, 0xBA, 0xC4, 0x29, 0xF2, 0xE2, 0x2C, 0x1D, 0x55, 0x83, 270 0xB6, 0x64, 0x2E, 0x03, 0x12, 0xA4, 0x0D, 0xBF, 0x4F, 0x2E, 0xBE, 0x7C, 271 0x41, 0xD9, 0xCD, 0xD0, 0x52, 0x91, 0xD5, 0x02, 0x81, 0x81, 0x00, 0xD4, 272 0x55, 0xEB, 0x32, 0xC1, 0x28, 0xD3, 0x26, 0x72, 0x22, 0xB8, 0x31, 0x42, 273 0x6A, 0xBC, 0x52, 0x6E, 0x37, 0x48, 0xA8, 0x5D, 0x6E, 0xD8, 0xE5, 0x14, 274 0x97, 0x99, 0xCC, 0x4A, 0xF2, 0xEB, 0xB3, 0x59, 0xCF, 0x4F, 0x9A, 0xC8, 275 0x94, 0x2E, 0x9B, 0x97, 0xD0, 0x51, 0x78, 0x16, 0x5F, 0x18, 0x82, 0x9C, 276 0x51, 0xD2, 0x64, 0x84, 0x65, 0xE4, 0x70, 0x9E, 0x14, 0x50, 0x81, 0xB6, 277 0xBA, 0x52, 0x75, 0xC0, 0x76, 0xC2, 0xD3, 0x46, 0x31, 0x9B, 0xDA, 0x67, 278 0xDF, 0x71, 0x27, 0x19, 0x17, 0xAB, 0xF4, 0xBC, 0x3A, 0xFF, 0x6F, 0x0B, 279 0x2F, 0x0F, 0xAE, 0x25, 0x20, 0xB2, 0xA1, 0x76, 0x52, 0xCE, 0xC7, 0x9D, 280 0x62, 0x79, 0x6D, 0xAC, 0x2D, 0x99, 0x7C, 0x0E, 0x3D, 0x19, 0xE9, 0x1B, 281 0xFC, 0x60, 0x92, 0x7C, 0x58, 0xB7, 0xD8, 0x9A, 0xC7, 0x63, 0x56, 0x62, 282 0x18, 0xC7, 0xAE, 0xD9, 0x97, 0x1F, 0xB9, 0x02, 0x81, 0x81, 0x00, 0x91, 283 0x40, 0xC4, 0x1E, 0x82, 0xAD, 0x0F, 0x6D, 0x8E, 0xD2, 0x51, 0x2E, 0xD1, 284 0x84, 0x30, 0x85, 0x68, 0xC1, 0x23, 0x7B, 0xD5, 0xBF, 0xF7, 0xC4, 0x40, 285 0x51, 0xE2, 0xFF, 0x69, 0x07, 0x8B, 0xA3, 0xBE, 0x1B, 0x17, 0xC8, 0x64, 286 0x9F, 0x91, 0x71, 0xB5, 0x6D, 0xF5, 0x9B, 0x9C, 0xC6, 0xEC, 0x4A, 0x6E, 287 0x16, 0x8F, 0x9E, 0xD1, 0x5B, 0xE3, 0x53, 0x42, 0xBC, 0x1E, 0x43, 0x72, 288 0x4B, 0x4A, 0x37, 0x8B, 0x3A, 0x01, 0xF5, 0x7D, 0x9D, 0x3D, 0x7E, 0x0F, 289 0x19, 0x73, 0x0E, 0x6B, 0x98, 0xE9, 0xFB, 0xEE, 0x13, 0x8A, 0x3C, 0x11, 290 0x2E, 0xD5, 0xB0, 0x7D, 0x84, 0x3A, 0x61, 0xA1, 0xAB, 0x71, 0x8F, 0xCE, 291 0x53, 0x29, 0x45, 0x74, 0x7A, 0x1E, 0xAA, 0x93, 0x19, 0x3A, 0x8D, 0xC9, 292 0x4E, 0xCB, 0x0E, 0x46, 0x53, 0x84, 0xCC, 0xCF, 0xBA, 0x4D, 0x28, 0x71, 293 0x1D, 0xDF, 0x41, 0xCB, 0xF8, 0x2D, 0xA9, 0x02, 0x81, 0x80, 0x04, 0x8B, 294 0x4A, 0xEA, 0xBD, 0x39, 0x0B, 0x96, 0xC5, 0x1D, 0xA4, 0x47, 0xFD, 0x46, 295 0xD2, 0x8A, 0xEA, 0x2A, 0xF3, 0x9D, 0x3A, 0x7E, 0x16, 0x74, 0xFC, 0x13, 296 0xDE, 0x4D, 0xA9, 0x85, 0x42, 0x33, 0x02, 0x92, 0x0B, 0xB6, 0xDB, 0x7E, 297 0xEA, 0x85, 0xC2, 0x94, 0x43, 0x52, 0x37, 0x5A, 0x77, 0xAB, 0xCB, 0x61, 298 0x88, 0xDE, 0xF8, 0xFA, 0xDB, 0xE8, 0x0B, 0x95, 0x7D, 0x39, 0x19, 0xA2, 299 0x89, 0xB9, 0x32, 0xB2, 0x50, 0x38, 0xF7, 0x88, 0x69, 0xFD, 0xA4, 0x63, 300 0x1F, 0x9B, 0x03, 0xD8, 0xA6, 0x7A, 0x05, 0x76, 0x02, 0x28, 0x93, 0x82, 301 0x73, 0x7F, 0x14, 0xCC, 0xBE, 0x29, 0x10, 0xAD, 0x8A, 0x2E, 0xAC, 0xED, 302 0x11, 0xA7, 0x72, 0x7C, 0x60, 0x78, 0x72, 0xFB, 0x78, 0x20, 0x18, 0xC9, 303 0x7E, 0x63, 0xAD, 0x55, 0x54, 0x51, 0xDB, 0x9F, 0x7B, 0xD4, 0x8F, 0xB2, 304 0xDE, 0x3B, 0xF1, 0x70, 0x23, 0xE5, 305 }; 306 307 /* 308 * DER-encoded PKCS#8 format EC key. Generated using: 309 * 310 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 311 */ 312 static uint8_t TEST_EC_KEY_1[] = { 313 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 314 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 315 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20, 316 0x25, 0xAC, 0x77, 0x2B, 0x04, 0x33, 0xC8, 0x16, 0x59, 0xA3, 0xC7, 0xE7, 317 0x11, 0x42, 0xD0, 0x11, 0x71, 0x30, 0x7B, 0xB8, 0xD2, 0x67, 0xFF, 0x9C, 318 0x5F, 0x50, 0x2E, 0xAB, 0x67, 0xD4, 0x17, 0x51, 0xA1, 0x44, 0x03, 0x42, 319 0x00, 0x04, 0xCF, 0xCE, 0xB8, 0x7F, 0x88, 0x36, 0xC4, 0xF8, 0x51, 0x29, 320 0xE2, 0xA7, 0x21, 0xC3, 0x3B, 0xFF, 0x88, 0xE3, 0x87, 0x98, 0xD1, 0xA6, 321 0x4B, 0xB3, 0x4B, 0xD5, 0x44, 0xF8, 0xE0, 0x43, 0x6B, 0x50, 0x74, 0xFB, 322 0xB0, 0xAD, 0x41, 0x1C, 0x11, 0x9D, 0xC6, 0x1E, 0x83, 0x8C, 0x49, 0xCA, 323 0xBE, 0xC6, 0xCE, 0xB6, 0xC9, 0xA1, 0xBF, 0x69, 0xA9, 0xA0, 0xA3, 0x80, 324 0x14, 0x39, 0x57, 0x94, 0xDA, 0x5D 325 }; 326 327 328 /* 329 * Generated using keys on the keyboard and lack of imagination. 330 */ 331 static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF }; 332 333 334 class KeymasterBaseTest : public ::testing::Test { 335 public: 336 static void SetUpTestCase() { 337 const hw_module_t* mod; 338 ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod)) 339 << "Should be able to find a keymaster hardware module"; 340 341 std::cout << "Using keymaster module: " << mod->name << std::endl; 342 343 ASSERT_EQ(0, keymaster0_open(mod, &sDevice)) 344 << "Should be able to open the keymaster device"; 345 346 ASSERT_EQ(KEYMASTER_MODULE_API_VERSION_0_2, mod->module_api_version) 347 << "Keymaster should implement API version 2"; 348 349 ASSERT_TRUE(sDevice->generate_keypair != NULL) 350 << "Should implement generate_keypair"; 351 352 ASSERT_TRUE(sDevice->import_keypair != NULL) 353 << "Should implement import_keypair"; 354 355 ASSERT_TRUE(sDevice->get_keypair_public != NULL) 356 << "Should implement get_keypair_public"; 357 358 ASSERT_TRUE(sDevice->sign_data != NULL) 359 << "Should implement sign_data"; 360 361 ASSERT_TRUE(sDevice->verify_data != NULL) 362 << "Should implement verify_data"; 363 } 364 365 static void TearDownTestCase() { 366 ASSERT_EQ(0, keymaster0_close(sDevice)); 367 } 368 369 protected: 370 static keymaster0_device_t* sDevice; 371 }; 372 373 keymaster0_device_t* KeymasterBaseTest::sDevice = NULL; 374 375 class KeymasterTest : public KeymasterBaseTest { 376 }; 377 378 class KeymasterAllTypesTest : public KeymasterBaseTest, 379 public ::testing::WithParamInterface<keymaster_keypair_t> { 380 }; 381 382 class KeymasterGenerateRSATest : public KeymasterBaseTest, 383 public ::testing::WithParamInterface<uint32_t> { 384 }; 385 386 class KeymasterGenerateDSATest : public KeymasterBaseTest, 387 public ::testing::WithParamInterface<uint32_t> { 388 }; 389 390 class KeymasterGenerateECTest : public KeymasterBaseTest, 391 public ::testing::WithParamInterface<uint32_t> { 392 }; 393 394 TEST_P(KeymasterGenerateRSATest, GenerateKeyPair_RSA_Success) { 395 keymaster_keypair_t key_type = TYPE_RSA; 396 keymaster_rsa_keygen_params_t params = { 397 .modulus_size = GetParam(), 398 .public_exponent = RSA_F4, 399 }; 400 401 uint8_t* key_blob; 402 size_t key_blob_length; 403 404 ASSERT_EQ(0, 405 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 406 << "Should generate an RSA key with " << GetParam() << " bit modulus size"; 407 UniqueKey key(&sDevice, key_blob, key_blob_length); 408 409 uint8_t* x509_data = NULL; 410 size_t x509_data_length; 411 ASSERT_EQ(0, 412 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 413 &x509_data, &x509_data_length)) 414 << "Should be able to retrieve RSA public key successfully"; 415 UniqueBlob x509_blob(x509_data, x509_data_length); 416 ASSERT_FALSE(x509_blob.get() == NULL) 417 << "X509 data should be allocated"; 418 419 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 420 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 421 static_cast<long>(x509_blob.length()))); 422 423 ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type)) 424 << "Generated key type should be of type RSA"; 425 426 Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get())); 427 ASSERT_FALSE(rsa.get() == NULL) 428 << "Should be able to extract RSA key from EVP_PKEY"; 429 430 ASSERT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e)) 431 << "Exponent should be RSA_F4"; 432 433 ASSERT_EQ((GetParam() + 7) / 8, static_cast<uint32_t>(RSA_size(rsa.get()))) 434 << "Modulus size should be the specified parameter"; 435 } 436 437 INSTANTIATE_TEST_CASE_P(RSA, 438 KeymasterGenerateRSATest, 439 ::testing::Values(512U, 1024U, 2048U, 3072U, 4096U)); 440 441 442 TEST_P(KeymasterGenerateECTest, GenerateKeyPair_EC_Success) { 443 keymaster_keypair_t key_type = TYPE_EC; 444 keymaster_ec_keygen_params_t params = { 445 .field_size = GetParam(), 446 }; 447 448 uint8_t* key_blob; 449 size_t key_blob_length; 450 451 ASSERT_EQ(0, 452 sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) 453 << "Should generate an EC key with " << GetParam() << " field size"; 454 UniqueKey key(&sDevice, key_blob, key_blob_length); 455 456 uint8_t* x509_data = NULL; 457 size_t x509_data_length; 458 ASSERT_EQ(0, 459 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 460 &x509_data, &x509_data_length)) 461 << "Should be able to retrieve EC public key successfully"; 462 UniqueBlob x509_blob(x509_data, x509_data_length); 463 ASSERT_FALSE(x509_blob.get() == NULL) 464 << "X509 data should be allocated"; 465 466 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 467 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 468 static_cast<long>(x509_blob.length()))); 469 470 ASSERT_EQ(EVP_PKEY_EC, EVP_PKEY_type(actual.get()->type)) 471 << "Generated key type should be of type EC"; 472 473 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(actual.get())); 474 ASSERT_FALSE(ecKey.get() == NULL) 475 << "Should be able to extract EC key from EVP_PKEY"; 476 477 ASSERT_FALSE(EC_KEY_get0_group(ecKey.get()) == NULL) 478 << "EC key should have a EC_GROUP"; 479 480 ASSERT_TRUE(EC_KEY_check_key(ecKey.get())) 481 << "EC key should check correctly"; 482 } 483 484 INSTANTIATE_TEST_CASE_P(EC, 485 KeymasterGenerateECTest, 486 ::testing::Values(192U, 224U, 256U, 384U, 521U)); 487 488 489 TEST_P(KeymasterAllTypesTest, GenerateKeyPair_NullParams_Failure) { 490 keymaster_keypair_t key_type = GetParam(); 491 492 uint8_t* key_blob; 493 size_t key_blob_length; 494 495 ASSERT_EQ(-1, 496 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 497 << "Should not be able to generate a key with null params"; 498 } 499 500 INSTANTIATE_TEST_CASE_P(Types, 501 KeymasterAllTypesTest, 502 ::testing::Values(TYPE_RSA, TYPE_DSA, TYPE_EC)); 503 504 TEST_F(KeymasterTest, GenerateKeyPair_UnknownType_Failure) { 505 keymaster_keypair_t key_type = static_cast<keymaster_keypair_t>(0xFFFF); 506 507 uint8_t* key_blob; 508 size_t key_blob_length; 509 510 ASSERT_EQ(-1, 511 sDevice->generate_keypair(sDevice, key_type, NULL, &key_blob, &key_blob_length)) 512 << "Should not generate an unknown key type"; 513 } 514 515 TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) { 516 uint8_t* key_blob; 517 size_t key_blob_length; 518 519 ASSERT_EQ(0, 520 sDevice->import_keypair(sDevice, TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1), 521 &key_blob, &key_blob_length)) 522 << "Should successfully import an RSA key"; 523 UniqueKey key(&sDevice, key_blob, key_blob_length); 524 525 uint8_t* x509_data; 526 size_t x509_data_length; 527 ASSERT_EQ(0, 528 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 529 &x509_data, &x509_data_length)) 530 << "Should be able to retrieve RSA public key successfully"; 531 UniqueBlob x509_blob(x509_data, x509_data_length); 532 533 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 534 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 535 static_cast<long>(x509_blob.length()))); 536 537 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA) 538 << "Generated key type should be of type RSA"; 539 540 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_RSA_KEY_1); 541 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 542 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 543 sizeof(TEST_RSA_KEY_1))); 544 545 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 546 547 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 548 << "Expected and actual keys should match"; 549 } 550 551 TEST_F(KeymasterTest, ImportKeyPair_EC_Success) { 552 uint8_t* key_blob; 553 size_t key_blob_length; 554 555 ASSERT_EQ(0, 556 sDevice->import_keypair(sDevice, TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1), 557 &key_blob, &key_blob_length)) 558 << "Should successfully import an EC key"; 559 UniqueKey key(&sDevice, key_blob, key_blob_length); 560 561 uint8_t* x509_data; 562 size_t x509_data_length; 563 ASSERT_EQ(0, 564 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 565 &x509_data, &x509_data_length)) 566 << "Should be able to retrieve EC public key successfully"; 567 UniqueBlob x509_blob(x509_data, x509_data_length); 568 569 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 570 Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 571 static_cast<long>(x509_blob.length()))); 572 573 ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_EC) 574 << "Generated key type should be of type EC"; 575 576 const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_EC_KEY_1); 577 Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( 578 d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, 579 sizeof(TEST_EC_KEY_1))); 580 581 Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); 582 583 ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) 584 << "Expected and actual keys should match"; 585 } 586 587 TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) { 588 uint8_t* key_blob; 589 size_t key_blob_length; 590 591 ASSERT_EQ(-1, 592 sDevice->import_keypair(sDevice, BOGUS_KEY_1, sizeof(BOGUS_KEY_1), 593 &key_blob, &key_blob_length)) 594 << "Should not import an unknown key type"; 595 } 596 597 TEST_F(KeymasterTest, ImportKeyPair_NullKey_Failure) { 598 uint8_t* key_blob; 599 size_t key_blob_length; 600 601 ASSERT_EQ(-1, 602 sDevice->import_keypair(sDevice, NULL, 0, 603 &key_blob, &key_blob_length)) 604 << "Should not import a null key"; 605 } 606 607 TEST_F(KeymasterTest, GetKeypairPublic_RSA_Success) { 608 uint8_t* key_blob; 609 size_t key_blob_length; 610 611 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 612 ASSERT_TRUE(testKey.get() != NULL); 613 614 ASSERT_EQ(0, 615 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 616 &key_blob, &key_blob_length)) 617 << "Should successfully import an RSA key"; 618 UniqueKey key(&sDevice, key_blob, key_blob_length); 619 620 uint8_t* x509_data; 621 size_t x509_data_length; 622 ASSERT_EQ(0, 623 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 624 &x509_data, &x509_data_length)) 625 << "Should be able to retrieve RSA public key successfully"; 626 UniqueBlob x509_blob(x509_data, x509_data_length); 627 } 628 629 TEST_F(KeymasterTest, GetKeypairPublic_EC_Success) { 630 uint8_t* key_blob; 631 size_t key_blob_length; 632 633 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1)); 634 ASSERT_TRUE(testKey.get() != NULL); 635 636 ASSERT_EQ(0, 637 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 638 &key_blob, &key_blob_length)) 639 << "Should successfully import an EC key"; 640 UniqueKey key(&sDevice, key_blob, key_blob_length); 641 642 uint8_t* x509_data; 643 size_t x509_data_length; 644 ASSERT_EQ(0, 645 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 646 &x509_data, &x509_data_length)) 647 << "Should be able to retrieve EC public key successfully"; 648 UniqueBlob x509_blob(x509_data, x509_data_length); 649 } 650 651 TEST_F(KeymasterTest, GetKeypairPublic_NullKey_Failure) { 652 uint8_t* x509_data = NULL; 653 size_t x509_data_length; 654 ASSERT_EQ(-1, 655 sDevice->get_keypair_public(sDevice, NULL, 0, 656 &x509_data, &x509_data_length)) 657 << "Should not be able to retrieve public key from null key"; 658 UniqueBlob x509_blob(x509_data, x509_data_length); 659 } 660 661 TEST_F(KeymasterTest, GetKeypairPublic_RSA_NullDestination_Failure) { 662 uint8_t* key_blob; 663 size_t key_blob_length; 664 665 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 666 ASSERT_TRUE(testKey.get() != NULL); 667 668 ASSERT_EQ(0, 669 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 670 &key_blob, &key_blob_length)) 671 << "Should successfully import an RSA key"; 672 UniqueKey key(&sDevice, key_blob, key_blob_length); 673 674 ASSERT_EQ(-1, 675 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 676 NULL, NULL)) 677 << "Should not be able to succeed with NULL destination blob"; 678 } 679 680 TEST_F(KeymasterTest, GetKeypairPublic_EC_NullDestination_Failure) { 681 uint8_t* key_blob; 682 size_t key_blob_length; 683 684 UniqueReadOnlyBlob testKey(TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1)); 685 ASSERT_TRUE(testKey.get() != NULL); 686 687 ASSERT_EQ(0, 688 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 689 &key_blob, &key_blob_length)) 690 << "Should successfully import an RSA key"; 691 UniqueKey key(&sDevice, key_blob, key_blob_length); 692 693 ASSERT_EQ(-1, 694 sDevice->get_keypair_public(sDevice, key.get(), key.length(), 695 NULL, NULL)) 696 << "Should not be able to succeed with NULL destination blob"; 697 } 698 699 TEST_F(KeymasterTest, DeleteKeyPair_RSA_Success) { 700 uint8_t* key_blob; 701 size_t key_blob_length; 702 703 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 704 ASSERT_TRUE(testKey.get() != NULL); 705 706 ASSERT_EQ(0, 707 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 708 &key_blob, &key_blob_length)) 709 << "Should successfully import an RSA key"; 710 UniqueKey key(&sDevice, key_blob, key_blob_length); 711 } 712 713 TEST_F(KeymasterTest, DeleteKeyPair_RSA_DoubleDelete_Failure) { 714 uint8_t* key_blob; 715 size_t key_blob_length; 716 717 UniqueReadOnlyBlob testKey(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 718 ASSERT_TRUE(testKey.get() != NULL); 719 720 /* 721 * This is only run if the module indicates it implements key deletion 722 * by implementing delete_keypair. 723 */ 724 if (sDevice->delete_keypair != NULL) { 725 ASSERT_EQ(0, 726 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 727 &key_blob, &key_blob_length)) 728 << "Should successfully import an RSA key"; 729 UniqueBlob blob(key_blob, key_blob_length); 730 731 ASSERT_EQ(0, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 732 << "Should delete key after import"; 733 734 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, key_blob, key_blob_length)) 735 << "Should not be able to delete key twice"; 736 } 737 } 738 739 TEST_F(KeymasterTest, DeleteKeyPair_RSA_NullKey_Failure) { 740 /* 741 * This is only run if the module indicates it implements key deletion 742 * by implementing delete_keypair. 743 */ 744 if (sDevice->delete_keypair != NULL) { 745 ASSERT_EQ(-1, sDevice->delete_keypair(sDevice, NULL, 0)) 746 << "Should not be able to delete null key"; 747 } 748 } 749 750 /* 751 * DER-encoded PKCS#8 format RSA key. Generated using: 752 * 753 * openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 754 */ 755 static uint8_t TEST_SIGN_RSA_KEY_1[] = { 756 0x30, 0x82, 0x01, 0x56, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 757 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 758 0x01, 0x40, 0x30, 0x82, 0x01, 0x3C, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 759 0xBD, 0xC0, 0x7F, 0xEF, 0x75, 0x1D, 0x63, 0x2A, 0xD0, 0x9A, 0x26, 0xE5, 760 0x5B, 0xB9, 0x84, 0x7C, 0xE5, 0xC7, 0xE7, 0xDE, 0xFE, 0xB6, 0x54, 0xD9, 761 0xF0, 0x9B, 0xC2, 0xCF, 0x36, 0xDA, 0xE5, 0x4D, 0xC5, 0xD9, 0x25, 0x78, 762 0xBD, 0x55, 0x05, 0xBD, 0x86, 0xFB, 0x37, 0x15, 0x33, 0x42, 0x52, 0xED, 763 0xE5, 0xCD, 0xCB, 0xB7, 0xA2, 0x51, 0xFA, 0x36, 0xE9, 0x9C, 0x2E, 0x5D, 764 0xE3, 0xA5, 0x1F, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 765 0x96, 0x71, 0xDE, 0xBD, 0x83, 0x94, 0x96, 0x40, 0xA6, 0xFD, 0xE1, 0xA2, 766 0xED, 0xD3, 0xAC, 0x28, 0xBE, 0xA2, 0x7D, 0xC3, 0xFF, 0x1D, 0x9F, 0x2E, 767 0xE0, 0xA7, 0x0E, 0x90, 0xEE, 0x44, 0x25, 0x92, 0xE3, 0x54, 0xDD, 0x55, 768 0xA3, 0xEF, 0x42, 0xF5, 0x52, 0x55, 0x41, 0x47, 0x5E, 0x00, 0xFB, 0x8B, 769 0x47, 0x5E, 0x45, 0x49, 0xEA, 0x3D, 0x2C, 0xFD, 0x9F, 0xEC, 0xC8, 0x4E, 770 0x4E, 0x86, 0x90, 0x31, 0x02, 0x21, 0x00, 0xE6, 0xA5, 0x55, 0xB3, 0x64, 771 0xAB, 0x90, 0x5E, 0xA2, 0xF5, 0x6B, 0x21, 0x4B, 0x15, 0xD6, 0x4A, 0xB6, 772 0x60, 0x24, 0x95, 0x65, 0xA2, 0xBE, 0xBA, 0x2A, 0x73, 0xFB, 0xFF, 0x2C, 773 0x61, 0x88, 0x9D, 0x02, 0x21, 0x00, 0xD2, 0x9C, 0x5B, 0xFE, 0x82, 0xA5, 774 0xFC, 0x52, 0x6A, 0x29, 0x38, 0xDB, 0x22, 0x3B, 0xEB, 0x74, 0x3B, 0xCA, 775 0xB4, 0xDD, 0x1D, 0xE4, 0x48, 0x60, 0x70, 0x19, 0x9B, 0x81, 0xC1, 0x83, 776 0x28, 0xB5, 0x02, 0x21, 0x00, 0x89, 0x2D, 0xFE, 0xF9, 0xF2, 0xBF, 0x43, 777 0xDF, 0xB5, 0xA6, 0xA8, 0x30, 0x26, 0x1B, 0x77, 0xD7, 0xF9, 0xFE, 0xD6, 778 0xE3, 0x70, 0x8E, 0xCA, 0x47, 0xA9, 0xA6, 0x50, 0x54, 0x25, 0xCE, 0x60, 779 0xD5, 0x02, 0x21, 0x00, 0xBE, 0x5A, 0xF8, 0x82, 0xE6, 0xCE, 0xE3, 0x6A, 780 0x11, 0xED, 0xC4, 0x27, 0xBB, 0x9F, 0x70, 0xC6, 0x93, 0xAC, 0x39, 0x20, 781 0x89, 0x7D, 0xE5, 0x34, 0xD4, 0xDD, 0x30, 0x42, 0x6D, 0x07, 0x00, 0xE9, 782 0x02, 0x20, 0x05, 0x91, 0xEF, 0x12, 0xD2, 0xD3, 0x6A, 0xD2, 0x96, 0x6B, 783 0x10, 0x62, 0xF9, 0xBA, 0xA4, 0x91, 0x48, 0x84, 0x40, 0x61, 0x67, 0x80, 784 0x68, 0x68, 0xC8, 0x60, 0xB3, 0x66, 0xC8, 0xF9, 0x08, 0x9A, 785 }; 786 787 /* 788 * DER-encoded PKCS#8 format EC key. Generated using: 789 * 790 * openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -outform der | recode ../x1 791 */ 792 static uint8_t TEST_SIGN_EC_KEY_1[] = { 793 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 794 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 795 0x03, 0x01, 0x07, 0x04, 0x6D, 0x30, 0x6B, 0x02, 0x01, 0x01, 0x04, 0x20, 796 0x9E, 0x66, 0x11, 0x6A, 0x89, 0xF5, 0x78, 0x57, 0xF3, 0x35, 0xA2, 0x46, 797 0x09, 0x06, 0x4B, 0x4D, 0x81, 0xEC, 0xD3, 0x9B, 0x0A, 0xC4, 0x68, 0x06, 798 0xB8, 0x42, 0x24, 0x5E, 0x74, 0x2C, 0x62, 0x79, 0xA1, 0x44, 0x03, 0x42, 799 0x00, 0x04, 0x35, 0xB5, 0x9A, 0x5C, 0xE5, 0x52, 0x35, 0xF2, 0x10, 0x6C, 800 0xD9, 0x98, 0x67, 0xED, 0x5E, 0xCB, 0x6B, 0xB8, 0x96, 0x5E, 0x54, 0x7C, 801 0x34, 0x2A, 0xA3, 0x3B, 0xF3, 0xD1, 0x39, 0x48, 0x36, 0x7A, 0xEA, 0xD8, 802 0xCA, 0xDD, 0x40, 0x8F, 0xE9, 0xE0, 0x95, 0x2E, 0x3F, 0x95, 0x0F, 0x14, 803 0xD6, 0x14, 0x78, 0xB5, 0xAD, 0x17, 0xD2, 0x5A, 0x41, 0x96, 0x99, 0x20, 804 0xC7, 0x5B, 0x0F, 0x60, 0xFD, 0xBA 805 }; 806 807 /* 808 * PKCS#1 v1.5 padded raw "Hello, world" Can be generated be generated by verifying 809 * the signature below in no padding mode: 810 * 811 * openssl rsautl -keyform der -inkey rsa.der -raw -verify -in test.sig 812 */ 813 static uint8_t TEST_SIGN_DATA_1[] = { 814 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 815 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 816 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 817 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 818 0xFF, 0xFF, 0xFF, 0x00, 0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x2C, 0x20, 0x77, 819 0x6F, 0x72, 0x6C, 0x64, 820 }; 821 822 /* 823 * Signature of TEST_SIGN_DATA_1 using TEST_SIGN_RSA_KEY_1. Generated using: 824 * 825 * echo 'Hello, world' | openssl rsautl -keyform der -inkey rsa.der -sign | recode ../x1 826 */ 827 static uint8_t TEST_SIGN_RSA_SIGNATURE_1[] = { 828 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 829 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 830 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 831 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 832 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 833 0x79, 0xE4, 0x91, 0x40, 834 }; 835 836 /* 837 * Identical to TEST_SIGN_RSA_SIGNATURE_1 except the last octet is '1' instead of '0' 838 * This should fail any test. 839 */ 840 static uint8_t TEST_SIGN_SIGNATURE_BOGUS_1[] = { 841 0xA4, 0xBB, 0x76, 0x87, 0xFE, 0x61, 0x0C, 0x9D, 0xD6, 0xFF, 0x4B, 0x76, 842 0x96, 0x08, 0x36, 0x23, 0x11, 0xC6, 0x44, 0x3F, 0x88, 0x77, 0x97, 0xB2, 843 0xA8, 0x3B, 0xFB, 0x9C, 0x3C, 0xD3, 0x20, 0x65, 0xFD, 0x26, 0x3B, 0x2A, 844 0xB8, 0xB6, 0xD4, 0xDC, 0x91, 0xF7, 0xE2, 0xDE, 0x4D, 0xF7, 0x0E, 0xB9, 845 0x72, 0xA7, 0x29, 0x72, 0x82, 0x12, 0x7C, 0x53, 0x23, 0x21, 0xC4, 0xFF, 846 0x79, 0xE4, 0x91, 0x41, 847 }; 848 849 TEST_F(KeymasterTest, SignData_RSA_Raw_Success) { 850 uint8_t* key_blob; 851 size_t key_blob_length; 852 853 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 854 ASSERT_TRUE(testKey.get() != NULL); 855 856 ASSERT_EQ(0, 857 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 858 &key_blob, &key_blob_length)) 859 << "Should successfully import an RSA key"; 860 UniqueKey key(&sDevice, key_blob, key_blob_length); 861 862 keymaster_rsa_sign_params_t params = { 863 .digest_type = DIGEST_NONE, 864 .padding_type = PADDING_NONE, 865 }; 866 867 uint8_t* sig; 868 size_t sig_length; 869 870 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 871 ASSERT_TRUE(testData.get() != NULL); 872 873 ASSERT_EQ(0, 874 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 875 testData.get(), testData.length(), 876 &sig, &sig_length)) 877 << "Should sign data successfully"; 878 UniqueBlob sig_blob(sig, sig_length); 879 880 UniqueBlob expected_sig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 881 882 ASSERT_EQ(expected_sig, sig_blob) 883 << "Generated signature should match expected signature"; 884 885 // The expected signature is actually stack data, so don't let it try to free. 886 uint8_t* unused __attribute__((unused)) = expected_sig.release(); 887 } 888 889 TEST_F(KeymasterTest, SignData_EC_Success) { 890 uint8_t* key_blob; 891 size_t key_blob_length; 892 893 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 894 ASSERT_TRUE(testKey.get() != NULL); 895 896 ASSERT_EQ(0, 897 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 898 &key_blob, &key_blob_length)) 899 << "Should successfully import an EC key"; 900 UniqueKey key(&sDevice, key_blob, key_blob_length); 901 902 keymaster_ec_sign_params_t params = { 903 .digest_type = DIGEST_NONE, 904 }; 905 906 uint8_t* sig; 907 size_t sig_length; 908 909 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 910 ASSERT_TRUE(testData.get() != NULL); 911 912 ASSERT_EQ(0, 913 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 914 testData.get(), testData.length(), 915 &sig, &sig_length)) 916 << "Should sign data successfully"; 917 UniqueBlob sig_blob(sig, sig_length); 918 919 uint8_t* x509_data; 920 size_t x509_data_length; 921 ASSERT_EQ(0, 922 sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, 923 &x509_data, &x509_data_length)) 924 << "Should be able to retrieve RSA public key successfully"; 925 UniqueBlob x509_blob(x509_data, x509_data_length); 926 927 const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); 928 Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, 929 static_cast<long>(x509_blob.length()))); 930 931 Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get())); 932 933 ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get())) 934 << "Signature should verify"; 935 } 936 937 TEST_F(KeymasterTest, SignData_RSA_Raw_InvalidSizeInput_Failure) { 938 uint8_t* key_blob; 939 size_t key_blob_length; 940 941 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 942 ASSERT_TRUE(testKey.get() != NULL); 943 944 ASSERT_EQ(0, 945 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 946 &key_blob, &key_blob_length)) 947 << "Should successfully import an RSA key"; 948 UniqueKey key(&sDevice, key_blob, key_blob_length); 949 950 keymaster_rsa_sign_params_t params = { 951 .digest_type = DIGEST_NONE, 952 .padding_type = PADDING_NONE, 953 }; 954 955 uint8_t* sig; 956 size_t sig_length; 957 958 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 959 ASSERT_TRUE(testData.get() != NULL); 960 961 ASSERT_EQ(-1, 962 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 963 testData.get(), testData.length(), 964 &sig, &sig_length)) 965 << "Should not be able to do raw signature on incorrect size data"; 966 } 967 968 TEST_F(KeymasterTest, SignData_RSA_Raw_NullKey_Failure) { 969 keymaster_rsa_sign_params_t params = { 970 .digest_type = DIGEST_NONE, 971 .padding_type = PADDING_NONE, 972 }; 973 974 uint8_t* sig; 975 size_t sig_length; 976 977 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 978 ASSERT_TRUE(testData.get() != NULL); 979 980 ASSERT_EQ(-1, 981 sDevice->sign_data(sDevice, ¶ms, NULL, 0, 982 testData.get(), testData.length(), 983 &sig, &sig_length)) 984 << "Should not be able to do raw signature on incorrect size data"; 985 } 986 987 TEST_F(KeymasterTest, SignData_RSA_Raw_NullInput_Failure) { 988 uint8_t* key_blob; 989 size_t key_blob_length; 990 991 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 992 ASSERT_TRUE(testKey.get() != NULL); 993 994 ASSERT_EQ(0, 995 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 996 &key_blob, &key_blob_length)) 997 << "Should successfully import an RSA key"; 998 UniqueKey key(&sDevice, key_blob, key_blob_length); 999 1000 keymaster_rsa_sign_params_t params = { 1001 .digest_type = DIGEST_NONE, 1002 .padding_type = PADDING_NONE, 1003 }; 1004 1005 uint8_t* sig; 1006 size_t sig_length; 1007 1008 ASSERT_EQ(-1, 1009 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1010 NULL, 0, 1011 &sig, &sig_length)) 1012 << "Should error when input data is null"; 1013 } 1014 1015 TEST_F(KeymasterTest, SignData_RSA_Raw_NullOutput_Failure) { 1016 uint8_t* key_blob; 1017 size_t key_blob_length; 1018 1019 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1020 ASSERT_TRUE(testKey.get() != NULL); 1021 1022 ASSERT_EQ(0, 1023 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1024 &key_blob, &key_blob_length)) 1025 << "Should successfully import an RSA key"; 1026 UniqueKey key(&sDevice, key_blob, key_blob_length); 1027 1028 keymaster_rsa_sign_params_t params = { 1029 .digest_type = DIGEST_NONE, 1030 .padding_type = PADDING_NONE, 1031 }; 1032 1033 UniqueReadOnlyBlob testData(TEST_RSA_KEY_1, sizeof(TEST_RSA_KEY_1)); 1034 ASSERT_TRUE(testData.get() != NULL); 1035 1036 ASSERT_EQ(-1, 1037 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1038 testData.get(), testData.length(), 1039 NULL, NULL)) 1040 << "Should error when output is null"; 1041 } 1042 1043 TEST_F(KeymasterTest, VerifyData_RSA_Raw_Success) { 1044 uint8_t* key_blob; 1045 size_t key_blob_length; 1046 1047 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1048 ASSERT_TRUE(testKey.get() != NULL); 1049 1050 ASSERT_EQ(0, 1051 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1052 &key_blob, &key_blob_length)) 1053 << "Should successfully import an RSA key"; 1054 UniqueKey key(&sDevice, key_blob, key_blob_length); 1055 1056 keymaster_rsa_sign_params_t params = { 1057 .digest_type = DIGEST_NONE, 1058 .padding_type = PADDING_NONE, 1059 }; 1060 1061 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1062 ASSERT_TRUE(testData.get() != NULL); 1063 1064 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 1065 ASSERT_TRUE(testSig.get() != NULL); 1066 1067 ASSERT_EQ(0, 1068 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1069 testData.get(), testData.length(), 1070 testSig.get(), testSig.length())) 1071 << "Should verify data successfully"; 1072 } 1073 1074 TEST_F(KeymasterTest, VerifyData_EC_Raw_Success) { 1075 uint8_t* key_blob; 1076 size_t key_blob_length; 1077 1078 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 1079 ASSERT_TRUE(testKey.get() != NULL); 1080 1081 ASSERT_EQ(0, 1082 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1083 &key_blob, &key_blob_length)) 1084 << "Should successfully import an RSA key"; 1085 UniqueKey key(&sDevice, key_blob, key_blob_length); 1086 1087 keymaster_ec_sign_params_t params = { 1088 .digest_type = DIGEST_NONE, 1089 }; 1090 1091 uint8_t* sig; 1092 size_t sig_length; 1093 1094 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1095 ASSERT_TRUE(testData.get() != NULL); 1096 1097 ASSERT_EQ(0, 1098 sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, 1099 testData.get(), testData.length(), 1100 &sig, &sig_length)) 1101 << "Should sign data successfully"; 1102 UniqueBlob sig_blob(sig, sig_length); 1103 1104 ASSERT_EQ(0, 1105 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1106 testData.get(), testData.length(), 1107 sig_blob.get(), sig_blob.length())) 1108 << "Should verify data successfully"; 1109 } 1110 1111 TEST_F(KeymasterTest, VerifyData_RSA_Raw_BadSignature_Failure) { 1112 uint8_t* key_blob; 1113 size_t key_blob_length; 1114 1115 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1116 ASSERT_TRUE(testKey.get() != NULL); 1117 1118 ASSERT_EQ(0, 1119 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1120 &key_blob, &key_blob_length)) 1121 << "Should successfully import an RSA key"; 1122 UniqueKey key(&sDevice, key_blob, key_blob_length); 1123 1124 keymaster_rsa_sign_params_t params = { 1125 .digest_type = DIGEST_NONE, 1126 .padding_type = PADDING_NONE, 1127 }; 1128 1129 ASSERT_EQ(-1, 1130 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1131 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 1132 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 1133 << "Should sign data successfully"; 1134 } 1135 1136 TEST_F(KeymasterTest, VerifyData_EC_Raw_BadSignature_Failure) { 1137 uint8_t* key_blob; 1138 size_t key_blob_length; 1139 1140 UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); 1141 ASSERT_TRUE(testKey.get() != NULL); 1142 1143 ASSERT_EQ(0, 1144 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1145 &key_blob, &key_blob_length)) 1146 << "Should successfully import an RSA key"; 1147 UniqueKey key(&sDevice, key_blob, key_blob_length); 1148 1149 keymaster_ec_sign_params_t params = { 1150 .digest_type = DIGEST_NONE, 1151 }; 1152 1153 ASSERT_EQ(-1, 1154 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1155 TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1), 1156 TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1))) 1157 << "Should sign data successfully"; 1158 } 1159 1160 TEST_F(KeymasterTest, VerifyData_RSA_Raw_NullKey_Failure) { 1161 keymaster_rsa_sign_params_t params = { 1162 .digest_type = DIGEST_NONE, 1163 .padding_type = PADDING_NONE, 1164 }; 1165 1166 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1167 ASSERT_TRUE(testData.get() != NULL); 1168 1169 UniqueReadOnlyBlob testSig(TEST_SIGN_SIGNATURE_BOGUS_1, sizeof(TEST_SIGN_SIGNATURE_BOGUS_1)); 1170 ASSERT_TRUE(testSig.get() != NULL); 1171 1172 ASSERT_EQ(-1, 1173 sDevice->verify_data(sDevice, ¶ms, NULL, 0, 1174 testData.get(), testData.length(), 1175 testSig.get(), testSig.length())) 1176 << "Should fail when key is null"; 1177 } 1178 1179 TEST_F(KeymasterTest, VerifyData_RSA_NullInput_Failure) { 1180 uint8_t* key_blob; 1181 size_t key_blob_length; 1182 1183 ASSERT_EQ(0, 1184 sDevice->import_keypair(sDevice, TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1), 1185 &key_blob, &key_blob_length)) 1186 << "Should successfully import an RSA key"; 1187 UniqueKey key(&sDevice, key_blob, key_blob_length); 1188 1189 keymaster_rsa_sign_params_t params = { 1190 .digest_type = DIGEST_NONE, 1191 .padding_type = PADDING_NONE, 1192 }; 1193 1194 UniqueReadOnlyBlob testSig(TEST_SIGN_RSA_SIGNATURE_1, sizeof(TEST_SIGN_RSA_SIGNATURE_1)); 1195 ASSERT_TRUE(testSig.get() != NULL); 1196 1197 ASSERT_EQ(-1, 1198 sDevice->verify_data(sDevice, ¶ms, key_blob, key_blob_length, 1199 NULL, 0, 1200 testSig.get(), testSig.length())) 1201 << "Should fail on null input"; 1202 } 1203 1204 TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) { 1205 uint8_t* key_blob; 1206 size_t key_blob_length; 1207 1208 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1209 ASSERT_TRUE(testKey.get() != NULL); 1210 1211 ASSERT_EQ(0, 1212 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1213 &key_blob, &key_blob_length)) 1214 << "Should successfully import an RSA key"; 1215 UniqueKey key(&sDevice, key_blob, key_blob_length); 1216 1217 keymaster_rsa_sign_params_t params = { 1218 .digest_type = DIGEST_NONE, 1219 .padding_type = PADDING_NONE, 1220 }; 1221 1222 UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); 1223 ASSERT_TRUE(testData.get() != NULL); 1224 1225 ASSERT_EQ(-1, 1226 sDevice->verify_data(sDevice, ¶ms, key.get(), key.length(), 1227 testData.get(), testData.length(), 1228 NULL, 0)) 1229 << "Should fail on null signature"; 1230 } 1231 1232 TEST_F(KeymasterTest, EraseAll_Success) { 1233 uint8_t *key1_blob, *key2_blob; 1234 size_t key1_blob_length, key2_blob_length; 1235 1236 // Only test this if the device says it supports delete_all 1237 if (sDevice->delete_all == NULL) { 1238 return; 1239 } 1240 1241 UniqueReadOnlyBlob testKey(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1242 ASSERT_TRUE(testKey.get() != NULL); 1243 1244 ASSERT_EQ(0, 1245 sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), 1246 &key1_blob, &key1_blob_length)) 1247 << "Should successfully import an RSA key"; 1248 UniqueKey key1(&sDevice, key1_blob, key1_blob_length); 1249 1250 UniqueReadOnlyBlob testKey2(TEST_SIGN_RSA_KEY_1, sizeof(TEST_SIGN_RSA_KEY_1)); 1251 ASSERT_TRUE(testKey2.get() != NULL); 1252 1253 ASSERT_EQ(0, 1254 sDevice->import_keypair(sDevice, testKey2.get(), testKey2.length(), 1255 &key2_blob, &key2_blob_length)) 1256 << "Should successfully import an RSA key"; 1257 UniqueKey key2(&sDevice, key2_blob, key2_blob_length); 1258 1259 ASSERT_EQ(0, sDevice->delete_all(sDevice)) 1260 << "Should erase all keys"; 1261 1262 key1.reset(); 1263 1264 uint8_t* x509_data; 1265 size_t x509_data_length; 1266 ASSERT_EQ(-1, 1267 sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length, 1268 &x509_data, &x509_data_length)) 1269 << "Should be able to retrieve RSA public key 1 successfully"; 1270 1271 ASSERT_EQ(-1, 1272 sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length, 1273 &x509_data, &x509_data_length)) 1274 << "Should be able to retrieve RSA public key 2 successfully"; 1275 } 1276 1277 } 1278