1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <algorithm>
17 #include <fstream>
18
19 #include <UniquePtr.h>
20 #include <gtest/gtest.h>
21 #include <openssl/engine.h>
22
23 #include <hardware/keymaster0.h>
24
25 #include <keymaster/android_keymaster.h>
26 #include <keymaster/android_keymaster_messages.h>
27 #include <keymaster/android_keymaster_utils.h>
28 #include <keymaster/keymaster_tags.h>
29 #include <keymaster/soft_keymaster_context.h>
30
31 #include "android_keymaster_test_utils.h"
32 #include "trusty_keymaster_device.h"
33 #include "openssl_utils.h"
34
35 using std::string;
36 using std::ifstream;
37 using std::istreambuf_iterator;
38
39 static keymaster::AndroidKeymaster *impl_ = nullptr;
40
41 extern "C" {
42 int __android_log_print();
43 }
44
__android_log_print()45 int __android_log_print() {
46 return 0;
47 }
48
main(int argc,char ** argv)49 int main(int argc, char** argv) {
50 ::testing::InitGoogleTest(&argc, argv);
51 int result = RUN_ALL_TESTS();
52 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
53 CRYPTO_cleanup_all_ex_data();
54 ERR_free_strings();
55 return result;
56 }
57
trusty_keymaster_connect()58 int trusty_keymaster_connect() {
59 impl_ = new keymaster::AndroidKeymaster(new keymaster::SoftKeymasterContext(nullptr), 16);
60 }
61
trusty_keymaster_disconnect()62 void trusty_keymaster_disconnect() {
63 delete static_cast<keymaster::AndroidKeymaster*>(priv_);
64 }
65
66 template <typename Req, typename Rsp>
fake_call(keymaster::AndroidKeymaster * device,void (keymaster::AndroidKeymaster::* method)(const Req &,Rsp *),void * in_buf,uint32_t in_size,void * out_buf,uint32_t * out_size)67 static int fake_call(keymaster::AndroidKeymaster* device,
68 void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf,
69 uint32_t in_size, void* out_buf, uint32_t* out_size) {
70 Req req;
71 const uint8_t* in = static_cast<uint8_t*>(in_buf);
72 req.Deserialize(&in, in + in_size);
73 Rsp rsp;
74 (device->*method)(req, &rsp);
75
76 *out_size = rsp.SerializedSize();
77 uint8_t* out = static_cast<uint8_t*>(out_buf);
78 rsp.Serialize(out, out + *out_size);
79 return 0;
80 }
81
trusty_keymaster_call(uint32_t cmd,void * in_buf,uint32_t in_size,void * out_buf,uint32_t * out_size)82 int trusty_keymaster_call(uint32_t cmd, void* in_buf, uint32_t in_size, void* out_buf,
83 uint32_t* out_size) {
84 switch (cmd) {
85 case KM_GENERATE_KEY:
86 return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size,
87 out_buf, out_size);
88 case KM_BEGIN_OPERATION:
89 return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size,
90 out_buf, out_size);
91 case KM_UPDATE_OPERATION:
92 return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size,
93 out_buf, out_size);
94 case KM_FINISH_OPERATION:
95 return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size,
96 out_buf, out_size);
97 case KM_IMPORT_KEY:
98 return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size, out_buf,
99 out_size);
100 case KM_EXPORT_KEY:
101 return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size, out_buf,
102 out_size);
103 }
104 return -EINVAL;
105
106 }
107
108 namespace keymaster {
109 namespace test {
110
111 class TrustyKeymasterTest : public testing::Test {
112 protected:
TrustyKeymasterTest()113 TrustyKeymasterTest() : device(NULL) {}
114
build_rsa_params()115 keymaster_rsa_keygen_params_t build_rsa_params() {
116 keymaster_rsa_keygen_params_t rsa_params;
117 rsa_params.public_exponent = 65537;
118 rsa_params.modulus_size = 2048;
119 return rsa_params;
120 }
121
build_message(size_t length)122 uint8_t* build_message(size_t length) {
123 uint8_t* msg = new uint8_t[length];
124 memset(msg, 'a', length);
125 return msg;
126 }
127
dsa_message_len(const keymaster_dsa_keygen_params_t & params)128 size_t dsa_message_len(const keymaster_dsa_keygen_params_t& params) {
129 switch (params.key_size) {
130 case 256:
131 case 1024:
132 return 48;
133 case 2048:
134 case 4096:
135 return 72;
136 default:
137 // Oops.
138 return 0;
139 }
140 }
141
142 TrustyKeymasterDevice device;
143 };
144
145 class Malloc_Delete {
146 public:
Malloc_Delete(void * p)147 Malloc_Delete(void* p) : p_(p) {}
~Malloc_Delete()148 ~Malloc_Delete() { free(p_); }
149
150 private:
151 void* p_;
152 };
153
154 typedef TrustyKeymasterTest KeyGenTest;
TEST_F(KeyGenTest,RsaSuccess)155 TEST_F(KeyGenTest, RsaSuccess) {
156 keymaster_rsa_keygen_params_t params = build_rsa_params();
157 uint8_t* ptr = NULL;
158 size_t size;
159 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
160 EXPECT_GT(size, 0U);
161 Malloc_Delete key_deleter(ptr);
162 }
163
TEST_F(KeyGenTest,EcdsaSuccess)164 TEST_F(KeyGenTest, EcdsaSuccess) {
165 keymaster_ec_keygen_params_t ec_params = {256};
166 uint8_t* ptr = NULL;
167 size_t size;
168 ASSERT_EQ(0, device.generate_keypair(TYPE_EC, &ec_params, &ptr, &size));
169 EXPECT_GT(size, 0U);
170 Malloc_Delete key_deleter(ptr);
171 }
172
173 typedef TrustyKeymasterTest SigningTest;
TEST_F(SigningTest,RsaSuccess)174 TEST_F(SigningTest, RsaSuccess) {
175 keymaster_rsa_keygen_params_t params = build_rsa_params();
176 uint8_t* ptr = NULL;
177 size_t size;
178 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
179 EXPECT_GT(size, 0U);
180 Malloc_Delete key_deleter(ptr);
181
182 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
183 size_t message_len = params.modulus_size / 8;
184 UniquePtr<uint8_t[]> message(build_message(message_len));
185 uint8_t* signature;
186 size_t siglen;
187 EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
188 &signature, &siglen));
189 Malloc_Delete sig_deleter(signature);
190 EXPECT_EQ(message_len, siglen);
191 }
192
TEST_F(SigningTest,RsaShortMessage)193 TEST_F(SigningTest, RsaShortMessage) {
194 keymaster_rsa_keygen_params_t params = build_rsa_params();
195 uint8_t* ptr = NULL;
196 size_t size;
197 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
198 EXPECT_GT(size, 0U);
199 Malloc_Delete key_deleter(ptr);
200
201 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
202 size_t message_len = params.modulus_size / 8 - 1;
203 UniquePtr<uint8_t[]> message(build_message(message_len));
204 uint8_t* signature;
205 size_t siglen;
206 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, device.sign_data(&sig_params, ptr, size, message.get(),
207 message_len, &signature, &siglen));
208 }
209
TEST_F(SigningTest,RsaLongMessage)210 TEST_F(SigningTest, RsaLongMessage) {
211 keymaster_rsa_keygen_params_t params = build_rsa_params();
212 uint8_t* ptr = NULL;
213 size_t size;
214 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
215 EXPECT_GT(size, 0U);
216 Malloc_Delete key_deleter(ptr);
217
218 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
219 size_t message_len = params.modulus_size / 8 + 1;
220 UniquePtr<uint8_t[]> message(build_message(message_len));
221 uint8_t* signature;
222 size_t siglen;
223 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, device.sign_data(&sig_params, ptr, size, message.get(),
224 message_len, &signature, &siglen));
225 }
226
TEST_F(SigningTest,EcdsaSuccess)227 TEST_F(SigningTest, EcdsaSuccess) {
228 keymaster_ec_keygen_params_t params = {256};
229 uint8_t* ptr = NULL;
230 size_t size;
231 ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size));
232 EXPECT_GT(size, 0U);
233 Malloc_Delete key_deleter(ptr);
234
235 keymaster_ec_sign_params_t sig_params = {DIGEST_NONE};
236 uint8_t message[] = "12345678901234567890123456789012";
237 uint8_t* signature;
238 size_t siglen;
239 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message,
240 array_size(message) - 1, &signature, &siglen));
241 Malloc_Delete sig_deleter(signature);
242 EXPECT_GT(siglen, 69U);
243 EXPECT_LT(siglen, 73U);
244 }
245
TEST_F(SigningTest,EcdsaEmptyMessageSuccess)246 TEST_F(SigningTest, EcdsaEmptyMessageSuccess) {
247 keymaster_ec_keygen_params_t params = {256};
248 uint8_t* ptr = NULL;
249 size_t size;
250 ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size));
251 EXPECT_GT(size, 0U);
252 Malloc_Delete key_deleter(ptr);
253
254 keymaster_ec_sign_params_t sig_params = {DIGEST_NONE};
255 uint8_t message[] = "";
256 uint8_t* signature;
257 size_t siglen;
258 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message,
259 array_size(message) - 1, &signature, &siglen));
260 Malloc_Delete sig_deleter(signature);
261 EXPECT_GT(siglen, 69U);
262 EXPECT_LT(siglen, 73U);
263 }
264
TEST_F(SigningTest,EcdsaLargeMessageSuccess)265 TEST_F(SigningTest, EcdsaLargeMessageSuccess) {
266 keymaster_ec_keygen_params_t params = {256};
267 uint8_t* ptr = NULL;
268 size_t size;
269 ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size));
270 EXPECT_GT(size, 0U);
271 Malloc_Delete key_deleter(ptr);
272
273 keymaster_ec_sign_params_t sig_params = {DIGEST_NONE};
274 size_t message_len = 1024 * 7;
275 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
276 // contents of message don't matter.
277 uint8_t* signature;
278 size_t siglen;
279 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
280 &signature, &siglen));
281 Malloc_Delete sig_deleter(signature);
282 EXPECT_GT(siglen, 69U);
283 EXPECT_LT(siglen, 73U);
284 }
285
286 typedef TrustyKeymasterTest VerificationTest;
TEST_F(VerificationTest,RsaSuccess)287 TEST_F(VerificationTest, RsaSuccess) {
288 keymaster_rsa_keygen_params_t params = build_rsa_params();
289 uint8_t* ptr = NULL;
290 size_t size;
291 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
292 EXPECT_GT(size, 0U);
293 Malloc_Delete key_deleter(ptr);
294
295 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
296 size_t message_len = params.modulus_size / 8;
297 UniquePtr<uint8_t[]> message(build_message(message_len));
298 uint8_t* signature;
299 size_t siglen;
300 EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
301 &signature, &siglen));
302 Malloc_Delete sig_deleter(signature);
303
304 EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, ptr, size, message.get(), message_len,
305 signature, siglen));
306 }
307
TEST_F(VerificationTest,RsaBadSignature)308 TEST_F(VerificationTest, RsaBadSignature) {
309 keymaster_rsa_keygen_params_t params = build_rsa_params();
310 uint8_t* ptr = NULL;
311 size_t size;
312 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
313 EXPECT_GT(size, 0U);
314 Malloc_Delete key_deleter(ptr);
315
316 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
317 size_t message_len = params.modulus_size / 8;
318 UniquePtr<uint8_t[]> message(build_message(message_len));
319 uint8_t* signature;
320 size_t siglen;
321 EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
322 &signature, &siglen));
323
324 Malloc_Delete sig_deleter(signature);
325 signature[siglen / 2]++;
326 EXPECT_EQ(
327 KM_ERROR_VERIFICATION_FAILED,
328 device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen));
329 }
330
TEST_F(VerificationTest,RsaBadMessage)331 TEST_F(VerificationTest, RsaBadMessage) {
332 keymaster_rsa_keygen_params_t params = build_rsa_params();
333 uint8_t* ptr = NULL;
334 size_t size;
335 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
336 EXPECT_GT(size, 0U);
337 Malloc_Delete key_deleter(ptr);
338
339 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
340 size_t message_len = params.modulus_size / 8;
341 UniquePtr<uint8_t[]> message(build_message(message_len));
342 uint8_t* signature;
343 size_t siglen;
344 EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
345 &signature, &siglen));
346 Malloc_Delete sig_deleter(signature);
347 message[0]++;
348 EXPECT_EQ(
349 KM_ERROR_VERIFICATION_FAILED,
350 device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen));
351 }
352
TEST_F(VerificationTest,RsaShortMessage)353 TEST_F(VerificationTest, RsaShortMessage) {
354 keymaster_rsa_keygen_params_t params = build_rsa_params();
355 uint8_t* ptr = NULL;
356 size_t size;
357 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
358 EXPECT_GT(size, 0U);
359 Malloc_Delete key_deleter(ptr);
360
361 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
362 size_t message_len = params.modulus_size / 8;
363 UniquePtr<uint8_t[]> message(build_message(message_len));
364 uint8_t* signature;
365 size_t siglen;
366 EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
367 &signature, &siglen));
368
369 Malloc_Delete sig_deleter(signature);
370 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH,
371 device.verify_data(&sig_params, ptr, size, message.get(), message_len - 1, signature,
372 siglen));
373 }
374
TEST_F(VerificationTest,RsaLongMessage)375 TEST_F(VerificationTest, RsaLongMessage) {
376 keymaster_rsa_keygen_params_t params = build_rsa_params();
377 uint8_t* ptr = NULL;
378 size_t size;
379 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
380 EXPECT_GT(size, 0U);
381 Malloc_Delete key_deleter(ptr);
382
383 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
384 size_t message_len = params.modulus_size / 8;
385 UniquePtr<uint8_t[]> message(build_message(message_len + 1));
386 uint8_t* signature;
387 size_t siglen;
388 EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
389 &signature, &siglen));
390 Malloc_Delete sig_deleter(signature);
391 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH,
392 device.verify_data(&sig_params, ptr, size, message.get(), message_len + 1, signature,
393 siglen));
394 }
395
TEST_F(VerificationTest,EcdsaSuccess)396 TEST_F(VerificationTest, EcdsaSuccess) {
397 keymaster_ec_keygen_params_t params = {256};
398 uint8_t* ptr = NULL;
399 size_t size;
400 ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size));
401 EXPECT_GT(size, 0U);
402 Malloc_Delete key_deleter(ptr);
403
404 keymaster_ec_sign_params_t sig_params = {DIGEST_NONE};
405 uint8_t message[] = "12345678901234567890123456789012";
406 uint8_t* signature;
407 size_t siglen;
408 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message,
409 array_size(message) - 1, &signature, &siglen));
410 Malloc_Delete sig_deleter(signature);
411 EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, ptr, size, message,
412 array_size(message) - 1, signature, siglen));
413 }
414
TEST_F(VerificationTest,EcdsaLargeMessageSuccess)415 TEST_F(VerificationTest, EcdsaLargeMessageSuccess) {
416 keymaster_ec_keygen_params_t params = {256};
417 uint8_t* ptr = NULL;
418 size_t size;
419 ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size));
420 EXPECT_GT(size, 0U);
421 Malloc_Delete key_deleter(ptr);
422
423 keymaster_ec_sign_params_t sig_params = {DIGEST_NONE};
424 size_t message_len = 1024 * 7;
425 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
426 // contents of message don't matter.
427 uint8_t* signature;
428 size_t siglen;
429 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
430 &signature, &siglen));
431 Malloc_Delete sig_deleter(signature);
432 EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, ptr, size, message.get(), message_len,
433 signature, siglen));
434 }
435
read_file(const string & file_name)436 static string read_file(const string& file_name) {
437 ifstream file_stream(file_name, std::ios::binary);
438 istreambuf_iterator<char> file_begin(file_stream);
439 istreambuf_iterator<char> file_end;
440 return string(file_begin, file_end);
441 }
442
443 typedef TrustyKeymasterTest ImportKeyTest;
TEST_F(ImportKeyTest,RsaSuccess)444 TEST_F(ImportKeyTest, RsaSuccess) {
445 string pk8_key = read_file("../../../../system/keymaster/rsa_privkey_pk8.der");
446 ASSERT_EQ(633U, pk8_key.size());
447
448 uint8_t* key = NULL;
449 size_t size;
450 ASSERT_EQ(KM_ERROR_OK, device.import_keypair(reinterpret_cast<const uint8_t*>(pk8_key.data()),
451 pk8_key.size(), &key, &size));
452 Malloc_Delete key_deleter(key);
453
454 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
455 size_t message_size = 1024 /* key size */ / 8;
456 UniquePtr<uint8_t[]> message(new uint8_t[message_size]);
457 memset(message.get(), 'a', message_size);
458 uint8_t* signature;
459 size_t siglen;
460 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, key, size, message.get(), message_size,
461 &signature, &siglen));
462 Malloc_Delete sig_deleter(signature);
463 EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, key, size, message.get(), message_size,
464 signature, siglen));
465 }
466
TEST_F(ImportKeyTest,EcdsaSuccess)467 TEST_F(ImportKeyTest, EcdsaSuccess) {
468 string pk8_key = read_file("../../../../system/keymaster/ec_privkey_pk8.der");
469 ASSERT_EQ(138U, pk8_key.size());
470
471 uint8_t* key = NULL;
472 size_t size;
473 ASSERT_EQ(KM_ERROR_OK, device.import_keypair(reinterpret_cast<const uint8_t*>(pk8_key.data()),
474 pk8_key.size(), &key, &size));
475 Malloc_Delete key_deleter(key);
476
477 keymaster_ec_sign_params_t sig_params = {DIGEST_NONE};
478 uint8_t message[] = "12345678901234567890123456789012";
479 uint8_t* signature;
480 size_t siglen;
481 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, key, size, message,
482 array_size(message) - 1, &signature, &siglen));
483 Malloc_Delete sig_deleter(signature);
484 EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, key, size, message,
485 array_size(message) - 1, signature, siglen));
486 }
487
488 struct EVP_PKEY_CTX_Delete {
operator ()keymaster::test::EVP_PKEY_CTX_Delete489 void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); }
490 };
491
VerifySignature(const uint8_t * key,size_t key_len,const uint8_t * signature,size_t signature_len,const uint8_t * message,size_t message_len)492 static void VerifySignature(const uint8_t* key, size_t key_len, const uint8_t* signature,
493 size_t signature_len, const uint8_t* message, size_t message_len) {
494 UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(d2i_PUBKEY(NULL, &key, key_len));
495 ASSERT_TRUE(pkey.get() != NULL);
496 UniquePtr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
497 ASSERT_TRUE(ctx.get() != NULL);
498 ASSERT_EQ(1, EVP_PKEY_verify_init(ctx.get()));
499 if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
500 ASSERT_EQ(1, EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING));
501 EXPECT_EQ(1, EVP_PKEY_verify(ctx.get(), signature, signature_len, message, message_len));
502 }
503
504 typedef TrustyKeymasterTest ExportKeyTest;
TEST_F(ExportKeyTest,RsaSuccess)505 TEST_F(ExportKeyTest, RsaSuccess) {
506 keymaster_rsa_keygen_params_t params = build_rsa_params();
507 uint8_t* ptr = NULL;
508 size_t size;
509 ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size));
510 EXPECT_GT(size, 0U);
511 Malloc_Delete key_deleter(ptr);
512
513 uint8_t* exported;
514 size_t exported_size;
515 EXPECT_EQ(KM_ERROR_OK, device.get_keypair_public(ptr, size, &exported, &exported_size));
516 Malloc_Delete exported_deleter(exported);
517
518 // Sign a message so we can verify it with the exported pubkey.
519 keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE};
520 size_t message_len = params.modulus_size / 8;
521 UniquePtr<uint8_t[]> message(build_message(message_len));
522 uint8_t* signature;
523 size_t siglen;
524 EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len,
525 &signature, &siglen));
526 Malloc_Delete sig_deleter(signature);
527 EXPECT_EQ(message_len, siglen);
528 const uint8_t* tmp = exported;
529
530 VerifySignature(exported, exported_size, signature, siglen, message.get(), message_len);
531 }
532
533 typedef TrustyKeymasterTest ExportKeyTest;
TEST_F(ExportKeyTest,EcdsaSuccess)534 TEST_F(ExportKeyTest, EcdsaSuccess) {
535 keymaster_ec_keygen_params_t params = {256};
536 uint8_t* key = NULL;
537 size_t size;
538 ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &key, &size));
539 EXPECT_GT(size, 0U);
540 Malloc_Delete key_deleter(key);
541
542 uint8_t* exported;
543 size_t exported_size;
544 EXPECT_EQ(KM_ERROR_OK, device.get_keypair_public(key, size, &exported, &exported_size));
545 Malloc_Delete exported_deleter(exported);
546
547 // Sign a message so we can verify it with the exported pubkey.
548 keymaster_ec_sign_params_t sig_params = {DIGEST_NONE};
549 uint8_t message[] = "12345678901234567890123456789012";
550 uint8_t* signature;
551 size_t siglen;
552 ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, key, size, message,
553 array_size(message) - 1, &signature, &siglen));
554 Malloc_Delete sig_deleter(signature);
555 EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, key, size, message,
556 array_size(message) - 1, signature, siglen));
557
558 VerifySignature(exported, exported_size, signature, siglen, message, array_size(message) - 1);
559 }
560
561 } // namespace test
562 } // namespace keymaster
563