Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 4db3fbdda292c0c3120dfe160c1b49670aa18600 / . / key_blob_test.cpp
blob: aaef45db0d9385629d5e76bf67efaca75d8e932c [file] [log] [blame]
Shawn Willden4db3fbd2014-08-08 22:13:44 -0600[diff] [blame^]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <algorithm>
18
19#include <gtest/gtest.h>
20
21#include <openssl/engine.h>
22
23#define KEYMASTER_NAME_TAGS
24#include "authorization_set.h"
25#include "google_keymaster_utils.h"
26#include "keymaster_tags.h"
27#include "key_blob.h"
28
29int main(int argc, char** argv) {
30 ::testing::InitGoogleTest(&argc, argv);
31 int result = RUN_ALL_TESTS();
32 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
33 CRYPTO_cleanup_all_ex_data();
34 ERR_free_strings();
35 return result;
36}
37
38namespace keymaster {
39
40bool operator==(const AuthorizationSet& a, const AuthorizationSet& b) {
41 if (a.size() != b.size())
42 return false;
43
44 for (size_t i = 0; i < a.size(); ++i) {
45 if (a[i].tag != b[i].tag)
46 return false;
47 // TODO(check value)
48 }
49
50 return true;
51}
52
53namespace test {
54
55class KeyBlobTest : public testing::Test {
56 protected:
57 KeyBlobTest()
58 : key_data_({21, 22, 23, 24, 25}),
59 master_key_data_({0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}),
60 nonce_({12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1}) {
61 key_.key_material = const_cast<uint8_t*>(key_data_);
62 key_.key_material_size = array_size(key_data_);
63 master_key_.key_material = const_cast<uint8_t*>(master_key_data_);
64 master_key_.key_material_size = array_size(master_key_data_);
65
66 enforced_.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
67 enforced_.push_back(TAG_KEY_SIZE, 256);
68 enforced_.push_back(TAG_BLOB_USAGE_REQUIREMENTS, KM_BLOB_STANDALONE);
69 enforced_.push_back(TAG_MIN_SECONDS_BETWEEN_OPS, 10);
70 enforced_.push_back(TAG_ALL_USERS);
71 enforced_.push_back(TAG_NO_AUTH_REQUIRED);
72 enforced_.push_back(TAG_ORIGIN, KM_ORIGIN_HARDWARE);
73 enforced_.push_back(TAG_ROOT_OF_TRUST, "foo", 3);
74
75 unenforced_.push_back(TAG_ACTIVE_DATETIME, 10);
76 unenforced_.push_back(TAG_ORIGINATION_EXPIRE_DATETIME, 100);
77 unenforced_.push_back(TAG_CREATION_DATETIME, 10);
78 unenforced_.push_back(TAG_CHUNK_LENGTH, 10);
79 }
80
81 AuthorizationSet enforced_;
82 AuthorizationSet unenforced_;
83
84 keymaster_key_blob_t key_;
85 const uint8_t key_data_[5];
86 keymaster_key_blob_t master_key_;
87 const uint8_t master_key_data_[16];
88 uint8_t nonce_[KeyBlob::NONCE_LENGTH];
89};
90
91TEST_F(KeyBlobTest, EncryptDecrypt) {
92 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
93
94 size_t size = blob.SerializedSize();
95 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
96 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
97
98 // key_data shouldn't be anywhere in the blob.
99 uint8_t* begin = serialized_blob.get();
100 uint8_t* end = begin + size;
101 EXPECT_EQ(end, std::search(begin, end, key_data_, key_data_ + array_size(key_data_)));
102
103 // Recover the key material.
104 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
105 KeyBlob deserialized(encrypted_blob, master_key_);
106 EXPECT_EQ(KM_ERROR_OK, deserialized.error());
107 EXPECT_EQ(0, memcmp(deserialized.key_material(), key_data_, array_size(key_data_)));
108}
109
110TEST_F(KeyBlobTest, WrongKeyLength) {
111 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
112
113 size_t size = blob.SerializedSize();
114 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
115 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
116
117 // Find the nonce, then modify it.
118 serialized_blob[KeyBlob::NONCE_LENGTH]++;
119
120 // Decrypting with wrong nonce should fail.
121 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
122 KeyBlob deserialized(encrypted_blob, master_key_);
123 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
124}
125
126TEST_F(KeyBlobTest, WrongNonce) {
127 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
128
129 size_t size = blob.SerializedSize();
130 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
131 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
132
133 // Find the nonce, then modify it.
134 uint8_t* begin = serialized_blob.get();
135 uint8_t* end = begin + size;
136 auto nonce_ptr = std::search(begin, end, nonce_, nonce_ + array_size(nonce_));
137 ASSERT_NE(nonce_ptr, end);
138 EXPECT_EQ(end, std::search(nonce_ptr + 1, end, nonce_, nonce_ + array_size(nonce_)));
139 (*nonce_ptr)++;
140
141 // Decrypting with wrong nonce should fail.
142 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
143 KeyBlob deserialized(encrypted_blob, master_key_);
144 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
145 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data_, array_size(key_data_)));
146}
147
148TEST_F(KeyBlobTest, WrongTag) {
149 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
150
151 size_t size = blob.SerializedSize();
152 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
153 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
154
155 // Find the tag, them modify it.
156 uint8_t* begin = serialized_blob.get();
157 uint8_t* end = begin + size;
158 auto tag_ptr = std::search(begin, end, blob.tag(), blob.tag() + KeyBlob::TAG_LENGTH);
159 ASSERT_NE(tag_ptr, end);
160 EXPECT_EQ(end, std::search(tag_ptr + 1, end, blob.tag(), blob.tag() + KeyBlob::TAG_LENGTH));
161 (*tag_ptr)++;
162
163 // Decrypting with wrong tag should fail.
164 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
165 KeyBlob deserialized(encrypted_blob, master_key_);
166 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
167 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data_, array_size(key_data_)));
168}
169
170TEST_F(KeyBlobTest, WrongCiphertext) {
171 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
172
173 size_t size = blob.SerializedSize();
174 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
175 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
176
177 // Find the ciphertext, them modify it.
178 uint8_t* begin = serialized_blob.get();
179 uint8_t* end = begin + size;
180 auto ciphertext_ptr = std::search(begin, end, blob.encrypted_key_material(),
181 blob.encrypted_key_material() + blob.key_material_length());
182 ASSERT_NE(ciphertext_ptr, end);
183 EXPECT_EQ(end, std::search(ciphertext_ptr + 1, end, blob.encrypted_key_material(),
184 blob.encrypted_key_material() + blob.key_material_length()));
185 (*ciphertext_ptr)++;
186
187 // Decrypting with wrong tag should fail.
188 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
189 KeyBlob deserialized(encrypted_blob, master_key_);
190 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
191 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data_, array_size(key_data_)));
192}
193
194TEST_F(KeyBlobTest, WrongMasterKey) {
195 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
196
197 size_t size = blob.SerializedSize();
198 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
199 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
200
201 uint8_t wrong_master_data[] = {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
202 keymaster_key_blob_t wrong_master;
203 wrong_master.key_material = wrong_master_data;
204 wrong_master.key_material_size = array_size(wrong_master_data);
205
206 // Decrypting with wrong master key should fail.
207 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
208 KeyBlob deserialized(encrypted_blob, wrong_master);
209 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
210 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data_, array_size(key_data_)));
211}
212
213TEST_F(KeyBlobTest, WrongEnforced) {
214 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
215
216 size_t size = blob.SerializedSize();
217 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
218 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
219 uint8_t* begin = serialized_blob.get();
220 uint8_t* end = begin + size;
221
222 // Find one element of enforced_ serialization and modify it.
223 keymaster_key_param_t entry = enforced_[0];
224 uint8_t* entry_begin = reinterpret_cast<uint8_t*>(&entry);
225 uint8_t* entry_end = entry_begin + sizeof(entry);
226 auto entry_ptr = std::search(begin, end, entry_begin, entry_end);
227 ASSERT_NE(end, entry_ptr);
228 EXPECT_EQ(end, std::search(entry_ptr + 1, end, entry_begin, entry_end));
229 reinterpret_cast<keymaster_key_param_t*>(entry_ptr)->integer++;
230
231 // Decrypting with wrong unenforced data should fail.
232 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
233 KeyBlob deserialized(encrypted_blob, master_key_);
234 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
235 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data_, array_size(key_data_)));
236}
237
238TEST_F(KeyBlobTest, WrongUnenforced) {
239 KeyBlob blob(enforced_, unenforced_, key_, master_key_, nonce_);
240
241 size_t size = blob.SerializedSize();
242 UniquePtr<uint8_t[]> serialized_blob(new uint8_t[size]);
243 blob.Serialize(serialized_blob.get(), serialized_blob.get() + size);
244 uint8_t* begin = serialized_blob.get();
245 uint8_t* end = begin + size;
246
247 // Find one element of unenforced_ serialization and modify it.
248 keymaster_key_param_t entry = unenforced_[0];
249 uint8_t* entry_begin = reinterpret_cast<uint8_t*>(&entry);
250 uint8_t* entry_end = entry_begin + sizeof(entry);
251 auto entry_ptr = std::search(begin, end, entry_begin, entry_end);
252 ASSERT_NE(end, entry_ptr);
253 EXPECT_EQ(end, std::search(entry_ptr + 1, end, entry_begin, entry_end));
254 reinterpret_cast<keymaster_key_param_t*>(entry_ptr)->integer++;
255
256 // Decrypting with wrong unenforced data should fail.
257 keymaster_key_blob_t encrypted_blob = {serialized_blob.get(), size};
258 KeyBlob deserialized(encrypted_blob, master_key_);
259 EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, deserialized.error());
260 EXPECT_NE(0, memcmp(deserialized.key_material(), key_data_, array_size(key_data_)));
261}
262
263} // namespace test
264} // namespace keymaster