Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2009 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Kenny Root | 96ad6cb | 2012-08-10 12:39:15 -0700 | [diff] [blame] | 17 | package android.security; |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 18 | |
| 19 | import android.app.Activity; |
Chad Brubaker | 8827c81 | 2015-03-05 10:32:30 -0800 | [diff] [blame] | 20 | import android.os.Binder; |
| 21 | import android.os.IBinder; |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 22 | import android.os.Process; |
Chad Brubaker | 8827c81 | 2015-03-05 10:32:30 -0800 | [diff] [blame] | 23 | import android.os.ServiceManager; |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 24 | import android.security.KeyStore; |
Chad Brubaker | 8827c81 | 2015-03-05 10:32:30 -0800 | [diff] [blame] | 25 | import android.security.keymaster.ExportResult; |
| 26 | import android.security.keymaster.KeyCharacteristics; |
| 27 | import android.security.keymaster.KeymasterArguments; |
| 28 | import android.security.keymaster.KeymasterDefs; |
| 29 | import android.security.keymaster.OperationResult; |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 30 | import android.test.ActivityUnitTestCase; |
Kenny Root | 473c712 | 2012-08-17 21:13:48 -0700 | [diff] [blame] | 31 | import android.test.AssertionFailedError; |
Chad Brubaker | 8827c81 | 2015-03-05 10:32:30 -0800 | [diff] [blame] | 32 | import android.test.MoreAsserts; |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 33 | import android.test.suitebuilder.annotation.MediumTest; |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 34 | import com.android.org.conscrypt.NativeCrypto; |
Elliott Hughes | d396a44 | 2013-06-28 16:24:48 -0700 | [diff] [blame] | 35 | import java.nio.charset.StandardCharsets; |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 36 | import java.util.Arrays; |
Kenny Root | 473c712 | 2012-08-17 21:13:48 -0700 | [diff] [blame] | 37 | import java.util.Date; |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 38 | import java.util.HashSet; |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 39 | |
Chad Brubaker | 8827c81 | 2015-03-05 10:32:30 -0800 | [diff] [blame] | 40 | import android.util.Log; |
| 41 | import android.util.Base64; |
| 42 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 43 | /** |
| 44 | * Junit / Instrumentation test case for KeyStore class |
| 45 | * |
| 46 | * Running the test suite: |
| 47 | * |
Kenny Root | 96ad6cb | 2012-08-10 12:39:15 -0700 | [diff] [blame] | 48 | * runtest keystore-unit |
| 49 | * |
| 50 | * Or this individual test case: |
| 51 | * |
| 52 | * runtest --path frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 53 | */ |
| 54 | @MediumTest |
| 55 | public class KeyStoreTest extends ActivityUnitTestCase<Activity> { |
| 56 | private static final String TEST_PASSWD = "12345678"; |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 57 | private static final String TEST_PASSWD2 = "87654321"; |
Brian Carlstrom | 5ea68db | 2012-07-17 23:40:49 -0700 | [diff] [blame] | 58 | private static final String TEST_KEYNAME = "test-key"; |
| 59 | private static final String TEST_KEYNAME1 = "test-key.1"; |
Brian Carlstrom | 2a5b147 | 2012-07-30 18:44:29 -0700 | [diff] [blame] | 60 | private static final String TEST_KEYNAME2 = "test-key\02"; |
Elliott Hughes | d396a44 | 2013-06-28 16:24:48 -0700 | [diff] [blame] | 61 | private static final byte[] TEST_KEYVALUE = "test value".getBytes(StandardCharsets.UTF_8); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 62 | |
Nick Kralevich | 34c47c8 | 2010-03-09 13:28:14 -0800 | [diff] [blame] | 63 | // "Hello, World" in Chinese |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 64 | private static final String TEST_I18N_KEY = "\u4F60\u597D, \u4E16\u754C"; |
Elliott Hughes | d396a44 | 2013-06-28 16:24:48 -0700 | [diff] [blame] | 65 | private static final byte[] TEST_I18N_VALUE = TEST_I18N_KEY.getBytes(StandardCharsets.UTF_8); |
Nick Kralevich | 34c47c8 | 2010-03-09 13:28:14 -0800 | [diff] [blame] | 66 | |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 67 | // Test vector data for signatures |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 68 | private static final int RSA_KEY_SIZE = 1024; |
| 69 | private static final byte[] TEST_DATA = new byte[RSA_KEY_SIZE / 8]; |
Brian Carlstrom | 5ea68db | 2012-07-17 23:40:49 -0700 | [diff] [blame] | 70 | static { |
| 71 | for (int i = 0; i < TEST_DATA.length; i++) { |
| 72 | TEST_DATA[i] = (byte) i; |
| 73 | } |
| 74 | } |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 75 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 76 | private KeyStore mKeyStore = null; |
| 77 | |
| 78 | public KeyStoreTest() { |
| 79 | super(Activity.class); |
| 80 | } |
| 81 | |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 82 | private static final byte[] PRIVKEY_BYTES = hexToBytes( |
| 83 | "308204BE020100300D06092A864886F70D0101010500048204A8308204A4020100028201" + |
| 84 | "0100E0473E8AB8F2284FEB9E742FF9748FA118ED98633C92F52AEB7A2EBE0D3BE60329BE" + |
| 85 | "766AD10EB6A515D0D2CFD9BEA7930F0C306537899F7958CD3E85B01F8818524D312584A9" + |
| 86 | "4B251E3625B54141EDBFEE198808E1BB97FC7CB49B9EAAAF68E9C98D7D0EDC53BBC0FA00" + |
| 87 | "34356D6305FBBCC3C7001405386ABBC873CB0F3EF7425F3D33DF7B315AE036D2A0B66AFD" + |
| 88 | "47503B169BF36E3B5162515B715FDA83DEAF2C58AEB9ABFB3097C3CC9DD9DBE5EF296C17" + |
| 89 | "6139028E8A671E63056D45F40188D2C4133490845DE52C2534E9C6B2478C07BDAE928823" + |
| 90 | "B62D066C7770F9F63F3DBA247F530844747BE7AAA85D853B8BD244ACEC3DE3C89AB46453" + |
| 91 | "AB4D24C3AC6902030100010282010037784776A5F17698F5AC960DFB83A1B67564E648BD" + |
| 92 | "0597CF8AB8087186F2669C27A9ECBDD480F0197A80D07309E6C6A96F925331E57F8B4AC6" + |
| 93 | "F4D45EDA45A23269C09FC428C07A4E6EDF738A15DEC97FABD2F2BB47A14F20EA72FCFE4C" + |
| 94 | "36E01ADA77BD137CD8D4DA10BB162E94A4662971F175F985FA188F056CB97EE2816F43AB" + |
| 95 | "9D3747612486CDA8C16196C30818A995EC85D38467791267B3BF21F273710A6925862576" + |
| 96 | "841C5B6712C12D4BD20A2F3299ADB7C135DA5E9515ABDA76E7CAF2A3BE80551D073B78BF" + |
| 97 | "1162C48AD2B7F4743A0238EE4D252F7D5E7E6533CCAE64CCB39360075A2FD1E034EC3AE5" + |
| 98 | "CE9C408CCBF0E25E4114021687B3DD4754AE8102818100F541884BC3737B2922D4119EF4" + |
| 99 | "5E2DEE2CD4CBB75F45505A157AA5009F99C73A2DF0724AC46024306332EA898177634546" + |
| 100 | "5DC6DF1E0A6F140AFF3B7396E6A8994AC5DAA96873472FE37749D14EB3E075E629DBEB35" + |
| 101 | "83338A6F3649D0A2654A7A42FD9AB6BFA4AC4D481D390BB229B064BDC311CC1BE1B63189" + |
| 102 | "DA7C40CDECF2B102818100EA1A742DDB881CEDB7288C87E38D868DD7A409D15A43F445D5" + |
| 103 | "377A0B5731DDBFCA2DAF28A8E13CD5C0AFCEC3347D74A39E235A3CD9633F274DE2B94F92" + |
| 104 | "DF43833911D9E9F1CF58F27DE2E08FF45964C720D3EC2139DC7CAFC912953CDECB2F355A" + |
| 105 | "2E2C35A50FAD754CB3B23166424BA3B6E3112A2B898C38C5C15EDB238693390281805182" + |
| 106 | "8F1EC6FD996029901BAF1D7E337BA5F0AF27E984EAD895ACE62BD7DF4EE45A224089F2CC" + |
| 107 | "151AF3CD173FCE0474BCB04F386A2CDCC0E0036BA2419F54579262D47100BE931984A3EF" + |
| 108 | "A05BECF141574DC079B3A95C4A83E6C43F3214D6DF32D512DE198085E531E616B83FD7DD" + |
| 109 | "9D1F4E2607C3333D07C55D107D1D3893587102818100DB4FB50F50DE8EDB53FF34C80931" + |
| 110 | "88A0512867DA2CCA04897759E587C244010DAF8664D59E8083D16C164789301F67A9F078" + |
| 111 | "060D834A2ADBD367575B68A8A842C2B02A89B3F31FCCEC8A22FE395795C5C6C7422B4E5D" + |
| 112 | "74A1E9A8F30E7759B9FC2D639C1F15673E84E93A5EF1506F4315383C38D45CBD1B14048F" + |
| 113 | "4721DC82326102818100D8114593AF415FB612DBF1923710D54D07486205A76A3B431949" + |
| 114 | "68C0DFF1F11EF0F61A4A337D5FD3741BBC9640E447B8B6B6C47C3AC1204357D3B0C55BA9" + |
| 115 | "286BDA73F629296F5FA9146D8976357D3C751E75148696A40B74685C82CE30902D639D72" + |
| 116 | "4FF24D5E2E9407EE34EDED2E3B4DF65AA9BCFEB6DF28D07BA6903F165768"); |
| 117 | |
Chad Brubaker | 8827c81 | 2015-03-05 10:32:30 -0800 | [diff] [blame] | 118 | private static final byte[] AES256_BYTES = hexToBytes( |
| 119 | "0CC175B9C0F1B6A831C399E269772661CEC520EA51EA0A47E87295FA3245A605"); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 120 | |
| 121 | private static byte[] hexToBytes(String s) { |
| 122 | int len = s.length(); |
| 123 | byte[] data = new byte[len / 2]; |
| 124 | for (int i = 0; i < len; i += 2) { |
| 125 | data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit( |
| 126 | s.charAt(i + 1), 16)); |
| 127 | } |
| 128 | return data; |
| 129 | } |
| 130 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 131 | @Override |
| 132 | protected void setUp() throws Exception { |
| 133 | mKeyStore = KeyStore.getInstance(); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 134 | if (mKeyStore.state() != KeyStore.State.UNINITIALIZED) { |
| 135 | mKeyStore.reset(); |
| 136 | } |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 137 | assertEquals("KeyStore should be in an uninitialized state", |
| 138 | KeyStore.State.UNINITIALIZED, mKeyStore.state()); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 139 | super.setUp(); |
| 140 | } |
| 141 | |
| 142 | @Override |
| 143 | protected void tearDown() throws Exception { |
| 144 | mKeyStore.reset(); |
| 145 | super.tearDown(); |
| 146 | } |
| 147 | |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 148 | public void testState() throws Exception { |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 149 | assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state()); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 150 | } |
| 151 | |
| 152 | public void testPassword() throws Exception { |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 153 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 154 | assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 155 | } |
| 156 | |
Brian Carlstrom | bef5e5a | 2011-06-27 17:22:02 -0700 | [diff] [blame] | 157 | public void testGet() throws Exception { |
| 158 | assertNull(mKeyStore.get(TEST_KEYNAME)); |
| 159 | mKeyStore.password(TEST_PASSWD); |
| 160 | assertNull(mKeyStore.get(TEST_KEYNAME)); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 161 | assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, |
| 162 | KeyStore.FLAG_ENCRYPTED)); |
Brian Carlstrom | bef5e5a | 2011-06-27 17:22:02 -0700 | [diff] [blame] | 163 | assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); |
| 164 | } |
| 165 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 166 | public void testPut() throws Exception { |
Brian Carlstrom | bef5e5a | 2011-06-27 17:22:02 -0700 | [diff] [blame] | 167 | assertNull(mKeyStore.get(TEST_KEYNAME)); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 168 | assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, |
| 169 | KeyStore.FLAG_ENCRYPTED)); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 170 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 171 | mKeyStore.password(TEST_PASSWD); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 172 | assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, |
| 173 | KeyStore.FLAG_ENCRYPTED)); |
Brian Carlstrom | bef5e5a | 2011-06-27 17:22:02 -0700 | [diff] [blame] | 174 | assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 175 | } |
| 176 | |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 177 | public void testPut_grantedUid_Wifi() throws Exception { |
| 178 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 179 | assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, |
| 180 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 181 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 182 | mKeyStore.password(TEST_PASSWD); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 183 | assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, |
| 184 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 185 | assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 186 | } |
| 187 | |
| 188 | public void testPut_ungrantedUid_Bluetooth() throws Exception { |
| 189 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 190 | assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, |
| 191 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 192 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 193 | mKeyStore.password(TEST_PASSWD); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 194 | assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, |
| 195 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 196 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 197 | } |
| 198 | |
Nick Kralevich | 34c47c8 | 2010-03-09 13:28:14 -0800 | [diff] [blame] | 199 | public void testI18n() throws Exception { |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 200 | assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, |
| 201 | KeyStore.FLAG_ENCRYPTED)); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 202 | assertFalse(mKeyStore.contains(TEST_I18N_KEY)); |
| 203 | mKeyStore.password(TEST_I18N_KEY); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 204 | assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, |
| 205 | KeyStore.FLAG_ENCRYPTED)); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 206 | assertTrue(mKeyStore.contains(TEST_I18N_KEY)); |
Nick Kralevich | 34c47c8 | 2010-03-09 13:28:14 -0800 | [diff] [blame] | 207 | } |
| 208 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 209 | public void testDelete() throws Exception { |
Brian Carlstrom | 5ea68db | 2012-07-17 23:40:49 -0700 | [diff] [blame] | 210 | assertFalse(mKeyStore.delete(TEST_KEYNAME)); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 211 | mKeyStore.password(TEST_PASSWD); |
Brian Carlstrom | 5ea68db | 2012-07-17 23:40:49 -0700 | [diff] [blame] | 212 | assertFalse(mKeyStore.delete(TEST_KEYNAME)); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 213 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 214 | assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, |
| 215 | KeyStore.FLAG_ENCRYPTED)); |
Brian Carlstrom | bef5e5a | 2011-06-27 17:22:02 -0700 | [diff] [blame] | 216 | assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 217 | assertTrue(mKeyStore.delete(TEST_KEYNAME)); |
Brian Carlstrom | bef5e5a | 2011-06-27 17:22:02 -0700 | [diff] [blame] | 218 | assertNull(mKeyStore.get(TEST_KEYNAME)); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 219 | } |
| 220 | |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 221 | public void testDelete_grantedUid_Wifi() throws Exception { |
| 222 | assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); |
| 223 | mKeyStore.password(TEST_PASSWD); |
| 224 | assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); |
| 225 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 226 | assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, |
| 227 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 228 | assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 229 | assertTrue(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); |
| 230 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 231 | } |
| 232 | |
| 233 | public void testDelete_ungrantedUid_Bluetooth() throws Exception { |
| 234 | assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 235 | mKeyStore.password(TEST_PASSWD); |
| 236 | assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 237 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 238 | assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, |
| 239 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 240 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 241 | assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 242 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 243 | } |
| 244 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 245 | public void testContains() throws Exception { |
| 246 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 247 | |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 248 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 249 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 250 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 251 | assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, |
| 252 | KeyStore.FLAG_ENCRYPTED)); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 253 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 254 | } |
| 255 | |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 256 | public void testContains_grantedUid_Wifi() throws Exception { |
| 257 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 258 | |
| 259 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 260 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 261 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 262 | assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, |
| 263 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 264 | assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 265 | } |
| 266 | |
| 267 | public void testContains_grantedUid_Bluetooth() throws Exception { |
| 268 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 269 | |
| 270 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 271 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 272 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 273 | assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, |
| 274 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 275 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 276 | } |
| 277 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 278 | public void testSaw() throws Exception { |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 279 | String[] emptyResult = mKeyStore.saw(TEST_KEYNAME); |
| 280 | assertNotNull(emptyResult); |
| 281 | assertEquals(0, emptyResult.length); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 282 | |
| 283 | mKeyStore.password(TEST_PASSWD); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 284 | mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); |
| 285 | mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 286 | |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 287 | String[] results = mKeyStore.saw(TEST_KEYNAME); |
| 288 | assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), |
| 289 | TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), |
| 290 | new HashSet(Arrays.asList(results))); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 291 | } |
| 292 | |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 293 | public void testSaw_ungrantedUid_Bluetooth() throws Exception { |
| 294 | String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); |
| 295 | assertNull(results1); |
| 296 | |
| 297 | mKeyStore.password(TEST_PASSWD); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 298 | mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); |
| 299 | mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 300 | |
| 301 | String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); |
| 302 | assertNull(results2); |
| 303 | } |
| 304 | |
| 305 | public void testSaw_grantedUid_Wifi() throws Exception { |
| 306 | String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); |
| 307 | assertNotNull(results1); |
| 308 | assertEquals(0, results1.length); |
| 309 | |
| 310 | mKeyStore.password(TEST_PASSWD); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 311 | mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); |
| 312 | mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 313 | |
| 314 | String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); |
| 315 | assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), |
| 316 | TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), |
| 317 | new HashSet(Arrays.asList(results2))); |
| 318 | } |
| 319 | |
| 320 | public void testSaw_grantedUid_Vpn() throws Exception { |
| 321 | String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); |
| 322 | assertNotNull(results1); |
| 323 | assertEquals(0, results1.length); |
| 324 | |
| 325 | mKeyStore.password(TEST_PASSWD); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 326 | mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); |
| 327 | mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 328 | |
| 329 | String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); |
| 330 | assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), |
| 331 | TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), |
| 332 | new HashSet(Arrays.asList(results2))); |
| 333 | } |
| 334 | |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 335 | public void testLock() throws Exception { |
| 336 | assertFalse(mKeyStore.lock()); |
| 337 | |
| 338 | mKeyStore.password(TEST_PASSWD); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 339 | assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 340 | |
| 341 | assertTrue(mKeyStore.lock()); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 342 | assertEquals(KeyStore.State.LOCKED, mKeyStore.state()); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 343 | } |
| 344 | |
| 345 | public void testUnlock() throws Exception { |
| 346 | mKeyStore.password(TEST_PASSWD); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 347 | assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 348 | mKeyStore.lock(); |
| 349 | |
| 350 | assertFalse(mKeyStore.unlock(TEST_PASSWD2)); |
| 351 | assertTrue(mKeyStore.unlock(TEST_PASSWD)); |
| 352 | } |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 353 | |
| 354 | public void testIsEmpty() throws Exception { |
| 355 | assertTrue(mKeyStore.isEmpty()); |
| 356 | mKeyStore.password(TEST_PASSWD); |
| 357 | assertTrue(mKeyStore.isEmpty()); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 358 | mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 359 | assertFalse(mKeyStore.isEmpty()); |
| 360 | mKeyStore.reset(); |
| 361 | assertTrue(mKeyStore.isEmpty()); |
| 362 | } |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 363 | |
| 364 | public void testGenerate_NotInitialized_Fail() throws Exception { |
| 365 | assertFalse("Should fail when keystore is not initialized", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 366 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 367 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 368 | } |
| 369 | |
| 370 | public void testGenerate_Locked_Fail() throws Exception { |
| 371 | mKeyStore.password(TEST_PASSWD); |
| 372 | mKeyStore.lock(); |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 373 | assertFalse("Should fail when keystore is locked", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 374 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 375 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 376 | } |
| 377 | |
| 378 | public void testGenerate_Success() throws Exception { |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 379 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 380 | |
| 381 | assertTrue("Should be able to generate key when unlocked", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 382 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 383 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 384 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 385 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 386 | } |
| 387 | |
| 388 | public void testGenerate_grantedUid_Wifi_Success() throws Exception { |
| 389 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 390 | |
| 391 | assertTrue("Should be able to generate key when unlocked", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 392 | mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 393 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 394 | assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 395 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 396 | } |
| 397 | |
| 398 | public void testGenerate_ungrantedUid_Bluetooth_Failure() throws Exception { |
| 399 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 400 | |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 401 | assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 402 | NativeCrypto.EVP_PKEY_RSA, RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 403 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 404 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 405 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 406 | } |
| 407 | |
| 408 | public void testImport_Success() throws Exception { |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 409 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 410 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 411 | assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, |
| 412 | PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 413 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 414 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 415 | } |
| 416 | |
| 417 | public void testImport_grantedUid_Wifi_Success() throws Exception { |
| 418 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 419 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 420 | assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, |
| 421 | PRIVKEY_BYTES, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 422 | assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 423 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 424 | } |
| 425 | |
| 426 | public void testImport_ungrantedUid_Bluetooth_Failure() throws Exception { |
| 427 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 428 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 429 | assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID, |
| 430 | KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 431 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 432 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 433 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 434 | } |
| 435 | |
| 436 | public void testImport_Failure_BadEncoding() throws Exception { |
| 437 | mKeyStore.password(TEST_PASSWD); |
| 438 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 439 | assertFalse("Invalid DER-encoded key should not be imported", mKeyStore.importKey( |
| 440 | TEST_KEYNAME, TEST_DATA, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 441 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 442 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 443 | } |
| 444 | |
| 445 | public void testSign_Success() throws Exception { |
| 446 | mKeyStore.password(TEST_PASSWD); |
| 447 | |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 448 | assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 449 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 450 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 451 | final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); |
| 452 | |
| 453 | assertNotNull("Signature should not be null", signature); |
| 454 | } |
| 455 | |
| 456 | public void testVerify_Success() throws Exception { |
| 457 | mKeyStore.password(TEST_PASSWD); |
| 458 | |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 459 | assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 460 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 78ad849 | 2013-02-13 17:02:57 -0800 | [diff] [blame] | 461 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 462 | final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); |
| 463 | |
| 464 | assertNotNull("Signature should not be null", signature); |
| 465 | |
| 466 | assertTrue("Signature should verify with same data", |
| 467 | mKeyStore.verify(TEST_KEYNAME, TEST_DATA, signature)); |
| 468 | } |
| 469 | |
| 470 | public void testSign_NotInitialized_Failure() throws Exception { |
| 471 | assertNull("Should not be able to sign without first initializing the keystore", |
| 472 | mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); |
| 473 | } |
| 474 | |
| 475 | public void testSign_NotGenerated_Failure() throws Exception { |
| 476 | mKeyStore.password(TEST_PASSWD); |
| 477 | |
| 478 | assertNull("Should not be able to sign without first generating keys", |
| 479 | mKeyStore.sign(TEST_KEYNAME, TEST_DATA)); |
| 480 | } |
| 481 | |
| 482 | public void testGrant_Generated_Success() throws Exception { |
| 483 | assertTrue("Password should work for keystore", |
| 484 | mKeyStore.password(TEST_PASSWD)); |
| 485 | |
| 486 | assertTrue("Should be able to generate key for testcase", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 487 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 488 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 489 | |
| 490 | assertTrue("Should be able to grant key to other user", |
| 491 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 492 | } |
| 493 | |
| 494 | public void testGrant_Imported_Success() throws Exception { |
| 495 | assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD)); |
| 496 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 497 | assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, |
| 498 | PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 499 | |
| 500 | assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); |
| 501 | } |
| 502 | |
| 503 | public void testGrant_NoKey_Failure() throws Exception { |
| 504 | assertTrue("Should be able to unlock keystore for test", |
| 505 | mKeyStore.password(TEST_PASSWD)); |
| 506 | |
| 507 | assertFalse("Should not be able to grant without first initializing the keystore", |
| 508 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 509 | } |
| 510 | |
| 511 | public void testGrant_NotInitialized_Failure() throws Exception { |
| 512 | assertFalse("Should not be able to grant without first initializing the keystore", |
| 513 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 514 | } |
| 515 | |
| 516 | public void testUngrant_Generated_Success() throws Exception { |
| 517 | assertTrue("Password should work for keystore", |
| 518 | mKeyStore.password(TEST_PASSWD)); |
| 519 | |
| 520 | assertTrue("Should be able to generate key for testcase", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 521 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 522 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 523 | |
| 524 | assertTrue("Should be able to grant key to other user", |
| 525 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 526 | |
| 527 | assertTrue("Should be able to ungrant key to other user", |
| 528 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 529 | } |
| 530 | |
| 531 | public void testUngrant_Imported_Success() throws Exception { |
| 532 | assertTrue("Password should work for keystore", |
| 533 | mKeyStore.password(TEST_PASSWD)); |
| 534 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 535 | assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, |
| 536 | PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 537 | |
| 538 | assertTrue("Should be able to grant key to other user", |
| 539 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 540 | |
| 541 | assertTrue("Should be able to ungrant key to other user", |
| 542 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 543 | } |
| 544 | |
| 545 | public void testUngrant_NotInitialized_Failure() throws Exception { |
| 546 | assertFalse("Should fail to ungrant key when keystore not initialized", |
| 547 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 548 | } |
| 549 | |
| 550 | public void testUngrant_NoGrant_Failure() throws Exception { |
| 551 | assertTrue("Password should work for keystore", |
| 552 | mKeyStore.password(TEST_PASSWD)); |
| 553 | |
| 554 | assertTrue("Should be able to generate key for testcase", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 555 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 556 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 557 | |
| 558 | assertFalse("Should not be able to revoke not existent grant", |
| 559 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 560 | } |
| 561 | |
| 562 | public void testUngrant_DoubleUngrant_Failure() throws Exception { |
| 563 | assertTrue("Password should work for keystore", |
| 564 | mKeyStore.password(TEST_PASSWD)); |
| 565 | |
| 566 | assertTrue("Should be able to generate key for testcase", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 567 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 568 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 569 | |
| 570 | assertTrue("Should be able to grant key to other user", |
| 571 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 572 | |
| 573 | assertTrue("Should be able to ungrant key to other user", |
| 574 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 575 | |
| 576 | assertFalse("Should fail to ungrant key to other user second time", |
| 577 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 578 | } |
| 579 | |
| 580 | public void testUngrant_DoubleGrantUngrant_Failure() throws Exception { |
| 581 | assertTrue("Password should work for keystore", |
| 582 | mKeyStore.password(TEST_PASSWD)); |
| 583 | |
| 584 | assertTrue("Should be able to generate key for testcase", |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 585 | mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 586 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 587 | |
| 588 | assertTrue("Should be able to grant key to other user", |
| 589 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 590 | |
| 591 | assertTrue("Should be able to grant key to other user a second time", |
| 592 | mKeyStore.grant(TEST_KEYNAME, 0)); |
| 593 | |
| 594 | assertTrue("Should be able to ungrant key to other user", |
| 595 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 596 | |
| 597 | assertFalse("Should fail to ungrant key to other user second time", |
| 598 | mKeyStore.ungrant(TEST_KEYNAME, 0)); |
| 599 | } |
Kenny Root | 473c712 | 2012-08-17 21:13:48 -0700 | [diff] [blame] | 600 | |
Kenny Root | 5f1d965 | 2013-03-21 14:21:50 -0700 | [diff] [blame] | 601 | public void testDuplicate_grantedUid_Wifi_Success() throws Exception { |
Kenny Root | bd79419 | 2013-03-20 11:36:50 -0700 | [diff] [blame] | 602 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 603 | |
| 604 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 605 | |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 606 | assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 607 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | bd79419 | 2013-03-20 11:36:50 -0700 | [diff] [blame] | 608 | |
| 609 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 610 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 611 | |
Kenny Root | 5f1d965 | 2013-03-21 14:21:50 -0700 | [diff] [blame] | 612 | // source doesn't exist |
| 613 | assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, -1, TEST_KEYNAME1, Process.WIFI_UID)); |
| 614 | assertFalse(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); |
Kenny Root | bd79419 | 2013-03-20 11:36:50 -0700 | [diff] [blame] | 615 | |
Kenny Root | 5f1d965 | 2013-03-21 14:21:50 -0700 | [diff] [blame] | 616 | // Copy from current UID to granted UID |
| 617 | assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); |
| 618 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 619 | assertFalse(mKeyStore.contains(TEST_KEYNAME1)); |
| 620 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 621 | assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); |
| 622 | assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID)); |
| 623 | |
| 624 | // Copy from granted UID to same granted UID |
| 625 | assertTrue(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, |
| 626 | Process.WIFI_UID)); |
| 627 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); |
| 628 | assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID)); |
| 629 | assertTrue(mKeyStore.contains(TEST_KEYNAME2, Process.WIFI_UID)); |
| 630 | assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2, |
| 631 | Process.WIFI_UID)); |
| 632 | |
| 633 | assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); |
| 634 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 635 | assertFalse(mKeyStore.contains(TEST_KEYNAME1)); |
| 636 | assertTrue(mKeyStore.contains(TEST_KEYNAME2)); |
| 637 | assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1)); |
Kenny Root | bd79419 | 2013-03-20 11:36:50 -0700 | [diff] [blame] | 638 | } |
| 639 | |
Kenny Root | 5f1d965 | 2013-03-21 14:21:50 -0700 | [diff] [blame] | 640 | public void testDuplicate_ungrantedUid_Bluetooth_Failure() throws Exception { |
Kenny Root | bd79419 | 2013-03-20 11:36:50 -0700 | [diff] [blame] | 641 | assertTrue(mKeyStore.password(TEST_PASSWD)); |
| 642 | |
| 643 | assertFalse(mKeyStore.contains(TEST_KEYNAME)); |
| 644 | |
Kenny Root | f64386f | 2013-08-16 14:03:29 -0700 | [diff] [blame] | 645 | assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, |
Shawn Willden | dc8bc11 | 2014-09-11 16:08:44 -0600 | [diff] [blame] | 646 | RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null)); |
Kenny Root | bd79419 | 2013-03-20 11:36:50 -0700 | [diff] [blame] | 647 | |
| 648 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 649 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 650 | |
Kenny Root | 5f1d965 | 2013-03-21 14:21:50 -0700 | [diff] [blame] | 651 | assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, Process.BLUETOOTH_UID)); |
| 652 | assertFalse(mKeyStore.duplicate(TEST_KEYNAME, Process.BLUETOOTH_UID, TEST_KEYNAME2, |
| 653 | Process.BLUETOOTH_UID)); |
Kenny Root | bd79419 | 2013-03-20 11:36:50 -0700 | [diff] [blame] | 654 | |
| 655 | assertTrue(mKeyStore.contains(TEST_KEYNAME)); |
| 656 | assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); |
| 657 | } |
| 658 | |
Kenny Root | 473c712 | 2012-08-17 21:13:48 -0700 | [diff] [blame] | 659 | /** |
| 660 | * The amount of time to allow before and after expected time for variance |
| 661 | * in timing tests. |
| 662 | */ |
| 663 | private static final long SLOP_TIME_MILLIS = 15000L; |
| 664 | |
| 665 | public void testGetmtime_Success() throws Exception { |
| 666 | assertTrue("Password should work for keystore", |
| 667 | mKeyStore.password(TEST_PASSWD)); |
| 668 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 669 | assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, |
| 670 | PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 473c712 | 2012-08-17 21:13:48 -0700 | [diff] [blame] | 671 | |
| 672 | long now = System.currentTimeMillis(); |
| 673 | long actual = mKeyStore.getmtime(TEST_KEYNAME); |
| 674 | |
| 675 | long expectedAfter = now - SLOP_TIME_MILLIS; |
| 676 | long expectedBefore = now + SLOP_TIME_MILLIS; |
| 677 | |
| 678 | assertLessThan("Time should be close to current time", expectedBefore, actual); |
| 679 | assertGreaterThan("Time should be close to current time", expectedAfter, actual); |
| 680 | } |
| 681 | |
| 682 | private static void assertLessThan(String explanation, long expectedBefore, long actual) { |
| 683 | if (actual >= expectedBefore) { |
| 684 | throw new AssertionFailedError(explanation + ": actual=" + actual |
| 685 | + ", expected before: " + expectedBefore); |
| 686 | } |
| 687 | } |
| 688 | |
| 689 | private static void assertGreaterThan(String explanation, long expectedAfter, long actual) { |
| 690 | if (actual <= expectedAfter) { |
| 691 | throw new AssertionFailedError(explanation + ": actual=" + actual |
| 692 | + ", expected after: " + expectedAfter); |
| 693 | } |
| 694 | } |
| 695 | |
| 696 | public void testGetmtime_NonExist_Failure() throws Exception { |
| 697 | assertTrue("Password should work for keystore", |
| 698 | mKeyStore.password(TEST_PASSWD)); |
| 699 | |
Kenny Root | b2c0ff6 | 2013-04-12 17:36:25 -0700 | [diff] [blame] | 700 | assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, |
| 701 | PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); |
Kenny Root | 473c712 | 2012-08-17 21:13:48 -0700 | [diff] [blame] | 702 | |
| 703 | assertEquals("-1 should be returned for non-existent key", |
| 704 | -1L, mKeyStore.getmtime(TEST_KEYNAME2)); |
| 705 | } |
Chad Brubaker | 8827c81 | 2015-03-05 10:32:30 -0800 | [diff] [blame] | 706 | |
| 707 | private KeyCharacteristics generateRsaKey(String name) throws Exception { |
| 708 | KeymasterArguments args = new KeymasterArguments(); |
| 709 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); |
| 710 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); |
| 711 | args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); |
| 712 | args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); |
| 713 | args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); |
| 714 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null); |
| 715 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null); |
| 716 | |
| 717 | KeyCharacteristics outCharacteristics = new KeyCharacteristics(); |
| 718 | int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); |
| 719 | assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); |
| 720 | return outCharacteristics; |
| 721 | } |
| 722 | |
| 723 | public void testGenerateKey() throws Exception { |
| 724 | generateRsaKey("test"); |
| 725 | mKeyStore.delete("test"); |
| 726 | } |
| 727 | public void testGenerateAndDelete() throws Exception { |
| 728 | generateRsaKey("test"); |
| 729 | assertTrue("delete should succeed", mKeyStore.delete("test")); |
| 730 | } |
| 731 | |
| 732 | public void testGetKeyCharacteristicsSuccess() throws Exception { |
| 733 | mKeyStore.password(TEST_PASSWD); |
| 734 | String name = "test"; |
| 735 | KeyCharacteristics gen = generateRsaKey(name); |
| 736 | KeyCharacteristics call = new KeyCharacteristics(); |
| 737 | int result = mKeyStore.getKeyCharacteristics(name, null, null, call); |
| 738 | assertEquals("getKeyCharacteristics should succeed", KeyStore.NO_ERROR, result); |
| 739 | mKeyStore.delete("test"); |
| 740 | } |
| 741 | |
| 742 | public void testAppId() throws Exception { |
| 743 | String name = "test"; |
| 744 | KeymasterArguments args = new KeymasterArguments(); |
| 745 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); |
| 746 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); |
| 747 | args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA); |
| 748 | args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); |
| 749 | args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048); |
| 750 | args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB); |
| 751 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, new byte[] {0x01, 0x02, 0x03}); |
| 752 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null); |
| 753 | |
| 754 | KeyCharacteristics outCharacteristics = new KeyCharacteristics(); |
| 755 | int result = mKeyStore.generateKey(name, args, 0, outCharacteristics); |
| 756 | assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result); |
| 757 | assertEquals("getKeyCharacteristics should fail without application ID", |
| 758 | KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB, |
| 759 | mKeyStore.getKeyCharacteristics(name, null, null, outCharacteristics)); |
| 760 | assertEquals("getKeyCharacteristics should succeed with application ID", |
| 761 | KeyStore.NO_ERROR, |
| 762 | mKeyStore.getKeyCharacteristics(name, new byte[] {0x01, 0x02, 0x03}, null, |
| 763 | outCharacteristics)); |
| 764 | } |
| 765 | |
| 766 | |
| 767 | public void testExportRsa() throws Exception { |
| 768 | String name = "test"; |
| 769 | generateRsaKey(name); |
| 770 | ExportResult result = mKeyStore.exportKey(name, KeymasterDefs.KM_KEY_FORMAT_X509, null, |
| 771 | null); |
| 772 | assertEquals("Export success", KeyStore.NO_ERROR, result.resultCode); |
| 773 | // TODO: Verify we have an RSA public key that's well formed. |
| 774 | } |
| 775 | |
| 776 | public void testAesOcbEncryptSuccess() throws Exception { |
| 777 | String name = "test"; |
| 778 | KeymasterArguments args = new KeymasterArguments(); |
| 779 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); |
| 780 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); |
| 781 | args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); |
| 782 | args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); |
| 783 | args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); |
| 784 | args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB); |
| 785 | args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096); |
| 786 | args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); |
| 787 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null); |
| 788 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null); |
| 789 | |
| 790 | KeyCharacteristics outCharacteristics = new KeyCharacteristics(); |
| 791 | int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); |
| 792 | assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); |
| 793 | |
| 794 | KeymasterArguments out = new KeymasterArguments(); |
| 795 | args = new KeymasterArguments(); |
| 796 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null); |
| 797 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null); |
| 798 | OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, |
| 799 | true, args, out); |
| 800 | IBinder token = result.token; |
| 801 | assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); |
| 802 | result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04}); |
| 803 | assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode); |
| 804 | assertEquals("Finish should succeed", KeyStore.NO_ERROR, |
| 805 | mKeyStore.finish(token, null, null).resultCode); |
| 806 | } |
| 807 | |
| 808 | public void testBadToken() throws Exception { |
| 809 | IBinder token = new Binder(); |
| 810 | OperationResult result = mKeyStore.update(token, null, new byte[] {0x01}); |
| 811 | assertEquals("Update with invalid token should fail", |
| 812 | KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE, result.resultCode); |
| 813 | } |
| 814 | |
| 815 | private int importAesKey(String name, byte[] key, int size, int mode) { |
| 816 | KeymasterArguments args = new KeymasterArguments(); |
| 817 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); |
| 818 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); |
| 819 | args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); |
| 820 | args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); |
| 821 | args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, mode); |
| 822 | args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, size); |
| 823 | return mKeyStore.importKey(name, args, KeymasterDefs.KM_KEY_FORMAT_RAW, key, 0, |
| 824 | new KeyCharacteristics()); |
| 825 | } |
| 826 | private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) { |
| 827 | KeymasterArguments out = new KeymasterArguments(); |
| 828 | OperationResult result = mKeyStore.begin(name, purpose, |
| 829 | true, beginArgs, out); |
| 830 | assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); |
| 831 | IBinder token = result.token; |
| 832 | result = mKeyStore.update(token, null, in); |
| 833 | assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode); |
| 834 | assertEquals("All data should be consumed", in.length, result.inputConsumed); |
| 835 | assertEquals("Finish should succeed", KeyStore.NO_ERROR, |
| 836 | mKeyStore.finish(token, null, null).resultCode); |
| 837 | return result.output; |
| 838 | } |
| 839 | |
| 840 | public void testImportAes() throws Exception { |
| 841 | int result = importAesKey("aes", AES256_BYTES, 256, KeymasterDefs.KM_MODE_ECB); |
| 842 | assertEquals("import should succeed", KeyStore.NO_ERROR, result); |
| 843 | mKeyStore.delete("aes"); |
| 844 | } |
| 845 | |
| 846 | public void testAes256Ecb() throws Exception { |
| 847 | byte[] key = |
| 848 | hexToBytes("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"); |
| 849 | String name = "aes"; |
| 850 | assertEquals(KeyStore.NO_ERROR, importAesKey(name, key, 256, KeymasterDefs.KM_MODE_ECB)); |
| 851 | byte[][] testVectors = new byte[][] { |
| 852 | hexToBytes("6bc1bee22e409f96e93d7e117393172a"), |
| 853 | hexToBytes("ae2d8a571e03ac9c9eb76fac45af8e51"), |
| 854 | hexToBytes("30c81c46a35ce411e5fbc1191a0a52ef"), |
| 855 | hexToBytes("f69f2445df4f9b17ad2b417be66c3710")}; |
| 856 | byte[][] cipherVectors = new byte[][] { |
| 857 | hexToBytes("f3eed1bdb5d2a03c064b5a7e3db181f8"), |
| 858 | hexToBytes("591ccb10d410ed26dc5ba74a31362870"), |
| 859 | hexToBytes("b6ed21b99ca6f4f9f153e7b1beafed1d"), |
| 860 | hexToBytes("23304b7a39f9f3ff067d8d8f9e24ecc7")}; |
| 861 | for (int i = 0; i < testVectors.length; i++) { |
| 862 | byte[] cipherText = doOperation(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, testVectors[i], |
| 863 | new KeymasterArguments()); |
| 864 | MoreAsserts.assertEquals(cipherVectors[i], cipherText); |
| 865 | } |
| 866 | for (int i = 0; i < testVectors.length; i++) { |
| 867 | byte[] plainText = doOperation(name, KeymasterDefs.KM_PURPOSE_DECRYPT, |
| 868 | cipherVectors[i], new KeymasterArguments()); |
| 869 | MoreAsserts.assertEquals(testVectors[i], plainText); |
| 870 | } |
| 871 | } |
| 872 | |
| 873 | // This is a very implementation specific test and should be thrown out eventually, however it |
| 874 | // is nice for now to test that keystore is properly pruning operations. |
| 875 | public void testOperationPruning() throws Exception { |
| 876 | String name = "test"; |
| 877 | KeymasterArguments args = new KeymasterArguments(); |
| 878 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT); |
| 879 | args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT); |
| 880 | args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES); |
| 881 | args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE); |
| 882 | args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256); |
| 883 | args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB); |
| 884 | args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096); |
| 885 | args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16); |
| 886 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null); |
| 887 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null); |
| 888 | |
| 889 | KeyCharacteristics outCharacteristics = new KeyCharacteristics(); |
| 890 | int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics); |
| 891 | assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc); |
| 892 | |
| 893 | KeymasterArguments out = new KeymasterArguments(); |
| 894 | args = new KeymasterArguments(); |
| 895 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null); |
| 896 | args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null); |
| 897 | OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, |
| 898 | true, args, out); |
| 899 | assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); |
| 900 | IBinder first = result.token; |
| 901 | // Implementation detail: softkeymaster supports 16 concurrent operations |
| 902 | for (int i = 0; i < 16; i++) { |
| 903 | result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out); |
| 904 | assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode); |
| 905 | } |
| 906 | // At this point the first operation should be pruned. |
| 907 | assertEquals("Operation should be pruned", KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE, |
| 908 | mKeyStore.update(first, null, new byte[] {0x01}).resultCode); |
| 909 | } |
Chung-yih Wang | f35e966 | 2009-09-29 11:20:28 +0800 | [diff] [blame] | 910 | } |