Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / da81fa569ed2f955252d69c1e000ebc1a2850191 / . / keystore / tests / src / android / security / KeyStoreTest.java
blob: f935bb13f2d43adb99e4e8be0d8deda18c605bca [file] [log] [blame]
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Kenny Root96ad6cb2012-08-10 12:39:15 -0700[diff] [blame]17package android.security;
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]18
19import android.app.Activity;
Chad Brubaker8827c812015-03-05 10:32:30 -0800[diff] [blame]20import android.os.Binder;
21import android.os.IBinder;
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]22import android.os.Process;
Chad Brubaker8827c812015-03-05 10:32:30 -0800[diff] [blame]23import android.os.ServiceManager;
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]24import android.security.KeyStore;
Chad Brubaker8827c812015-03-05 10:32:30 -0800[diff] [blame]25import android.security.keymaster.ExportResult;
26import android.security.keymaster.KeyCharacteristics;
27import android.security.keymaster.KeymasterArguments;
28import android.security.keymaster.KeymasterDefs;
29import android.security.keymaster.OperationResult;
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]30import android.test.ActivityUnitTestCase;
Kenny Root473c7122012-08-17 21:13:48 -0700[diff] [blame]31import android.test.AssertionFailedError;
Chad Brubaker8827c812015-03-05 10:32:30 -0800[diff] [blame]32import android.test.MoreAsserts;
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]33import android.test.suitebuilder.annotation.MediumTest;
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]34import com.android.org.conscrypt.NativeCrypto;
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]35import java.nio.charset.StandardCharsets;
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]36import java.util.Arrays;
Kenny Root473c7122012-08-17 21:13:48 -0700[diff] [blame]37import java.util.Date;
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]38import java.util.HashSet;
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]39
Chad Brubaker8827c812015-03-05 10:32:30 -0800[diff] [blame]40import android.util.Log;
41import android.util.Base64;
42
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]43/**
44 * Junit / Instrumentation test case for KeyStore class
45 *
46 * Running the test suite:
47 *
Kenny Root96ad6cb2012-08-10 12:39:15 -0700[diff] [blame]48 * runtest keystore-unit
49 *
50 * Or this individual test case:
51 *
52 * runtest --path frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]53 */
54@MediumTest
55public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
56 private static final String TEST_PASSWD = "12345678";
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]57 private static final String TEST_PASSWD2 = "87654321";
Brian Carlstrom5ea68db2012-07-17 23:40:49 -0700[diff] [blame]58 private static final String TEST_KEYNAME = "test-key";
59 private static final String TEST_KEYNAME1 = "test-key.1";
Brian Carlstrom2a5b1472012-07-30 18:44:29 -0700[diff] [blame]60 private static final String TEST_KEYNAME2 = "test-key\02";
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]61 private static final byte[] TEST_KEYVALUE = "test value".getBytes(StandardCharsets.UTF_8);
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]62
Nick Kralevich34c47c82010-03-09 13:28:14 -0800[diff] [blame]63 // "Hello, World" in Chinese
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]64 private static final String TEST_I18N_KEY = "\u4F60\u597D, \u4E16\u754C";
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]65 private static final byte[] TEST_I18N_VALUE = TEST_I18N_KEY.getBytes(StandardCharsets.UTF_8);
Nick Kralevich34c47c82010-03-09 13:28:14 -0800[diff] [blame]66
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]67 // Test vector data for signatures
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]68 private static final int RSA_KEY_SIZE = 1024;
69 private static final byte[] TEST_DATA = new byte[RSA_KEY_SIZE / 8];
Brian Carlstrom5ea68db2012-07-17 23:40:49 -0700[diff] [blame]70 static {
71 for (int i = 0; i < TEST_DATA.length; i++) {
72 TEST_DATA[i] = (byte) i;
73 }
74 }
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]75
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]76 private KeyStore mKeyStore = null;
77
78 public KeyStoreTest() {
79 super(Activity.class);
80 }
81
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]82 private static final byte[] PRIVKEY_BYTES = hexToBytes(
83 "308204BE020100300D06092A864886F70D0101010500048204A8308204A4020100028201" +
84 "0100E0473E8AB8F2284FEB9E742FF9748FA118ED98633C92F52AEB7A2EBE0D3BE60329BE" +
85 "766AD10EB6A515D0D2CFD9BEA7930F0C306537899F7958CD3E85B01F8818524D312584A9" +
86 "4B251E3625B54141EDBFEE198808E1BB97FC7CB49B9EAAAF68E9C98D7D0EDC53BBC0FA00" +
87 "34356D6305FBBCC3C7001405386ABBC873CB0F3EF7425F3D33DF7B315AE036D2A0B66AFD" +
88 "47503B169BF36E3B5162515B715FDA83DEAF2C58AEB9ABFB3097C3CC9DD9DBE5EF296C17" +
89 "6139028E8A671E63056D45F40188D2C4133490845DE52C2534E9C6B2478C07BDAE928823" +
90 "B62D066C7770F9F63F3DBA247F530844747BE7AAA85D853B8BD244ACEC3DE3C89AB46453" +
91 "AB4D24C3AC6902030100010282010037784776A5F17698F5AC960DFB83A1B67564E648BD" +
92 "0597CF8AB8087186F2669C27A9ECBDD480F0197A80D07309E6C6A96F925331E57F8B4AC6" +
93 "F4D45EDA45A23269C09FC428C07A4E6EDF738A15DEC97FABD2F2BB47A14F20EA72FCFE4C" +
94 "36E01ADA77BD137CD8D4DA10BB162E94A4662971F175F985FA188F056CB97EE2816F43AB" +
95 "9D3747612486CDA8C16196C30818A995EC85D38467791267B3BF21F273710A6925862576" +
96 "841C5B6712C12D4BD20A2F3299ADB7C135DA5E9515ABDA76E7CAF2A3BE80551D073B78BF" +
97 "1162C48AD2B7F4743A0238EE4D252F7D5E7E6533CCAE64CCB39360075A2FD1E034EC3AE5" +
98 "CE9C408CCBF0E25E4114021687B3DD4754AE8102818100F541884BC3737B2922D4119EF4" +
99 "5E2DEE2CD4CBB75F45505A157AA5009F99C73A2DF0724AC46024306332EA898177634546" +
100 "5DC6DF1E0A6F140AFF3B7396E6A8994AC5DAA96873472FE37749D14EB3E075E629DBEB35" +
101 "83338A6F3649D0A2654A7A42FD9AB6BFA4AC4D481D390BB229B064BDC311CC1BE1B63189" +
102 "DA7C40CDECF2B102818100EA1A742DDB881CEDB7288C87E38D868DD7A409D15A43F445D5" +
103 "377A0B5731DDBFCA2DAF28A8E13CD5C0AFCEC3347D74A39E235A3CD9633F274DE2B94F92" +
104 "DF43833911D9E9F1CF58F27DE2E08FF45964C720D3EC2139DC7CAFC912953CDECB2F355A" +
105 "2E2C35A50FAD754CB3B23166424BA3B6E3112A2B898C38C5C15EDB238693390281805182" +
106 "8F1EC6FD996029901BAF1D7E337BA5F0AF27E984EAD895ACE62BD7DF4EE45A224089F2CC" +
107 "151AF3CD173FCE0474BCB04F386A2CDCC0E0036BA2419F54579262D47100BE931984A3EF" +
108 "A05BECF141574DC079B3A95C4A83E6C43F3214D6DF32D512DE198085E531E616B83FD7DD" +
109 "9D1F4E2607C3333D07C55D107D1D3893587102818100DB4FB50F50DE8EDB53FF34C80931" +
110 "88A0512867DA2CCA04897759E587C244010DAF8664D59E8083D16C164789301F67A9F078" +
111 "060D834A2ADBD367575B68A8A842C2B02A89B3F31FCCEC8A22FE395795C5C6C7422B4E5D" +
112 "74A1E9A8F30E7759B9FC2D639C1F15673E84E93A5EF1506F4315383C38D45CBD1B14048F" +
113 "4721DC82326102818100D8114593AF415FB612DBF1923710D54D07486205A76A3B431949" +
114 "68C0DFF1F11EF0F61A4A337D5FD3741BBC9640E447B8B6B6C47C3AC1204357D3B0C55BA9" +
115 "286BDA73F629296F5FA9146D8976357D3C751E75148696A40B74685C82CE30902D639D72" +
116 "4FF24D5E2E9407EE34EDED2E3B4DF65AA9BCFEB6DF28D07BA6903F165768");
117
Chad Brubaker8827c812015-03-05 10:32:30 -0800[diff] [blame]118 private static final byte[] AES256_BYTES = hexToBytes(
119 "0CC175B9C0F1B6A831C399E269772661CEC520EA51EA0A47E87295FA3245A605");
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]120
121 private static byte[] hexToBytes(String s) {
122 int len = s.length();
123 byte[] data = new byte[len / 2];
124 for (int i = 0; i < len; i += 2) {
125 data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(
126 s.charAt(i + 1), 16));
127 }
128 return data;
129 }
130
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]131 @Override
132 protected void setUp() throws Exception {
133 mKeyStore = KeyStore.getInstance();
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]134 if (mKeyStore.state() != KeyStore.State.UNINITIALIZED) {
135 mKeyStore.reset();
136 }
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]137 assertEquals("KeyStore should be in an uninitialized state",
138 KeyStore.State.UNINITIALIZED, mKeyStore.state());
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]139 super.setUp();
140 }
141
142 @Override
143 protected void tearDown() throws Exception {
144 mKeyStore.reset();
145 super.tearDown();
146 }
147
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]148 public void testState() throws Exception {
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]149 assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state());
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]150 }
151
152 public void testPassword() throws Exception {
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]153 assertTrue(mKeyStore.password(TEST_PASSWD));
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]154 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state());
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]155 }
156
Brian Carlstrombef5e5a2011-06-27 17:22:02 -0700[diff] [blame]157 public void testGet() throws Exception {
158 assertNull(mKeyStore.get(TEST_KEYNAME));
159 mKeyStore.password(TEST_PASSWD);
160 assertNull(mKeyStore.get(TEST_KEYNAME));
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]161 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF,
162 KeyStore.FLAG_ENCRYPTED));
Brian Carlstrombef5e5a2011-06-27 17:22:02 -0700[diff] [blame]163 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME)));
164 }
165
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]166 public void testPut() throws Exception {
Brian Carlstrombef5e5a2011-06-27 17:22:02 -0700[diff] [blame]167 assertNull(mKeyStore.get(TEST_KEYNAME));
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]168 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF,
169 KeyStore.FLAG_ENCRYPTED));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]170 assertFalse(mKeyStore.contains(TEST_KEYNAME));
171 mKeyStore.password(TEST_PASSWD);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]172 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF,
173 KeyStore.FLAG_ENCRYPTED));
Brian Carlstrombef5e5a2011-06-27 17:22:02 -0700[diff] [blame]174 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME)));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]175 }
176
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]177 public void testPut_grantedUid_Wifi() throws Exception {
178 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]179 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID,
180 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]181 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
182 mKeyStore.password(TEST_PASSWD);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]183 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID,
184 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]185 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
186 }
187
188 public void testPut_ungrantedUid_Bluetooth() throws Exception {
189 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]190 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID,
191 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]192 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
193 mKeyStore.password(TEST_PASSWD);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]194 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID,
195 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]196 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
197 }
198
Nick Kralevich34c47c82010-03-09 13:28:14 -0800[diff] [blame]199 public void testI18n() throws Exception {
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]200 assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF,
201 KeyStore.FLAG_ENCRYPTED));
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]202 assertFalse(mKeyStore.contains(TEST_I18N_KEY));
203 mKeyStore.password(TEST_I18N_KEY);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]204 assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF,
205 KeyStore.FLAG_ENCRYPTED));
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]206 assertTrue(mKeyStore.contains(TEST_I18N_KEY));
Nick Kralevich34c47c82010-03-09 13:28:14 -0800[diff] [blame]207 }
208
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]209 public void testDelete() throws Exception {
Brian Carlstrom5ea68db2012-07-17 23:40:49 -0700[diff] [blame]210 assertFalse(mKeyStore.delete(TEST_KEYNAME));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]211 mKeyStore.password(TEST_PASSWD);
Brian Carlstrom5ea68db2012-07-17 23:40:49 -0700[diff] [blame]212 assertFalse(mKeyStore.delete(TEST_KEYNAME));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]213
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]214 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF,
215 KeyStore.FLAG_ENCRYPTED));
Brian Carlstrombef5e5a2011-06-27 17:22:02 -0700[diff] [blame]216 assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME)));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]217 assertTrue(mKeyStore.delete(TEST_KEYNAME));
Brian Carlstrombef5e5a2011-06-27 17:22:02 -0700[diff] [blame]218 assertNull(mKeyStore.get(TEST_KEYNAME));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]219 }
220
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]221 public void testDelete_grantedUid_Wifi() throws Exception {
222 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID));
223 mKeyStore.password(TEST_PASSWD);
224 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID));
225
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]226 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID,
227 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]228 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
229 assertTrue(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID));
230 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
231 }
232
233 public void testDelete_ungrantedUid_Bluetooth() throws Exception {
234 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID));
235 mKeyStore.password(TEST_PASSWD);
236 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID));
237
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]238 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID,
239 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]240 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
241 assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID));
242 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
243 }
244
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]245 public void testContains() throws Exception {
246 assertFalse(mKeyStore.contains(TEST_KEYNAME));
247
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]248 assertTrue(mKeyStore.password(TEST_PASSWD));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]249 assertFalse(mKeyStore.contains(TEST_KEYNAME));
250
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]251 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF,
252 KeyStore.FLAG_ENCRYPTED));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]253 assertTrue(mKeyStore.contains(TEST_KEYNAME));
254 }
255
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]256 public void testContains_grantedUid_Wifi() throws Exception {
257 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
258
259 assertTrue(mKeyStore.password(TEST_PASSWD));
260 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
261
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]262 assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID,
263 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]264 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
265 }
266
267 public void testContains_grantedUid_Bluetooth() throws Exception {
268 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
269
270 assertTrue(mKeyStore.password(TEST_PASSWD));
271 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
272
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]273 assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID,
274 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]275 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
276 }
277
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]278 public void testSaw() throws Exception {
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]279 String[] emptyResult = mKeyStore.saw(TEST_KEYNAME);
280 assertNotNull(emptyResult);
281 assertEquals(0, emptyResult.length);
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]282
283 mKeyStore.password(TEST_PASSWD);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]284 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
285 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]286
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]287 String[] results = mKeyStore.saw(TEST_KEYNAME);
288 assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
289 TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
290 new HashSet(Arrays.asList(results)));
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]291 }
292
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]293 public void testSaw_ungrantedUid_Bluetooth() throws Exception {
294 String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
295 assertNull(results1);
296
297 mKeyStore.password(TEST_PASSWD);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]298 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
299 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]300
301 String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
302 assertNull(results2);
303 }
304
305 public void testSaw_grantedUid_Wifi() throws Exception {
306 String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
307 assertNotNull(results1);
308 assertEquals(0, results1.length);
309
310 mKeyStore.password(TEST_PASSWD);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]311 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED);
312 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED);
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]313
314 String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
315 assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
316 TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
317 new HashSet(Arrays.asList(results2)));
318 }
319
320 public void testSaw_grantedUid_Vpn() throws Exception {
321 String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
322 assertNotNull(results1);
323 assertEquals(0, results1.length);
324
325 mKeyStore.password(TEST_PASSWD);
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]326 mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED);
327 mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED);
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]328
329 String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
330 assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
331 TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
332 new HashSet(Arrays.asList(results2)));
333 }
334
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]335 public void testLock() throws Exception {
336 assertFalse(mKeyStore.lock());
337
338 mKeyStore.password(TEST_PASSWD);
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]339 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state());
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]340
341 assertTrue(mKeyStore.lock());
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]342 assertEquals(KeyStore.State.LOCKED, mKeyStore.state());
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]343 }
344
345 public void testUnlock() throws Exception {
346 mKeyStore.password(TEST_PASSWD);
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]347 assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state());
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]348 mKeyStore.lock();
349
350 assertFalse(mKeyStore.unlock(TEST_PASSWD2));
351 assertTrue(mKeyStore.unlock(TEST_PASSWD));
352 }
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]353
354 public void testIsEmpty() throws Exception {
355 assertTrue(mKeyStore.isEmpty());
356 mKeyStore.password(TEST_PASSWD);
357 assertTrue(mKeyStore.isEmpty());
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]358 mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
Brian Carlstrom5cfee3f2011-05-31 01:00:15 -0700[diff] [blame]359 assertFalse(mKeyStore.isEmpty());
360 mKeyStore.reset();
361 assertTrue(mKeyStore.isEmpty());
362 }
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]363
364 public void testGenerate_NotInitialized_Fail() throws Exception {
365 assertFalse("Should fail when keystore is not initialized",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]366 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]367 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]368 }
369
370 public void testGenerate_Locked_Fail() throws Exception {
371 mKeyStore.password(TEST_PASSWD);
372 mKeyStore.lock();
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]373 assertFalse("Should fail when keystore is locked",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]374 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]375 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]376 }
377
378 public void testGenerate_Success() throws Exception {
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]379 assertTrue(mKeyStore.password(TEST_PASSWD));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]380
381 assertTrue("Should be able to generate key when unlocked",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]382 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]383 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]384 assertTrue(mKeyStore.contains(TEST_KEYNAME));
385 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
386 }
387
388 public void testGenerate_grantedUid_Wifi_Success() throws Exception {
389 assertTrue(mKeyStore.password(TEST_PASSWD));
390
391 assertTrue("Should be able to generate key when unlocked",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]392 mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]393 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]394 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
395 assertFalse(mKeyStore.contains(TEST_KEYNAME));
396 }
397
398 public void testGenerate_ungrantedUid_Bluetooth_Failure() throws Exception {
399 assertTrue(mKeyStore.password(TEST_PASSWD));
400
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]401 assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]402 NativeCrypto.EVP_PKEY_RSA, RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]403 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
404 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
405 assertFalse(mKeyStore.contains(TEST_KEYNAME));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]406 }
407
408 public void testImport_Success() throws Exception {
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]409 assertTrue(mKeyStore.password(TEST_PASSWD));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]410
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]411 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME,
412 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]413 assertTrue(mKeyStore.contains(TEST_KEYNAME));
414 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
415 }
416
417 public void testImport_grantedUid_Wifi_Success() throws Exception {
418 assertTrue(mKeyStore.password(TEST_PASSWD));
419
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]420 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME,
421 PRIVKEY_BYTES, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]422 assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
423 assertFalse(mKeyStore.contains(TEST_KEYNAME));
424 }
425
426 public void testImport_ungrantedUid_Bluetooth_Failure() throws Exception {
427 assertTrue(mKeyStore.password(TEST_PASSWD));
428
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]429 assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID,
430 KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]431 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
432 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
433 assertFalse(mKeyStore.contains(TEST_KEYNAME));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]434 }
435
436 public void testImport_Failure_BadEncoding() throws Exception {
437 mKeyStore.password(TEST_PASSWD);
438
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]439 assertFalse("Invalid DER-encoded key should not be imported", mKeyStore.importKey(
440 TEST_KEYNAME, TEST_DATA, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]441 assertFalse(mKeyStore.contains(TEST_KEYNAME));
442 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]443 }
444
445 public void testSign_Success() throws Exception {
446 mKeyStore.password(TEST_PASSWD);
447
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]448 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]449 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]450 assertTrue(mKeyStore.contains(TEST_KEYNAME));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]451 final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA);
452
453 assertNotNull("Signature should not be null", signature);
454 }
455
456 public void testVerify_Success() throws Exception {
457 mKeyStore.password(TEST_PASSWD);
458
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]459 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]460 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root78ad8492013-02-13 17:02:57 -0800[diff] [blame]461 assertTrue(mKeyStore.contains(TEST_KEYNAME));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]462 final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA);
463
464 assertNotNull("Signature should not be null", signature);
465
466 assertTrue("Signature should verify with same data",
467 mKeyStore.verify(TEST_KEYNAME, TEST_DATA, signature));
468 }
469
470 public void testSign_NotInitialized_Failure() throws Exception {
471 assertNull("Should not be able to sign without first initializing the keystore",
472 mKeyStore.sign(TEST_KEYNAME, TEST_DATA));
473 }
474
475 public void testSign_NotGenerated_Failure() throws Exception {
476 mKeyStore.password(TEST_PASSWD);
477
478 assertNull("Should not be able to sign without first generating keys",
479 mKeyStore.sign(TEST_KEYNAME, TEST_DATA));
480 }
481
482 public void testGrant_Generated_Success() throws Exception {
483 assertTrue("Password should work for keystore",
484 mKeyStore.password(TEST_PASSWD));
485
486 assertTrue("Should be able to generate key for testcase",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]487 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]488 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]489
490 assertTrue("Should be able to grant key to other user",
491 mKeyStore.grant(TEST_KEYNAME, 0));
492 }
493
494 public void testGrant_Imported_Success() throws Exception {
495 assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD));
496
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]497 assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME,
498 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]499
500 assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0));
501 }
502
503 public void testGrant_NoKey_Failure() throws Exception {
504 assertTrue("Should be able to unlock keystore for test",
505 mKeyStore.password(TEST_PASSWD));
506
507 assertFalse("Should not be able to grant without first initializing the keystore",
508 mKeyStore.grant(TEST_KEYNAME, 0));
509 }
510
511 public void testGrant_NotInitialized_Failure() throws Exception {
512 assertFalse("Should not be able to grant without first initializing the keystore",
513 mKeyStore.grant(TEST_KEYNAME, 0));
514 }
515
516 public void testUngrant_Generated_Success() throws Exception {
517 assertTrue("Password should work for keystore",
518 mKeyStore.password(TEST_PASSWD));
519
520 assertTrue("Should be able to generate key for testcase",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]521 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]522 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]523
524 assertTrue("Should be able to grant key to other user",
525 mKeyStore.grant(TEST_KEYNAME, 0));
526
527 assertTrue("Should be able to ungrant key to other user",
528 mKeyStore.ungrant(TEST_KEYNAME, 0));
529 }
530
531 public void testUngrant_Imported_Success() throws Exception {
532 assertTrue("Password should work for keystore",
533 mKeyStore.password(TEST_PASSWD));
534
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]535 assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME,
536 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]537
538 assertTrue("Should be able to grant key to other user",
539 mKeyStore.grant(TEST_KEYNAME, 0));
540
541 assertTrue("Should be able to ungrant key to other user",
542 mKeyStore.ungrant(TEST_KEYNAME, 0));
543 }
544
545 public void testUngrant_NotInitialized_Failure() throws Exception {
546 assertFalse("Should fail to ungrant key when keystore not initialized",
547 mKeyStore.ungrant(TEST_KEYNAME, 0));
548 }
549
550 public void testUngrant_NoGrant_Failure() throws Exception {
551 assertTrue("Password should work for keystore",
552 mKeyStore.password(TEST_PASSWD));
553
554 assertTrue("Should be able to generate key for testcase",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]555 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]556 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]557
558 assertFalse("Should not be able to revoke not existent grant",
559 mKeyStore.ungrant(TEST_KEYNAME, 0));
560 }
561
562 public void testUngrant_DoubleUngrant_Failure() throws Exception {
563 assertTrue("Password should work for keystore",
564 mKeyStore.password(TEST_PASSWD));
565
566 assertTrue("Should be able to generate key for testcase",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]567 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]568 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]569
570 assertTrue("Should be able to grant key to other user",
571 mKeyStore.grant(TEST_KEYNAME, 0));
572
573 assertTrue("Should be able to ungrant key to other user",
574 mKeyStore.ungrant(TEST_KEYNAME, 0));
575
576 assertFalse("Should fail to ungrant key to other user second time",
577 mKeyStore.ungrant(TEST_KEYNAME, 0));
578 }
579
580 public void testUngrant_DoubleGrantUngrant_Failure() throws Exception {
581 assertTrue("Password should work for keystore",
582 mKeyStore.password(TEST_PASSWD));
583
584 assertTrue("Should be able to generate key for testcase",
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]585 mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]586 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]587
588 assertTrue("Should be able to grant key to other user",
589 mKeyStore.grant(TEST_KEYNAME, 0));
590
591 assertTrue("Should be able to grant key to other user a second time",
592 mKeyStore.grant(TEST_KEYNAME, 0));
593
594 assertTrue("Should be able to ungrant key to other user",
595 mKeyStore.ungrant(TEST_KEYNAME, 0));
596
597 assertFalse("Should fail to ungrant key to other user second time",
598 mKeyStore.ungrant(TEST_KEYNAME, 0));
599 }
Kenny Root473c7122012-08-17 21:13:48 -0700[diff] [blame]600
Kenny Root5f1d9652013-03-21 14:21:50 -0700[diff] [blame]601 public void testDuplicate_grantedUid_Wifi_Success() throws Exception {
Kenny Rootbd794192013-03-20 11:36:50 -0700[diff] [blame]602 assertTrue(mKeyStore.password(TEST_PASSWD));
603
604 assertFalse(mKeyStore.contains(TEST_KEYNAME));
605
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]606 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]607 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Rootbd794192013-03-20 11:36:50 -0700[diff] [blame]608
609 assertTrue(mKeyStore.contains(TEST_KEYNAME));
610 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
611
Kenny Root5f1d9652013-03-21 14:21:50 -0700[diff] [blame]612 // source doesn't exist
613 assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, -1, TEST_KEYNAME1, Process.WIFI_UID));
614 assertFalse(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID));
Kenny Rootbd794192013-03-20 11:36:50 -0700[diff] [blame]615
Kenny Root5f1d9652013-03-21 14:21:50 -0700[diff] [blame]616 // Copy from current UID to granted UID
617 assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID));
618 assertTrue(mKeyStore.contains(TEST_KEYNAME));
619 assertFalse(mKeyStore.contains(TEST_KEYNAME1));
620 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
621 assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID));
622 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME1, Process.WIFI_UID));
623
624 // Copy from granted UID to same granted UID
625 assertTrue(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2,
626 Process.WIFI_UID));
627 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
628 assertTrue(mKeyStore.contains(TEST_KEYNAME1, Process.WIFI_UID));
629 assertTrue(mKeyStore.contains(TEST_KEYNAME2, Process.WIFI_UID));
630 assertFalse(mKeyStore.duplicate(TEST_KEYNAME1, Process.WIFI_UID, TEST_KEYNAME2,
631 Process.WIFI_UID));
632
633 assertTrue(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1));
634 assertTrue(mKeyStore.contains(TEST_KEYNAME));
635 assertFalse(mKeyStore.contains(TEST_KEYNAME1));
636 assertTrue(mKeyStore.contains(TEST_KEYNAME2));
637 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, -1));
Kenny Rootbd794192013-03-20 11:36:50 -0700[diff] [blame]638 }
639
Kenny Root5f1d9652013-03-21 14:21:50 -0700[diff] [blame]640 public void testDuplicate_ungrantedUid_Bluetooth_Failure() throws Exception {
Kenny Rootbd794192013-03-20 11:36:50 -0700[diff] [blame]641 assertTrue(mKeyStore.password(TEST_PASSWD));
642
643 assertFalse(mKeyStore.contains(TEST_KEYNAME));
644
Kenny Rootf64386f2013-08-16 14:03:29 -0700[diff] [blame]645 assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,
Shawn Willdendc8bc112014-09-11 16:08:44 -0600[diff] [blame]646 RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));
Kenny Rootbd794192013-03-20 11:36:50 -0700[diff] [blame]647
648 assertTrue(mKeyStore.contains(TEST_KEYNAME));
649 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
650
Kenny Root5f1d9652013-03-21 14:21:50 -0700[diff] [blame]651 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, -1, TEST_KEYNAME2, Process.BLUETOOTH_UID));
652 assertFalse(mKeyStore.duplicate(TEST_KEYNAME, Process.BLUETOOTH_UID, TEST_KEYNAME2,
653 Process.BLUETOOTH_UID));
Kenny Rootbd794192013-03-20 11:36:50 -0700[diff] [blame]654
655 assertTrue(mKeyStore.contains(TEST_KEYNAME));
656 assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
657 }
658
Kenny Root473c7122012-08-17 21:13:48 -0700[diff] [blame]659 /**
660 * The amount of time to allow before and after expected time for variance
661 * in timing tests.
662 */
663 private static final long SLOP_TIME_MILLIS = 15000L;
664
665 public void testGetmtime_Success() throws Exception {
666 assertTrue("Password should work for keystore",
667 mKeyStore.password(TEST_PASSWD));
668
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]669 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME,
670 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root473c7122012-08-17 21:13:48 -0700[diff] [blame]671
672 long now = System.currentTimeMillis();
673 long actual = mKeyStore.getmtime(TEST_KEYNAME);
674
675 long expectedAfter = now - SLOP_TIME_MILLIS;
676 long expectedBefore = now + SLOP_TIME_MILLIS;
677
678 assertLessThan("Time should be close to current time", expectedBefore, actual);
679 assertGreaterThan("Time should be close to current time", expectedAfter, actual);
680 }
681
682 private static void assertLessThan(String explanation, long expectedBefore, long actual) {
683 if (actual >= expectedBefore) {
684 throw new AssertionFailedError(explanation + ": actual=" + actual
685 + ", expected before: " + expectedBefore);
686 }
687 }
688
689 private static void assertGreaterThan(String explanation, long expectedAfter, long actual) {
690 if (actual <= expectedAfter) {
691 throw new AssertionFailedError(explanation + ": actual=" + actual
692 + ", expected after: " + expectedAfter);
693 }
694 }
695
696 public void testGetmtime_NonExist_Failure() throws Exception {
697 assertTrue("Password should work for keystore",
698 mKeyStore.password(TEST_PASSWD));
699
Kenny Rootb2c0ff62013-04-12 17:36:25 -0700[diff] [blame]700 assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME,
701 PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
Kenny Root473c7122012-08-17 21:13:48 -0700[diff] [blame]702
703 assertEquals("-1 should be returned for non-existent key",
704 -1L, mKeyStore.getmtime(TEST_KEYNAME2));
705 }
Chad Brubaker8827c812015-03-05 10:32:30 -0800[diff] [blame]706
707 private KeyCharacteristics generateRsaKey(String name) throws Exception {
708 KeymasterArguments args = new KeymasterArguments();
709 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
710 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
711 args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
712 args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
713 args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
714 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
715 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
716
717 KeyCharacteristics outCharacteristics = new KeyCharacteristics();
718 int result = mKeyStore.generateKey(name, args, 0, outCharacteristics);
719 assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
720 return outCharacteristics;
721 }
722
723 public void testGenerateKey() throws Exception {
724 generateRsaKey("test");
725 mKeyStore.delete("test");
726 }
727 public void testGenerateAndDelete() throws Exception {
728 generateRsaKey("test");
729 assertTrue("delete should succeed", mKeyStore.delete("test"));
730 }
731
732 public void testGetKeyCharacteristicsSuccess() throws Exception {
733 mKeyStore.password(TEST_PASSWD);
734 String name = "test";
735 KeyCharacteristics gen = generateRsaKey(name);
736 KeyCharacteristics call = new KeyCharacteristics();
737 int result = mKeyStore.getKeyCharacteristics(name, null, null, call);
738 assertEquals("getKeyCharacteristics should succeed", KeyStore.NO_ERROR, result);
739 mKeyStore.delete("test");
740 }
741
742 public void testAppId() throws Exception {
743 String name = "test";
744 KeymasterArguments args = new KeymasterArguments();
745 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
746 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
747 args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_RSA);
748 args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
749 args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 2048);
750 args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_ECB);
751 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, new byte[] {0x01, 0x02, 0x03});
752 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
753
754 KeyCharacteristics outCharacteristics = new KeyCharacteristics();
755 int result = mKeyStore.generateKey(name, args, 0, outCharacteristics);
756 assertEquals("generateRsaKey should succeed", KeyStore.NO_ERROR, result);
757 assertEquals("getKeyCharacteristics should fail without application ID",
758 KeymasterDefs.KM_ERROR_INVALID_KEY_BLOB,
759 mKeyStore.getKeyCharacteristics(name, null, null, outCharacteristics));
760 assertEquals("getKeyCharacteristics should succeed with application ID",
761 KeyStore.NO_ERROR,
762 mKeyStore.getKeyCharacteristics(name, new byte[] {0x01, 0x02, 0x03}, null,
763 outCharacteristics));
764 }
765
766
767 public void testExportRsa() throws Exception {
768 String name = "test";
769 generateRsaKey(name);
770 ExportResult result = mKeyStore.exportKey(name, KeymasterDefs.KM_KEY_FORMAT_X509, null,
771 null);
772 assertEquals("Export success", KeyStore.NO_ERROR, result.resultCode);
773 // TODO: Verify we have an RSA public key that's well formed.
774 }
775
776 public void testAesOcbEncryptSuccess() throws Exception {
777 String name = "test";
778 KeymasterArguments args = new KeymasterArguments();
779 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
780 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
781 args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
782 args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
783 args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256);
784 args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);
785 args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
786 args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
787 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
788 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
789
790 KeyCharacteristics outCharacteristics = new KeyCharacteristics();
791 int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics);
792 assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
793
794 KeymasterArguments out = new KeymasterArguments();
795 args = new KeymasterArguments();
796 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
797 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
798 OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
799 true, args, out);
800 IBinder token = result.token;
801 assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
802 result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04});
803 assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode);
804 assertEquals("Finish should succeed", KeyStore.NO_ERROR,
805 mKeyStore.finish(token, null, null).resultCode);
806 }
807
808 public void testBadToken() throws Exception {
809 IBinder token = new Binder();
810 OperationResult result = mKeyStore.update(token, null, new byte[] {0x01});
811 assertEquals("Update with invalid token should fail",
812 KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE, result.resultCode);
813 }
814
815 private int importAesKey(String name, byte[] key, int size, int mode) {
816 KeymasterArguments args = new KeymasterArguments();
817 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
818 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
819 args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
820 args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
821 args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, mode);
822 args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, size);
823 return mKeyStore.importKey(name, args, KeymasterDefs.KM_KEY_FORMAT_RAW, key, 0,
824 new KeyCharacteristics());
825 }
826 private byte[] doOperation(String name, int purpose, byte[] in, KeymasterArguments beginArgs) {
827 KeymasterArguments out = new KeymasterArguments();
828 OperationResult result = mKeyStore.begin(name, purpose,
829 true, beginArgs, out);
830 assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
831 IBinder token = result.token;
832 result = mKeyStore.update(token, null, in);
833 assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode);
834 assertEquals("All data should be consumed", in.length, result.inputConsumed);
835 assertEquals("Finish should succeed", KeyStore.NO_ERROR,
836 mKeyStore.finish(token, null, null).resultCode);
837 return result.output;
838 }
839
840 public void testImportAes() throws Exception {
841 int result = importAesKey("aes", AES256_BYTES, 256, KeymasterDefs.KM_MODE_ECB);
842 assertEquals("import should succeed", KeyStore.NO_ERROR, result);
843 mKeyStore.delete("aes");
844 }
845
846 public void testAes256Ecb() throws Exception {
847 byte[] key =
848 hexToBytes("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4");
849 String name = "aes";
850 assertEquals(KeyStore.NO_ERROR, importAesKey(name, key, 256, KeymasterDefs.KM_MODE_ECB));
851 byte[][] testVectors = new byte[][] {
852 hexToBytes("6bc1bee22e409f96e93d7e117393172a"),
853 hexToBytes("ae2d8a571e03ac9c9eb76fac45af8e51"),
854 hexToBytes("30c81c46a35ce411e5fbc1191a0a52ef"),
855 hexToBytes("f69f2445df4f9b17ad2b417be66c3710")};
856 byte[][] cipherVectors = new byte[][] {
857 hexToBytes("f3eed1bdb5d2a03c064b5a7e3db181f8"),
858 hexToBytes("591ccb10d410ed26dc5ba74a31362870"),
859 hexToBytes("b6ed21b99ca6f4f9f153e7b1beafed1d"),
860 hexToBytes("23304b7a39f9f3ff067d8d8f9e24ecc7")};
861 for (int i = 0; i < testVectors.length; i++) {
862 byte[] cipherText = doOperation(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, testVectors[i],
863 new KeymasterArguments());
864 MoreAsserts.assertEquals(cipherVectors[i], cipherText);
865 }
866 for (int i = 0; i < testVectors.length; i++) {
867 byte[] plainText = doOperation(name, KeymasterDefs.KM_PURPOSE_DECRYPT,
868 cipherVectors[i], new KeymasterArguments());
869 MoreAsserts.assertEquals(testVectors[i], plainText);
870 }
871 }
872
873 // This is a very implementation specific test and should be thrown out eventually, however it
874 // is nice for now to test that keystore is properly pruning operations.
875 public void testOperationPruning() throws Exception {
876 String name = "test";
877 KeymasterArguments args = new KeymasterArguments();
878 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
879 args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
880 args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
881 args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
882 args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256);
883 args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_OCB);
884 args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
885 args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
886 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
887 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
888
889 KeyCharacteristics outCharacteristics = new KeyCharacteristics();
890 int rc = mKeyStore.generateKey(name, args, 0, outCharacteristics);
891 assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
892
893 KeymasterArguments out = new KeymasterArguments();
894 args = new KeymasterArguments();
895 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_ID, null);
896 args.addBlob(KeymasterDefs.KM_TAG_APPLICATION_DATA, null);
897 OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
898 true, args, out);
899 assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
900 IBinder first = result.token;
901 // Implementation detail: softkeymaster supports 16 concurrent operations
902 for (int i = 0; i < 16; i++) {
903 result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT, true, args, out);
904 assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
905 }
906 // At this point the first operation should be pruned.
907 assertEquals("Operation should be pruned", KeymasterDefs.KM_ERROR_INVALID_OPERATION_HANDLE,
908 mKeyStore.update(first, null, new byte[] {0x01}).resultCode);
909 }
Chung-yih Wangf35e9662009-09-29 11:20:28 +0800[diff] [blame]910}