Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include <stdio.h> |
| 18 | |
| 19 | #include <openssl/evp.h> |
| 20 | #include <openssl/x509.h> |
| 21 | |
| 22 | #include "trusty_keymaster_device.h" |
| 23 | |
| 24 | using keymaster::TrustyKeymasterDevice; |
| 25 | |
| 26 | unsigned char rsa_privkey_pk8_der[] = { |
| 27 | 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, |
| 28 | 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, |
| 29 | 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34, 0x81, 0x2d, 0x5a, |
| 30 | 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01, 0xf2, 0x34, 0x22, 0x6c, |
| 31 | 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41, 0x7b, 0x71, 0xc0, 0xb6, 0xa4, |
| 32 | 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9, 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff, |
| 33 | 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7, 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57, |
| 34 | 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e, 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5, |
| 35 | 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12, 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f, |
| 36 | 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d, 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28, |
| 37 | 0x07, 0x45, 0xea, 0x6d, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0, |
| 38 | 0x4d, 0x9c, 0xae, 0x37, 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55, |
| 39 | 0x89, 0x9f, 0xfb, 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab, |
| 40 | 0x02, 0x97, 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed, |
| 41 | 0x0f, 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57, |
| 42 | 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0, 0x80, |
| 43 | 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac, 0xe7, 0x24, |
| 44 | 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a, 0xb5, 0x91, 0x2c, |
| 45 | 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80, 0x81, 0x02, 0x41, 0x00, |
| 46 | 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0, 0x1a, 0xce, 0xaa, 0xf1, 0x30, |
| 47 | 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf, 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d, |
| 48 | 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb, 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c, |
| 49 | 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85, 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55, |
| 50 | 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83, 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31, |
| 51 | 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a, 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b, |
| 52 | 0xc9, 0x30, 0xdb, 0xe5, 0x63, 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6, |
| 53 | 0xcd, 0xef, 0xd3, 0x24, 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5, |
| 54 | 0x01, 0xfd, 0x91, 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1, |
| 55 | 0x44, 0x11, 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78, |
| 56 | 0xcc, 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea, |
| 57 | 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f, 0xa8, |
| 58 | 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d, 0x15, 0x18, |
| 59 | 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc, 0x86, 0x94, 0x04, |
| 60 | 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45, 0x26, 0xd3, 0x28, 0xc1, |
| 61 | 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d, 0xec, 0x25, 0x08, 0x92, 0xdb, |
| 62 | 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77, 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d, |
| 63 | 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d, 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f, |
| 64 | 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24, 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a, |
| 65 | 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98, 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c, |
| 66 | 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3, 0x34, 0x92, 0xd6}; |
| 67 | unsigned int rsa_privkey_pk8_der_len = 633; |
| 68 | |
| 69 | unsigned char dsa_privkey_pk8_der[] = { |
| 70 | 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48, |
| 71 | 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3, 0xe9, 0xb6, |
| 72 | 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad, 0xbc, 0xc9, 0xd1, |
| 73 | 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8, 0xe0, 0x26, 0x44, 0x19, |
| 74 | 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde, 0xe5, 0x4f, 0x48, 0x15, 0x01, |
| 75 | 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8, 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c, |
| 76 | 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d, 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b, |
| 77 | 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2, 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7, |
| 78 | 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda, 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec, |
| 79 | 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24, 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb, |
| 80 | 0xea, 0x17, 0xd2, 0x09, 0xb3, 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71, |
| 81 | 0x68, 0xf7, 0xe3, 0x02, 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b, |
| 82 | 0xf6, 0xcd, 0xd6, 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06, |
| 83 | 0x88, 0xb1, 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8, |
| 84 | 0x11, 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84, |
| 85 | 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80, 0xca, |
| 86 | 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62, 0x75, 0x8b, |
| 87 | 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf, 0x72, 0x9a, 0x67, |
| 88 | 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a, 0xba, 0x3b, 0xa8, 0x00, |
| 89 | 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00, 0x81, 0x9d, 0xfd, 0x53, 0x0c, |
| 90 | 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33, 0x91, 0x84, 0xbe, 0xad, 0x81}; |
| 91 | unsigned int dsa_privkey_pk8_der_len = 335; |
| 92 | |
| 93 | unsigned char ec_privkey_pk8_der[] = { |
| 94 | 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, |
| 95 | 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, |
| 96 | 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa, |
| 97 | 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81, |
| 98 | 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, |
| 99 | 0xc2, 0x54, 0x61, 0x68, 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e, |
| 100 | 0x3b, 0xdd, 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e, |
| 101 | 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, 0x33, 0x76, |
| 102 | 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe}; |
| 103 | unsigned int ec_privkey_pk8_der_len = 138; |
| 104 | |
| 105 | struct EVP_PKEY_Delete { |
| 106 | void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); } |
| 107 | }; |
| 108 | |
| 109 | struct EVP_PKEY_CTX_Delete { |
| 110 | void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); } |
| 111 | }; |
| 112 | |
| 113 | static bool test_import_rsa(TrustyKeymasterDevice* device) { |
| 114 | printf("===================\n"); |
| 115 | printf("= RSA Import Test =\n"); |
| 116 | printf("===================\n\n"); |
| 117 | |
| 118 | printf("=== Importing RSA keypair === \n"); |
| 119 | uint8_t* key; |
| 120 | size_t size; |
| 121 | int error = device->import_keypair(rsa_privkey_pk8_der, rsa_privkey_pk8_der_len, &key, &size); |
| 122 | if (error != KM_ERROR_OK) { |
| 123 | printf("Error importing key pair: %d\n\n", error); |
| 124 | return false; |
| 125 | } |
| 126 | UniquePtr<uint8_t[]> key_deleter(key); |
| 127 | |
| 128 | printf("=== Signing with imported RSA key ===\n"); |
| 129 | keymaster_rsa_sign_params_t sign_params = {DIGEST_NONE, PADDING_NONE}; |
| 130 | size_t message_len = 1024 / 8; |
| 131 | UniquePtr<uint8_t[]> message(new uint8_t[message_len]); |
| 132 | memset(message.get(), 'a', message_len); |
| 133 | uint8_t* signature; |
| 134 | size_t signature_len; |
| 135 | error = device->sign_data(&sign_params, key, size, message.get(), message_len, &signature, |
| 136 | &signature_len); |
| 137 | if (error != KM_ERROR_OK) { |
| 138 | printf("Error signing data with imported RSA key: %d\n\n", error); |
| 139 | return false; |
| 140 | } |
| 141 | UniquePtr<uint8_t[]> signature_deleter(signature); |
| 142 | |
| 143 | printf("=== Verifying with imported RSA key === \n"); |
| 144 | error = device->verify_data(&sign_params, key, size, message.get(), message_len, signature, |
| 145 | signature_len); |
| 146 | if (error != KM_ERROR_OK) { |
| 147 | printf("Error verifying data with imported RSA key: %d\n\n", error); |
| 148 | return false; |
| 149 | } |
| 150 | |
| 151 | printf("\n"); |
| 152 | return true; |
| 153 | } |
| 154 | |
| 155 | static bool test_rsa(TrustyKeymasterDevice* device) { |
| 156 | printf("============\n"); |
| 157 | printf("= RSA Test =\n"); |
| 158 | printf("============\n\n"); |
| 159 | |
| 160 | printf("=== Generating RSA key pair ===\n"); |
| 161 | keymaster_rsa_keygen_params_t params; |
| 162 | params.public_exponent = 65537; |
| 163 | params.modulus_size = 2048; |
| 164 | |
| 165 | uint8_t* key; |
| 166 | size_t size; |
| 167 | int error = device->generate_keypair(TYPE_RSA, ¶ms, &key, &size); |
| 168 | if (error != KM_ERROR_OK) { |
| 169 | printf("Error generating RSA key pair: %d\n\n", error); |
| 170 | return false; |
| 171 | } |
| 172 | UniquePtr<uint8_t[]> deleter(key); |
| 173 | |
| 174 | printf("=== Signing with RSA key === \n"); |
| 175 | keymaster_rsa_sign_params_t sign_params = {DIGEST_NONE, PADDING_NONE}; |
| 176 | size_t message_len = params.modulus_size / 8; |
| 177 | UniquePtr<uint8_t[]> message(new uint8_t[message_len]); |
| 178 | memset(message.get(), 'a', message_len); |
| 179 | uint8_t* signature; |
| 180 | size_t signature_len; |
| 181 | error = device->sign_data(&sign_params, key, size, message.get(), message_len, &signature, |
| 182 | &signature_len); |
| 183 | if (error != KM_ERROR_OK) { |
| 184 | printf("Error signing data with RSA key: %d\n\n", error); |
| 185 | return false; |
| 186 | } |
| 187 | UniquePtr<uint8_t[]> signature_deleter(signature); |
| 188 | |
| 189 | printf("=== Verifying with RSA key === \n"); |
| 190 | error = device->verify_data(&sign_params, key, size, message.get(), message_len, signature, |
| 191 | signature_len); |
| 192 | if (error != KM_ERROR_OK) { |
| 193 | printf("Error verifying data with RSA key: %d\n\n", error); |
| 194 | return false; |
| 195 | } |
| 196 | |
| 197 | printf("=== Exporting RSA public key ===\n"); |
| 198 | uint8_t* exported_key; |
| 199 | size_t exported_size; |
| 200 | error = device->get_keypair_public(key, size, &exported_key, &exported_size); |
| 201 | if (error != KM_ERROR_OK) { |
| 202 | printf("Error exporting RSA public key: %d\n\n", error); |
| 203 | return false; |
| 204 | } |
| 205 | |
| 206 | printf("=== Verifying with exported key ===\n"); |
| 207 | const uint8_t* tmp = exported_key; |
| 208 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(d2i_PUBKEY(NULL, &tmp, exported_size)); |
| 209 | UniquePtr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL)); |
| 210 | if (EVP_PKEY_verify_init(ctx.get()) != 1) { |
| 211 | printf("Error initializing openss EVP context\n"); |
| 212 | return false; |
| 213 | } |
| 214 | if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { |
| 215 | printf("Exported key was the wrong type?!?\n"); |
| 216 | return false; |
| 217 | } |
| 218 | |
| 219 | EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING); |
| 220 | if (EVP_PKEY_verify(ctx.get(), signature, signature_len, message.get(), message_len) != 1) { |
| 221 | printf("Verification with exported pubkey failed.\n"); |
| 222 | return false; |
| 223 | } else { |
| 224 | printf("Verification succeeded\n"); |
| 225 | } |
| 226 | |
| 227 | printf("\n"); |
| 228 | return true; |
| 229 | } |
| 230 | |
| 231 | static bool test_import_ecdsa(TrustyKeymasterDevice* device) { |
| 232 | printf("=====================\n"); |
| 233 | printf("= ECDSA Import Test =\n"); |
| 234 | printf("=====================\n\n"); |
| 235 | |
| 236 | printf("=== Importing ECDSA keypair === \n"); |
| 237 | uint8_t* key; |
| 238 | size_t size; |
| 239 | int error = device->import_keypair(ec_privkey_pk8_der, ec_privkey_pk8_der_len, &key, &size); |
| 240 | if (error != KM_ERROR_OK) { |
| 241 | printf("Error importing key pair: %d\n\n", error); |
| 242 | return false; |
| 243 | } |
| 244 | UniquePtr<uint8_t[]> deleter(key); |
| 245 | |
| 246 | printf("=== Signing with imported ECDSA key ===\n"); |
| 247 | keymaster_ec_sign_params_t sign_params = {DIGEST_NONE}; |
| 248 | size_t message_len = 30 /* arbitrary */; |
| 249 | UniquePtr<uint8_t[]> message(new uint8_t[message_len]); |
| 250 | memset(message.get(), 'a', message_len); |
| 251 | uint8_t* signature; |
| 252 | size_t signature_len; |
| 253 | error = device->sign_data(&sign_params, key, size, message.get(), message_len, &signature, |
| 254 | &signature_len); |
| 255 | if (error != KM_ERROR_OK) { |
| 256 | printf("Error signing data with imported ECDSA key: %d\n\n", error); |
| 257 | return false; |
| 258 | } |
| 259 | UniquePtr<uint8_t[]> signature_deleter(signature); |
| 260 | |
| 261 | printf("=== Verifying with imported ECDSA key === \n"); |
| 262 | error = device->verify_data(&sign_params, key, size, message.get(), message_len, signature, |
| 263 | signature_len); |
| 264 | if (error != KM_ERROR_OK) { |
| 265 | printf("Error verifying data with imported ECDSA key: %d\n\n", error); |
| 266 | return false; |
| 267 | } |
| 268 | |
| 269 | printf("\n"); |
| 270 | return true; |
| 271 | } |
| 272 | |
| 273 | static bool test_ecdsa(TrustyKeymasterDevice* device) { |
| 274 | printf("==============\n"); |
| 275 | printf("= ECDSA Test =\n"); |
| 276 | printf("==============\n\n"); |
| 277 | |
| 278 | printf("=== Generating ECDSA key pair ===\n"); |
| 279 | keymaster_ec_keygen_params_t params; |
| 280 | params.field_size = 521; |
| 281 | uint8_t* key; |
| 282 | size_t size; |
| 283 | int error = device->generate_keypair(TYPE_EC, ¶ms, &key, &size); |
| 284 | if (error != 0) { |
| 285 | printf("Error generating ECDSA key pair: %d\n\n", error); |
| 286 | return false; |
| 287 | } |
| 288 | UniquePtr<uint8_t[]> deleter(key); |
| 289 | |
| 290 | printf("=== Signing with ECDSA key === \n"); |
| 291 | keymaster_ec_sign_params_t sign_params = {DIGEST_NONE}; |
| 292 | size_t message_len = 30 /* arbitrary */; |
| 293 | UniquePtr<uint8_t[]> message(new uint8_t[message_len]); |
| 294 | memset(message.get(), 'a', message_len); |
| 295 | uint8_t* signature; |
| 296 | size_t signature_len; |
| 297 | error = device->sign_data(&sign_params, key, size, message.get(), message_len, &signature, |
| 298 | &signature_len); |
| 299 | if (error != KM_ERROR_OK) { |
| 300 | printf("Error signing data with ECDSA key: %d\n\n", error); |
| 301 | return false; |
| 302 | } |
| 303 | UniquePtr<uint8_t[]> signature_deleter(signature); |
| 304 | |
| 305 | printf("=== Verifying with ECDSA key === \n"); |
| 306 | error = device->verify_data(&sign_params, key, size, message.get(), message_len, signature, |
| 307 | signature_len); |
| 308 | if (error != KM_ERROR_OK) { |
| 309 | printf("Error verifying data with ECDSA key: %d\n\n", error); |
| 310 | return false; |
| 311 | } |
| 312 | |
| 313 | printf("=== Exporting ECDSA public key ===\n"); |
| 314 | uint8_t* exported_key; |
| 315 | size_t exported_size; |
| 316 | error = device->get_keypair_public(key, size, &exported_key, &exported_size); |
| 317 | if (error != KM_ERROR_OK) { |
| 318 | printf("Error exporting ECDSA public key: %d\n\n", error); |
| 319 | return false; |
| 320 | } |
| 321 | |
| 322 | printf("=== Verifying with exported key ===\n"); |
| 323 | const uint8_t* tmp = exported_key; |
| 324 | UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(d2i_PUBKEY(NULL, &tmp, exported_size)); |
| 325 | UniquePtr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL)); |
| 326 | if (EVP_PKEY_verify_init(ctx.get()) != 1) { |
| 327 | printf("Error initializing openss EVP context\n"); |
| 328 | return false; |
| 329 | } |
| 330 | if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) { |
| 331 | printf("Exported key was the wrong type?!?\n"); |
| 332 | return false; |
| 333 | } |
| 334 | |
| 335 | if (EVP_PKEY_verify(ctx.get(), signature, signature_len, message.get(), message_len) != 1) { |
| 336 | printf("Verification with exported pubkey failed.\n"); |
| 337 | return false; |
| 338 | } else { |
| 339 | printf("Verification succeeded\n"); |
| 340 | } |
| 341 | |
| 342 | printf("\n"); |
| 343 | return true; |
| 344 | } |
| 345 | |
| 346 | int main(void) { |
| 347 | |
| 348 | TrustyKeymasterDevice device(NULL); |
| 349 | if (device.session_error() != KM_ERROR_OK) { |
| 350 | printf("Failed to initialize Trusty session: %d\n", device.session_error()); |
| 351 | return 1; |
| 352 | } |
| 353 | printf("Trusty session initialized\n"); |
| 354 | |
| 355 | bool success = true; |
| 356 | success &= test_rsa(&device); |
| 357 | success &= test_import_rsa(&device); |
| 358 | success &= test_ecdsa(&device); |
| 359 | success &= test_import_ecdsa(&device); |
| 360 | |
| 361 | if (success) { |
| 362 | printf("\nTESTS PASSED!\n"); |
| 363 | } else { |
| 364 | printf("\n!!!!TESTS FAILED!!!\n"); |
| 365 | } |
| 366 | |
| 367 | return success ? 0 : 1; |
| 368 | } |