Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | #include <algorithm> |
| 17 | #include <fstream> |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 18 | #include <memory> |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 19 | |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 20 | #include <gtest/gtest.h> |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 21 | #include <openssl/engine.h> |
| 22 | |
| 23 | #include <hardware/keymaster0.h> |
| 24 | |
| 25 | #include <keymaster/android_keymaster.h> |
| 26 | #include <keymaster/android_keymaster_messages.h> |
| 27 | #include <keymaster/android_keymaster_utils.h> |
| 28 | #include <keymaster/keymaster_tags.h> |
| 29 | #include <keymaster/soft_keymaster_context.h> |
| 30 | |
| 31 | #include "android_keymaster_test_utils.h" |
| 32 | #include "trusty_keymaster_device.h" |
| 33 | #include "openssl_utils.h" |
| 34 | |
| 35 | using std::string; |
| 36 | using std::ifstream; |
| 37 | using std::istreambuf_iterator; |
| 38 | |
| 39 | static keymaster::AndroidKeymaster *impl_ = nullptr; |
| 40 | |
| 41 | extern "C" { |
| 42 | int __android_log_print(); |
| 43 | } |
| 44 | |
| 45 | int __android_log_print() { |
| 46 | return 0; |
| 47 | } |
| 48 | |
| 49 | int main(int argc, char** argv) { |
| 50 | ::testing::InitGoogleTest(&argc, argv); |
| 51 | int result = RUN_ALL_TESTS(); |
| 52 | // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain. |
| 53 | CRYPTO_cleanup_all_ex_data(); |
| 54 | ERR_free_strings(); |
| 55 | return result; |
| 56 | } |
| 57 | |
| 58 | int trusty_keymaster_connect() { |
| 59 | impl_ = new keymaster::AndroidKeymaster(new keymaster::SoftKeymasterContext(nullptr), 16); |
| 60 | } |
| 61 | |
| 62 | void trusty_keymaster_disconnect() { |
| 63 | delete static_cast<keymaster::AndroidKeymaster*>(priv_); |
| 64 | } |
| 65 | |
| 66 | template <typename Req, typename Rsp> |
| 67 | static int fake_call(keymaster::AndroidKeymaster* device, |
| 68 | void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf, |
| 69 | uint32_t in_size, void* out_buf, uint32_t* out_size) { |
| 70 | Req req; |
| 71 | const uint8_t* in = static_cast<uint8_t*>(in_buf); |
| 72 | req.Deserialize(&in, in + in_size); |
| 73 | Rsp rsp; |
| 74 | (device->*method)(req, &rsp); |
| 75 | |
| 76 | *out_size = rsp.SerializedSize(); |
| 77 | uint8_t* out = static_cast<uint8_t*>(out_buf); |
| 78 | rsp.Serialize(out, out + *out_size); |
| 79 | return 0; |
| 80 | } |
| 81 | |
| 82 | int trusty_keymaster_call(uint32_t cmd, void* in_buf, uint32_t in_size, void* out_buf, |
| 83 | uint32_t* out_size) { |
| 84 | switch (cmd) { |
| 85 | case KM_GENERATE_KEY: |
| 86 | return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size, |
| 87 | out_buf, out_size); |
| 88 | case KM_BEGIN_OPERATION: |
| 89 | return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size, |
| 90 | out_buf, out_size); |
| 91 | case KM_UPDATE_OPERATION: |
| 92 | return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size, |
| 93 | out_buf, out_size); |
| 94 | case KM_FINISH_OPERATION: |
| 95 | return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size, |
| 96 | out_buf, out_size); |
| 97 | case KM_IMPORT_KEY: |
| 98 | return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size, out_buf, |
| 99 | out_size); |
| 100 | case KM_EXPORT_KEY: |
| 101 | return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size, out_buf, |
| 102 | out_size); |
| 103 | } |
| 104 | return -EINVAL; |
| 105 | |
| 106 | } |
| 107 | |
| 108 | namespace keymaster { |
| 109 | namespace test { |
| 110 | |
| 111 | class TrustyKeymasterTest : public testing::Test { |
| 112 | protected: |
| 113 | TrustyKeymasterTest() : device(NULL) {} |
| 114 | |
| 115 | keymaster_rsa_keygen_params_t build_rsa_params() { |
| 116 | keymaster_rsa_keygen_params_t rsa_params; |
| 117 | rsa_params.public_exponent = 65537; |
| 118 | rsa_params.modulus_size = 2048; |
| 119 | return rsa_params; |
| 120 | } |
| 121 | |
| 122 | uint8_t* build_message(size_t length) { |
| 123 | uint8_t* msg = new uint8_t[length]; |
| 124 | memset(msg, 'a', length); |
| 125 | return msg; |
| 126 | } |
| 127 | |
| 128 | size_t dsa_message_len(const keymaster_dsa_keygen_params_t& params) { |
| 129 | switch (params.key_size) { |
| 130 | case 256: |
| 131 | case 1024: |
| 132 | return 48; |
| 133 | case 2048: |
| 134 | case 4096: |
| 135 | return 72; |
| 136 | default: |
| 137 | // Oops. |
| 138 | return 0; |
| 139 | } |
| 140 | } |
| 141 | |
| 142 | TrustyKeymasterDevice device; |
| 143 | }; |
| 144 | |
| 145 | class Malloc_Delete { |
| 146 | public: |
| 147 | Malloc_Delete(void* p) : p_(p) {} |
| 148 | ~Malloc_Delete() { free(p_); } |
| 149 | |
| 150 | private: |
| 151 | void* p_; |
| 152 | }; |
| 153 | |
| 154 | typedef TrustyKeymasterTest KeyGenTest; |
| 155 | TEST_F(KeyGenTest, RsaSuccess) { |
| 156 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 157 | uint8_t* ptr = NULL; |
| 158 | size_t size; |
| 159 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 160 | EXPECT_GT(size, 0U); |
| 161 | Malloc_Delete key_deleter(ptr); |
| 162 | } |
| 163 | |
| 164 | TEST_F(KeyGenTest, EcdsaSuccess) { |
| 165 | keymaster_ec_keygen_params_t ec_params = {256}; |
| 166 | uint8_t* ptr = NULL; |
| 167 | size_t size; |
| 168 | ASSERT_EQ(0, device.generate_keypair(TYPE_EC, &ec_params, &ptr, &size)); |
| 169 | EXPECT_GT(size, 0U); |
| 170 | Malloc_Delete key_deleter(ptr); |
| 171 | } |
| 172 | |
| 173 | typedef TrustyKeymasterTest SigningTest; |
| 174 | TEST_F(SigningTest, RsaSuccess) { |
| 175 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 176 | uint8_t* ptr = NULL; |
| 177 | size_t size; |
| 178 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 179 | EXPECT_GT(size, 0U); |
| 180 | Malloc_Delete key_deleter(ptr); |
| 181 | |
| 182 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 183 | size_t message_len = params.modulus_size / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 184 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 185 | uint8_t* signature; |
| 186 | size_t siglen; |
| 187 | EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 188 | &signature, &siglen)); |
| 189 | Malloc_Delete sig_deleter(signature); |
| 190 | EXPECT_EQ(message_len, siglen); |
| 191 | } |
| 192 | |
| 193 | TEST_F(SigningTest, RsaShortMessage) { |
| 194 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 195 | uint8_t* ptr = NULL; |
| 196 | size_t size; |
| 197 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 198 | EXPECT_GT(size, 0U); |
| 199 | Malloc_Delete key_deleter(ptr); |
| 200 | |
| 201 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 202 | size_t message_len = params.modulus_size / 8 - 1; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 203 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 204 | uint8_t* signature; |
| 205 | size_t siglen; |
| 206 | EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, device.sign_data(&sig_params, ptr, size, message.get(), |
| 207 | message_len, &signature, &siglen)); |
| 208 | } |
| 209 | |
| 210 | TEST_F(SigningTest, RsaLongMessage) { |
| 211 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 212 | uint8_t* ptr = NULL; |
| 213 | size_t size; |
| 214 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 215 | EXPECT_GT(size, 0U); |
| 216 | Malloc_Delete key_deleter(ptr); |
| 217 | |
| 218 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 219 | size_t message_len = params.modulus_size / 8 + 1; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 220 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 221 | uint8_t* signature; |
| 222 | size_t siglen; |
| 223 | EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, device.sign_data(&sig_params, ptr, size, message.get(), |
| 224 | message_len, &signature, &siglen)); |
| 225 | } |
| 226 | |
| 227 | TEST_F(SigningTest, EcdsaSuccess) { |
| 228 | keymaster_ec_keygen_params_t params = {256}; |
| 229 | uint8_t* ptr = NULL; |
| 230 | size_t size; |
| 231 | ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size)); |
| 232 | EXPECT_GT(size, 0U); |
| 233 | Malloc_Delete key_deleter(ptr); |
| 234 | |
| 235 | keymaster_ec_sign_params_t sig_params = {DIGEST_NONE}; |
| 236 | uint8_t message[] = "12345678901234567890123456789012"; |
| 237 | uint8_t* signature; |
| 238 | size_t siglen; |
| 239 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message, |
| 240 | array_size(message) - 1, &signature, &siglen)); |
| 241 | Malloc_Delete sig_deleter(signature); |
| 242 | EXPECT_GT(siglen, 69U); |
| 243 | EXPECT_LT(siglen, 73U); |
| 244 | } |
| 245 | |
| 246 | TEST_F(SigningTest, EcdsaEmptyMessageSuccess) { |
| 247 | keymaster_ec_keygen_params_t params = {256}; |
| 248 | uint8_t* ptr = NULL; |
| 249 | size_t size; |
| 250 | ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size)); |
| 251 | EXPECT_GT(size, 0U); |
| 252 | Malloc_Delete key_deleter(ptr); |
| 253 | |
| 254 | keymaster_ec_sign_params_t sig_params = {DIGEST_NONE}; |
| 255 | uint8_t message[] = ""; |
| 256 | uint8_t* signature; |
| 257 | size_t siglen; |
| 258 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message, |
| 259 | array_size(message) - 1, &signature, &siglen)); |
| 260 | Malloc_Delete sig_deleter(signature); |
| 261 | EXPECT_GT(siglen, 69U); |
| 262 | EXPECT_LT(siglen, 73U); |
| 263 | } |
| 264 | |
| 265 | TEST_F(SigningTest, EcdsaLargeMessageSuccess) { |
| 266 | keymaster_ec_keygen_params_t params = {256}; |
| 267 | uint8_t* ptr = NULL; |
| 268 | size_t size; |
| 269 | ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size)); |
| 270 | EXPECT_GT(size, 0U); |
| 271 | Malloc_Delete key_deleter(ptr); |
| 272 | |
| 273 | keymaster_ec_sign_params_t sig_params = {DIGEST_NONE}; |
| 274 | size_t message_len = 1024 * 7; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 275 | std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 276 | // contents of message don't matter. |
| 277 | uint8_t* signature; |
| 278 | size_t siglen; |
| 279 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 280 | &signature, &siglen)); |
| 281 | Malloc_Delete sig_deleter(signature); |
| 282 | EXPECT_GT(siglen, 69U); |
| 283 | EXPECT_LT(siglen, 73U); |
| 284 | } |
| 285 | |
| 286 | typedef TrustyKeymasterTest VerificationTest; |
| 287 | TEST_F(VerificationTest, RsaSuccess) { |
| 288 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 289 | uint8_t* ptr = NULL; |
| 290 | size_t size; |
| 291 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 292 | EXPECT_GT(size, 0U); |
| 293 | Malloc_Delete key_deleter(ptr); |
| 294 | |
| 295 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 296 | size_t message_len = params.modulus_size / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 297 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 298 | uint8_t* signature; |
| 299 | size_t siglen; |
| 300 | EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 301 | &signature, &siglen)); |
| 302 | Malloc_Delete sig_deleter(signature); |
| 303 | |
| 304 | EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, ptr, size, message.get(), message_len, |
| 305 | signature, siglen)); |
| 306 | } |
| 307 | |
| 308 | TEST_F(VerificationTest, RsaBadSignature) { |
| 309 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 310 | uint8_t* ptr = NULL; |
| 311 | size_t size; |
| 312 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 313 | EXPECT_GT(size, 0U); |
| 314 | Malloc_Delete key_deleter(ptr); |
| 315 | |
| 316 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 317 | size_t message_len = params.modulus_size / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 318 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 319 | uint8_t* signature; |
| 320 | size_t siglen; |
| 321 | EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 322 | &signature, &siglen)); |
| 323 | |
| 324 | Malloc_Delete sig_deleter(signature); |
| 325 | signature[siglen / 2]++; |
| 326 | EXPECT_EQ( |
| 327 | KM_ERROR_VERIFICATION_FAILED, |
| 328 | device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen)); |
| 329 | } |
| 330 | |
| 331 | TEST_F(VerificationTest, RsaBadMessage) { |
| 332 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 333 | uint8_t* ptr = NULL; |
| 334 | size_t size; |
| 335 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 336 | EXPECT_GT(size, 0U); |
| 337 | Malloc_Delete key_deleter(ptr); |
| 338 | |
| 339 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 340 | size_t message_len = params.modulus_size / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 341 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 342 | uint8_t* signature; |
| 343 | size_t siglen; |
| 344 | EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 345 | &signature, &siglen)); |
| 346 | Malloc_Delete sig_deleter(signature); |
| 347 | message[0]++; |
| 348 | EXPECT_EQ( |
| 349 | KM_ERROR_VERIFICATION_FAILED, |
| 350 | device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen)); |
| 351 | } |
| 352 | |
| 353 | TEST_F(VerificationTest, RsaShortMessage) { |
| 354 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 355 | uint8_t* ptr = NULL; |
| 356 | size_t size; |
| 357 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 358 | EXPECT_GT(size, 0U); |
| 359 | Malloc_Delete key_deleter(ptr); |
| 360 | |
| 361 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 362 | size_t message_len = params.modulus_size / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 363 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 364 | uint8_t* signature; |
| 365 | size_t siglen; |
| 366 | EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 367 | &signature, &siglen)); |
| 368 | |
| 369 | Malloc_Delete sig_deleter(signature); |
| 370 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, |
| 371 | device.verify_data(&sig_params, ptr, size, message.get(), message_len - 1, signature, |
| 372 | siglen)); |
| 373 | } |
| 374 | |
| 375 | TEST_F(VerificationTest, RsaLongMessage) { |
| 376 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 377 | uint8_t* ptr = NULL; |
| 378 | size_t size; |
| 379 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 380 | EXPECT_GT(size, 0U); |
| 381 | Malloc_Delete key_deleter(ptr); |
| 382 | |
| 383 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 384 | size_t message_len = params.modulus_size / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 385 | std::unique_ptr<uint8_t[]> message(build_message(message_len + 1)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 386 | uint8_t* signature; |
| 387 | size_t siglen; |
| 388 | EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 389 | &signature, &siglen)); |
| 390 | Malloc_Delete sig_deleter(signature); |
| 391 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, |
| 392 | device.verify_data(&sig_params, ptr, size, message.get(), message_len + 1, signature, |
| 393 | siglen)); |
| 394 | } |
| 395 | |
| 396 | TEST_F(VerificationTest, EcdsaSuccess) { |
| 397 | keymaster_ec_keygen_params_t params = {256}; |
| 398 | uint8_t* ptr = NULL; |
| 399 | size_t size; |
| 400 | ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size)); |
| 401 | EXPECT_GT(size, 0U); |
| 402 | Malloc_Delete key_deleter(ptr); |
| 403 | |
| 404 | keymaster_ec_sign_params_t sig_params = {DIGEST_NONE}; |
| 405 | uint8_t message[] = "12345678901234567890123456789012"; |
| 406 | uint8_t* signature; |
| 407 | size_t siglen; |
| 408 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message, |
| 409 | array_size(message) - 1, &signature, &siglen)); |
| 410 | Malloc_Delete sig_deleter(signature); |
| 411 | EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, ptr, size, message, |
| 412 | array_size(message) - 1, signature, siglen)); |
| 413 | } |
| 414 | |
| 415 | TEST_F(VerificationTest, EcdsaLargeMessageSuccess) { |
| 416 | keymaster_ec_keygen_params_t params = {256}; |
| 417 | uint8_t* ptr = NULL; |
| 418 | size_t size; |
| 419 | ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &ptr, &size)); |
| 420 | EXPECT_GT(size, 0U); |
| 421 | Malloc_Delete key_deleter(ptr); |
| 422 | |
| 423 | keymaster_ec_sign_params_t sig_params = {DIGEST_NONE}; |
| 424 | size_t message_len = 1024 * 7; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 425 | std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 426 | // contents of message don't matter. |
| 427 | uint8_t* signature; |
| 428 | size_t siglen; |
| 429 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 430 | &signature, &siglen)); |
| 431 | Malloc_Delete sig_deleter(signature); |
| 432 | EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, ptr, size, message.get(), message_len, |
| 433 | signature, siglen)); |
| 434 | } |
| 435 | |
| 436 | static string read_file(const string& file_name) { |
| 437 | ifstream file_stream(file_name, std::ios::binary); |
| 438 | istreambuf_iterator<char> file_begin(file_stream); |
| 439 | istreambuf_iterator<char> file_end; |
| 440 | return string(file_begin, file_end); |
| 441 | } |
| 442 | |
| 443 | typedef TrustyKeymasterTest ImportKeyTest; |
| 444 | TEST_F(ImportKeyTest, RsaSuccess) { |
| 445 | string pk8_key = read_file("../../../../system/keymaster/rsa_privkey_pk8.der"); |
| 446 | ASSERT_EQ(633U, pk8_key.size()); |
| 447 | |
| 448 | uint8_t* key = NULL; |
| 449 | size_t size; |
| 450 | ASSERT_EQ(KM_ERROR_OK, device.import_keypair(reinterpret_cast<const uint8_t*>(pk8_key.data()), |
| 451 | pk8_key.size(), &key, &size)); |
| 452 | Malloc_Delete key_deleter(key); |
| 453 | |
| 454 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 455 | size_t message_size = 1024 /* key size */ / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 456 | std::unique_ptr<uint8_t[]> message(new uint8_t[message_size]); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 457 | memset(message.get(), 'a', message_size); |
| 458 | uint8_t* signature; |
| 459 | size_t siglen; |
| 460 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, key, size, message.get(), message_size, |
| 461 | &signature, &siglen)); |
| 462 | Malloc_Delete sig_deleter(signature); |
| 463 | EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, key, size, message.get(), message_size, |
| 464 | signature, siglen)); |
| 465 | } |
| 466 | |
| 467 | TEST_F(ImportKeyTest, EcdsaSuccess) { |
| 468 | string pk8_key = read_file("../../../../system/keymaster/ec_privkey_pk8.der"); |
| 469 | ASSERT_EQ(138U, pk8_key.size()); |
| 470 | |
| 471 | uint8_t* key = NULL; |
| 472 | size_t size; |
| 473 | ASSERT_EQ(KM_ERROR_OK, device.import_keypair(reinterpret_cast<const uint8_t*>(pk8_key.data()), |
| 474 | pk8_key.size(), &key, &size)); |
| 475 | Malloc_Delete key_deleter(key); |
| 476 | |
| 477 | keymaster_ec_sign_params_t sig_params = {DIGEST_NONE}; |
| 478 | uint8_t message[] = "12345678901234567890123456789012"; |
| 479 | uint8_t* signature; |
| 480 | size_t siglen; |
| 481 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, key, size, message, |
| 482 | array_size(message) - 1, &signature, &siglen)); |
| 483 | Malloc_Delete sig_deleter(signature); |
| 484 | EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, key, size, message, |
| 485 | array_size(message) - 1, signature, siglen)); |
| 486 | } |
| 487 | |
| 488 | struct EVP_PKEY_CTX_Delete { |
| 489 | void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); } |
| 490 | }; |
| 491 | |
| 492 | static void VerifySignature(const uint8_t* key, size_t key_len, const uint8_t* signature, |
| 493 | size_t signature_len, const uint8_t* message, size_t message_len) { |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 494 | std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(d2i_PUBKEY(NULL, &key, key_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 495 | ASSERT_TRUE(pkey.get() != NULL); |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 496 | std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 497 | ASSERT_TRUE(ctx.get() != NULL); |
| 498 | ASSERT_EQ(1, EVP_PKEY_verify_init(ctx.get())); |
| 499 | if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) |
| 500 | ASSERT_EQ(1, EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING)); |
| 501 | EXPECT_EQ(1, EVP_PKEY_verify(ctx.get(), signature, signature_len, message, message_len)); |
| 502 | } |
| 503 | |
| 504 | typedef TrustyKeymasterTest ExportKeyTest; |
| 505 | TEST_F(ExportKeyTest, RsaSuccess) { |
| 506 | keymaster_rsa_keygen_params_t params = build_rsa_params(); |
| 507 | uint8_t* ptr = NULL; |
| 508 | size_t size; |
| 509 | ASSERT_EQ(0, device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size)); |
| 510 | EXPECT_GT(size, 0U); |
| 511 | Malloc_Delete key_deleter(ptr); |
| 512 | |
| 513 | uint8_t* exported; |
| 514 | size_t exported_size; |
| 515 | EXPECT_EQ(KM_ERROR_OK, device.get_keypair_public(ptr, size, &exported, &exported_size)); |
| 516 | Malloc_Delete exported_deleter(exported); |
| 517 | |
| 518 | // Sign a message so we can verify it with the exported pubkey. |
| 519 | keymaster_rsa_sign_params_t sig_params = {DIGEST_NONE, PADDING_NONE}; |
| 520 | size_t message_len = params.modulus_size / 8; |
Andreas Gampe | b9d9da2 | 2017-10-02 11:52:53 -0700 | [diff] [blame] | 521 | std::unique_ptr<uint8_t[]> message(build_message(message_len)); |
Andres Morales | b33c9b8 | 2015-09-08 17:56:07 -0700 | [diff] [blame] | 522 | uint8_t* signature; |
| 523 | size_t siglen; |
| 524 | EXPECT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, ptr, size, message.get(), message_len, |
| 525 | &signature, &siglen)); |
| 526 | Malloc_Delete sig_deleter(signature); |
| 527 | EXPECT_EQ(message_len, siglen); |
| 528 | const uint8_t* tmp = exported; |
| 529 | |
| 530 | VerifySignature(exported, exported_size, signature, siglen, message.get(), message_len); |
| 531 | } |
| 532 | |
| 533 | typedef TrustyKeymasterTest ExportKeyTest; |
| 534 | TEST_F(ExportKeyTest, EcdsaSuccess) { |
| 535 | keymaster_ec_keygen_params_t params = {256}; |
| 536 | uint8_t* key = NULL; |
| 537 | size_t size; |
| 538 | ASSERT_EQ(0, device.generate_keypair(TYPE_EC, ¶ms, &key, &size)); |
| 539 | EXPECT_GT(size, 0U); |
| 540 | Malloc_Delete key_deleter(key); |
| 541 | |
| 542 | uint8_t* exported; |
| 543 | size_t exported_size; |
| 544 | EXPECT_EQ(KM_ERROR_OK, device.get_keypair_public(key, size, &exported, &exported_size)); |
| 545 | Malloc_Delete exported_deleter(exported); |
| 546 | |
| 547 | // Sign a message so we can verify it with the exported pubkey. |
| 548 | keymaster_ec_sign_params_t sig_params = {DIGEST_NONE}; |
| 549 | uint8_t message[] = "12345678901234567890123456789012"; |
| 550 | uint8_t* signature; |
| 551 | size_t siglen; |
| 552 | ASSERT_EQ(KM_ERROR_OK, device.sign_data(&sig_params, key, size, message, |
| 553 | array_size(message) - 1, &signature, &siglen)); |
| 554 | Malloc_Delete sig_deleter(signature); |
| 555 | EXPECT_EQ(KM_ERROR_OK, device.verify_data(&sig_params, key, size, message, |
| 556 | array_size(message) - 1, signature, siglen)); |
| 557 | |
| 558 | VerifySignature(exported, exported_size, signature, siglen, message, array_size(message) - 1); |
| 559 | } |
| 560 | |
| 561 | } // namespace test |
| 562 | } // namespace keymaster |