summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2012-08-08 17:04:40 -0700
committerKenny Root <kroot@google.com>2012-08-09 12:12:28 -0700
commit8467a6d2918274295212d07fc6e3894f6bc5d623 (patch)
tree2681c0bcf8dcbaba6d0b0329598c3c7b66437efd
parent8655693eff5d4d5e65e4dd0877d0a9d29be706bc (diff)
downloadhardware_libhardware-8467a6d2918274295212d07fc6e3894f6bc5d623.zip
hardware_libhardware-8467a6d2918274295212d07fc6e3894f6bc5d623.tar.gz
hardware_libhardware-8467a6d2918274295212d07fc6e3894f6bc5d623.tar.bz2
Enhance keymaster tests
Check the key values of successful attempts. For imported keys, the key values should match the input values when they're returned. For generated keys, the modulus size should be correct and the public exponent should be correct. Bug: 6736252 Bug: http://code.google.com/p/android/issues/detail?id=34212 Change-Id: I37ed97d36ebfbe4301b43426129928bcb53c39f8
-rw-r--r--tests/keymaster/Android.mk2
-rw-r--r--tests/keymaster/keymaster_test.cpp132
2 files changed, 97 insertions, 37 deletions
diff --git a/tests/keymaster/Android.mk b/tests/keymaster/Android.mk
index 2661211..e53e67f 100644
--- a/tests/keymaster/Android.mk
+++ b/tests/keymaster/Android.mk
@@ -10,11 +10,13 @@ LOCAL_SRC_FILES:= \
LOCAL_C_INCLUDES := \
bionic \
external/gtest/include \
+ external/openssl/include \
external/stlport/stlport
LOCAL_SHARED_LIBRARIES := \
liblog \
libutils \
+ libcrypto \
libstlport \
libhardware
diff --git a/tests/keymaster/keymaster_test.cpp b/tests/keymaster/keymaster_test.cpp
index f4cfcd2..dd24fcb 100644
--- a/tests/keymaster/keymaster_test.cpp
+++ b/tests/keymaster/keymaster_test.cpp
@@ -22,6 +22,10 @@
#include <gtest/gtest.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
#include <fstream>
#include <iostream>
@@ -93,6 +97,34 @@ private:
keymaster_device_t** mDevice;
};
+struct BIGNUM_Delete {
+ void operator()(BIGNUM* p) const {
+ BN_free(p);
+ }
+};
+typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
+
+struct EVP_PKEY_Delete {
+ void operator()(EVP_PKEY* p) const {
+ EVP_PKEY_free(p);
+ }
+};
+typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
+
+struct PKCS8_PRIV_KEY_INFO_Delete {
+ void operator()(PKCS8_PRIV_KEY_INFO* p) const {
+ PKCS8_PRIV_KEY_INFO_free(p);
+ }
+};
+typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
+
+struct RSA_Delete {
+ void operator()(RSA* p) const {
+ RSA_free(p);
+ }
+};
+typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
+
/*
* DER-encoded PKCS#8 format RSA key. Generated using:
*
@@ -209,8 +241,8 @@ static uint8_t TEST_KEY_1[] = {
static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF };
-class KeymasterTest : public testing::Test {
-protected:
+class KeymasterBaseTest : public ::testing::Test {
+public:
static void SetUpTestCase() {
const hw_module_t* mod;
ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod))
@@ -241,22 +273,24 @@ protected:
ASSERT_EQ(0, keymaster_close(sDevice));
}
- virtual void SetUp() {
- }
+protected:
+ static keymaster_device_t* sDevice;
+};
- virtual void TearDown() {
- }
+keymaster_device_t* KeymasterBaseTest::sDevice = NULL;
- static keymaster_device_t* sDevice;
+class KeymasterTest : public KeymasterBaseTest {
};
-keymaster_device_t* KeymasterTest::sDevice = NULL;
+class KeymasterGenerateTest : public KeymasterBaseTest,
+ public ::testing::WithParamInterface<uint32_t> {
+};
-TEST_F(KeymasterTest, GenerateKeyPair_RSA_512_Success) {
+TEST_P(KeymasterGenerateTest, GenerateKeyPair_RSA_Success) {
keymaster_keypair_t key_type = TYPE_RSA;
keymaster_rsa_keygen_params_t params = {
- modulus_size: 512,
- public_exponent: 0x10001L,
+ modulus_size: GetParam(),
+ public_exponent: RSA_F4,
};
uint8_t* key_blob;
@@ -266,40 +300,39 @@ TEST_F(KeymasterTest, GenerateKeyPair_RSA_512_Success) {
sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
<< "Should generate an RSA key with 512 bit modulus size";
UniqueKey key(&sDevice, key_blob, key_blob_length);
-}
-TEST_F(KeymasterTest, GenerateKeyPair_RSA_1024_Success) {
- keymaster_keypair_t key_type = TYPE_RSA;
- keymaster_rsa_keygen_params_t params = {
- modulus_size: 1024,
- public_exponent: 0x3L,
- };
+ uint8_t* x509_data = NULL;
+ size_t x509_data_length;
+ EXPECT_EQ(0,
+ sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
+ &x509_data, &x509_data_length))
+ << "Should be able to retrieve RSA public key successfully";
+ UniqueBlob x509_blob(x509_data, x509_data_length);
+ ASSERT_FALSE(x509_blob.get() == NULL)
+ << "X509 data should be allocated";
- uint8_t* key_blob;
- size_t key_blob_length;
+ const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
+ Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
+ static_cast<long>(x509_blob.length())));
- EXPECT_EQ(0,
- sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
- << "Should generate an RSA key with 2048 bit modulus size";
- UniqueKey key(&sDevice, key_blob, key_blob_length);
-}
+ ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type))
+ << "Generated key type should be of type RSA";
-TEST_F(KeymasterTest, GenerateKeyPair_RSA_2048_Success) {
- keymaster_keypair_t key_type = TYPE_RSA;
- keymaster_rsa_keygen_params_t params = {
- modulus_size: 2048,
- public_exponent: 0x3L,
- };
+ Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get()));
+ ASSERT_FALSE(rsa.get() == NULL)
+ << "Should be able to extract RSA key from EVP_PKEY";
- uint8_t* key_blob;
- size_t key_blob_length;
+ EXPECT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e))
+ << "Exponent should be RSA_F4";
- EXPECT_EQ(0,
- sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
- << "Should generate an RSA key with 2048 bit modulus size";
- UniqueKey key(&sDevice, key_blob, key_blob_length);
+ EXPECT_EQ(GetParam() / 8, static_cast<uint32_t>(RSA_size(rsa.get())))
+ << "Modulus size should be the specified parameter";
}
+INSTANTIATE_TEST_CASE_P(RSA,
+ KeymasterGenerateTest,
+ ::testing::Values(512, 1024, 2048));
+
TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) {
keymaster_keypair_t key_type = TYPE_RSA;
@@ -331,6 +364,31 @@ TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) {
&key_blob, &key_blob_length))
<< "Should successfully import an RSA key";
UniqueKey key(&sDevice, key_blob, key_blob_length);
+
+ uint8_t* x509_data;
+ size_t x509_data_length;
+ EXPECT_EQ(0,
+ sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
+ &x509_data, &x509_data_length))
+ << "Should be able to retrieve RSA public key successfully";
+ UniqueBlob x509_blob(x509_data, x509_data_length);
+
+ const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
+ Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
+ static_cast<long>(x509_blob.length())));
+
+ EXPECT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA)
+ << "Generated key type should be of type RSA";
+
+ const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_KEY_1);
+ Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8(
+ d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp,
+ sizeof(TEST_KEY_1)));
+
+ Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
+
+ EXPECT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
+ << "Expected and actual keys should match";
}
TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) {