Enhance keymaster tests

Check the key values of successful attempts.

For imported keys, the key values should match the
input values when they're returned.

For generated keys, the modulus size should be correct and the public
exponent should be correct.

Bug: 6736252
Bug: http://code.google.com/p/android/issues/detail?id=34212
Change-Id: I37ed97d36ebfbe4301b43426129928bcb53c39f8

2 files changed, 97 insertions, 37 deletions

diff --git a/tests/keymaster/Android.mk b/tests/keymaster/Android.mk
index 2661211..e53e67f 100644
--- a/tests/keymaster/Android.mk
+++ b/tests/keymaster/Android.mk
@@ -10,11 +10,13 @@ LOCAL_SRC_FILES:= \
 LOCAL_C_INCLUDES := \
     bionic \
     external/gtest/include \
+    external/openssl/include \
     external/stlport/stlport
 
 LOCAL_SHARED_LIBRARIES := \
     liblog \
     libutils \
+    libcrypto \
     libstlport \
     libhardware
 
diff --git a/tests/keymaster/keymaster_test.cpp b/tests/keymaster/keymaster_test.cpp
index f4cfcd2..dd24fcb 100644
--- a/tests/keymaster/keymaster_test.cpp
+++ b/tests/keymaster/keymaster_test.cpp
@@ -22,6 +22,10 @@
 
 #include <gtest/gtest.h>
 
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
 #include <fstream>
 #include <iostream>
 
@@ -93,6 +97,34 @@ private:
     keymaster_device_t** mDevice;
 };
 
+struct BIGNUM_Delete {
+    void operator()(BIGNUM* p) const {
+        BN_free(p);
+    }
+};
+typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
+
+struct EVP_PKEY_Delete {
+    void operator()(EVP_PKEY* p) const {
+        EVP_PKEY_free(p);
+    }
+};
+typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
+
+struct PKCS8_PRIV_KEY_INFO_Delete {
+    void operator()(PKCS8_PRIV_KEY_INFO* p) const {
+        PKCS8_PRIV_KEY_INFO_free(p);
+    }
+};
+typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
+
+struct RSA_Delete {
+    void operator()(RSA* p) const {
+        RSA_free(p);
+    }
+};
+typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
+
 /*
  * DER-encoded PKCS#8 format RSA key. Generated using:
  *
@@ -209,8 +241,8 @@ static uint8_t TEST_KEY_1[] = {
 static unsigned char BOGUS_KEY_1[] = { 0xFF, 0xFF, 0xFF, 0xFF };
 
 
-class KeymasterTest : public testing::Test {
-protected:
+class KeymasterBaseTest : public ::testing::Test {
+public:
     static void SetUpTestCase() {
         const hw_module_t* mod;
         ASSERT_EQ(0, hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod))
@@ -241,22 +273,24 @@ protected:
         ASSERT_EQ(0, keymaster_close(sDevice));
     }
 
-    virtual void SetUp() {
-    }
+protected:
+    static keymaster_device_t* sDevice;
+};
 
-    virtual void TearDown() {
-    }
+keymaster_device_t* KeymasterBaseTest::sDevice = NULL;
 
-    static keymaster_device_t* sDevice;
+class KeymasterTest : public KeymasterBaseTest {
 };
 
-keymaster_device_t* KeymasterTest::sDevice = NULL;
+class KeymasterGenerateTest : public KeymasterBaseTest,
+                              public ::testing::WithParamInterface<uint32_t> {
+};
 
-TEST_F(KeymasterTest, GenerateKeyPair_RSA_512_Success) {
+TEST_P(KeymasterGenerateTest, GenerateKeyPair_RSA_Success) {
     keymaster_keypair_t key_type = TYPE_RSA;
     keymaster_rsa_keygen_params_t params = {
-            modulus_size: 512,
-            public_exponent: 0x10001L,
+            modulus_size: GetParam(),
+            public_exponent: RSA_F4,
     };
 
     uint8_t* key_blob;
@@ -266,40 +300,39 @@ TEST_F(KeymasterTest, GenerateKeyPair_RSA_512_Success) {
             sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
             << "Should generate an RSA key with 512 bit modulus size";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
-}
 
-TEST_F(KeymasterTest, GenerateKeyPair_RSA_1024_Success) {
-    keymaster_keypair_t key_type = TYPE_RSA;
-    keymaster_rsa_keygen_params_t params = {
-            modulus_size: 1024,
-            public_exponent: 0x3L,
-    };
+    uint8_t* x509_data = NULL;
+    size_t x509_data_length;
+    EXPECT_EQ(0,
+            sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
+                    &x509_data, &x509_data_length))
+            << "Should be able to retrieve RSA public key successfully";
+    UniqueBlob x509_blob(x509_data, x509_data_length);
+    ASSERT_FALSE(x509_blob.get() == NULL)
+            << "X509 data should be allocated";
 
-    uint8_t* key_blob;
-    size_t key_blob_length;
+    const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
+    Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
+            static_cast<long>(x509_blob.length())));
 
-    EXPECT_EQ(0,
-            sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
-            << "Should generate an RSA key with 2048 bit modulus size";
-    UniqueKey key(&sDevice, key_blob, key_blob_length);
-}
+    ASSERT_EQ(EVP_PKEY_RSA, EVP_PKEY_type(actual.get()->type))
+            << "Generated key type should be of type RSA";
 
-TEST_F(KeymasterTest, GenerateKeyPair_RSA_2048_Success) {
-    keymaster_keypair_t key_type = TYPE_RSA;
-    keymaster_rsa_keygen_params_t params = {
-            modulus_size: 2048,
-            public_exponent: 0x3L,
-    };
+    Unique_RSA rsa(EVP_PKEY_get1_RSA(actual.get()));
+    ASSERT_FALSE(rsa.get() == NULL)
+            << "Should be able to extract RSA key from EVP_PKEY";
 
-    uint8_t* key_blob;
-    size_t key_blob_length;
+    EXPECT_EQ(static_cast<unsigned long>(RSA_F4), BN_get_word(rsa.get()->e))
+            << "Exponent should be RSA_F4";
 
-    EXPECT_EQ(0,
-            sDevice->generate_keypair(sDevice, key_type, &params, &key_blob, &key_blob_length))
-            << "Should generate an RSA key with 2048 bit modulus size";
-    UniqueKey key(&sDevice, key_blob, key_blob_length);
+    EXPECT_EQ(GetParam() / 8, static_cast<uint32_t>(RSA_size(rsa.get())))
+            << "Modulus size should be the specified parameter";
 }
 
+INSTANTIATE_TEST_CASE_P(RSA,
+                        KeymasterGenerateTest,
+                        ::testing::Values(512, 1024, 2048));
+
 TEST_F(KeymasterTest, GenerateKeyPair_RSA_NullParams_Failure) {
     keymaster_keypair_t key_type = TYPE_RSA;
 
@@ -331,6 +364,31 @@ TEST_F(KeymasterTest, ImportKeyPair_RSA_Success) {
                     &key_blob, &key_blob_length))
             << "Should successfully import an RSA key";
     UniqueKey key(&sDevice, key_blob, key_blob_length);
+
+    uint8_t* x509_data;
+    size_t x509_data_length;
+    EXPECT_EQ(0,
+            sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
+                    &x509_data, &x509_data_length))
+            << "Should be able to retrieve RSA public key successfully";
+    UniqueBlob x509_blob(x509_data, x509_data_length);
+
+    const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
+    Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
+            static_cast<long>(x509_blob.length())));
+
+    EXPECT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_RSA)
+            << "Generated key type should be of type RSA";
+
+    const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_KEY_1);
+    Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8(
+            d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp,
+                    sizeof(TEST_KEY_1)));
+
+    Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get()));
+
+    EXPECT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get()))
+            << "Expected and actual keys should match";
 }
 
 TEST_F(KeymasterTest, ImportKeyPair_BogusKey_Failure) {