xref: /aosp_15_r20/system/keymaster/tests/wrapped_key_test.cpp (revision 789431f29546679ab5188a97751fb38e3018d44d) 
1*789431f2SAndroid Build Coastguard Worker /*
2*789431f2SAndroid Build Coastguard Worker  * Copyright 2017 The Android Open Source Project
3*789431f2SAndroid Build Coastguard Worker  *
4*789431f2SAndroid Build Coastguard Worker  * Licensed under the Apache License, Version 2.0 (the "License");
5*789431f2SAndroid Build Coastguard Worker  * you may not use this file except in compliance with the License.
6*789431f2SAndroid Build Coastguard Worker  * You may obtain a copy of the License at
7*789431f2SAndroid Build Coastguard Worker  *
8*789431f2SAndroid Build Coastguard Worker  *      http://www.apache.org/licenses/LICENSE-2.0
9*789431f2SAndroid Build Coastguard Worker  *
10*789431f2SAndroid Build Coastguard Worker  * Unless required by applicable law or agreed to in writing, software
11*789431f2SAndroid Build Coastguard Worker  * distributed under the License is distributed on an "AS IS" BASIS,
12*789431f2SAndroid Build Coastguard Worker  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*789431f2SAndroid Build Coastguard Worker  * See the License for the specific language governing permissions and
14*789431f2SAndroid Build Coastguard Worker  * limitations under the License.
15*789431f2SAndroid Build Coastguard Worker  */
16*789431f2SAndroid Build Coastguard Worker 
17*789431f2SAndroid Build Coastguard Worker #include <iostream>
18*789431f2SAndroid Build Coastguard Worker 
19*789431f2SAndroid Build Coastguard Worker #include <gtest/gtest.h>
20*789431f2SAndroid Build Coastguard Worker 
21*789431f2SAndroid Build Coastguard Worker #include <keymaster/wrapped_key.h>
22*789431f2SAndroid Build Coastguard Worker 
23*789431f2SAndroid Build Coastguard Worker #include "android_keymaster_test_utils.h"
24*789431f2SAndroid Build Coastguard Worker 
25*789431f2SAndroid Build Coastguard Worker using ::std::cout;
26*789431f2SAndroid Build Coastguard Worker using ::std::endl;
27*789431f2SAndroid Build Coastguard Worker using ::std::string;
28*789431f2SAndroid Build Coastguard Worker 
29*789431f2SAndroid Build Coastguard Worker namespace keymaster {
30*789431f2SAndroid Build Coastguard Worker namespace test {
31*789431f2SAndroid Build Coastguard Worker 
32*789431f2SAndroid Build Coastguard Worker string test_wrapped_key = hex2str(
33*789431f2SAndroid Build Coastguard Worker     "3082015E020100048201005930C4FFE73B214575A66FB1DC07FD72F2508488F927926DB8DE8A78D780169FFC79728E"
34*789431f2SAndroid Build Coastguard Worker     "63BE14280C5481856CB51886BB1FF7D7F0BB73013DAE5386C7F63CD7D12E7FCC9AF89A7A52E68AEBB3CD3C08819FB2"
35*789431f2SAndroid Build Coastguard Worker     "A1D10EA717FF662D9FCF00194B7D7B75F6A898EF3295454642F697123758FB172EF015B515A2AC791BE35077346503"
36*789431f2SAndroid Build Coastguard Worker     "7D25B45375B7E00472C5250F7FD9053ECEA62D59EE3734C919A124A1659EF4F031F137DB661C0E846DFEE46C4CC85F"
37*789431f2SAndroid Build Coastguard Worker     "99B47708ADDEF2B21E1143F59A0EE12E0AB5ADF9E03C26642FC36905F38EE60A9B385FF4785FDF6611B60BD9DB283D"
38*789431f2SAndroid Build Coastguard Worker     "EDD4481DFCBCCBB51166F475A94898EC759BB9125520304FF82124559D27BE2B040CD796B02C370F1FA4CC0124F130"
39*789431f2SAndroid Build Coastguard Worker     "13020103300EA1023100A203020120A3030201200420CCD540855F833A5E1480BFD2D36FAF3AEEE15DF5BEABE2691B"
40*789431f2SAndroid Build Coastguard Worker     "C82DDE2A7AA910041094CD97F58DE55B737B60B3AD127B1C59");
41*789431f2SAndroid Build Coastguard Worker 
42*789431f2SAndroid Build Coastguard Worker string test_tag = hex2str("94CD97F58DE55B737B60B3AD127B1C59");
43*789431f2SAndroid Build Coastguard Worker string test_iv = hex2str("D796B02C370F1FA4CC0124F1");
44*789431f2SAndroid Build Coastguard Worker string test_transit_key =
45*789431f2SAndroid Build Coastguard Worker     hex2str("78421A8124D7960B4CBFC8F4F16B421B3511A3D29CFB329C3CCD90724FD9E8E440"
46*789431f2SAndroid Build Coastguard Worker             "F0058F2035645EDAD7BCF62D0ED23D39B049069B2B0F8607F32B084804824A6620"
47*789431f2SAndroid Build Coastguard Worker             "F2658FC74ECBFCE9533FE220E981EF1E05170988CA5EB42480FCD711B7668140DF"
48*789431f2SAndroid Build Coastguard Worker             "5DC5D23DCAFC536A971DDB4FD65E5B5F7C01E5C13079CA03C301A28C2463885663"
49*789431f2SAndroid Build Coastguard Worker             "BD649400113A8AF4FDF0D3A8B1964D48D4B5EF696D6CE4F7EF943966E7CAB4A9EA"
50*789431f2SAndroid Build Coastguard Worker             "88AD0364E454452D5D5A2EFB57049C5EDDF6AEFB068B4D5A739E5B9ACFB3F0891B"
51*789431f2SAndroid Build Coastguard Worker             "972B1A1F65167EAC34FD73BDB3D60CE6886293F755A3EA6D6CF216CB00E3A28A05"
52*789431f2SAndroid Build Coastguard Worker             "9A41818BEFE3A159329A335CF3BA87B65C53D691FC12FF1911");
53*789431f2SAndroid Build Coastguard Worker string test_secure_key =
54*789431f2SAndroid Build Coastguard Worker     hex2str("CCD540855F833A5E1480BFD2D36FAF3AEEE15DF5BEABE2691BC82DDE2A7AA910");
55*789431f2SAndroid Build Coastguard Worker 
blob2string(keymaster_blob_t & blob)56*789431f2SAndroid Build Coastguard Worker string blob2string(keymaster_blob_t& blob) {
57*789431f2SAndroid Build Coastguard Worker     string s(reinterpret_cast<const char*>(blob.data), blob.data_length);
58*789431f2SAndroid Build Coastguard Worker     return s;
59*789431f2SAndroid Build Coastguard Worker }
60*789431f2SAndroid Build Coastguard Worker 
keyblob2string(keymaster_key_blob_t & blob)61*789431f2SAndroid Build Coastguard Worker string keyblob2string(keymaster_key_blob_t& blob) {
62*789431f2SAndroid Build Coastguard Worker     string s(reinterpret_cast<const char*>(blob.key_material), blob.key_material_size);
63*789431f2SAndroid Build Coastguard Worker     return s;
64*789431f2SAndroid Build Coastguard Worker }
65*789431f2SAndroid Build Coastguard Worker 
TEST(WrappedKeyTest,Simple)66*789431f2SAndroid Build Coastguard Worker TEST(WrappedKeyTest, Simple) {
67*789431f2SAndroid Build Coastguard Worker 
68*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob asn1;
69*789431f2SAndroid Build Coastguard Worker 
70*789431f2SAndroid Build Coastguard Worker     KeymasterBlob iv = {reinterpret_cast<const uint8_t*>(test_iv.c_str()), test_iv.size()};
71*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob tk = {reinterpret_cast<const uint8_t*>(test_transit_key.c_str()),
72*789431f2SAndroid Build Coastguard Worker                            test_transit_key.size()};
73*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob secure_key = {reinterpret_cast<const uint8_t*>(test_secure_key.c_str()),
74*789431f2SAndroid Build Coastguard Worker                                    test_secure_key.size()};
75*789431f2SAndroid Build Coastguard Worker     KeymasterBlob tag = {reinterpret_cast<const uint8_t*>(test_tag.c_str()), test_tag.size()};
76*789431f2SAndroid Build Coastguard Worker     AuthorizationSet authorization_list = AuthorizationSetBuilder().AesEncryptionKey(256).build();
77*789431f2SAndroid Build Coastguard Worker 
78*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(
79*789431f2SAndroid Build Coastguard Worker         build_wrapped_key(tk, iv, KM_KEY_FORMAT_RAW, secure_key, tag, authorization_list, &asn1),
80*789431f2SAndroid Build Coastguard Worker         KM_ERROR_OK);
81*789431f2SAndroid Build Coastguard Worker 
82*789431f2SAndroid Build Coastguard Worker     KeymasterBlob iv2;
83*789431f2SAndroid Build Coastguard Worker     KeymasterBlob tag2;
84*789431f2SAndroid Build Coastguard Worker     KeymasterBlob wrapped_key_description;
85*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob secure_key2;
86*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob transit_key2;
87*789431f2SAndroid Build Coastguard Worker     AuthorizationSet auth_list;
88*789431f2SAndroid Build Coastguard Worker     keymaster_key_format_t key_format;
89*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(parse_wrapped_key(asn1, &iv2, &transit_key2, &secure_key2, &tag2, &auth_list,
90*789431f2SAndroid Build Coastguard Worker                                 &key_format, &wrapped_key_description),
91*789431f2SAndroid Build Coastguard Worker               KM_ERROR_OK);
92*789431f2SAndroid Build Coastguard Worker 
93*789431f2SAndroid Build Coastguard Worker     uint32_t key_size;
94*789431f2SAndroid Build Coastguard Worker     auth_list.GetTagValue(TAG_KEY_SIZE, &key_size);
95*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(key_size, (uint32_t)256);
96*789431f2SAndroid Build Coastguard Worker 
97*789431f2SAndroid Build Coastguard Worker     keymaster_algorithm_t algorithm;
98*789431f2SAndroid Build Coastguard Worker     auth_list.GetTagValue(TAG_ALGORITHM, &algorithm);
99*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(algorithm, KM_ALGORITHM_AES);
100*789431f2SAndroid Build Coastguard Worker 
101*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(key_format, (uint32_t)KM_KEY_FORMAT_RAW);
102*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(blob2string(tag2), test_tag);
103*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(blob2string(iv2), test_iv);
104*789431f2SAndroid Build Coastguard Worker }
105*789431f2SAndroid Build Coastguard Worker 
TEST(WrappedKeyTest,Unwrap)106*789431f2SAndroid Build Coastguard Worker TEST(WrappedKeyTest, Unwrap) {
107*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob wrapped_key = {reinterpret_cast<const uint8_t*>(test_wrapped_key.c_str()),
108*789431f2SAndroid Build Coastguard Worker                                     test_wrapped_key.size()};
109*789431f2SAndroid Build Coastguard Worker 
110*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob secure_key;
111*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob transit_key;
112*789431f2SAndroid Build Coastguard Worker     KeymasterBlob iv;
113*789431f2SAndroid Build Coastguard Worker     KeymasterBlob tag;
114*789431f2SAndroid Build Coastguard Worker     KeymasterBlob wrapped_key_description;
115*789431f2SAndroid Build Coastguard Worker     AuthorizationSet auth_list;
116*789431f2SAndroid Build Coastguard Worker     keymaster_key_format_t key_format;
117*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(parse_wrapped_key(wrapped_key, &iv, &transit_key, &secure_key, &tag, &auth_list,
118*789431f2SAndroid Build Coastguard Worker                                 &key_format, &wrapped_key_description),
119*789431f2SAndroid Build Coastguard Worker               KM_ERROR_OK);
120*789431f2SAndroid Build Coastguard Worker 
121*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(blob2string(tag), test_tag);
122*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(blob2string(iv), test_iv);
123*789431f2SAndroid Build Coastguard Worker     EXPECT_EQ(keyblob2string(secure_key), test_secure_key);
124*789431f2SAndroid Build Coastguard Worker }
125*789431f2SAndroid Build Coastguard Worker 
126*789431f2SAndroid Build Coastguard Worker }  // namespace test
127*789431f2SAndroid Build Coastguard Worker }  // namespace keymaster
128