1 // Copyright 2023, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 //! Tests for software-backed keyblobs.
16 use super::*;
17 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
18 Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
19 KeyOrigin::KeyOrigin, KeyParameter::KeyParameter, KeyParameterValue::KeyParameterValue as KPV,
20 KeyPurpose::KeyPurpose, PaddingMode::PaddingMode, Tag::Tag,
21 };
22
23 macro_rules! expect_err {
24 ($result:expr, $err_msg:expr) => {
25 assert!(
26 $result.is_err(),
27 "Expected error containing '{}', got success {:?}",
28 $err_msg,
29 $result
30 );
31 let err = $result.err();
32 assert!(
33 format!("{:?}", err).contains($err_msg),
34 "Unexpected error {:?}, doesn't contain '{}'",
35 err,
36 $err_msg
37 );
38 };
39 }
40
41 #[test]
test_consume_u8()42 fn test_consume_u8() {
43 let buffer = [1, 2];
44 let mut data = &buffer[..];
45 assert_eq!(1u8, consume_u8(&mut data).unwrap());
46 assert_eq!(2u8, consume_u8(&mut data).unwrap());
47 let result = consume_u8(&mut data);
48 expect_err!(result, "failed to find 1 byte");
49 }
50
51 #[test]
test_consume_u32()52 fn test_consume_u32() {
53 // All supported platforms are little-endian.
54 let buffer = [
55 0x01, 0x02, 0x03, 0x04, // little-endian u32
56 0x04, 0x03, 0x02, 0x01, // little-endian u32
57 0x11, 0x12, 0x13,
58 ];
59 let mut data = &buffer[..];
60 assert_eq!(0x04030201u32, consume_u32(&mut data).unwrap());
61 assert_eq!(0x01020304u32, consume_u32(&mut data).unwrap());
62 let result = consume_u32(&mut data);
63 expect_err!(result, "failed to find 4 bytes");
64 }
65
66 #[test]
test_consume_i64()67 fn test_consume_i64() {
68 // All supported platforms are little-endian.
69 let buffer = [
70 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, // little-endian i64
71 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, // little-endian i64
72 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
73 ];
74 let mut data = &buffer[..];
75 assert_eq!(0x0807060504030201i64, consume_i64(&mut data).unwrap());
76 assert_eq!(0x0102030405060708i64, consume_i64(&mut data).unwrap());
77 let result = consume_i64(&mut data);
78 expect_err!(result, "failed to find 8 bytes");
79 }
80
81 #[test]
test_consume_vec()82 fn test_consume_vec() {
83 let buffer = [
84 0x01, 0x00, 0x00, 0x00, 0xaa, //
85 0x00, 0x00, 0x00, 0x00, //
86 0x01, 0x00, 0x00, 0x00, 0xbb, //
87 0x07, 0x00, 0x00, 0x00, 0xbb, // not enough data
88 ];
89 let mut data = &buffer[..];
90 assert_eq!(vec![0xaa], consume_vec(&mut data).unwrap());
91 assert_eq!(Vec::<u8>::new(), consume_vec(&mut data).unwrap());
92 assert_eq!(vec![0xbb], consume_vec(&mut data).unwrap());
93 let result = consume_vec(&mut data);
94 expect_err!(result, "failed to find 7 bytes");
95
96 let buffer = [
97 0x01, 0x00, 0x00, //
98 ];
99 let mut data = &buffer[..];
100 let result = consume_vec(&mut data);
101 expect_err!(result, "failed to find 4 bytes");
102 }
103
104 #[test]
test_key_new_from_serialized()105 fn test_key_new_from_serialized() {
106 let hidden = hidden_params(&[], &[SOFTWARE_ROOT_OF_TRUST]);
107 // Test data originally generated by instrumenting Cuttlefish C++ KeyMint while running VTS
108 // tests.
109 let tests = [
110 (
111 concat!(
112 "0010000000d43c2f04f948521b81bdbf001310f5920000000000000000000000",
113 "00000000000c0000006400000002000010200000000300003080000000010000",
114 "2000000000010000200100000004000020020000000600002001000000be0200",
115 "1000000000c1020030b0ad0100c20200307b150300bd020060a8bb52407b0100",
116 "00ce02003011643401cf020030000000003b06b13ae6ae6671",
117 ),
118 KeyBlob {
119 key_material: hex::decode("d43c2f04f948521b81bdbf001310f592").unwrap(),
120 hw_enforced: vec![],
121 sw_enforced: vec![
122 KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::AES) },
123 KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(128) },
124 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::ENCRYPT) },
125 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::DECRYPT) },
126 KeyParameter { tag: Tag::BLOCK_MODE, value: KPV::BlockMode(BlockMode::CBC) },
127 KeyParameter { tag: Tag::PADDING, value: KPV::PaddingMode(PaddingMode::NONE) },
128 KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },
129 KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },
130 KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },
131 KeyParameter {
132 tag: Tag::CREATION_DATETIME,
133 value: KPV::DateTime(1628871769000),
134 },
135 KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },
136 KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },
137 ],
138 },
139 Some(KeyFormat::RAW),
140 ),
141 (
142 concat!(
143 "00df0000003081dc020101044200b6ce876b947e263d61b8e3998d50dc0afb6b",
144 "a14e46ab7ca532fbe2a379b155d0a5bb99265402857b1601fb20be6c244bf654",
145 "e9e79413cd503eae3d9cf68ed24f47a00706052b81040023a181890381860004",
146 "006b840f0db0b12f074ab916c7773cfa7d42967c9e5b4fae09cf999f7e116d14",
147 "0743bdd028db0a3fcc670e721b9f00bc7fb70aa401c7d6de6582fc26962a29b7",
148 "45e30142e90685646661550344113aaf28bdee6cb02d19df1faab4398556a909",
149 "7d6f64b95209601a549389a311231c6cce78354f2cdbc3a904abf70686f5f0c3",
150 "b877984d000000000000000000000000000000000c0000006400000002000010",
151 "030000000a000010030000000100002002000000010000200300000005000020",
152 "000000000300003009020000be02001000000000c1020030b0ad0100c2020030",
153 "7b150300bd02006018d352407b010000ce02003011643401cf02003000000000",
154 "2f69002e55e9b0a3"
155 ),
156 KeyBlob {
157 key_material: hex::decode(concat!(
158 "3081dc020101044200b6ce876b947e263d61b8e3998d50dc0afb6ba14e46ab7c",
159 "a532fbe2a379b155d0a5bb99265402857b1601fb20be6c244bf654e9e79413cd",
160 "503eae3d9cf68ed24f47a00706052b81040023a181890381860004006b840f0d",
161 "b0b12f074ab916c7773cfa7d42967c9e5b4fae09cf999f7e116d140743bdd028",
162 "db0a3fcc670e721b9f00bc7fb70aa401c7d6de6582fc26962a29b745e30142e9",
163 "0685646661550344113aaf28bdee6cb02d19df1faab4398556a9097d6f64b952",
164 "09601a549389a311231c6cce78354f2cdbc3a904abf70686f5f0c3b877984d",
165 ))
166 .unwrap(),
167 hw_enforced: vec![],
168 sw_enforced: vec![
169 KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::EC) },
170 KeyParameter { tag: Tag::EC_CURVE, value: KPV::EcCurve(EcCurve::P_521) },
171 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::SIGN) },
172 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::VERIFY) },
173 KeyParameter { tag: Tag::DIGEST, value: KPV::Digest(Digest::NONE) },
174 KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(521) },
175 KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },
176 KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },
177 KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },
178 KeyParameter {
179 tag: Tag::CREATION_DATETIME,
180 value: KPV::DateTime(1628871775000),
181 },
182 KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },
183 KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },
184 ],
185 },
186 Some(KeyFormat::PKCS8),
187 ),
188 (
189 concat!(
190 "0037000000541d4c440223650d5f51753c1abd80c725034485551e874d62327c",
191 "65f6247a057f1218bd6c8cd7d319103ddb823fc11fb6c2c7268b5acc00000000",
192 "0000000000000000000000000c00000064000000020000108000000003000030",
193 "b801000001000020020000000100002003000000050000200400000008000030",
194 "00010000be02001000000000c1020030b0ad0100c20200307b150300bd020060",
195 "00d752407b010000ce02003011643401cf0200300000000036e6986ffc45fbb0",
196 ),
197 KeyBlob {
198 key_material: hex::decode(concat!(
199 "541d4c440223650d5f51753c1abd80c725034485551e874d62327c65f6247a05",
200 "7f1218bd6c8cd7d319103ddb823fc11fb6c2c7268b5acc"
201 ))
202 .unwrap(),
203 hw_enforced: vec![],
204 sw_enforced: vec![
205 KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::HMAC) },
206 KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(440) },
207 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::SIGN) },
208 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::VERIFY) },
209 KeyParameter { tag: Tag::DIGEST, value: KPV::Digest(Digest::SHA_2_256) },
210 KeyParameter { tag: Tag::MIN_MAC_LENGTH, value: KPV::Integer(256) },
211 KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },
212 KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },
213 KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },
214 KeyParameter {
215 tag: Tag::CREATION_DATETIME,
216 value: KPV::DateTime(1628871776000),
217 },
218 KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },
219 KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },
220 ],
221 },
222 Some(KeyFormat::RAW),
223 ),
224 (
225 concat!(
226 "00a8040000308204a40201000282010100bc47b5c71116766669b91fa747df87",
227 "a1963df83956569d4ac232aeba8a246c0ec73bf606374a6d07f30c2162f97082",
228 "825c7c6e482a2841dfeaec1429d84e52c54a6b2f760dec952c9c44a3c3a80f31",
229 "c1ced84878edd4858059071c4d20d9ab0aae978bd68c1eb448e174a9736c3973",
230 "6838151642eda8215107375865a99a57f29467c74c40f37b0221b93ec3f4f22d",
231 "5337c8bf9245d56936196a92b1dea315ecce8785f9fa9b7d159ca207612cc0de",
232 "b0957d61dbba5d9bd38784f4fecbf233b04e686a340528665ecd03db8e8a09b2",
233 "540c84e45c4a99fb338b76bba7722856b5113341c349708937228f167d238ed8",
234 "efb9cc19547dd620f6a90d95f07e50bfe102030100010282010002f91b69d9af",
235 "59fe87421af9ba60f15c77f9c1c90effd6634332876f8ee5a116b126f55d3703",
236 "8bf9f588ae20c8d951d842e35c9ef35a7822d3ebf72c0b7c3e229b289ae2e178",
237 "a848e06d558c2e03d26871ee98a35f370d461ff1c4acc39d684de680a25ec88e",
238 "e610260e406c400bdeb2893b2d0330cb483e662fa5abd24c2b82143e85dfe30a",
239 "e7a31f8262da2903d882b35a34a26b699ff2d812bad4b126a0065ec0e101d73a",
240 "e6f8b29a9144eb83f54940a371fc7416c2c0370df6a41cb5391f17ba33239e1b",
241 "4217c8db50db5c6bf77ccf621354ecc652a4f7196054c254566fd7b3bc0f3817",
242 "d9380b190bd382aaffa37785759f285194c11a188bccde0e2e2902818100fb23",
243 "3335770c9f3cbd4b6ede5f12d03c449b1997bce06a8249bc3de99972fd0d0a63",
244 "3f7790d1011bf5eedee16fa45a9107a910656ecaee364ce9edb4369843be71f2",
245 "7a74852d6c7215a6cc60d9803bcac544922f806d8e5844e0ddd914bd78009490",
246 "4c2856d2b944fade3fb1d67d4a33fb7663a9ab660ab372c2e4868a0f45990281",
247 "8100bfecf2bb4012e880fd065a0b088f2d757af2878d3f1305f21ce7a7158458",
248 "18e01181ff06b2f406239fc50808ce3dbe7b68ec01174913c0f237feb3c8c7eb",
249 "0078b77fb5b8f214b72f6d3835b1a7ebe8b132feb6cb34ab09ce22b98160fc84",
250 "20fcbf48d1eee49f874e902f049b206a61a095f0405a4935e7c5e49757ab7b57",
251 "298902818100ec0049383e16f3716de5fc5b2677148efe5dceb02483b43399bd",
252 "3765559994a9f3900eed7a7e9e8f3b0eee0e660eca392e3cb736cae612f39e55",
253 "dad696d3821def10d1f8bbca52f5e6d8e7893ffbdcb491aafdc17bebf86f84d2",
254 "d8480ed07a7bf9209d20ef6e79429489d4cb7768281a2f7e32ec1830fd6f6332",
255 "38f521ba764902818100b2c3ce5751580b4e51df3fb175387f5c24b79040a4d6",
256 "603c6265f70018b441ff3aef7d8e4cd2f480ec0906f1c4c0481304e8861f9d46",
257 "93fa48e3a9abc362859eeb343e1c5507ac94b5439ce7ac04154a2fb886a4819b",
258 "2a57e18a2e131b412ac4a09b004766959cdf357745f003e272aab3de02e2d5bc",
259 "2af4ed75760858ab181902818061d19c2a8dcacde104b97f7c4fae11216157c1",
260 "c0a258d882984d12383a73dc56fe2ac93512bb321df9706ecdb2f70a44c949c4",
261 "340a9fae64a0646cf51f37c58c08bebde91667b3b2fa7c895f7983d4786c5526",
262 "1941b3654533b0598383ebbcffcdf28b6cf13d376e3a70b49b14d8d06e8563a2",
263 "47f56a337e3b9845b4f2b61356000000000000000000000000000000000d0000",
264 "007000000002000010010000000300003000080000c800005001000100000000",
265 "0001000020020000000100002003000000050000200000000006000020010000",
266 "00be02001000000000c1020030b0ad0100c20200307b150300bd020060a8bb52",
267 "407b010000ce02003011643401cf02003000000000544862e9c961e857",
268 ),
269 KeyBlob {
270 key_material: hex::decode(concat!(
271 "308204a40201000282010100bc47b5c71116766669b91fa747df87a1963df839",
272 "56569d4ac232aeba8a246c0ec73bf606374a6d07f30c2162f97082825c7c6e48",
273 "2a2841dfeaec1429d84e52c54a6b2f760dec952c9c44a3c3a80f31c1ced84878",
274 "edd4858059071c4d20d9ab0aae978bd68c1eb448e174a9736c39736838151642",
275 "eda8215107375865a99a57f29467c74c40f37b0221b93ec3f4f22d5337c8bf92",
276 "45d56936196a92b1dea315ecce8785f9fa9b7d159ca207612cc0deb0957d61db",
277 "ba5d9bd38784f4fecbf233b04e686a340528665ecd03db8e8a09b2540c84e45c",
278 "4a99fb338b76bba7722856b5113341c349708937228f167d238ed8efb9cc1954",
279 "7dd620f6a90d95f07e50bfe102030100010282010002f91b69d9af59fe87421a",
280 "f9ba60f15c77f9c1c90effd6634332876f8ee5a116b126f55d37038bf9f588ae",
281 "20c8d951d842e35c9ef35a7822d3ebf72c0b7c3e229b289ae2e178a848e06d55",
282 "8c2e03d26871ee98a35f370d461ff1c4acc39d684de680a25ec88ee610260e40",
283 "6c400bdeb2893b2d0330cb483e662fa5abd24c2b82143e85dfe30ae7a31f8262",
284 "da2903d882b35a34a26b699ff2d812bad4b126a0065ec0e101d73ae6f8b29a91",
285 "44eb83f54940a371fc7416c2c0370df6a41cb5391f17ba33239e1b4217c8db50",
286 "db5c6bf77ccf621354ecc652a4f7196054c254566fd7b3bc0f3817d9380b190b",
287 "d382aaffa37785759f285194c11a188bccde0e2e2902818100fb233335770c9f",
288 "3cbd4b6ede5f12d03c449b1997bce06a8249bc3de99972fd0d0a633f7790d101",
289 "1bf5eedee16fa45a9107a910656ecaee364ce9edb4369843be71f27a74852d6c",
290 "7215a6cc60d9803bcac544922f806d8e5844e0ddd914bd780094904c2856d2b9",
291 "44fade3fb1d67d4a33fb7663a9ab660ab372c2e4868a0f459902818100bfecf2",
292 "bb4012e880fd065a0b088f2d757af2878d3f1305f21ce7a715845818e01181ff",
293 "06b2f406239fc50808ce3dbe7b68ec01174913c0f237feb3c8c7eb0078b77fb5",
294 "b8f214b72f6d3835b1a7ebe8b132feb6cb34ab09ce22b98160fc8420fcbf48d1",
295 "eee49f874e902f049b206a61a095f0405a4935e7c5e49757ab7b572989028181",
296 "00ec0049383e16f3716de5fc5b2677148efe5dceb02483b43399bd3765559994",
297 "a9f3900eed7a7e9e8f3b0eee0e660eca392e3cb736cae612f39e55dad696d382",
298 "1def10d1f8bbca52f5e6d8e7893ffbdcb491aafdc17bebf86f84d2d8480ed07a",
299 "7bf9209d20ef6e79429489d4cb7768281a2f7e32ec1830fd6f633238f521ba76",
300 "4902818100b2c3ce5751580b4e51df3fb175387f5c24b79040a4d6603c6265f7",
301 "0018b441ff3aef7d8e4cd2f480ec0906f1c4c0481304e8861f9d4693fa48e3a9",
302 "abc362859eeb343e1c5507ac94b5439ce7ac04154a2fb886a4819b2a57e18a2e",
303 "131b412ac4a09b004766959cdf357745f003e272aab3de02e2d5bc2af4ed7576",
304 "0858ab181902818061d19c2a8dcacde104b97f7c4fae11216157c1c0a258d882",
305 "984d12383a73dc56fe2ac93512bb321df9706ecdb2f70a44c949c4340a9fae64",
306 "a0646cf51f37c58c08bebde91667b3b2fa7c895f7983d4786c55261941b36545",
307 "33b0598383ebbcffcdf28b6cf13d376e3a70b49b14d8d06e8563a247f56a337e",
308 "3b9845b4f2b61356",
309 ))
310 .unwrap(),
311 hw_enforced: vec![],
312 sw_enforced: vec![
313 KeyParameter { tag: Tag::ALGORITHM, value: KPV::Algorithm(Algorithm::RSA) },
314 KeyParameter { tag: Tag::KEY_SIZE, value: KPV::Integer(2048) },
315 KeyParameter { tag: Tag::RSA_PUBLIC_EXPONENT, value: KPV::LongInteger(65537) },
316 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::SIGN) },
317 KeyParameter { tag: Tag::PURPOSE, value: KPV::KeyPurpose(KeyPurpose::VERIFY) },
318 KeyParameter { tag: Tag::DIGEST, value: KPV::Digest(Digest::NONE) },
319 KeyParameter { tag: Tag::PADDING, value: KPV::PaddingMode(PaddingMode::NONE) },
320 KeyParameter { tag: Tag::ORIGIN, value: KPV::Origin(KeyOrigin::GENERATED) },
321 KeyParameter { tag: Tag::OS_VERSION, value: KPV::Integer(110000) },
322 KeyParameter { tag: Tag::OS_PATCHLEVEL, value: KPV::Integer(202107) },
323 KeyParameter {
324 tag: Tag::CREATION_DATETIME,
325 value: KPV::DateTime(1628871769000),
326 },
327 KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KPV::Integer(20210705) },
328 KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KPV::Integer(0) },
329 ],
330 },
331 // No support for RSA keys in export_key().
332 None,
333 ),
334 ];
335
336 for (input, want, want_format) in tests {
337 let input = hex::decode(input).unwrap();
338 let got = KeyBlob::new_from_serialized(&input, &hidden).expect("invalid keyblob!");
339 assert!(got == want);
340
341 if let Some(want_format) = want_format {
342 let (got_format, _key_material, params) =
343 export_key(&input, &[]).expect("invalid keyblob!");
344 assert_eq!(got_format, want_format);
345 // All the test cases are software-only keys.
346 assert_eq!(params, got.sw_enforced);
347 }
348 }
349 }
350
351 #[test]
test_add_der_len()352 fn test_add_der_len() {
353 let tests = [
354 (0, "00"),
355 (1, "01"),
356 (126, "7e"),
357 (127, "7f"),
358 (128, "8180"),
359 (129, "8181"),
360 (255, "81ff"),
361 (256, "820100"),
362 (257, "820101"),
363 (65535, "82ffff"),
364 ];
365 for (input, want) in tests {
366 let mut got = Vec::new();
367 add_der_len(&mut got, input).unwrap();
368 assert_eq!(hex::encode(got), want, " for input length {input}");
369 }
370 }
371
372 #[test]
test_pkcs8_wrap_key_p256()373 fn test_pkcs8_wrap_key_p256() {
374 // Key material taken from `ec_256_key` in
375 // hardware/interfaces/security/keymint/aidl/vts/function/KeyMintTest.cpp
376 let input = hex::decode(concat!(
377 "3025", // SEQUENCE (ECPrivateKey)
378 "020101", // INTEGER length 1 value 1 (version)
379 "0420", // OCTET STRING (privateKey)
380 "737c2ecd7b8d1940bf2930aa9b4ed3ff",
381 "941eed09366bc03299986481f3a4d859",
382 ))
383 .unwrap();
384 let want = hex::decode(concat!(
385 // RFC 5208 s5
386 "3041", // SEQUENCE (PrivateKeyInfo) {
387 "020100", // INTEGER length 1 value 0 (version)
388 "3013", // SEQUENCE length 0x13 (AlgorithmIdentifier) {
389 "0607", // OBJECT IDENTIFIER length 7 (algorithm)
390 "2a8648ce3d0201", // 1.2.840.10045.2.1 (ecPublicKey)
391 "0608", // OBJECT IDENTIFIER length 8 (param)
392 "2a8648ce3d030107", // 1.2.840.10045.3.1.7 (secp256r1)
393 // } end SEQUENCE (AlgorithmIdentifier)
394 "0427", // OCTET STRING (privateKey) holding...
395 "3025", // SEQUENCE (ECPrivateKey)
396 "020101", // INTEGER length 1 value 1 (version)
397 "0420", // OCTET STRING length 0x20 (privateKey)
398 "737c2ecd7b8d1940bf2930aa9b4ed3ff",
399 "941eed09366bc03299986481f3a4d859",
400 // } end SEQUENCE (ECPrivateKey)
401 // } end SEQUENCE (PrivateKeyInfo)
402 ))
403 .unwrap();
404 let got = pkcs8_wrap_nist_key(&input, EcCurve::P_256).unwrap();
405 assert_eq!(hex::encode(got), hex::encode(want), " for input {}", hex::encode(input));
406 }
407
408 #[test]
test_pkcs8_wrap_key_p521()409 fn test_pkcs8_wrap_key_p521() {
410 // Key material taken from `ec_521_key` in
411 // hardware/interfaces/security/keymint/aidl/vts/function/KeyMintTest.cpp
412 let input = hex::decode(concat!(
413 "3047", // SEQUENCE length 0xd3 (ECPrivateKey)
414 "020101", // INTEGER length 1 value 1 (version)
415 "0442", // OCTET STRING length 0x42 (privateKey)
416 "0011458c586db5daa92afab03f4fe46a",
417 "a9d9c3ce9a9b7a006a8384bec4c78e8e",
418 "9d18d7d08b5bcfa0e53c75b064ad51c4",
419 "49bae0258d54b94b1e885ded08ed4fb2",
420 "5ce9",
421 // } end SEQUENCE (ECPrivateKey)
422 ))
423 .unwrap();
424 let want = hex::decode(concat!(
425 // RFC 5208 s5
426 "3060", // SEQUENCE (PrivateKeyInfo) {
427 "020100", // INTEGER length 1 value 0 (version)
428 "3010", // SEQUENCE length 0x10 (AlgorithmIdentifier) {
429 "0607", // OBJECT IDENTIFIER length 7 (algorithm)
430 "2a8648ce3d0201", // 1.2.840.10045.2.1 (ecPublicKey)
431 "0605", // OBJECT IDENTIFIER length 5 (param)
432 "2b81040023", // 1.3.132.0.35 (secp521r1)
433 // } end SEQUENCE (AlgorithmIdentifier)
434 "0449", // OCTET STRING (privateKey) holding...
435 "3047", // SEQUENCE (ECPrivateKey)
436 "020101", // INTEGER length 1 value 1 (version)
437 "0442", // OCTET STRING length 0x42 (privateKey)
438 "0011458c586db5daa92afab03f4fe46a",
439 "a9d9c3ce9a9b7a006a8384bec4c78e8e",
440 "9d18d7d08b5bcfa0e53c75b064ad51c4",
441 "49bae0258d54b94b1e885ded08ed4fb2",
442 "5ce9",
443 // } end SEQUENCE (ECPrivateKey)
444 // } end SEQUENCE (PrivateKeyInfo)
445 ))
446 .unwrap();
447 let got = pkcs8_wrap_nist_key(&input, EcCurve::P_521).unwrap();
448 assert_eq!(hex::encode(got), hex::encode(want), " for input {}", hex::encode(input));
449 }
450