Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c4a768c8 authored by Kenny Root's avatar Kenny Root Committed by Android Git Automerger
Browse files

am 5a720bb9: Merge "AndroidKeyStore: add key wrapping test" 

# Via Gerrit Code Review (1) and Kenny Root (1)
* commit '5a720bb9':
  AndroidKeyStore: add key wrapping test
parents 516fab24 5a720bb9

keystore/tests/src/android/security/AndroidKeyStoreTest.java

+48 −0
Original line number Diff line number Diff line
@@ -51,6 +51,9 @@ import java.util.HashSet; 
import java.util.Iterator;

import java.util.Set;



import javax.crypto.Cipher;

import javax.crypto.SecretKey;

import javax.crypto.spec.SecretKeySpec;

import javax.security.auth.x500.X500Principal;



public class AndroidKeyStoreTest extends AndroidTestCase {
@@ -1545,4 +1548,49 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        } catch (UnsupportedOperationException success) {

        }

    }



    private void setupKey() throws Exception {

        final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

        assertTrue(mAndroidKeyStore.generate(privateKeyAlias));



        X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1,

                TEST_DN_1, NOW, NOW_PLUS_10_YEARS);



        assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1,

                cert.getEncoded()));

    }



    public void testKeyStore_KeyOperations_Wrap_Success() throws Exception {

        mKeyStore.load(null, null);



        setupKey();



        // Test key usage

        Entry e = mKeyStore.getEntry(TEST_ALIAS_1, null);

        assertNotNull(e);

        assertTrue(e instanceof PrivateKeyEntry);



        PrivateKeyEntry privEntry = (PrivateKeyEntry) e;

        PrivateKey privKey = privEntry.getPrivateKey();

        assertNotNull(privKey);



        PublicKey pubKey = privEntry.getCertificate().getPublicKey();



        Cipher c = Cipher.getInstance("RSA/ECB/PKCS1Padding");

        c.init(Cipher.WRAP_MODE, pubKey);



        byte[] expectedKey = new byte[] {

                0x00, 0x05, (byte) 0xAA, (byte) 0x0A5, (byte) 0xFF, 0x55, 0x0A

        };



        SecretKey expectedSecret = new SecretKeySpec(expectedKey, "AES");



        byte[] wrappedExpected = c.wrap(expectedSecret);



        c.init(Cipher.UNWRAP_MODE, privKey);

        SecretKey actualSecret = (SecretKey) c.unwrap(wrappedExpected, "AES", Cipher.SECRET_KEY);



        assertEquals(Arrays.toString(expectedSecret.getEncoded()),

                Arrays.toString(actualSecret.getEncoded()));

    }

}