Enforce block mode specifications.
Bug: 20917242, 19509156
Change-Id: If09e18540e9ffb968498d8acca8561d85b031562
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 5c2ad82..4a409f4 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -1266,8 +1266,8 @@
EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
string message = "Hello World!";
- string ciphertext = EncryptMessage(message, KM_PAD_NONE);
- string plaintext = DecryptMessage(ciphertext, KM_PAD_NONE);
+ string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
+ string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_NONE);
EXPECT_EQ(message, plaintext);
}
@@ -1443,16 +1443,16 @@
.Padding(KM_PAD_NONE)));
// Two-block message.
string message = "12345678901234567890123456789012";
- string ciphertext1 = EncryptMessage(message, KM_PAD_NONE);
+ string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
EXPECT_EQ(message.size(), ciphertext1.size());
- string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
+ string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
EXPECT_EQ(message.size(), ciphertext2.size());
// ECB is deterministic.
EXPECT_EQ(ciphertext1, ciphertext2);
- string plaintext = DecryptMessage(ciphertext1, KM_PAD_NONE);
+ string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
EXPECT_EQ(message, plaintext);
}
@@ -1464,7 +1464,9 @@
// Message is slightly shorter than two blocks.
string message = "1234567890123456789012345678901";
- EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT));
+ AuthorizationSet begin_params(client_params());
+ begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
+ EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
string ciphertext;
size_t input_consumed;
EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
@@ -1481,9 +1483,9 @@
// Try various message lengths; all should work.
for (size_t i = 0; i < 32; ++i) {
string message(i, 'a');
- string ciphertext = EncryptMessage(message, KM_PAD_PKCS7);
+ string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
- string plaintext = DecryptMessage(ciphertext, KM_PAD_PKCS7);
+ string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
EXPECT_EQ(message, plaintext);
}
}
@@ -1495,12 +1497,14 @@
.Authorization(TAG_PADDING, KM_PAD_PKCS7)));
string message = "a";
- string ciphertext = EncryptMessage(message, KM_PAD_PKCS7);
+ string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
EXPECT_EQ(16U, ciphertext.size());
EXPECT_NE(ciphertext, message);
++ciphertext[ciphertext.size() / 2];
- EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
+ AuthorizationSet begin_params(client_params());
+ begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
+ EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
string plaintext;
size_t input_consumed;
EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
@@ -1515,12 +1519,12 @@
.Padding(KM_PAD_NONE)));
string message = "123";
string iv1;
- string ciphertext1 = EncryptMessage(message, KM_PAD_NONE, &iv1);
+ string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
EXPECT_EQ(message.size(), ciphertext1.size());
EXPECT_EQ(16U, iv1.size());
string iv2;
- string ciphertext2 = EncryptMessage(message, KM_PAD_NONE, &iv2);
+ string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
EXPECT_EQ(message.size(), ciphertext2.size());
EXPECT_EQ(16U, iv2.size());
@@ -1528,7 +1532,7 @@
EXPECT_NE(iv1, iv2);
EXPECT_NE(ciphertext1, ciphertext2);
- string plaintext = DecryptMessage(ciphertext1, KM_PAD_NONE, iv1);
+ string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
EXPECT_EQ(message, plaintext);
}
@@ -1541,6 +1545,7 @@
int increment = 15;
string message(239, 'a');
AuthorizationSet input_params(client_params());
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
AuthorizationSet output_params;
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
@@ -1555,6 +1560,7 @@
// Move TAG_NONCE into input_params
input_params.Reinitialize(output_params);
input_params.push_back(client_params());
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
output_params.Clear();
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
@@ -1620,8 +1626,9 @@
.AesEncryptionKey(128)
.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
.Authorization(TAG_PADDING, KM_PAD_PKCS7)));
-
- EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT));
+ AuthorizationSet begin_params(client_params());
+ begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
+ EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
}
TEST_F(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
@@ -1632,6 +1639,7 @@
.Padding(KM_PAD_NONE)));
AuthorizationSet input_params(client_params());
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
input_params.push_back(TAG_NONCE, "123", 3);
EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
}
@@ -1644,18 +1652,18 @@
// Two-block message.
string message = "12345678901234567890123456789012";
string iv1;
- string ciphertext1 = EncryptMessage(message, KM_PAD_NONE, &iv1);
+ string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
EXPECT_EQ(message.size(), ciphertext1.size());
string iv2;
- string ciphertext2 = EncryptMessage(message, KM_PAD_NONE, &iv2);
+ string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
EXPECT_EQ(message.size(), ciphertext2.size());
// IVs should be random, so ciphertexts should differ.
EXPECT_NE(iv1, iv2);
EXPECT_NE(ciphertext1, ciphertext2);
- string plaintext = DecryptMessage(ciphertext1, KM_PAD_NONE, iv1);
+ string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
EXPECT_EQ(message, plaintext);
}
@@ -1668,11 +1676,11 @@
string message = "12345678901234567890123456789012";
string iv1;
// Don't specify nonce, should get a random one.
- string ciphertext1 = EncryptMessage(message, KM_PAD_NONE, &iv1);
+ string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
EXPECT_EQ(message.size(), ciphertext1.size());
EXPECT_EQ(16U, iv1.size());
- string plaintext = DecryptMessage(ciphertext1, KM_PAD_NONE, iv1);
+ string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
EXPECT_EQ(message, plaintext);
// Now specify a nonce, should also work.
@@ -1680,6 +1688,7 @@
AuthorizationSet update_params;
AuthorizationSet output_params;
input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
string ciphertext2 =
ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
@@ -1690,6 +1699,7 @@
// Now try with wrong nonce.
input_params.Reinitialize(client_params());
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
&output_params);
@@ -1705,11 +1715,11 @@
string message = "12345678901234567890123456789012";
string iv1;
// Don't specify nonce, should get a random one.
- string ciphertext1 = EncryptMessage(message, KM_PAD_NONE, &iv1);
+ string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
EXPECT_EQ(message.size(), ciphertext1.size());
EXPECT_EQ(16U, iv1.size());
- string plaintext = DecryptMessage(ciphertext1, KM_PAD_NONE, iv1);
+ string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
EXPECT_EQ(message, plaintext);
// Now specify a nonce, should fail.
@@ -1717,6 +1727,7 @@
AuthorizationSet update_params;
AuthorizationSet output_params;
input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
@@ -1731,6 +1742,7 @@
int increment = 15;
string message(240, 'a');
AuthorizationSet input_params(client_params());
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
AuthorizationSet output_params;
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
@@ -1745,6 +1757,7 @@
// Move TAG_NONCE into input_params
input_params.Reinitialize(output_params);
input_params.push_back(client_params());
+ input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
output_params.Clear();
EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
@@ -1767,9 +1780,9 @@
for (size_t i = 0; i < 32; ++i) {
string message(i, 'a');
string iv;
- string ciphertext = EncryptMessage(message, KM_PAD_PKCS7, &iv);
+ string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
- string plaintext = DecryptMessage(ciphertext, KM_PAD_PKCS7, iv);
+ string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
EXPECT_EQ(message, plaintext);
}
}