Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 5e251019d7402f4bf43b7acf287cf69372885f1b^! / . / google_keymaster_test.cpp
commit5e251019d7402f4bf43b7acf287cf69372885f1b[log] [tgz]
authorShawn Willden <swillden@google.com>Mon Dec 08 15:51:55 2014 -0700
committerShawn Willden <swillden@google.com>Tue Dec 30 09:32:43 2014 -0700
tree63a06c50c1a9585def85841c0df7ac860d7056ef
parent356f6d4cf3d236e375a84e24b11359a5c1f1081f [diff] [blame]
Add support for AES OCB encryption.

Change-Id: I97ab46fdce972d29af261041c41cf38d6904e736

diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index a786c4d..c59af35 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp

@@ -957,6 +957,23 @@
         EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
     }
 
+    void GenerateSymmetricKey(keymaster_algorithm_t algorithm, uint32_t key_size,
+                              keymaster_block_mode_t block_mode, uint32_t chunk_length) {
+        keymaster_key_param_t params[] = {
+            Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT),
+            Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT), Authorization(TAG_ALGORITHM, algorithm),
+            Authorization(TAG_BLOCK_MODE, block_mode),
+            Authorization(TAG_CHUNK_LENGTH, chunk_length), Authorization(TAG_KEY_SIZE, key_size),
+            Authorization(TAG_MAC_LENGTH, 16), Authorization(TAG_USER_ID, 7),
+            Authorization(TAG_USER_AUTH_ID, 8), Authorization(TAG_APPLICATION_ID, "app_id", 6),
+            Authorization(TAG_AUTH_TIMEOUT, 300),
+        };
+        GenerateKeyRequest generate_request;
+        generate_request.key_description.Reinitialize(params, array_length(params));
+        device.GenerateKey(generate_request, &generate_response_);
+        EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
+    }
+
     keymaster_error_t BeginOperation(keymaster_purpose_t purpose,
                                      const keymaster_key_blob_t& key_blob, uint64_t* op_handle) {
         BeginOperationRequest begin_request;
@@ -1148,6 +1165,20 @@
     EXPECT_EQ(0, result.size());
 }
 
+
+TEST_F(EncryptionOperationsTest, AesOcbSuccess) {
+    GenerateSymmetricKey(KM_ALGORITHM_AES, 128, KM_MODE_OCB, 4096);
+    const char message[] = "Hello World!";
+    string ciphertext1 = EncryptMessage(message, strlen(message));
+    EXPECT_EQ(12 /* nonce */ + strlen(message) + 16 /* tag */, ciphertext1.size());
+
+    string ciphertext2 = EncryptMessage(message, strlen(message));
+    EXPECT_EQ(12 /* nonce */ + strlen(message) + 16 /* tag */, ciphertext2.size());
+
+    // OCB uses a random nonce, so every output should be different
+    EXPECT_NE(ciphertext1, ciphertext2);
+}
+
 typedef KeymasterTest VersionTest;
 TEST_F(VersionTest, GetVersion) {
     GetVersionRequest req;