Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 61902366cc912daacb84dd84c9bada95718e19b7^! / . / google_keymaster_test.cpp
commit61902366cc912daacb84dd84c9bada95718e19b7[log] [tgz]
authorShawn Willden <swillden@google.com>Thu Dec 18 10:33:24 2014 -0700
committerShawn Willden <swillden@google.com>Wed Mar 04 13:22:15 2015 -0700
tree113e34ffe728f0b625882f7815154674a90ec5cf
parent51d5e0e6be1d77b06715028abbc42211411cf671 [diff] [blame]
Add support for SHA256 digests to RSA signing operations.

Change-Id: Iacca20554bef0bb3ea3c525af87c00f77df069f9

diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 2b055c8..53528ed 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp

@@ -469,7 +469,7 @@
     keymaster_digest_t* digests;
     EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
                                                            KM_PURPOSE_SIGN, &digests, &len));
-    EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE}, digests, len));
+    EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));
     free(digests);
 
     EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
@@ -662,6 +662,15 @@
     SignMessage(message, &signature);
 }
 
+TEST_F(SigningOperationsTest, RsaSha256DigestSuccess) {
+    // Note that without padding, key size must exactly match digest size.
+    GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256));
+    // Use large message, which won't work without digesting.
+    string message(1024, 'a');
+    string signature;
+    SignMessage(message, &signature);
+}
+
 TEST_F(SigningOperationsTest, EcdsaSuccess) {
     ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(224)));
     string message = "123456789012345678901234567890123456789012345678";
@@ -773,6 +782,8 @@
     EXPECT_EQ(0U, signature.length());
 }
 
+// TODO(swillden): Add more verification failure tests.
+
 typedef KeymasterTest VerificationOperationsTest;
 TEST_F(VerificationOperationsTest, RsaSuccess) {
     ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
@@ -782,6 +793,52 @@
     VerifyMessage(message, signature);
 }
 
+TEST_F(VerificationOperationsTest, RsaSha256DigestSuccess) {
+    // Note that without padding, key size must exactly match digest size.
+    GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256));
+    // Use large message, which won't work without digesting.
+    string message(1024, 'a');
+    string signature;
+    SignMessage(message, &signature);
+    VerifyMessage(message, signature);
+}
+
+TEST_F(VerificationOperationsTest, RsaSha256DigestCorruptSignature) {
+    // Note that without padding, key size must exactly match digest size.
+    GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256));
+    // Use large message, which won't work without digesting.
+    string message(1024, 'a');
+    string signature;
+    SignMessage(message, &signature);
+    ++signature[signature.size() / 2];
+
+    EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY));
+
+    string result;
+    size_t input_consumed;
+    EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
+    EXPECT_EQ(message.size(), input_consumed);
+    EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
+}
+
+TEST_F(VerificationOperationsTest, RsaSha256DigestCorruptInput) {
+    // Note that without padding, key size must exactly match digest size.
+    GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256));
+    // Use large message, which won't work without digesting.
+    string message(1024, 'a');
+    string signature;
+    SignMessage(message, &signature);
+    ++message[message.size() / 2];
+
+    EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY));
+
+    string result;
+    size_t input_consumed;
+    EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
+    EXPECT_EQ(message.size(), input_consumed);
+    EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
+}
+
 TEST_F(VerificationOperationsTest, EcdsaSuccess) {
     ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(256)));
     string message = "123456789012345678901234567890123456789012345678";