Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfc^! / . / google_keymaster_test.cpp
commit907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfc[log] [tgz]
authorShawn Willden <swillden@google.com>Mon Dec 08 15:51:55 2014 -0700
committerShawn Willden <swillden@google.com>Thu Jan 22 16:35:35 2015 -0700
tree03f8196597704bbe4316cee8a8fda470d888d1bd
parent1834d5f82a7ad5884c184fd22c702ac9d915af45 [diff] [blame]
Add support for AES OCB encryption.

This change was already reviewed, merged and reverted, so I'm skipping
the review step this time.

Change-Id: Ibc80bec7e47468d4eb668f1bd9a188e51cb7d567

diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index b061fb0..16df37e 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp

@@ -968,6 +968,23 @@
         EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
     }
 
+    void GenerateSymmetricKey(keymaster_algorithm_t algorithm, uint32_t key_size,
+                              keymaster_block_mode_t block_mode, uint32_t chunk_length) {
+        keymaster_key_param_t params[] = {
+            Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT),
+            Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT), Authorization(TAG_ALGORITHM, algorithm),
+            Authorization(TAG_BLOCK_MODE, block_mode),
+            Authorization(TAG_CHUNK_LENGTH, chunk_length), Authorization(TAG_KEY_SIZE, key_size),
+            Authorization(TAG_MAC_LENGTH, 16), Authorization(TAG_USER_ID, 7),
+            Authorization(TAG_USER_AUTH_ID, 8), Authorization(TAG_APPLICATION_ID, "app_id", 6),
+            Authorization(TAG_AUTH_TIMEOUT, 300),
+        };
+        GenerateKeyRequest generate_request;
+        generate_request.key_description.Reinitialize(params, array_length(params));
+        device.GenerateKey(generate_request, &generate_response_);
+        EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
+    }
+
     keymaster_error_t BeginOperation(keymaster_purpose_t purpose,
                                      const keymaster_key_blob_t& key_blob, uint64_t* op_handle) {
         BeginOperationRequest begin_request;
@@ -1159,5 +1176,18 @@
     EXPECT_EQ(0, result.size());
 }
 
+TEST_F(EncryptionOperationsTest, AesOcbSuccess) {
+    GenerateSymmetricKey(KM_ALGORITHM_AES, 128, KM_MODE_OCB, 4096);
+    const char message[] = "Hello World!";
+    string ciphertext1 = EncryptMessage(message, strlen(message));
+    EXPECT_EQ(12 /* nonce */ + strlen(message) + 16 /* tag */, ciphertext1.size());
+
+    string ciphertext2 = EncryptMessage(message, strlen(message));
+    EXPECT_EQ(12 /* nonce */ + strlen(message) + 16 /* tag */, ciphertext2.size());
+
+    // OCB uses a random nonce, so every output should be different
+    EXPECT_NE(ciphertext1, ciphertext2);
+}
+
 }  // namespace test
 }  // namespace keymaster