Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 00aa794186c2e2f2b8366a39b7c3f40a72467f34 / . / google_keymaster_test.cpp
blob: 18befdea193a72457e962e9945c6da74e4d1f2c9 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <string>
18#include <fstream>
19
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]20#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include <openssl/engine.h>
23
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]24#include <keymaster/google_keymaster_utils.h>
25#include <keymaster/keymaster_tags.h>
26
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]27#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]28#include "google_softkeymaster.h"
29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::string;
31using std::ifstream;
32using std::istreambuf_iterator;
33
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]34int main(int argc, char** argv) {
35 ::testing::InitGoogleTest(&argc, argv);
36 int result = RUN_ALL_TESTS();
37 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
38 CRYPTO_cleanup_all_ex_data();
39 ERR_free_strings();
40 return result;
41}
42
43namespace keymaster {
44namespace test {
45
46class KeymasterTest : public testing::Test {
47 protected:
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame]48 KeymasterTest() : device(5, new StdoutLogger) { RAND_seed("foobar", 6); }
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]49 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]50
51 GoogleSoftKeymaster device;
52};
53
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]54typedef KeymasterTest CheckSupported;
55TEST_F(CheckSupported, SupportedAlgorithms) {
56 // Shouldn't blow up on NULL.
57 device.SupportedAlgorithms(NULL);
58
59 SupportedResponse<keymaster_algorithm_t> response;
60 device.SupportedAlgorithms(&response);
61 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]62 EXPECT_EQ(3U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]63 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]64 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]65 EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]66}
67
68TEST_F(CheckSupported, SupportedBlockModes) {
69 // Shouldn't blow up on NULL.
70 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
71
72 SupportedResponse<keymaster_block_mode_t> response;
73 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
74 EXPECT_EQ(KM_ERROR_OK, response.error);
75 EXPECT_EQ(0U, response.results_length);
76
77 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]78 EXPECT_EQ(KM_ERROR_OK, response.error);
79 EXPECT_EQ(0U, response.results_length);
80
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]81 device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
82 EXPECT_EQ(KM_ERROR_OK, response.error);
83 EXPECT_EQ(0U, response.results_length);
84
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]85 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]86 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
87}
88
89TEST_F(CheckSupported, SupportedPaddingModes) {
90 // Shouldn't blow up on NULL.
91 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
92
93 SupportedResponse<keymaster_padding_t> response;
94 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
95 EXPECT_EQ(KM_ERROR_OK, response.error);
96 EXPECT_EQ(1U, response.results_length);
97 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
98
99 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]100 EXPECT_EQ(KM_ERROR_OK, response.error);
101 EXPECT_EQ(1U, response.results_length);
102 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
103
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]104 device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
105 EXPECT_EQ(KM_ERROR_OK, response.error);
106 EXPECT_EQ(1U, response.results_length);
107 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
108
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]109 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]110 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
111}
112
113TEST_F(CheckSupported, SupportedDigests) {
114 // Shouldn't blow up on NULL.
115 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
116
117 SupportedResponse<keymaster_digest_t> response;
118 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
119 EXPECT_EQ(KM_ERROR_OK, response.error);
120 EXPECT_EQ(1U, response.results_length);
121 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
122
123 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]124 EXPECT_EQ(KM_ERROR_OK, response.error);
125 EXPECT_EQ(1U, response.results_length);
126 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
127
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]128 device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
129 EXPECT_EQ(KM_ERROR_OK, response.error);
130 EXPECT_EQ(1U, response.results_length);
131 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
132
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]133 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]134 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
135}
136
137TEST_F(CheckSupported, SupportedImportFormats) {
138 // Shouldn't blow up on NULL.
139 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
140
141 SupportedResponse<keymaster_key_format_t> response;
142 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
143 EXPECT_EQ(KM_ERROR_OK, response.error);
144 EXPECT_EQ(1U, response.results_length);
145 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
146
147 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]148 EXPECT_EQ(KM_ERROR_OK, response.error);
149 EXPECT_EQ(1U, response.results_length);
150 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
151
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]152 device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
153 EXPECT_EQ(KM_ERROR_OK, response.error);
154 EXPECT_EQ(1U, response.results_length);
155 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
156
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]157 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]158 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
159}
160
161TEST_F(CheckSupported, SupportedExportFormats) {
162 // Shouldn't blow up on NULL.
163 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
164
165 SupportedResponse<keymaster_key_format_t> response;
166 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
167 EXPECT_EQ(KM_ERROR_OK, response.error);
168 EXPECT_EQ(1U, response.results_length);
169 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
170
171 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]172 EXPECT_EQ(KM_ERROR_OK, response.error);
173 EXPECT_EQ(1U, response.results_length);
174 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
175
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]176 device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
177 EXPECT_EQ(KM_ERROR_OK, response.error);
178 EXPECT_EQ(1U, response.results_length);
179 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
180
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]181 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]182 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
183}
184
185typedef KeymasterTest NewKeyGeneration;
186TEST_F(NewKeyGeneration, Rsa) {
187 keymaster_key_param_t params[] = {
188 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
189 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
190 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]191 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]192 Authorization(TAG_USER_ID, 7),
193 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]194 Authorization(TAG_APPLICATION_ID, "app_id", 6),
195 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]196 Authorization(TAG_AUTH_TIMEOUT, 300),
197 };
198 GenerateKeyRequest req;
199 req.key_description.Reinitialize(params, array_length(params));
200 GenerateKeyResponse rsp;
201
202 device.GenerateKey(req, &rsp);
203
204 ASSERT_EQ(KM_ERROR_OK, rsp.error);
205 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]206 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
207 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]208
209 // Check specified tags are all present in unenforced characteristics
210 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
211 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
212
213 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
214
215 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
216 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]217 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]218 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
219
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]220 // Verify that App ID, App data and ROT are NOT included.
221 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
222 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
223 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
224
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225 // Just for giggles, check that some unexpected tags/values are NOT present.
226 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
227 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
228 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
229 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
230
231 // Now check that unspecified, defaulted tags are correct.
232 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
233 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
234 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]235}
236
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]237TEST_F(NewKeyGeneration, Dsa) {
238 keymaster_key_param_t params[] = {
239 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
240 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
241 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
242 Authorization(TAG_KEY_SIZE, 256),
243 Authorization(TAG_USER_ID, 7),
244 Authorization(TAG_USER_AUTH_ID, 8),
245 Authorization(TAG_APPLICATION_ID, "app_id", 6),
246 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
247 Authorization(TAG_AUTH_TIMEOUT, 300),
248 };
249 GenerateKeyRequest req;
250 req.key_description.Reinitialize(params, array_length(params));
251 GenerateKeyResponse rsp;
252
253 device.GenerateKey(req, &rsp);
254
255 ASSERT_EQ(KM_ERROR_OK, rsp.error);
256 EXPECT_EQ(0U, rsp.enforced.size());
257 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
258 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
259
260 // Check specified tags are all present in unenforced characteristics
261 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
262 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
263
264 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
265
266 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
267 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
268 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
269 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
270
271 // Verify that App ID, App data and ROT are NOT included.
272 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
273 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
274 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
275
276 // Just for giggles, check that some unexpected tags/values are NOT present.
277 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
278 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
279 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
280 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
281
282 // Now check that unspecified, defaulted tags are correct.
283 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
284 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
285
286 // Generator should have created DSA params.
287 keymaster_blob_t g, p, q;
288 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
289 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
290 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]291 EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]292 EXPECT_EQ(64U, p.data_length);
293 EXPECT_EQ(20U, q.data_length);
294}
295
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]296TEST_F(NewKeyGeneration, Ecdsa) {
297 keymaster_key_param_t params[] = {
298 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
299 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
300 Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
301 Authorization(TAG_KEY_SIZE, 256),
302 Authorization(TAG_USER_ID, 7),
303 Authorization(TAG_USER_AUTH_ID, 8),
304 Authorization(TAG_APPLICATION_ID, "app_id", 6),
305 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
306 Authorization(TAG_AUTH_TIMEOUT, 300),
307 };
308 GenerateKeyRequest req;
309 req.key_description.Reinitialize(params, array_length(params));
310 GenerateKeyResponse rsp;
311
312 device.GenerateKey(req, &rsp);
313
314 ASSERT_EQ(KM_ERROR_OK, rsp.error);
315 EXPECT_EQ(0U, rsp.enforced.size());
316 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
317 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
318
319 // Check specified tags are all present in unenforced characteristics
320 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
321 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
322
323 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
324
325 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
326 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
327 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
328 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
329
330 // Verify that App ID, App data and ROT are NOT included.
331 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
332 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
333 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
334
335 // Just for giggles, check that some unexpected tags/values are NOT present.
336 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
337 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
338 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
339 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
340
341 // Now check that unspecified, defaulted tags are correct.
342 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
343 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
344}
345
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]346typedef KeymasterTest GetKeyCharacteristics;
347TEST_F(GetKeyCharacteristics, SimpleRsa) {
348 keymaster_key_param_t params[] = {
349 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
350 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
351 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
352 Authorization(TAG_KEY_SIZE, 256),
353 Authorization(TAG_USER_ID, 7),
354 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]355 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]356 Authorization(TAG_AUTH_TIMEOUT, 300),
357 };
358
359 GenerateKeyRequest gen_req;
360 gen_req.key_description.Reinitialize(params, array_length(params));
361 GenerateKeyResponse gen_rsp;
362
363 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]364 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]365
366 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]367 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]368 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]369
370 GetKeyCharacteristicsResponse rsp;
371 device.GetKeyCharacteristics(req, &rsp);
372 ASSERT_EQ(KM_ERROR_OK, rsp.error);
373
374 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
375 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
376}
377
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]378/**
379 * Test class that provides some infrastructure for generating keys and signing messages.
380 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]381class SigningOperationsTest : public KeymasterTest {
382 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]383 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
384 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]385 keymaster_key_param_t params[] = {
386 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
387 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]388 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]389 Authorization(TAG_KEY_SIZE, key_size),
390 Authorization(TAG_USER_ID, 7),
391 Authorization(TAG_USER_AUTH_ID, 8),
392 Authorization(TAG_APPLICATION_ID, "app_id", 6),
393 Authorization(TAG_AUTH_TIMEOUT, 300),
394 };
395 GenerateKeyRequest generate_request;
396 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]397 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]398 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]399 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]400 generate_request.key_description.push_back(TAG_PADDING, padding);
401 device.GenerateKey(generate_request, &generate_response_);
402 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]403 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]404
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]405 void SignMessage(const void* message, size_t size) {
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]406 SignMessage(generate_response_.key_blob, message, size);
407 }
408
409 void SignMessage(const keymaster_key_blob_t& key_blob, const void* message, size_t size) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]410 BeginOperationRequest begin_request;
411 BeginOperationResponse begin_response;
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]412 begin_request.SetKeyMaterial(key_blob);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]413 begin_request.purpose = KM_PURPOSE_SIGN;
414 AddClientParams(&begin_request.additional_params);
415
416 device.BeginOperation(begin_request, &begin_response);
417 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
418
419 UpdateOperationRequest update_request;
420 UpdateOperationResponse update_response;
421 update_request.op_handle = begin_response.op_handle;
422 update_request.input.Reinitialize(message, size);
423 EXPECT_EQ(size, update_request.input.available_read());
424
425 device.UpdateOperation(update_request, &update_response);
426 ASSERT_EQ(KM_ERROR_OK, update_response.error);
427 EXPECT_EQ(0U, update_response.output.available_read());
428
429 FinishOperationRequest finish_request;
430 finish_request.op_handle = begin_response.op_handle;
431 device.FinishOperation(finish_request, &finish_response_);
432 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
433 EXPECT_GT(finish_response_.output.available_read(), 0U);
434 }
435
436 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
437
438 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]439
440 const keymaster_key_blob_t& corrupt_key_blob() {
Shawn Willden2241bf02014-08-28 09:59:53 -0600[diff] [blame]441 uint8_t* tmp = const_cast<uint8_t*>(generate_response_.key_blob.key_material);
442 ++tmp[generate_response_.key_blob.key_material_size / 2];
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]443 return generate_response_.key_blob;
444 }
445
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]446 Buffer* signature() {
447 if (finish_response_.error == KM_ERROR_OK)
448 return &finish_response_.output;
449 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]450 }
451
452 private:
453 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]454 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]455};
456
457TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]458 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]459 const char message[] = "12345678901234567890123456789012";
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]460
461 BeginOperationRequest begin_request;
462 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]463 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]464 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]465 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]466
467 device.BeginOperation(begin_request, &begin_response);
468 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
469
470 UpdateOperationRequest update_request;
471 UpdateOperationResponse update_response;
472 update_request.op_handle = begin_response.op_handle;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]473 update_request.input.Reinitialize(message, array_size(message) - 1);
474 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]475
476 device.UpdateOperation(update_request, &update_response);
477 ASSERT_EQ(KM_ERROR_OK, update_response.error);
478 EXPECT_EQ(0U, update_response.output.available_read());
479
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]480 FinishOperationRequest finish_request;
481 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]482 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]483 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]484 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]485 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]486
487 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
488}
489
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]490TEST_F(SigningOperationsTest, DsaSuccess) {
491 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
492
493 BeginOperationRequest begin_request;
494 BeginOperationResponse begin_response;
495 begin_request.SetKeyMaterial(key_blob());
496 begin_request.purpose = KM_PURPOSE_SIGN;
497 AddClientParams(&begin_request.additional_params);
498
499 device.BeginOperation(begin_request, &begin_response);
500 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
501
502 UpdateOperationRequest update_request;
503 UpdateOperationResponse update_response;
504 update_request.op_handle = begin_response.op_handle;
505 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
506 EXPECT_EQ(48U, update_request.input.available_read());
507
508 device.UpdateOperation(update_request, &update_response);
509 ASSERT_EQ(KM_ERROR_OK, update_response.error);
510 EXPECT_EQ(0U, update_response.output.available_read());
511
512 FinishOperationRequest finish_request;
513 finish_request.op_handle = begin_response.op_handle;
514 FinishOperationResponse finish_response;
515 device.FinishOperation(finish_request, &finish_response);
516 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
517 EXPECT_GT(finish_response.output.available_read(), 0U);
518
519 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
520}
521
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]522TEST_F(SigningOperationsTest, EcdsaSuccess) {
523 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
524
525 BeginOperationRequest begin_request;
526 BeginOperationResponse begin_response;
527 begin_request.SetKeyMaterial(key_blob());
528 begin_request.purpose = KM_PURPOSE_SIGN;
529 AddClientParams(&begin_request.additional_params);
530
531 device.BeginOperation(begin_request, &begin_response);
532 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
533
534 UpdateOperationRequest update_request;
535 UpdateOperationResponse update_response;
536 update_request.op_handle = begin_response.op_handle;
537 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
538 EXPECT_EQ(48U, update_request.input.available_read());
539
540 device.UpdateOperation(update_request, &update_response);
541 ASSERT_EQ(KM_ERROR_OK, update_response.error);
542 EXPECT_EQ(0U, update_response.output.available_read());
543
544 FinishOperationRequest finish_request;
545 finish_request.op_handle = begin_response.op_handle;
546 FinishOperationResponse finish_response;
547 device.FinishOperation(finish_request, &finish_response);
548 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
549 EXPECT_GT(finish_response.output.available_read(), 0U);
550
551 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
552}
553
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]554TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]555 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]556
557 BeginOperationRequest begin_request;
558 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]559 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]560 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]561 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]562
563 device.BeginOperation(begin_request, &begin_response);
564 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
565
566 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
567
568 // Another abort should fail
569 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
570}
571
572TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]573 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]574
575 BeginOperationRequest begin_request;
576 BeginOperationResponse begin_response;
577 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]578 begin_request.SetKeyMaterial(key_blob());
579 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]580
581 device.BeginOperation(begin_request, &begin_response);
582 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
583
584 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
585}
586
587TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]588 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]589
590 BeginOperationRequest begin_request;
591 BeginOperationResponse begin_response;
592 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]593 begin_request.SetKeyMaterial(key_blob());
594 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]595
596 device.BeginOperation(begin_request, &begin_response);
597 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
598
599 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
600}
601
602TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]603 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
604 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]605
606 BeginOperationRequest begin_request;
607 BeginOperationResponse begin_response;
608 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]609 begin_request.SetKeyMaterial(key_blob());
610 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]611
612 device.BeginOperation(begin_request, &begin_response);
613 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
614
615 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
616}
617
618TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]619 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
620 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]621
622 BeginOperationRequest begin_request;
623 BeginOperationResponse begin_response;
624 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]625 begin_request.SetKeyMaterial(key_blob());
626 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]627
628 device.BeginOperation(begin_request, &begin_response);
629 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
630
631 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
632}
633
634TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]635 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]636
637 BeginOperationRequest begin_request;
638 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]639 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]640 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]641 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]642
643 device.BeginOperation(begin_request, &begin_response);
644 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
645
646 UpdateOperationRequest update_request;
647 UpdateOperationResponse update_response;
648 update_request.op_handle = begin_response.op_handle;
649 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
650 EXPECT_EQ(31U, update_request.input.available_read());
651
652 device.UpdateOperation(update_request, &update_response);
653 ASSERT_EQ(KM_ERROR_OK, update_response.error);
654 EXPECT_EQ(0U, update_response.output.available_read());
655
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]656 FinishOperationRequest finish_request;
657 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]658 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]659 device.FinishOperation(finish_request, &finish_response);
Shawn Willden00aa7942014-09-10 07:57:43 -0600[diff] [blame^]660 ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]661 EXPECT_EQ(0U, finish_response.output.available_read());
662
663 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
664}
665
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]666typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]667TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]668 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
669 const char message[] = "12345678901234567890123456789012";
670 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]671 ASSERT_TRUE(signature() != NULL);
672
673 BeginOperationRequest begin_request;
674 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]675 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]676 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]677 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]678
679 device.BeginOperation(begin_request, &begin_response);
680 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
681
682 UpdateOperationRequest update_request;
683 UpdateOperationResponse update_response;
684 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]685 update_request.input.Reinitialize(message, array_size(message) - 1);
686 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]687
688 device.UpdateOperation(update_request, &update_response);
689 ASSERT_EQ(KM_ERROR_OK, update_response.error);
690 EXPECT_EQ(0U, update_response.output.available_read());
691
692 FinishOperationRequest finish_request;
693 finish_request.op_handle = begin_response.op_handle;
694 finish_request.signature.Reinitialize(*signature());
695 FinishOperationResponse finish_response;
696 device.FinishOperation(finish_request, &finish_response);
697 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]698 EXPECT_EQ(0U, finish_response.output.available_read());
699
700 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
701}
702
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]703TEST_F(VerificationOperationsTest, DsaSuccess) {
704 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
705 const char message[] = "123456789012345678901234567890123456789012345678";
706 SignMessage(message, array_size(message) - 1);
707 ASSERT_TRUE(signature() != NULL);
708
709 BeginOperationRequest begin_request;
710 BeginOperationResponse begin_response;
711 begin_request.SetKeyMaterial(key_blob());
712 begin_request.purpose = KM_PURPOSE_VERIFY;
713 AddClientParams(&begin_request.additional_params);
714
715 device.BeginOperation(begin_request, &begin_response);
716 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
717
718 UpdateOperationRequest update_request;
719 UpdateOperationResponse update_response;
720 update_request.op_handle = begin_response.op_handle;
721 update_request.input.Reinitialize(message, array_size(message) - 1);
722 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
723
724 device.UpdateOperation(update_request, &update_response);
725 ASSERT_EQ(KM_ERROR_OK, update_response.error);
726 EXPECT_EQ(0U, update_response.output.available_read());
727
728 FinishOperationRequest finish_request;
729 finish_request.op_handle = begin_response.op_handle;
730 finish_request.signature.Reinitialize(*signature());
731 FinishOperationResponse finish_response;
732 device.FinishOperation(finish_request, &finish_response);
733 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
734 EXPECT_EQ(0U, finish_response.output.available_read());
735
736 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
737}
738
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]739TEST_F(VerificationOperationsTest, EcdsaSuccess) {
740 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
741 const char message[] = "123456789012345678901234567890123456789012345678";
742 SignMessage(message, array_size(message) - 1);
743 ASSERT_TRUE(signature() != NULL);
744
745 BeginOperationRequest begin_request;
746 BeginOperationResponse begin_response;
747 begin_request.SetKeyMaterial(key_blob());
748 begin_request.purpose = KM_PURPOSE_VERIFY;
749 AddClientParams(&begin_request.additional_params);
750
751 device.BeginOperation(begin_request, &begin_response);
752 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
753
754 UpdateOperationRequest update_request;
755 UpdateOperationResponse update_response;
756 update_request.op_handle = begin_response.op_handle;
757 update_request.input.Reinitialize(message, array_size(message) - 1);
758 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
759
760 device.UpdateOperation(update_request, &update_response);
761 ASSERT_EQ(KM_ERROR_OK, update_response.error);
762 EXPECT_EQ(0U, update_response.output.available_read());
763
764 FinishOperationRequest finish_request;
765 finish_request.op_handle = begin_response.op_handle;
766 finish_request.signature.Reinitialize(*signature());
767 FinishOperationResponse finish_response;
768 device.FinishOperation(finish_request, &finish_response);
769 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
770 EXPECT_EQ(0U, finish_response.output.available_read());
771
772 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
773}
774
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]775typedef SigningOperationsTest ExportKeyTest;
776TEST_F(ExportKeyTest, RsaSuccess) {
777 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]778
779 ExportKeyRequest request;
780 ExportKeyResponse response;
781 AddClientParams(&request.additional_params);
782 request.key_format = KM_KEY_FORMAT_X509;
783 request.SetKeyMaterial(key_blob());
784
785 device.ExportKey(request, &response);
786 ASSERT_EQ(KM_ERROR_OK, response.error);
787 EXPECT_TRUE(response.key_data != NULL);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]788
789 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]790}
791
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]792TEST_F(ExportKeyTest, DsaSuccess) {
793 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 1024 /* key size */);
794
795 ExportKeyRequest request;
796 ExportKeyResponse response;
797 AddClientParams(&request.additional_params);
798 request.key_format = KM_KEY_FORMAT_X509;
799 request.SetKeyMaterial(key_blob());
800
801 device.ExportKey(request, &response);
802 ASSERT_EQ(KM_ERROR_OK, response.error);
803 EXPECT_TRUE(response.key_data != NULL);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]804
805 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]806}
807
808TEST_F(ExportKeyTest, EcdsaSuccess) {
809 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
810
811 ExportKeyRequest request;
812 ExportKeyResponse response;
813 AddClientParams(&request.additional_params);
814 request.key_format = KM_KEY_FORMAT_X509;
815 request.SetKeyMaterial(key_blob());
816
817 device.ExportKey(request, &response);
818 ASSERT_EQ(KM_ERROR_OK, response.error);
819 EXPECT_TRUE(response.key_data != NULL);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]820
821 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]822}
823
824TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
825 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
826
827 ExportKeyRequest request;
828 ExportKeyResponse response;
829 AddClientParams(&request.additional_params);
830
831 /* We have no other defined export formats defined. */
832 request.key_format = KM_KEY_FORMAT_PKCS8;
833 request.SetKeyMaterial(key_blob());
834
835 device.ExportKey(request, &response);
836 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, response.error);
837 EXPECT_TRUE(response.key_data == NULL);
838}
839
840TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
841 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
842
843 ExportKeyRequest request;
844 ExportKeyResponse response;
845 AddClientParams(&request.additional_params);
846 request.key_format = KM_KEY_FORMAT_X509;
847 request.SetKeyMaterial(corrupt_key_blob());
848
849 device.ExportKey(request, &response);
850 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, response.error);
851 ASSERT_TRUE(response.key_data == NULL);
852}
853
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]854static string read_file(const string& file_name) {
855 ifstream file_stream(file_name, std::ios::binary);
856 istreambuf_iterator<char> file_begin(file_stream);
857 istreambuf_iterator<char> file_end;
858 return string(file_begin, file_end);
859}
860
861typedef SigningOperationsTest ImportKeyTest;
862TEST_F(ImportKeyTest, RsaSuccess) {
863 keymaster_key_param_t params[] = {
864 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
865 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
866 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
867 Authorization(TAG_PADDING, KM_PAD_NONE),
868 Authorization(TAG_USER_ID, 7),
869 Authorization(TAG_USER_AUTH_ID, 8),
870 Authorization(TAG_APPLICATION_ID, "app_id", 6),
871 Authorization(TAG_AUTH_TIMEOUT, 300),
872 };
873
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]874 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]875 ASSERT_EQ(633U, pk8_key.size());
876
877 ImportKeyRequest import_request;
878 import_request.key_description.Reinitialize(params, array_length(params));
879 import_request.key_format = KM_KEY_FORMAT_PKCS8;
880 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
881
882 ImportKeyResponse import_response;
883 device.ImportKey(import_request, &import_response);
884 ASSERT_EQ(KM_ERROR_OK, import_response.error);
885 EXPECT_EQ(0U, import_response.enforced.size());
886 EXPECT_GT(import_response.unenforced.size(), 0U);
887
888 // Check values derived from the key.
889 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
890 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
891 EXPECT_TRUE(contains(import_response.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537U));
892
893 // And values provided by GoogleKeymaster
894 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
895 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
896
897 size_t message_len = 1024 / 8;
898 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
899 std::fill(message.get(), message.get() + message_len, 'a');
900 SignMessage(import_response.key_blob, message.get(), message_len);
901 ASSERT_TRUE(signature() != NULL);
902
903 BeginOperationRequest begin_request;
904 BeginOperationResponse begin_response;
905 begin_request.SetKeyMaterial(import_response.key_blob);
906 begin_request.purpose = KM_PURPOSE_VERIFY;
907 AddClientParams(&begin_request.additional_params);
908
909 device.BeginOperation(begin_request, &begin_response);
910 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
911
912 UpdateOperationRequest update_request;
913 UpdateOperationResponse update_response;
914 update_request.op_handle = begin_response.op_handle;
915 update_request.input.Reinitialize(message.get(), message_len);
916 EXPECT_EQ(message_len, update_request.input.available_read());
917
918 device.UpdateOperation(update_request, &update_response);
919 ASSERT_EQ(KM_ERROR_OK, update_response.error);
920 EXPECT_EQ(0U, update_response.output.available_read());
921
922 FinishOperationRequest finish_request;
923 finish_request.op_handle = begin_response.op_handle;
924 finish_request.signature.Reinitialize(*signature());
925 FinishOperationResponse finish_response;
926 device.FinishOperation(finish_request, &finish_response);
927 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
928 EXPECT_EQ(0U, finish_response.output.available_read());
929
930 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
931}
932
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]933TEST_F(ImportKeyTest, DsaSuccess) {
934 keymaster_key_param_t params[] = {
935 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
936 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
937 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
938 Authorization(TAG_PADDING, KM_PAD_NONE),
939 Authorization(TAG_USER_ID, 7),
940 Authorization(TAG_USER_AUTH_ID, 8),
941 Authorization(TAG_APPLICATION_ID, "app_id", 6),
942 Authorization(TAG_AUTH_TIMEOUT, 300),
943 };
944
945 string pk8_key = read_file("dsa_privkey_pk8.der");
946 ASSERT_EQ(335U, pk8_key.size());
947
948 ImportKeyRequest import_request;
949 import_request.key_description.Reinitialize(params, array_length(params));
950 import_request.key_format = KM_KEY_FORMAT_PKCS8;
951 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
952
953 ImportKeyResponse import_response;
954 device.ImportKey(import_request, &import_response);
955 ASSERT_EQ(KM_ERROR_OK, import_response.error);
956 EXPECT_EQ(0U, import_response.enforced.size());
957 EXPECT_GT(import_response.unenforced.size(), 0U);
958
959 // Check values derived from the key.
960 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
961 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
962
963 // And values provided by GoogleKeymaster
964 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
965 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
966
967 size_t message_len = 48;
968 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
969 std::fill(message.get(), message.get() + message_len, 'a');
970 SignMessage(import_response.key_blob, message.get(), message_len);
971 ASSERT_TRUE(signature() != NULL);
972
973 BeginOperationRequest begin_request;
974 BeginOperationResponse begin_response;
975 begin_request.SetKeyMaterial(import_response.key_blob);
976 begin_request.purpose = KM_PURPOSE_VERIFY;
977 AddClientParams(&begin_request.additional_params);
978
979 device.BeginOperation(begin_request, &begin_response);
980 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
981
982 UpdateOperationRequest update_request;
983 UpdateOperationResponse update_response;
984 update_request.op_handle = begin_response.op_handle;
985 update_request.input.Reinitialize(message.get(), message_len);
986 EXPECT_EQ(message_len, update_request.input.available_read());
987
988 device.UpdateOperation(update_request, &update_response);
989 ASSERT_EQ(KM_ERROR_OK, update_response.error);
990 EXPECT_EQ(0U, update_response.output.available_read());
991
992 FinishOperationRequest finish_request;
993 finish_request.op_handle = begin_response.op_handle;
994 finish_request.signature.Reinitialize(*signature());
995 FinishOperationResponse finish_response;
996 device.FinishOperation(finish_request, &finish_response);
997 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
998 EXPECT_EQ(0U, finish_response.output.available_read());
999
1000 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
1001}
1002
1003TEST_F(ImportKeyTest, EcdsaSuccess) {
1004 keymaster_key_param_t params[] = {
1005 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
1006 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
1007 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
1008 Authorization(TAG_PADDING, KM_PAD_NONE),
1009 Authorization(TAG_USER_ID, 7),
1010 Authorization(TAG_USER_AUTH_ID, 8),
1011 Authorization(TAG_APPLICATION_ID, "app_id", 6),
1012 Authorization(TAG_AUTH_TIMEOUT, 300),
1013 };
1014
1015 string pk8_key = read_file("ec_privkey_pk8.der");
1016 ASSERT_EQ(138U, pk8_key.size());
1017
1018 ImportKeyRequest import_request;
1019 import_request.key_description.Reinitialize(params, array_length(params));
1020 import_request.key_format = KM_KEY_FORMAT_PKCS8;
1021 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
1022
1023 ImportKeyResponse import_response;
1024 device.ImportKey(import_request, &import_response);
1025 ASSERT_EQ(KM_ERROR_OK, import_response.error);
1026 EXPECT_EQ(0U, import_response.enforced.size());
1027 EXPECT_GT(import_response.unenforced.size(), 0U);
1028
1029 // Check values derived from the key.
1030 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
1031 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 256));
1032
1033 // And values provided by GoogleKeymaster
1034 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1035 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
1036
1037 size_t message_len = 1024 / 8;
1038 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
1039 std::fill(message.get(), message.get() + message_len, 'a');
1040 SignMessage(import_response.key_blob, message.get(), message_len);
1041 ASSERT_TRUE(signature() != NULL);
1042
1043 BeginOperationRequest begin_request;
1044 BeginOperationResponse begin_response;
1045 begin_request.SetKeyMaterial(import_response.key_blob);
1046 begin_request.purpose = KM_PURPOSE_VERIFY;
1047 AddClientParams(&begin_request.additional_params);
1048
1049 device.BeginOperation(begin_request, &begin_response);
1050 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
1051
1052 UpdateOperationRequest update_request;
1053 UpdateOperationResponse update_response;
1054 update_request.op_handle = begin_response.op_handle;
1055 update_request.input.Reinitialize(message.get(), message_len);
1056 EXPECT_EQ(message_len, update_request.input.available_read());
1057
1058 device.UpdateOperation(update_request, &update_response);
1059 ASSERT_EQ(KM_ERROR_OK, update_response.error);
1060 EXPECT_EQ(0U, update_response.output.available_read());
1061
1062 FinishOperationRequest finish_request;
1063 finish_request.op_handle = begin_response.op_handle;
1064 finish_request.signature.Reinitialize(*signature());
1065 FinishOperationResponse finish_response;
1066 device.FinishOperation(finish_request, &finish_response);
1067 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
1068 EXPECT_EQ(0U, finish_response.output.available_read());
1069
1070 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
1071}
1072
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1073} // namespace test
1074} // namespace keymaster