Blame - android_keymaster_test.cpp - fp2-dev/platform/system/keymaster

2014-08-06 12:31:33 -0600

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

17

#include <fstream>

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

18

#include <string>

19

#include <vector>

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

20

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

21

#include <hardware/keymaster0.h>

Shawn Willden

b751033

2015-02-06 19:58:29 -0700

[diff] [blame]

22

#include <keymaster/soft_keymaster_device.h>

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

23

#include <keymaster/softkeymaster.h>

Shawn Willden

98d9b92

2014-08-26 08:14:10 -0600

[diff] [blame]

24

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

25

#include "android_keymaster_test_utils.h"

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

26

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

27

using std::ifstream;

28

using std::istreambuf_iterator;

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

29

using std::string;

30

using std::vector;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

31

using std::unique_ptr;

32

33

extern "C" {

34

int __android_log_print(int prio, const char* tag, const char* fmt);

35

int __android_log_print(int prio, const char* tag, const char* fmt) {

Chad Brubaker

3e37f0a

2015-06-03 10:39:00 -0700

[diff] [blame]

36

(void)prio, (void)tag, (void)fmt;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

37

return 0;

38

}

39

} // extern "C"

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

40

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

41

namespace keymaster {

42

namespace test {

43

Shawn Willden

567a4a0

2014-12-31 12:14:46 -0700

[diff] [blame]

44

StdoutLogger logger;

45

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

46

class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {

47

public:

48

keymaster1_device_t* CreateDevice() const override {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

49

std::cerr << "Creating software-only device" << std::endl;

Shawn Willden

95dda36

2015-02-27 10:58:37 -0700

[diff] [blame]

50

SoftKeymasterDevice* device = new SoftKeymasterDevice;

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

51

return device->keymaster_device();

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

52

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

53

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

54

bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

55

int keymaster0_calls() const override { return 0; }

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

56

};

57

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

58

class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {

59

public:

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

60

Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}

61

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

62

keymaster1_device_t* CreateDevice() const {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

63

std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_

64

<< ")." << std::endl;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

65

hw_device_t* softkeymaster_device;

66

EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,

67

&softkeymaster_device));

68

// Make the software device pretend to be hardware

69

keymaster0_device_t* keymaster0_device =

70

reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

71

keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;

72

73

if (!support_ec_) {

74

// Make the software device pretend not to support EC

75

keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;

76

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

77

78

counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);

79

80

SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);

81

return keymaster->keymaster_device();

82

}

83

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

84

bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {

85

switch (algorithm) {

86

case KM_ALGORITHM_RSA:

87

return true;

88

case KM_ALGORITHM_EC:

return support_ec_;

default:

return false;

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

93

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

94

int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }

95

96

private:

97

mutable Keymaster0CountingWrapper* counting_keymaster0_device_;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

98

bool support_ec_;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

99

};

100

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

101

static auto test_params = testing::Values(

102

InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),

103

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

104

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

105

106

typedef Keymaster1Test CheckSupported;

107

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);

108

109

TEST_P(CheckSupported, SupportedAlgorithms) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

110

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

111

device()->get_supported_algorithms(device(), NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

112

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

113

size_t len;

114

keymaster_algorithm_t* algorithms;

115

EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));

Shawn Willden

a278f61

2014-12-23 11:22:21 -0700

[diff] [blame]

116

EXPECT_TRUE(ResponseContains(

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

117

{KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

118

free(algorithms);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

119

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

120

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

121

}

122

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

123

TEST_P(CheckSupported, SupportedBlockModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

124

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

125

device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

126

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

127

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

128

size_t len;

129

keymaster_block_mode_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

130

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

131

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

132

EXPECT_EQ(0U, len);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

133

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

134

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

135

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

136

device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

137

&modes, &len));

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

138

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

139

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

140

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

141

EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

142

free(modes);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

143

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

144

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

145

}

146

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

147

TEST_P(CheckSupported, SupportedPaddingModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

148

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

149

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

150

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

151

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

152

size_t len;

153

keymaster_padding_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

154

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

155

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

156

EXPECT_TRUE(

157

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

158

free(modes);

159

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

160

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

161

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

162

EXPECT_TRUE(

163

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

164

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

165

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

166

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

167

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

168

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

169

free(modes);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

170

171

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

172

device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,

173

&modes, &len));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

174

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

175

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

176

}

177

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

178

TEST_P(CheckSupported, SupportedDigests) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

179

EXPECT_EQ(

180

KM_ERROR_OUTPUT_PARAMETER_NULL,

181

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

182

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

183

size_t len;

184

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

185

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

186

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

187

EXPECT_TRUE(

188

ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,

189

KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},

190

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

191

free(digests);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

192

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

193

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

194

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

195

EXPECT_TRUE(

196

ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,

197

KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},

198

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

199

free(digests);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

200

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

201

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

202

device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,

203

&len));

204

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

205

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

206

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

207

EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,

208

KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},

209

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

210

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

211

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

212

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

213

}

214

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

215

TEST_P(CheckSupported, SupportedImportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

216

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

217

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

218

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

219

size_t len;

220

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

221

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

222

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

223

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

224

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

225

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

226

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

227

device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));

228

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

229

free(formats);

230

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

231

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

232

device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

233

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

234

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

235

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

236

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

237

}

238

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

239

TEST_P(CheckSupported, SupportedExportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

240

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

241

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

242

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

243

size_t len;

244

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

245

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

246

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

247

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

248

free(formats);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

249

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

250

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

251

device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

252

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

253

free(formats);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

254

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

255

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

256

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

257

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

258

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

259

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

260

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

261

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

262

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

263

free(formats);

264

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

265

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

266

device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

267

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

268

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

269

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

270

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

271

}

272

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

273

class NewKeyGeneration : public Keymaster1Test {

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

274

protected:

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

275

void CheckBaseParams() {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

276

AuthorizationSet auths = sw_enforced();

277

EXPECT_GT(auths.SerializedSize(), 12U);

278

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

279

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));

280

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));

281

EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));

Shawn Willden

eb63b97

2015-03-14 08:01:12 -0600

[diff] [blame]

282

EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

283

EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

284

285

// Verify that App ID, App data and ROT are NOT included.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

286

EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));

287

EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));

288

EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

289

290

// Just for giggles, check that some unexpected tags/values are NOT present.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

291

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));

292

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));

293

EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

294

295

// Now check that unspecified, defaulted tags are correct.

Shawn Willden

0b2d333

2015-04-07 17:46:18 -0600

[diff] [blame]

296

EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

297

EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

298

}

Shawn Willden

2079ae8

2015-01-22 13:42:31 -0700

[diff] [blame]

299

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

300

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);

301

302

TEST_P(NewKeyGeneration, Rsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

303

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

304

.RsaSigningKey(256, 3)

305

.Digest(KM_DIGEST_NONE)

306

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

307

CheckBaseParams();

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

308

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

309

// Check specified tags are all present, and in the right set.

310

AuthorizationSet crypto_params;

311

AuthorizationSet non_crypto_params;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

312

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

313

EXPECT_NE(0U, hw_enforced().size());

314

EXPECT_NE(0U, sw_enforced().size());

315

crypto_params.push_back(hw_enforced());

316

non_crypto_params.push_back(sw_enforced());

317

} else {

318

EXPECT_EQ(0U, hw_enforced().size());

319

EXPECT_NE(0U, sw_enforced().size());

320

crypto_params.push_back(sw_enforced());

321

}

322

323

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

324

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

325

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));

326

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));

327

EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

328

EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

329

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

330

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

331

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

332

}

333

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

334

TEST_P(NewKeyGeneration, RsaDefaultSize) {

Shawn Willden

3b4e165

2015-02-27 13:33:01 -0700

[diff] [blame]

335

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

336

GenerateKey(AuthorizationSetBuilder()

337

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)

338

.Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)

339

.SigningKey()));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

340

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

341

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

342

}

343

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

344

TEST_P(NewKeyGeneration, Ecdsa) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

345

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

346

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

347

CheckBaseParams();

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

348

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

349

// Check specified tags are all present, and in the right set.

350

AuthorizationSet crypto_params;

351

AuthorizationSet non_crypto_params;

352

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {

353

EXPECT_NE(0U, hw_enforced().size());

354

EXPECT_NE(0U, sw_enforced().size());

355

crypto_params.push_back(hw_enforced());

356

non_crypto_params.push_back(sw_enforced());

357

} else {

358

EXPECT_EQ(0U, hw_enforced().size());

359

EXPECT_NE(0U, sw_enforced().size());

360

crypto_params.push_back(sw_enforced());

361

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

362

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

363

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

364

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

365

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));

366

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));

367

368

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

369

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

370

}

371

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

372

TEST_P(NewKeyGeneration, EcdsaDefaultSize) {

Shawn Willden

4f83b89

2015-05-26 12:52:54 -0600

[diff] [blame]

373

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

374

GenerateKey(AuthorizationSetBuilder()

375

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)

376

.SigningKey()

377

.Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

378

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

379

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

380

}

381

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

382

TEST_P(NewKeyGeneration, EcdsaInvalidSize) {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

383

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

384

ASSERT_EQ(

385

KM_ERROR_UNKNOWN_ERROR,

386

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

387

else

388

ASSERT_EQ(

389

KM_ERROR_UNSUPPORTED_KEY_SIZE,

390

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

391

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

392

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

393

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

394

}

395

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

396

TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {

Shawn Willden

8c856c8

2014-09-26 09:34:36 -0600

[diff] [blame]

397

size_t valid_sizes[] = {224, 256, 384, 521};

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

398

for (size_t size : valid_sizes) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

399

EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(

400

KM_DIGEST_NONE)))

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

401

<< "Failed to generate size: " << size;

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

402

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

403

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

404

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

405

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

406

}

407

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

408

TEST_P(NewKeyGeneration, HmacSha256) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

409

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

410

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

411

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

412

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

413

}

414

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

415

typedef Keymaster1Test GetKeyCharacteristics;

416

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);

417

418

TEST_P(GetKeyCharacteristics, SimpleRsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

419

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

420

.RsaSigningKey(256, 3)

421

.Digest(KM_DIGEST_NONE)

422

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

423

AuthorizationSet original(sw_enforced());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

424

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

425

ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());

426

EXPECT_EQ(original, sw_enforced());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

427

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

428

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

429

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

430

}

431

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

432

typedef Keymaster1Test SigningOperationsTest;

433

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);

434

435

TEST_P(SigningOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

436

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

437

.RsaSigningKey(256, 3)

438

.Digest(KM_DIGEST_NONE)

439

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

440

string message = "12345678901234567890123456789012";

441

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

442

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

443

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

444

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

445

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

446

}

447

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

448

TEST_P(SigningOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

449

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

450

.RsaSigningKey(512, 3)

451

.Digest(KM_DIGEST_SHA_2_256)

452

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

453

// Use large message, which won't work without digesting.

454

string message(1024, 'a');

455

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

456

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

457

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

458

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

459

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

460

}

461

Shawn Willden

bfd9ed7

2015-06-11 10:51:12 -0600

[diff] [blame]

462

TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {

463

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

464

.RsaSigningKey(512, 3)

465

.Digest(KM_DIGEST_NONE)

466

.Padding(KM_PAD_NONE)));

467

string message = "12345678901234567890123456789012";

468

string signature;

469

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

470

471

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

472

EXPECT_EQ(3, GetParam()->keymaster0_calls());

473

}

474

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

475

TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

476

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

477

.RsaSigningKey(512, 3)

478

.Digest(KM_DIGEST_SHA_2_256)

479

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

480

string message(1024, 'a');

481

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

482

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

483

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

484

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

485

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

486

}

487

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

488

TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {

489

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

490

.RsaSigningKey(512, 3)

491

.Digest(KM_DIGEST_NONE)

492

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

493

string message(53, 'a');

494

string signature;

495

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);

496

497

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

498

EXPECT_EQ(3, GetParam()->keymaster0_calls());

499

}

500

501

TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {

502

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

503

.RsaSigningKey(512, 3)

504

.Digest(KM_DIGEST_NONE)

505

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

506

string message(54, 'a');

507

508

AuthorizationSet begin_params(client_params());

509

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

510

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

511

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

512

string result;

513

size_t input_consumed;

514

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

515

string signature;

516

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));

517

518

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

519

EXPECT_EQ(2, GetParam()->keymaster0_calls());

520

}

521

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

522

TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

523

// Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so

524

// verify that nine bytes larger than hash won't work.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

525

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

526

.RsaSigningKey(256 + 9 * 8, 3)

527

.Digest(KM_DIGEST_SHA_2_256)

528

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

529

string message(1024, 'a');

530

string signature;

531

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

532

AuthorizationSet begin_params(client_params());

533

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

534

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

535

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

536

}

537

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

538

TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {

539

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

540

.RsaSigningKey(256, 3)

541

.Digest(KM_DIGEST_NONE)

542

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

543

string message(64 * 1024, 'a');

544

string signature;

545

AuthorizationSet begin_params(client_params());

546

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

547

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

548

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

549

string result;

550

size_t input_consumed;

551

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));

552

553

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

554

EXPECT_EQ(2, GetParam()->keymaster0_calls());

555

}

556

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

557

TEST_P(SigningOperationsTest, RsaAbort) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

558

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

559

.RsaSigningKey(256, 3)

560

.Digest(KM_DIGEST_NONE)

561

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

562

AuthorizationSet begin_params(client_params());

563

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

564

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

565

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

566

EXPECT_EQ(KM_ERROR_OK, AbortOperation());

567

// Another abort should fail

568

EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

569

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

570

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

571

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

572

}

573

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

574

TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

575

GenerateKey(AuthorizationSetBuilder()

576

.RsaSigningKey(256, 3)

577

.Digest(KM_DIGEST_SHA_2_256 /* supported digest */)

578

.Padding(KM_PAD_PKCS7));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

579

AuthorizationSet begin_params(client_params());

580

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

581

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

582

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

583

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

584

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

585

}

586

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

587

TEST_P(SigningOperationsTest, RsaNoDigest) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

588

// PSS requires a digest.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

589

GenerateKey(AuthorizationSetBuilder()

590

.RsaSigningKey(256, 3)

591

.Digest(KM_DIGEST_NONE)

592

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

593

AuthorizationSet begin_params(client_params());

594

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

595

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

596

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

597

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

598

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

599

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

600

}

601

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

602

TEST_P(SigningOperationsTest, RsaNoPadding) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

603

// Padding must be specified

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

604

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(

605

KM_DIGEST_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

606

AuthorizationSet begin_params(client_params());

607

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

608

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

609

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

610

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

611

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

612

}

613

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

614

TEST_P(SigningOperationsTest, RsaTooShortMessage) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

615

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

616

.RsaSigningKey(256, 3)

617

.Digest(KM_DIGEST_NONE)

618

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

619

AuthorizationSet begin_params(client_params());

620

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

621

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

622

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

623

624

string message = "1234567890123456789012345678901";

625

string result;

626

size_t input_consumed;

627

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

628

EXPECT_EQ(0U, result.size());

629

EXPECT_EQ(31U, input_consumed);

630

631

string signature;

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

632

ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

633

EXPECT_EQ(0U, signature.length());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

634

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

635

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

636

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

637

}

638

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

639

TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

640

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

641

.RsaEncryptionKey(256, 3)

642

.Digest(KM_DIGEST_NONE)

643

.Padding(KM_PAD_NONE)));

644

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

645

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

646

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

647

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

648

}

649

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

650

TEST_P(SigningOperationsTest, EcdsaSuccess) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

651

ASSERT_EQ(KM_ERROR_OK,

652

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

653

string message(224 / 8, 'a');

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

654

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

655

SignMessage(message, &signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

656

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

657

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

658

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

659

}

660

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

661

TEST_P(SigningOperationsTest, EcdsaSha256Success) {

662

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(

663

KM_DIGEST_SHA_2_256)));

664

string message(1024, 'a');

665

string signature;

666

SignMessage(message, &signature, KM_DIGEST_SHA_2_256);

667

668

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

669

EXPECT_EQ(3, GetParam()->keymaster0_calls());

670

}

671

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

672

TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {

673

ASSERT_EQ(KM_ERROR_OK,

674

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

675

string message(64 * 1024, 'a');

676

string signature;

677

AuthorizationSet begin_params(client_params());

678

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

679

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

680

string result;

681

size_t input_consumed;

682

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));

683

684

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

685

EXPECT_EQ(2, GetParam()->keymaster0_calls());

686

}

687

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

688

TEST_P(SigningOperationsTest, AesEcbSign) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

689

ASSERT_EQ(KM_ERROR_OK,

690

GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(

691

TAG_BLOCK_MODE, KM_MODE_ECB)));

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

692

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

693

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

694

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

695

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

696

}

697

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

698

TEST_P(SigningOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

699

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

700

string message = "12345678901234567890123456789012";

701

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

702

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

703

ASSERT_EQ(20U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

704

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

705

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

706

}

707

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

708

TEST_P(SigningOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

709

ASSERT_EQ(KM_ERROR_OK,

710

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

711

string message = "12345678901234567890123456789012";

712

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

713

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

714

ASSERT_EQ(28U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

715

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

716

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

717

}

718

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

719

TEST_P(SigningOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

720

ASSERT_EQ(KM_ERROR_OK,

721

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

722

string message = "12345678901234567890123456789012";

723

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

724

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

725

ASSERT_EQ(32U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

726

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

727

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

728

}

729

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

730

TEST_P(SigningOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

731

ASSERT_EQ(KM_ERROR_OK,

732

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));

733

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

734

string message = "12345678901234567890123456789012";

735

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

736

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

737

ASSERT_EQ(48U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

738

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

739

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

740

}

741

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

742

TEST_P(SigningOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

743

ASSERT_EQ(KM_ERROR_OK,

744

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

745

string message = "12345678901234567890123456789012";

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

746

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

747

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

748

ASSERT_EQ(64U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

749

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

750

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

751

}

752

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

753

TEST_P(SigningOperationsTest, HmacLengthInKey) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

754

// TODO(swillden): unified API should generate an error on key generation.

755

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

756

.HmacKey(128)

757

.Digest(KM_DIGEST_SHA_2_256)

758

.Authorization(TAG_MAC_LENGTH, 20)));

759

string message = "12345678901234567890123456789012";

760

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

761

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

762

// Size in key was ignored.

763

ASSERT_EQ(30U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

764

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

765

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

766

}

767

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

768

TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

769

uint8_t key_data[] = {

770

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

771

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

772

};

773

string message = "Hi There";

774

uint8_t sha_224_expected[] = {

775

0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,

776

0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,

777

};

778

uint8_t sha_256_expected[] = {

779

0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,

780

0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,

781

0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,

782

};

783

uint8_t sha_384_expected[] = {

784

0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,

785

0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,

786

0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,

787

0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,

788

};

789

uint8_t sha_512_expected[] = {

790

0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,

791

0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,

792

0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,

793

0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,

794

0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,

795

};

796

797

string key = make_string(key_data);

798

799

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

800

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

801

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

802

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

803

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

804

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

805

}

806

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

807

TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

808

string key = "Jefe";

809

string message = "what do ya want for nothing?";

810

uint8_t sha_224_expected[] = {

811

0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,

812

0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,

813

};

814

uint8_t sha_256_expected[] = {

815

0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,

816

0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,

817

0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,

818

};

819

uint8_t sha_384_expected[] = {

820

0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,

821

0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,

822

0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,

823

0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,

824

};

825

uint8_t sha_512_expected[] = {

826

0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,

827

0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,

828

0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,

829

0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,

830

0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,

831

};

832

833

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

834

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

835

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

836

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

837

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

838

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

839

}

840

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

841

TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

842

string key(20, 0xaa);

843

string message(50, 0xdd);

844

uint8_t sha_224_expected[] = {

845

0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,

846

0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,

847

};

848

uint8_t sha_256_expected[] = {

849

0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,

850

0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,

851

0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,

852

};

853

uint8_t sha_384_expected[] = {

854

0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,

855

0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,

856

0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,

857

0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,

858

};

859

uint8_t sha_512_expected[] = {

860

0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,

861

0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,

862

0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,

863

0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,

864

0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,

865

};

866

867

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

868

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

869

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

870

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

871

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

872

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

873

}

874

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

875

TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

876

uint8_t key_data[25] = {

877

0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,

878

0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,

879

};

880

string key = make_string(key_data);

881

string message(50, 0xcd);

882

uint8_t sha_224_expected[] = {

883

0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,

884

0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,

885

};

886

uint8_t sha_256_expected[] = {

887

0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,

888

0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,

889

0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,

890

};

891

uint8_t sha_384_expected[] = {

892

0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,

893

0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,

894

0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,

895

0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,

896

};

897

uint8_t sha_512_expected[] = {

898

0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,

899

0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,

900

0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,

901

0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,

902

0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,

903

};

904

905

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

906

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

907

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

908

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

909

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

910

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

911

}

912

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

913

TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

914

string key(20, 0x0c);

915

string message = "Test With Truncation";

916

917

uint8_t sha_224_expected[] = {

918

0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,

919

0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,

920

};

921

uint8_t sha_256_expected[] = {

922

0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,

923

0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,

924

};

925

uint8_t sha_384_expected[] = {

926

0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,

927

0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,

928

};

929

uint8_t sha_512_expected[] = {

930

0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,

931

0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,

932

};

933

934

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

935

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

936

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

937

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

938

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

939

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

940

}

941

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

942

TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

943

string key(131, 0xaa);

944

string message = "Test Using Larger Than Block-Size Key - Hash Key First";

945

946

uint8_t sha_224_expected[] = {

947

0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,

948

0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,

949

};

950

uint8_t sha_256_expected[] = {

951

0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,

952

0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,

953

0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,

954

};

955

uint8_t sha_384_expected[] = {

956

0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,

957

0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,

958

0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,

959

0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,

960

};

961

uint8_t sha_512_expected[] = {

962

0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,

963

0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,

964

0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,

965

0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,

966

0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,

967

};

968

969

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

970

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

971

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

972

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

973

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

974

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

975

}

976

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

977

TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

978

string key(131, 0xaa);

979

string message = "This is a test using a larger than block-size key and a larger than "

980

"block-size data. The key needs to be hashed before being used by the HMAC "

981

"algorithm.";

982

983

uint8_t sha_224_expected[] = {

984

0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,

985

0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,

986

};

987

uint8_t sha_256_expected[] = {

988

0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,

989

0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,

990

0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,

991

};

992

uint8_t sha_384_expected[] = {

993

0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,

994

0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,

995

0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,

996

0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,

997

};

998

uint8_t sha_512_expected[] = {

999

0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,

1000

0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,

1001

0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,

1002

0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,

1003

0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,

1004

};

1005

1006

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

1007

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

1008

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

1009

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1010

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1011

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1012

}

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1013

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1014

TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1015

ASSERT_EQ(KM_ERROR_OK,

1016

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

1017

AuthorizationSet begin_params(client_params());

Shawn Willden

0c60f6f

2015-04-27 23:40:10 -0600

[diff] [blame]

1018

begin_params.push_back(TAG_MAC_LENGTH, 264);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1019

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1020

ASSERT_EQ(KM_ERROR_OK,

1021

BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));

1022

string message = "1234567890123456789012345678901";

1023

string result;

1024

size_t input_consumed;

1025

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1026

ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1027

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1028

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1029

}

1030

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1031

// TODO(swillden): Add more verification failure tests.

1032

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1033

typedef Keymaster1Test VerificationOperationsTest;

1034

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);

1035

1036

TEST_P(VerificationOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1037

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1038

.RsaSigningKey(256, 3)

1039

.Digest(KM_DIGEST_NONE)

1040

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1041

string message = "12345678901234567890123456789012";

1042

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1043

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

1044

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1045

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1046

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1047

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

1048

}

1049

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1050

TEST_P(VerificationOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1051

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1052

.RsaSigningKey(512, 3)

1053

.Digest(KM_DIGEST_SHA_2_256)

1054

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1055

// Use large message, which won't work without digesting.

1056

string message(1024, 'a');

1057

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1058

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

1059

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1060

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1061

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1062

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1063

}

1064

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1065

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1066

GenerateKey(AuthorizationSetBuilder()

1067

.RsaSigningKey(512, 3)

1068

.Digest(KM_DIGEST_SHA_2_256)

1069

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1070

string message(1024, 'a');

1071

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1072

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1073

++signature[signature.size() / 2];

1074

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1075

AuthorizationSet begin_params(client_params());

1076

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1077

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1078

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1079

1080

string result;

1081

size_t input_consumed;

1082

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1083

EXPECT_EQ(message.size(), input_consumed);

1084

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1085

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1086

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1087

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1088

}

1089

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1090

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1091

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1092

.RsaSigningKey(512, 3)

1093

.Digest(KM_DIGEST_SHA_2_256)

1094

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1095

// Use large message, which won't work without digesting.

1096

string message(1024, 'a');

1097

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1098

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1099

++message[message.size() / 2];

1100

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1101

AuthorizationSet begin_params(client_params());

1102

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1103

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1104

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1105

1106

string result;

1107

size_t input_consumed;

1108

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1109

EXPECT_EQ(message.size(), input_consumed);

1110

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1111

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1112

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1113

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1114

}

1115

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1116

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1117

GenerateKey(AuthorizationSetBuilder()

1118

.RsaSigningKey(512, 3)

1119

.Digest(KM_DIGEST_SHA_2_256)

1120

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1121

string message(1024, 'a');

1122

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1123

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

1124

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1125

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1126

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1127

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1128

}

1129

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1130

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1131

GenerateKey(AuthorizationSetBuilder()

1132

.RsaSigningKey(512, 3)

1133

.Digest(KM_DIGEST_SHA_2_256)

1134

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1135

string message(1024, 'a');

1136

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1137

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1138

++signature[signature.size() / 2];

1139

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1140

AuthorizationSet begin_params(client_params());

1141

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1142

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1143

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1144

1145

string result;

1146

size_t input_consumed;

1147

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1148

EXPECT_EQ(message.size(), input_consumed);

1149

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1150

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1151

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1152

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1153

}

1154

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1155

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1156

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1157

.RsaSigningKey(512, 3)

1158

.Digest(KM_DIGEST_SHA_2_256)

1159

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1160

// Use large message, which won't work without digesting.

1161

string message(1024, 'a');

1162

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1163

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1164

++message[message.size() / 2];

1165

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1166

AuthorizationSet begin_params(client_params());

1167

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1168

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1169

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1170

1171

string result;

1172

size_t input_consumed;

1173

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1174

EXPECT_EQ(message.size(), input_consumed);

1175

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1176

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1177

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1178

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1179

}

1180

1181

template <typename T> vector<T> make_vector(const T* array, size_t len) {

1182

return vector<T>(array, array + len);

1183

}

1184

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1185

TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1186

// Get all supported digests and padding modes.

1187

size_t digests_len;

1188

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1189

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1190

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,

1191

&digests_len));

1192

1193

size_t padding_modes_len;

1194

keymaster_padding_t* padding_modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1195

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1196

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,

1197

&padding_modes, &padding_modes_len));

1198

1199

// Try them.

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1200

int trial_count = 0;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1201

for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {

1202

for (keymaster_digest_t digest : make_vector(digests, digests_len)) {

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1203

if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)

1204

// Digesting requires padding

1205

continue;

1206

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1207

// Compute key & message size that will work.

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1208

size_t key_bits = 0;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1209

size_t message_len = 1000;

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1210

1211

if (digest == KM_DIGEST_NONE) {

1212

key_bits = 256;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1213

switch (padding_mode) {

1214

case KM_PAD_NONE:

1215

// Match key size.

1216

message_len = key_bits / 8;

1217

break;

1218

case KM_PAD_RSA_PKCS1_1_5_SIGN:

1219

message_len = key_bits / 8 - 11;

1220

break;

1221

case KM_PAD_RSA_PSS:

1222

// PSS requires a digest.

1223

continue;

1224

default:

1225

FAIL() << "Missing padding";

1226

break;

1227

}

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

} else {

size_t digest_bits;

switch (digest) {

case KM_DIGEST_MD5:

digest_bits = 128;

break;

case KM_DIGEST_SHA1:

digest_bits = 160;

break;

case KM_DIGEST_SHA_2_224:

1238

digest_bits = 224;

1239

break;

1240

case KM_DIGEST_SHA_2_256:

1241

digest_bits = 256;

1242

break;

1243

case KM_DIGEST_SHA_2_384:

1244

digest_bits = 384;

1245

break;

1246

case KM_DIGEST_SHA_2_512:

digest_bits = 512;

break;

default:

FAIL() << "Missing digest";

1251

}

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1252

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1253

switch (padding_mode) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1254

case KM_PAD_RSA_PKCS1_1_5_SIGN:

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1255

key_bits = digest_bits + 8 * (11 + 19);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1256

break;

1257

case KM_PAD_RSA_PSS:

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1258

key_bits = digest_bits + 8 * 10;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1259

break;

1260

default:

1261

FAIL() << "Missing padding";

1262

break;

1263

}

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1264

}

1265

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1266

GenerateKey(AuthorizationSetBuilder()

1267

.RsaSigningKey(key_bits, 3)

1268

.Digest(digest)

1269

.Padding(padding_mode));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1270

string message(message_len, 'a');

1271

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1272

SignMessage(message, &signature, digest, padding_mode);

1273

VerifyMessage(message, signature, digest, padding_mode);

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1274

++trial_count;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

}

}

free(padding_modes);

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1280

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1281

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1282

EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1283

}

1284

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1285

TEST_P(VerificationOperationsTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1286

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1287

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

1288

string message = "12345678901234567890123456789012";

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1289

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1290

SignMessage(message, &signature, KM_DIGEST_NONE);

1291

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1292

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1293

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1294

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

5ac2f8f

2014-08-18 15:33:10 -0600

[diff] [blame]

1295

}

1296

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

1297

TEST_P(VerificationOperationsTest, EcdsaSha256Success) {

1298

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1299

.EcdsaSigningKey(256)

1300

.Digest(KM_DIGEST_SHA_2_256)

1301

.Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

1302

string message = "12345678901234567890123456789012";

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

1303

string signature;

1304

SignMessage(message, &signature, KM_DIGEST_SHA_2_256);

1305

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

1306

1307

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1308

EXPECT_EQ(4, GetParam()->keymaster0_calls());

1309

1310

// Just for giggles, try verifying with the wrong digest.

1311

AuthorizationSet begin_params(client_params());

1312

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

1313

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

1314

1315

string result;

1316

size_t input_consumed;

1317

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1318

EXPECT_EQ(message.size(), input_consumed);

1319

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

1320

}

1321

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1322

TEST_P(VerificationOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1323

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1324

string message = "123456789012345678901234567890123456789012345678";

1325

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1326

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

1327

VerifyMessage(message, signature, KM_DIGEST_SHA1);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1328

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1329

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1330

}

1331

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1332

TEST_P(VerificationOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1333

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1334

string message = "123456789012345678901234567890123456789012345678";

1335

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1336

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

1337

VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1338

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1339

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1340

}

1341

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1342

TEST_P(VerificationOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1343

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1344

string message = "123456789012345678901234567890123456789012345678";

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1345

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1346

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

1347

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1348

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1349

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1350

}

1351

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1352

TEST_P(VerificationOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1353

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1354

string message = "123456789012345678901234567890123456789012345678";

1355

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1356

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

1357

VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1358

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1359

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1360

}

1361

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1362

TEST_P(VerificationOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1363

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1364

string message = "123456789012345678901234567890123456789012345678";

1365

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1366

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

1367

VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1368

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1369

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1370

}

1371

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1372

typedef Keymaster1Test ExportKeyTest;

1373

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);

1374

1375

TEST_P(ExportKeyTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1376

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1377

.RsaSigningKey(256, 3)

1378

.Digest(KM_DIGEST_NONE)

1379

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1380

string export_data;

1381

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1382

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1383

1384

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1385

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1386

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1387

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

ffd790c

2014-08-18 21:20:06 -0600

[diff] [blame]

1388

}

1389

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1390

TEST_P(ExportKeyTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1391

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1392

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1393

string export_data;

1394

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1395

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1396

1397

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1398

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1399

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1400

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1401

}

1402

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1403

TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1404

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1405

.RsaSigningKey(256, 3)

1406

.Digest(KM_DIGEST_NONE)

1407

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1408

string export_data;

1409

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1410

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1411

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1412

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1413

}

1414

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1415

TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1416

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1417

.RsaSigningKey(256, 3)

1418

.Digest(KM_DIGEST_NONE)

1419

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1420

corrupt_key_blob();

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1421

string export_data;

1422

ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1423

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1424

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1425

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1426

}

1427

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1428

TEST_P(ExportKeyTest, AesKeyExportFails) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1429

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1430

string export_data;

1431

1432

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));

1433

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

1434

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1435

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1436

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1437

}

1438

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1439

static string read_file(const string& file_name) {

1440

ifstream file_stream(file_name, std::ios::binary);

1441

istreambuf_iterator<char> file_begin(file_stream);

1442

istreambuf_iterator<char> file_end;

1443

return string(file_begin, file_end);

1444

}

1445

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1446

typedef Keymaster1Test ImportKeyTest;

1447

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);

1448

1449

TEST_P(ImportKeyTest, RsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1450

string pk8_key = read_file("rsa_privkey_pk8.der");

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1451

ASSERT_EQ(633U, pk8_key.size());

1452

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1453

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1454

.RsaSigningKey(1024, 65537)

1455

.Digest(KM_DIGEST_NONE)

1456

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1457

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1458

1459

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1460

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1461

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1462

TAG_ALGORITHM, KM_ALGORITHM_RSA));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1463

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1464

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1465

TAG_KEY_SIZE, 1024));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1466

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1467

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1468

TAG_RSA_PUBLIC_EXPONENT, 65537U));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1469

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1470

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1471

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1472

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1473

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1474

string message(1024 / 8, 'a');

1475

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1476

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

1477

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1478

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1479

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1480

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1481

}

1482

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1483

TEST_P(ImportKeyTest, OldApiRsaSuccess) {

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1484

string pk8_key = read_file("rsa_privkey_pk8.der");

1485

ASSERT_EQ(633U, pk8_key.size());

1486

1487

// NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that

1488

// point softkeymaster will no longer support keymaster0 APIs anyway.

1489

uint8_t* key_blob;

1490

size_t key_blob_length;

1491

ASSERT_EQ(0,

1492

device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),

1493

pk8_key.size(), &key_blob, &key_blob_length));

1494

set_key_blob(key_blob, key_blob_length);

1495

1496

string message(1024 / 8, 'a');

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1497

AuthorizationSet begin_params; // Don't use client data.

1498

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1499

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1500

AuthorizationSet update_params;

1501

AuthorizationSet output_params;

1502

string signature =

1503

ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);

1504

ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,

1505

&output_params);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1506

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1507

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1508

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1509

}

1510

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1511

TEST_P(ImportKeyTest, RsaKeySizeMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1512

string pk8_key = read_file("rsa_privkey_pk8.der");

1513

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1514

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1515

ImportKey(AuthorizationSetBuilder()

1516

.RsaSigningKey(2048 /* Doesn't match key */, 3)

1517

.Digest(KM_DIGEST_NONE)

1518

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1519

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1520

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1521

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1522

}

1523

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1524

TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1525

string pk8_key = read_file("rsa_privkey_pk8.der");

1526

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1527

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1528

ImportKey(AuthorizationSetBuilder()

1529

.RsaSigningKey(256, 3 /* Doesnt' match key */)

1530

.Digest(KM_DIGEST_NONE)

1531

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1532

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1533

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1534

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1535

}

1536

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1537

TEST_P(ImportKeyTest, EcdsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1538

string pk8_key = read_file("ec_privkey_pk8.der");

1539

ASSERT_EQ(138U, pk8_key.size());

1540

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1541

ASSERT_EQ(KM_ERROR_OK,

1542

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1543

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1544

1545

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1546

EXPECT_TRUE(

1547

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1548

TAG_ALGORITHM, KM_ALGORITHM_EC));

1549

EXPECT_TRUE(

1550

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1551

TAG_KEY_SIZE, 256));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1552

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1553

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1554

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1555

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1556

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

1557

string message(32, 'a');

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1558

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1559

SignMessage(message, &signature, KM_DIGEST_NONE);

1560

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1561

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1562

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1563

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1564

}

1565

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1566

TEST_P(ImportKeyTest, EcdsaSizeSpecified) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1567

string pk8_key = read_file("ec_privkey_pk8.der");

1568

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1569

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1570

ASSERT_EQ(KM_ERROR_OK,

1571

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1572

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1573

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1574

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1575

EXPECT_TRUE(

1576

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1577

TAG_ALGORITHM, KM_ALGORITHM_EC));

1578

EXPECT_TRUE(

1579

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1580

TAG_KEY_SIZE, 256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1581

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1582

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1583

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1584

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1585

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

1586

string message(32, 'a');

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1587

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1588

SignMessage(message, &signature, KM_DIGEST_NONE);

1589

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1590

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1591

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1592

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1593

}

1594

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1595

TEST_P(ImportKeyTest, EcdsaSizeMismatch) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1596

string pk8_key = read_file("ec_privkey_pk8.der");

1597

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1598

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1599

ImportKey(AuthorizationSetBuilder()

1600

.EcdsaSigningKey(224 /* Doesn't match key */)

1601

.Digest(KM_DIGEST_NONE),

1602

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1603

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1604

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1605

}

1606

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1607

TEST_P(ImportKeyTest, AesKeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1608

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1609

string key(key_data, sizeof(key_data));

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1610

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

c47c88f

2015-04-07 17:23:27 -0600

[diff] [blame]

1611

ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(

1612

TAG_PADDING, KM_PAD_PKCS7),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1613

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1614

1615

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1616

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1617

1618

string message = "Hello World!";

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1619

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

1620

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1621

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1622

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1623

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1624

}

1625

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1626

TEST_P(ImportKeyTest, HmacSha256KeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1627

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1628

string key(key_data, sizeof(key_data));

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1629

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1630

.HmacKey(sizeof(key_data) * 8)

1631

.Digest(KM_DIGEST_SHA_2_256)

1632

.Authorization(TAG_MAC_LENGTH, 32),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1633

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1634

1635

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1636

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1637

1638

string message = "Hello World!";

1639

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1640

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);

1641

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1642

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1643

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1644

}

1645

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1646

typedef Keymaster1Test EncryptionOperationsTest;

1647

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);

1648

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

1649

TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {

1650

ASSERT_EQ(KM_ERROR_OK,

1651

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1652

1653

string message = "12345678901234567890123456789012";

1654

string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);

1655

EXPECT_EQ(256U / 8, ciphertext1.size());

1656

1657

string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);

1658

EXPECT_EQ(256U / 8, ciphertext2.size());

1659

1660

// Unpadded RSA is deterministic

1661

EXPECT_EQ(ciphertext1, ciphertext2);

1662

1663

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1664

EXPECT_EQ(3, GetParam()->keymaster0_calls());

1665

}

1666

1667

TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {

1668

ASSERT_EQ(KM_ERROR_OK,

1669

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1670

1671

string message = "1234567890123456789012345678901";

1672

1673

AuthorizationSet begin_params(client_params());

1674

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

1675

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1676

1677

string result;

1678

size_t input_consumed;

1679

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1680

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

1681

EXPECT_EQ(0U, result.size());

1682

1683

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1684

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1685

}

1686

1687

TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {

1688

ASSERT_EQ(KM_ERROR_OK,

1689

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1690

1691

string message = "123456789012345678901234567890123";

1692

1693

AuthorizationSet begin_params(client_params());

1694

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

1695

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1696

1697

string result;

1698

size_t input_consumed;

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

1699

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

1700

1701

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1702

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1703

}

1704

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1705

TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1706

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1707

.RsaEncryptionKey(512, 3)

1708

.Padding(KM_PAD_RSA_OAEP)

1709

.Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1710

1711

string message = "Hello World!";

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1712

string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1713

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1714

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1715

string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1716

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1717

1718

// OAEP randomizes padding so every result should be different.

1719

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1720

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1721

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1722

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1723

}

1724

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1725

TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1726

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1727

.RsaEncryptionKey(512, 3)

1728

.Padding(KM_PAD_RSA_OAEP)

1729

.Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1730

string message = "Hello World!";

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1731

string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1732

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1733

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1734

string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1735

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1736

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1737

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1738

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1739

}

1740

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1741

TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {

1742

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1743

.RsaEncryptionKey(512, 3)

1744

.Padding(KM_PAD_RSA_OAEP)

1745

.Digest(KM_DIGEST_NONE)));

1746

string message = "Hello World!";

1747

1748

AuthorizationSet begin_params(client_params());

1749

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1750

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

1751

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1752

1753

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1754

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1755

}

1756

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1757

TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1758

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1759

.RsaEncryptionKey(512, 3)

1760

.Padding(KM_PAD_RSA_OAEP)

1761

.Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1762

string message = "12345678901234567890123";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1763

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1764

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1765

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1766

AuthorizationSet begin_params(client_params());

1767

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1768

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1769

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1770

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1771

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1772

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1773

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1774

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1775

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1776

}

1777

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1778

TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1779

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1780

.RsaEncryptionKey(512, 3)

1781

.Padding(KM_PAD_RSA_OAEP)

1782

.Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1783

string message = "Hello World!";

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1784

string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1785

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1786

1787

// Corrupt the ciphertext

1788

ciphertext[512 / 8 / 2]++;

1789

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1790

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1791

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1792

AuthorizationSet begin_params(client_params());

1793

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1794

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1795

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1796

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1797

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1798

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1799

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1800

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1801

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1802

}

1803

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1804

TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1805

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1806

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1807

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1808

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1809

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1810

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1811

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1812

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1813

1814

// PKCS1 v1.5 randomizes padding so every result should be different.

1815

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1816

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1817

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1818

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1819

}

1820

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1821

TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1822

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1823

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1824

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1825

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1826

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1827

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1828

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1829

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1830

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1831

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1832

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1833

}

1834

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1835

TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1836

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1837

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

7bae132

2015-05-26 10:16:49 -0600

[diff] [blame]

1838

string message = "123456789012345678901234567890123456789012345678901234";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1839

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1840

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1841

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1842

AuthorizationSet begin_params(client_params());

1843

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1844

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1845

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1846

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1847

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1848

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1849

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1850

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1851

}

1852

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1853

TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {

1854

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1855

.RsaEncryptionKey(512, 3)

1856

.Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)

1857

.Digest(KM_DIGEST_NONE)));

1858

string message = "Hello World!";

1859

string result;

1860

1861

AuthorizationSet begin_params(client_params());

1862

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1863

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid

1864

EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1865

1866

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1867

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1868

}

1869

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1870

TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1871

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1872

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1873

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1874

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1875

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1876

1877

// Corrupt the ciphertext

1878

ciphertext[512 / 8 / 2]++;

1879

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1880

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1881

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1882

AuthorizationSet begin_params(client_params());

1883

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1884

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1885

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1886

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1887

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1888

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1889

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1890

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1891

}

1892

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1893

TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {

Shawn Willden

2015-06-22 10:39:21 -0600

[diff] [blame^]

1894

ASSERT_EQ(KM_ERROR_OK,

1895

GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1896

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1897

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1898

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

1899

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1900

}

1901

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1902

TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1903

ASSERT_EQ(KM_ERROR_OK,

1904

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

1905

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1906

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1907

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1908

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1909

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1910

}

1911

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1912

TEST_P(EncryptionOperationsTest, HmacEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

ASSERT_EQ(

KM_ERROR_OK,

GenerateKey(

AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

1917

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1918

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1919

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1920

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1921

}

1922

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1923

TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1924

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1925

.AesEncryptionKey(128)

1926

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1927

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1928

// Two-block message.

1929

string message = "12345678901234567890123456789012";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1930

string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1931

EXPECT_EQ(message.size(), ciphertext1.size());

1932

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1933

string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1934

EXPECT_EQ(message.size(), ciphertext2.size());

1935

1936

// ECB is deterministic.

1937

EXPECT_EQ(ciphertext1, ciphertext2);

1938

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1939

string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1940

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1941

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1942

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1943

}

1944

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1945

TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1946

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1947

.AesEncryptionKey(128)

1948

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1949

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1950

// Message is slightly shorter than two blocks.

1951

string message = "1234567890123456789012345678901";

1952

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1953

AuthorizationSet begin_params(client_params());

1954

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1955

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1956

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1957

string ciphertext;

1958

size_t input_consumed;

1959

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));

1960

EXPECT_EQ(message.size(), input_consumed);

1961

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1962

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1963

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1964

}

1965

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1966

TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1967

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1968

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1969

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1970

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1971

1972

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1973

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1974

string message(i, 'a');

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1975

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1976

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1977

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1978

EXPECT_EQ(message, plaintext);

1979

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1980

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1981

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1982

}

1983

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1984

TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1985

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1986

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1987

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1988

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1989

1990

string message = "a";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1991

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1992

EXPECT_EQ(16U, ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1993

EXPECT_NE(ciphertext, message);

1994

++ciphertext[ciphertext.size() / 2];

1995

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1996

AuthorizationSet begin_params(client_params());

1997

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1998

begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1999

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2000

string plaintext;

2001

size_t input_consumed;

2002

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));

2003

EXPECT_EQ(ciphertext.size(), input_consumed);

2004

EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2005

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2006

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2007

}

2008

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2009

TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2010

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2011

.AesEncryptionKey(128)

2012

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

2013

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2014

string message = "123";

2015

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2016

string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2017

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

2018

EXPECT_EQ(16U, iv1.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2019

2020

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2021

string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2022

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

2023

EXPECT_EQ(16U, iv2.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2024

2025

// IVs should be random, so ciphertexts should differ.

2026

EXPECT_NE(iv1, iv2);

2027

EXPECT_NE(ciphertext1, ciphertext2);

2028

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2029

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2030

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2031

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2032

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2033

}

2034

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2035

TEST_P(EncryptionOperationsTest, AesCtrIncremental) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2036

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2037

.AesEncryptionKey(128)

2038

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

2039

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2040

2041

int increment = 15;

2042

string message(239, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2043

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2044

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2045

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2046

AuthorizationSet output_params;

2047

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

2048

2049

string ciphertext;

2050

size_t input_consumed;

2051

for (size_t i = 0; i < message.size(); i += increment)

2052

EXPECT_EQ(KM_ERROR_OK,

2053

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

2054

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2055

EXPECT_EQ(message.size(), ciphertext.size());

2056

2057

// Move TAG_NONCE into input_params

2058

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2059

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2060

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2061

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2062

output_params.Clear();

2063

2064

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

2065

string plaintext;

2066

for (size_t i = 0; i < ciphertext.size(); i += increment)

2067

EXPECT_EQ(KM_ERROR_OK,

2068

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

2069

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2070

EXPECT_EQ(ciphertext.size(), plaintext.size());

2071

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2072

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2073

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2074

}

2075

2076

struct AesCtrSp80038aTestVector {

2077

const char* key;

2078

const char* nonce;

2079

const char* plaintext;

2080

const char* ciphertext;

2081

};

2082

2083

// These test vectors are taken from

2084

// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.

2085

static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {

2086

// AES-128

2087

{

2088

"2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2089

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2090

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2091

"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"

2092

"5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",

},

// AES-192

{

"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2097

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2098

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2099

"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"

2100

"1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",

},

// AES-256

{

"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",

2105

"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2106

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2107

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2108

"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"

2109

"2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",

},

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2113

TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2114

for (size_t i = 0; i < 3; i++) {

2115

const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);

2116

const string key = hex2str(test.key);

2117

const string nonce = hex2str(test.nonce);

2118

const string plaintext = hex2str(test.plaintext);

2119

const string ciphertext = hex2str(test.ciphertext);

2120

CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);

2121

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2122

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2123

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2124

}

2125

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2126

TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2127

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2128

.AesEncryptionKey(128)

2129

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

2130

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2131

AuthorizationSet begin_params(client_params());

2132

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2133

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2134

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2135

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2136

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2137

}

2138

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2139

TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2140

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2141

.AesEncryptionKey(128)

2142

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2143

.Authorization(TAG_CALLER_NONCE)

2144

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2145

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2146

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2147

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2148

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2149

input_params.push_back(TAG_NONCE, "123", 3);

2150

EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2151

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2152

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2153

}

2154

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2155

TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2156

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2157

.AesEncryptionKey(128)

2158

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2159

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2160

// Two-block message.

2161

string message = "12345678901234567890123456789012";

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2162

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2163

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2164

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2165

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2166

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2167

string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2168

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2169

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2170

// IVs should be random, so ciphertexts should differ.

2171

EXPECT_NE(iv1, iv2);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2172

EXPECT_NE(ciphertext1, ciphertext2);

2173

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2174

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2175

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2176

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2177

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2178

}

2179

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2180

TEST_P(EncryptionOperationsTest, AesCallerNonce) {

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2181

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2182

.AesEncryptionKey(128)

2183

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2184

.Authorization(TAG_CALLER_NONCE)

2185

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2186

string message = "12345678901234567890123456789012";

2187

string iv1;

2188

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2189

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2190

EXPECT_EQ(message.size(), ciphertext1.size());

2191

EXPECT_EQ(16U, iv1.size());

2192

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2193

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2194

EXPECT_EQ(message, plaintext);

2195

2196

// Now specify a nonce, should also work.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2197

AuthorizationSet input_params(client_params());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2198

AuthorizationSet update_params;

2199

AuthorizationSet output_params;

2200

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2201

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2202

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2203

string ciphertext2 =

2204

ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);

2205

2206

// Decrypt with correct nonce.

2207

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2208

&output_params);

2209

EXPECT_EQ(message, plaintext);

2210

2211

// Now try with wrong nonce.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2212

input_params.Reinitialize(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2213

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2214

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2215

input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);

2216

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2217

&output_params);

2218

EXPECT_NE(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2219

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2220

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2221

}

2222

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2223

TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2224

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2225

.AesEncryptionKey(128)

2226

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2227

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2228

2229

string message = "12345678901234567890123456789012";

2230

string iv1;

2231

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2232

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2233

EXPECT_EQ(message.size(), ciphertext1.size());

2234

EXPECT_EQ(16U, iv1.size());

2235

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2236

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2237

EXPECT_EQ(message, plaintext);

2238

2239

// Now specify a nonce, should fail.

2240

AuthorizationSet input_params(client_params());

2241

AuthorizationSet update_params;

2242

AuthorizationSet output_params;

2243

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2244

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2245

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2246

2247

EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,

2248

BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2249

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2250

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2251

}

2252

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2253

TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2254

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2255

.AesEncryptionKey(128)

2256

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2257

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2258

2259

int increment = 15;

2260

string message(240, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2261

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2262

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2263

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2264

AuthorizationSet output_params;

2265

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

2266

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2267

string ciphertext;

2268

size_t input_consumed;

2269

for (size_t i = 0; i < message.size(); i += increment)

2270

EXPECT_EQ(KM_ERROR_OK,

2271

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

2272

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2273

EXPECT_EQ(message.size(), ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2274

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2275

// Move TAG_NONCE into input_params

2276

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2277

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2278

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2279

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2280

output_params.Clear();

2281

2282

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2283

string plaintext;

2284

for (size_t i = 0; i < ciphertext.size(); i += increment)

2285

EXPECT_EQ(KM_ERROR_OK,

2286

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

2287

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2288

EXPECT_EQ(ciphertext.size(), plaintext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2289

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2290

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2291

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2292

}

2293

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2294

TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2295

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2296

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2297

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2298

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2299

2300

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

2301

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2302

string message(i, 'a');

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2303

string iv;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2304

string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2305

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2306

string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2307

EXPECT_EQ(message, plaintext);

2308

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2309

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2310

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2311

}

2312

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2313

TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {

2314

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2315

.AesEncryptionKey(128)

2316

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2317

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2318

string aad = "foobar";

2319

string message = "123456789012345678901234567890123456";

2320

AuthorizationSet begin_params(client_params());

2321

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2322

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2323

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2324

2325

AuthorizationSet update_params;

2326

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2327

2328

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2329

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2330

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2331

string ciphertext;

2332

size_t input_consumed;

2333

AuthorizationSet update_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2334

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2335

&input_consumed));

2336

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2337

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2338

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2339

// Grab nonce

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2340

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2341

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2342

2343

// Decrypt.

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2344

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2345

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2346

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2347

&plaintext, &input_consumed));

2348

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2349

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2350

2351

EXPECT_EQ(message, plaintext);

2352

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2353

}

2354

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2355

TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {

2356

uint8_t nonce[] = {

2357

0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,

2358

};

2359

uint8_t ciphertext[] = {

2360

0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,

2361

0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,

2362

0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,

2363

0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,

2364

0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,

2365

};

2366

string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));

2367

2368

AuthorizationSet begin_params(client_params());

2369

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2370

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2371

begin_params.push_back(TAG_MAC_LENGTH, 128);

2372

begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));

2373

2374

string plaintext;

2375

size_t input_consumed;

2376

2377

// Import correct key and decrypt

2378

uint8_t good_key[] = {

2379

0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,

2380

0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,

2381

};

2382

string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));

2383

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

2384

.AesEncryptionKey(128)

2385

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2386

.Authorization(TAG_PADDING, KM_PAD_NONE)

2387

.Authorization(TAG_CALLER_NONCE),

2388

KM_KEY_FORMAT_RAW, good_key_str));

2389

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2390

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));

2391

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2392

2393

// Import bad key and decrypt

2394

uint8_t bad_key[] = {

2395

0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,

2396

0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,

2397

};

2398

string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));

2399

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

2400

.AesEncryptionKey(128)

2401

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2402

.Authorization(TAG_PADDING, KM_PAD_NONE),

2403

KM_KEY_FORMAT_RAW, bad_key_str));

2404

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2405

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));

2406

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

2407

2408

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2409

}

2410

2411

TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {

2412

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2413

.AesEncryptionKey(128)

2414

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2415

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2416

string aad = "123456789012345678";

2417

string empty_message;

2418

AuthorizationSet begin_params(client_params());

2419

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2420

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2421

begin_params.push_back(TAG_MAC_LENGTH, 128);

2422

2423

AuthorizationSet update_params;

2424

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

2425

2426

// Encrypt

2427

AuthorizationSet begin_out_params;

2428

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2429

string ciphertext;

2430

size_t input_consumed;

2431

AuthorizationSet update_out_params;

2432

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,

2433

&ciphertext, &input_consumed));

2434

EXPECT_EQ(0U, input_consumed);

2435

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2436

2437

// Grab nonce

2438

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2439

begin_params.push_back(begin_out_params);

2440

2441

// Decrypt.

2442

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2443

string plaintext;

2444

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2445

&plaintext, &input_consumed));

2446

EXPECT_EQ(ciphertext.size(), input_consumed);

2447

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2448

2449

EXPECT_EQ(empty_message, plaintext);

2450

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2451

}

2452

2453

TEST_P(EncryptionOperationsTest, AesGcmIncremental) {

2454

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2455

.AesEncryptionKey(128)

2456

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2457

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2458

AuthorizationSet begin_params(client_params());

2459

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2460

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2461

begin_params.push_back(TAG_MAC_LENGTH, 128);

2462

2463

AuthorizationSet update_params;

2464

update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);

2465

2466

// Encrypt

2467

AuthorizationSet begin_out_params;

2468

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2469

string ciphertext;

2470

size_t input_consumed;

2471

AuthorizationSet update_out_params;

2472

2473

// Send AAD, incrementally

2474

for (int i = 0; i < 1000; ++i) {

2475

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,

2476

&input_consumed));

2477

EXPECT_EQ(0U, input_consumed);

2478

EXPECT_EQ(0U, ciphertext.size());

2479

}

2480

2481

// Now send data, incrementally, no data.

2482

AuthorizationSet empty_params;

2483

for (int i = 0; i < 1000; ++i) {

2484

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,

2485

&input_consumed));

2486

EXPECT_EQ(1U, input_consumed);

2487

}

2488

EXPECT_EQ(1000U, ciphertext.size());

2489

2490

// And finish.

2491

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2492

EXPECT_EQ(1016U, ciphertext.size());

2493

2494

// Grab nonce

2495

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2496

begin_params.push_back(begin_out_params);

2497

2498

// Decrypt.

2499

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2500

string plaintext;

2501

2502

// Send AAD, incrementally, no data

2503

for (int i = 0; i < 1000; ++i) {

2504

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,

2505

&input_consumed));

2506

EXPECT_EQ(0U, input_consumed);

2507

EXPECT_EQ(0U, plaintext.size());

2508

}

2509

2510

// Now send data, incrementally.

2511

for (size_t i = 0; i < ciphertext.length(); ++i) {

2512

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),

2513

&update_out_params, &plaintext, &input_consumed));

2514

EXPECT_EQ(1U, input_consumed);

2515

}

2516

EXPECT_EQ(1000U, plaintext.size());

2517

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2518

2519

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2520

}

2521

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2522

TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {

2523

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2524

.AesEncryptionKey(128)

2525

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2526

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2527

string message = "123456789012345678901234567890123456";

2528

AuthorizationSet begin_params(client_params());

2529

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2530

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2531

begin_params.push_back(TAG_MAC_LENGTH, 128);

2532

AuthorizationSet begin_out_params;

2533

2534

AuthorizationSet update_params;

2535

update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2536

2537

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2538

2539

// No data, AAD only.

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2540

string ciphertext;

2541

size_t input_consumed;

2542

AuthorizationSet update_out_params;

2543

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,

2544

&ciphertext, &input_consumed));

2545

EXPECT_EQ(0U, input_consumed);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2546

2547

// AAD and data.

2548

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2549

&input_consumed));

2550

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2551

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2552

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2553

// Grab nonce.

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2554

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2555

begin_params.push_back(begin_out_params);

2556

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2557

// Decrypt

2558

update_params.Clear();

2559

update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2560

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2561

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2562

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2563

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2564

&plaintext, &input_consumed));

2565

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2566

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2567

2568

EXPECT_EQ(message, plaintext);

2569

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2570

}

2571

2572

TEST_P(EncryptionOperationsTest, AesGcmBadAad) {

2573

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2574

.AesEncryptionKey(128)

2575

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2576

.Authorization(TAG_PADDING, KM_PAD_NONE)));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2577

string message = "12345678901234567890123456789012";

2578

AuthorizationSet begin_params(client_params());

2579

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2580

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2581

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2582

2583

AuthorizationSet update_params;

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2584

update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2585

2586

AuthorizationSet finish_params;

2587

AuthorizationSet finish_out_params;

2588

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2589

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2590

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2591

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2592

AuthorizationSet update_out_params;

2593

string ciphertext;

2594

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2595

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2596

&input_consumed));

2597

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2598

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2599

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2600

// Grab nonce

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2601

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2602

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2603

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2604

update_params.Clear();

2605

update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2606

2607

// Decrypt.

2608

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2609

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2610

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2611

&plaintext, &input_consumed));

2612

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2613

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2614

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2615

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2616

}

2617

2618

TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {

2619

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2620

.AesEncryptionKey(128)

2621

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2622

.Authorization(TAG_PADDING, KM_PAD_NONE)));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2623

string message = "12345678901234567890123456789012";

2624

AuthorizationSet begin_params(client_params());

2625

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2626

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2627

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2628

2629

AuthorizationSet update_params;

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2630

update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2631

2632

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2633

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2634

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2635

AuthorizationSet update_out_params;

2636

string ciphertext;

2637

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2638

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2639

&input_consumed));

2640

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2641

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2642

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2643

begin_params.push_back(TAG_NONCE, "123456789012", 12);

2644

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2645

// Decrypt

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2646

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2647

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2648

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2649

&plaintext, &input_consumed));

2650

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2651

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2652

2653

// With wrong nonce, should have gotten garbage plaintext.

2654

EXPECT_NE(message, plaintext);

2655

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2656

}

2657

2658

TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {

2659

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2660

.AesEncryptionKey(128)

2661

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2662

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2663

string aad = "foobar";

2664

string message = "123456789012345678901234567890123456";

2665

AuthorizationSet begin_params(client_params());

2666

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2667

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2668

begin_params.push_back(TAG_MAC_LENGTH, 128);

2669

AuthorizationSet begin_out_params;

2670

2671

AuthorizationSet update_params;

2672

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2673

2674

// Encrypt

2675

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2676

AuthorizationSet update_out_params;

2677

string ciphertext;

2678

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2679

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2680

&input_consumed));

2681

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2682

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2683

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2684

// Corrupt tag

2685

(*ciphertext.rbegin())++;

2686

2687

// Grab nonce.

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2688

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2689

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2690

2691

// Decrypt.

2692

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2693

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2694

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2695

&plaintext, &input_consumed));

2696

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2697

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2698

2699

EXPECT_EQ(message, plaintext);

2700

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2701

}

2702

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2703

typedef Keymaster1Test AddEntropyTest;

2704

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);

2705

2706

TEST_P(AddEntropyTest, AddEntropy) {

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2707

// There's no obvious way to test that entropy is actually added, but we can test that the API

2708

// doesn't blow up or return an error.

2709

EXPECT_EQ(KM_ERROR_OK,

2710

device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2711

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2712

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2713

}

2714

2715

typedef Keymaster1Test Keymaster0AdapterTest;

2716

INSTANTIATE_TEST_CASE_P(

2717

AndroidKeymasterTest, Keymaster0AdapterTest,

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2718

::testing::Values(

2719

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

2720

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2721

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2722

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2723

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2724

// key data.

2725

string km1_sw = read_file("km1_sw_rsa_512.blob");

2726

EXPECT_EQ(486U, km1_sw.length());

2727

2728

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2729

memcpy(key_data, km1_sw.data(), km1_sw.length());

2730

set_key_blob(key_data, km1_sw.length());

2731

2732

string message(64, 'a');

2733

string signature;

2734

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2735

2736

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2737

}

2738

Shawn Willden

c7fe06d

2015-06-11 15:50:04 -0600

[diff] [blame]

2739

TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {

2740

// Load and use an old-style Keymaster1 software key blob, without the version byte. These

2741

// blobs contain OCB-encrypted key data.

2742

string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");

2743

EXPECT_EQ(477U, km1_sw.length());

2744

2745

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2746

memcpy(key_data, km1_sw.data(), km1_sw.length());

2747

set_key_blob(key_data, km1_sw.length());

2748

2749

string message(64, 'a');

2750

string signature;

2751

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2752

2753

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2754

}

2755

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2756

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {

2757

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2758

// key data.

2759

string km1_sw = read_file("km1_sw_ecdsa_256.blob");

2760

EXPECT_EQ(270U, km1_sw.length());

2761

2762

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2763

memcpy(key_data, km1_sw.data(), km1_sw.length());

2764

set_key_blob(key_data, km1_sw.length());

2765

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame]

2766

string message(32, static_cast<char>(0xFF));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2767

string signature;

2768

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2769

2770

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2771

}

2772

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2773

struct Malloc_Delete {

2774

void operator()(void* p) { free(p); }

2775

};

2776

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2777

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2778

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2779

string km0_sw = read_file("km0_sw_rsa_512.blob");

2780

EXPECT_EQ(333U, km0_sw.length());

2781

2782

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2783

memcpy(key_data, km0_sw.data(), km0_sw.length());

2784

set_key_blob(key_data, km0_sw.length());

2785

2786

string message(64, 'a');

2787

string signature;

2788

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2789

2790

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2791

}

2792

Shawn Willden

ccb84e9

2015-06-02 19:44:54 -0600

[diff] [blame]

2793

TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {

2794

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2795

string km0_sw = read_file("km0_sw_rsa_512.blob");

2796

EXPECT_EQ(333U, km0_sw.length());

2797

2798

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2799

memcpy(key_data, km0_sw.data(), km0_sw.length());

2800

set_key_blob(key_data, km0_sw.length());

2801

2802

EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());

2803

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2804

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));

2805

EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2806

EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2807

EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));

2808

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));

2809

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));

2810

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));

2811

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));

2812

2813

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2814

}

2815

2816

TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {

2817

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2818

string km0_sw = read_file("km0_sw_rsa_512.blob");

2819

EXPECT_EQ(333U, km0_sw.length());

2820

2821

// The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not

2822

// be recognized as a software key. Do the same here to pretend this is a hardware key.

2823

EXPECT_EQ('P', km0_sw[0]);

2824

km0_sw[0] = 'Q';

2825

2826

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2827

memcpy(key_data, km0_sw.data(), km0_sw.length());

2828

set_key_blob(key_data, km0_sw.length());

2829

2830

string message(64, 'a');

2831

string signature;

2832

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2833

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

2834

2835

EXPECT_EQ(5, GetParam()->keymaster0_calls());

2836

}

2837

2838

TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {

2839

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2840

string km0_sw = read_file("km0_sw_rsa_512.blob");

2841

EXPECT_EQ(333U, km0_sw.length());

2842

2843

// The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not

2844

// be recognized as a software key. Do the same here to pretend this is a hardware key.

2845

EXPECT_EQ('P', km0_sw[0]);

2846

km0_sw[0] = 'Q';

2847

2848

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2849

memcpy(key_data, km0_sw.data(), km0_sw.length());

2850

set_key_blob(key_data, km0_sw.length());

2851

2852

EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());

2853

EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2854

EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));

2855

EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2856

EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2857

EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));

2858

EXPECT_EQ(5U, hw_enforced().size());

2859

2860

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));

2861

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));

2862

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));

2863

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));

2864

2865

EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2866

EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));

2867

EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2868

EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2869

EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));

2870

2871

EXPECT_EQ(1, GetParam()->keymaster0_calls());

2872

}

2873

Shawn Willden