Blame - android_keymaster_test.cpp - fp2-dev/platform/system/keymaster

2014-08-06 12:31:33 -0600

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

17

#include <fstream>

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

18

#include <string>

19

#include <vector>

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

20

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

21

#include <openssl/engine.h>

22

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

23

#include <hardware/keymaster0.h>

24

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

25

#include <keymaster/android_keymaster_utils.h>

Shawn Willden

98d9b92

2014-08-26 08:14:10 -0600

[diff] [blame]

26

#include <keymaster/keymaster_tags.h>

Shawn Willden

b751033

2015-02-06 19:58:29 -0700

[diff] [blame]

27

#include <keymaster/soft_keymaster_device.h>

Shawn Willden

98d9b92

2014-08-26 08:14:10 -0600

[diff] [blame]

28

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

29

#include "android_keymaster_test_utils.h"

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

30

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

31

using std::ifstream;

32

using std::istreambuf_iterator;

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

33

using std::string;

34

using std::vector;

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

35

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

36

template <typename T> std::ostream& operator<<(std::ostream& os, const std::vector<T>& vec) {

os << "{ ";

bool first = true;

for (T t : vec) {

os << (first ? "" : ", ") << t;

if (first)

first = false;

}

os << " }";

return os;

}

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

48

namespace keymaster {

49

namespace test {

50

Shawn Willden

567a4a0

2014-12-31 12:14:46 -0700

[diff] [blame]

51

StdoutLogger logger;

52

Shawn Willden

95dda36

2015-02-27 10:58:37 -0700

[diff] [blame]

53

class KeymasterTest : public Keymaster1Test {

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

54

protected:

Shawn Willden

95dda36

2015-02-27 10:58:37 -0700

[diff] [blame]

55

KeymasterTest() {

56

SoftKeymasterDevice* device = new SoftKeymasterDevice;

57

init(device->keymaster_device());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

58

}

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

59

};

60

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

61

typedef KeymasterTest CheckSupported;

62

TEST_F(CheckSupported, SupportedAlgorithms) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

63

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

64

device()->get_supported_algorithms(device(), NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

65

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

66

size_t len;

67

keymaster_algorithm_t* algorithms;

68

EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));

Shawn Willden

a278f61

2014-12-23 11:22:21 -0700

[diff] [blame]

69

EXPECT_TRUE(ResponseContains(

Shawn Willden

2015-04-07 17:01:10 -0600

[diff] [blame]

70

{KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

71

free(algorithms);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

72

}

73

74

TEST_F(CheckSupported, SupportedBlockModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

75

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

76

device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

77

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

78

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

79

size_t len;

80

keymaster_block_mode_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

81

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

82

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

83

EXPECT_EQ(0U, len);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

84

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

85

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

86

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

Shawn Willden

2015-04-07 17:01:10 -0600

[diff] [blame]

87

device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

88

&modes, &len));

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

89

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

90

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

91

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

c47c88f

2015-04-07 17:23:27 -0600

[diff] [blame]

92

EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

93

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

94

}

95

96

TEST_F(CheckSupported, SupportedPaddingModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

97

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

98

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

99

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

100

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

101

size_t len;

102

keymaster_padding_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

103

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

104

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

105

EXPECT_TRUE(

106

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

107

free(modes);

108

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

109

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

110

KM_PURPOSE_ENCRYPT, &modes, &len));

111

EXPECT_TRUE(ResponseContains({KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

112

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

113

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

114

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

115

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

116

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

117

free(modes);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

118

119

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

120

device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,

121

&modes, &len));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

122

}

123

124

TEST_F(CheckSupported, SupportedDigests) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

125

EXPECT_EQ(

126

KM_ERROR_OUTPUT_PARAMETER_NULL,

127

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

128

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

129

size_t len;

130

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

131

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

132

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

133

EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

134

free(digests);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

135

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

136

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

137

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

e998c13

2015-04-14 14:41:46 -0600

[diff] [blame]

138

EXPECT_TRUE(ResponseContains(KM_DIGEST_NONE, digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

139

free(digests);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

140

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

141

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

142

device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,

143

&len));

144

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

145

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

146

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

147

EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,

148

KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},

149

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

150

free(digests);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

151

}

152

153

TEST_F(CheckSupported, SupportedImportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

154

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

155

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

156

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

157

size_t len;

158

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

159

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

160

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

161

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

162

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

163

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

164

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

165

device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));

166

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

167

free(formats);

168

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

169

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

170

device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

171

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

172

free(formats);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

173

}

174

175

TEST_F(CheckSupported, SupportedExportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

176

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

177

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

178

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

179

size_t len;

180

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

181

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

182

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

183

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

184

free(formats);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

185

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

186

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-07 17:01:10 -0600

[diff] [blame]

187

device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

188

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

189

free(formats);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

190

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

191

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

192

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

193

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

194

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

195

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

196

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

197

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

198

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

199

free(formats);

200

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

201

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

202

device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

203

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

204

free(formats);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

205

}

206

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

207

class NewKeyGeneration : public KeymasterTest {

208

protected:

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

209

void CheckBaseParams() {

210

EXPECT_EQ(0U, hw_enforced().size());

211

EXPECT_EQ(12U, hw_enforced().SerializedSize());

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

212

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

213

AuthorizationSet auths = sw_enforced();

214

EXPECT_GT(auths.SerializedSize(), 12U);

215

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

216

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));

217

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));

218

EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));

Shawn Willden

eb63b97

2015-03-14 08:01:12 -0600

[diff] [blame]

219

EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

220

EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

221

222

// Verify that App ID, App data and ROT are NOT included.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

223

EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));

224

EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));

225

EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

226

227

// Just for giggles, check that some unexpected tags/values are NOT present.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

228

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));

229

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));

230

EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

231

232

// Now check that unspecified, defaulted tags are correct.

Shawn Willden

0b2d333

2015-04-07 17:46:18 -0600

[diff] [blame]

233

EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

234

EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

235

}

Shawn Willden

2079ae8

2015-01-22 13:42:31 -0700

[diff] [blame]

236

};

237

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

238

TEST_F(NewKeyGeneration, Rsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

239

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

240

.RsaSigningKey(256, 3)

241

.Digest(KM_DIGEST_NONE)

242

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

243

CheckBaseParams();

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

244

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

245

// Check specified tags are all present in auths

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

246

AuthorizationSet auths(sw_enforced());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

247

EXPECT_TRUE(contains(auths, TAG_ALGORITHM, KM_ALGORITHM_RSA));

248

EXPECT_TRUE(contains(auths, TAG_KEY_SIZE, 256));

249

EXPECT_TRUE(contains(auths, TAG_RSA_PUBLIC_EXPONENT, 3));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

250

}

251

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

252

TEST_F(NewKeyGeneration, RsaDefaultSize) {

Shawn Willden

3b4e165

2015-02-27 13:33:01 -0700

[diff] [blame]

253

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

254

GenerateKey(AuthorizationSetBuilder()

255

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)

256

.Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)

257

.SigningKey()));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

258

}

259

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

260

TEST_F(NewKeyGeneration, Ecdsa) {

Shawn Willden

2015-03-11 07:21:32 -0600

[diff] [blame]

261

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

262

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

263

CheckBaseParams();

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

264

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

265

// Check specified tags are all present in unenforced characteristics

Shawn Willden

2015-04-07 17:01:10 -0600

[diff] [blame]

266

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

267

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224));

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

268

}

269

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

270

TEST_F(NewKeyGeneration, EcdsaDefaultSize) {

Shawn Willden

2015-03-11 07:21:32 -0600

[diff] [blame]

271

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

272

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

273

CheckBaseParams();

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

274

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

275

// Check specified tags are all present in unenforced characteristics

Shawn Willden

2015-04-07 17:01:10 -0600

[diff] [blame]

276

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

277

278

// Now check that unspecified, defaulted tags are correct.

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

279

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

280

}

281

282

TEST_F(NewKeyGeneration, EcdsaInvalidSize) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

283

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

284

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

285

}

286

287

TEST_F(NewKeyGeneration, EcdsaAllValidSizes) {

Shawn Willden

8c856c8

2014-09-26 09:34:36 -0600

[diff] [blame]

288

size_t valid_sizes[] = {224, 256, 384, 521};

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

289

for (size_t size : valid_sizes) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

290

EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(

291

KM_DIGEST_NONE)))

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

292

<< "Failed to generate size: " << size;

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

}

}

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

296

TEST_F(NewKeyGeneration, HmacSha256) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

297

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

298

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

299

}

300

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

301

typedef KeymasterTest GetKeyCharacteristics;

302

TEST_F(GetKeyCharacteristics, SimpleRsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

303

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

304

.RsaSigningKey(256, 3)

305

.Digest(KM_DIGEST_NONE)

306

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

307

AuthorizationSet original(sw_enforced());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

308

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

309

ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());

310

EXPECT_EQ(original, sw_enforced());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

311

}

312

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

313

typedef KeymasterTest SigningOperationsTest;

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

314

TEST_F(SigningOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

315

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

316

.RsaSigningKey(256, 3)

317

.Digest(KM_DIGEST_NONE)

318

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

319

string message = "12345678901234567890123456789012";

320

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

321

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

322

}

323

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

324

TEST_F(SigningOperationsTest, RsaSha256DigestSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

325

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

326

.RsaSigningKey(384, 3)

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

327

.Digest(KM_DIGEST_SHA_2_256)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

328

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

329

string message(1024, 'a');

330

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

331

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

332

}

333

334

TEST_F(SigningOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

335

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

336

.RsaSigningKey(512, 3)

337

.Digest(KM_DIGEST_SHA_2_256)

338

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

339

// Use large message, which won't work without digesting.

340

string message(1024, 'a');

341

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

342

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

343

}

344

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

345

TEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

346

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

347

.RsaSigningKey(512, 3)

348

.Digest(KM_DIGEST_SHA_2_256)

349

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

350

string message(1024, 'a');

351

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

352

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

353

}

354

355

TEST_F(SigningOperationsTest, RsaPssSha256TooSmallKey) {

356

// Key must be at least 10 bytes larger than hash, to provide minimal random salt, so verify

357

// that 9 bytes larger than hash won't work.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

358

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

359

.RsaSigningKey(256 + 9 * 8, 3)

360

.Digest(KM_DIGEST_SHA_2_256)

361

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

362

string message(1024, 'a');

363

string signature;

364

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

365

AuthorizationSet begin_params(client_params());

366

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

367

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

368

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

369

370

string result;

371

size_t input_consumed;

372

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

373

EXPECT_EQ(message.size(), input_consumed);

374

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, FinishOperation(signature, &result));

375

}

376

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

377

TEST_F(SigningOperationsTest, RsaAbort) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

378

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

379

.RsaSigningKey(256, 3)

380

.Digest(KM_DIGEST_NONE)

381

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

382

AuthorizationSet begin_params(client_params());

383

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

384

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

385

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

386

EXPECT_EQ(KM_ERROR_OK, AbortOperation());

387

// Another abort should fail

388

EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

389

}

390

391

TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

392

GenerateKey(AuthorizationSetBuilder()

393

.RsaSigningKey(256, 3)

394

.Digest(KM_DIGEST_MD5)

395

.Padding(KM_PAD_RSA_PSS /* supported padding */));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

396

ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

397

}

398

399

TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

400

GenerateKey(AuthorizationSetBuilder()

401

.RsaSigningKey(256, 3)

402

.Digest(KM_DIGEST_SHA_2_256 /* supported digest */)

403

.Padding(KM_PAD_PKCS7));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

404

AuthorizationSet begin_params(client_params());

405

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

406

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

407

}

408

409

TEST_F(SigningOperationsTest, RsaNoDigest) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

410

// Digest must be specified.

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

411

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey()));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

412

ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

413

// PSS requires a digest.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

414

GenerateKey(AuthorizationSetBuilder()

415

.RsaSigningKey(256, 3)

416

.Digest(KM_DIGEST_NONE)

417

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

418

AuthorizationSet begin_params(client_params());

419

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

420

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

421

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

422

}

423

424

TEST_F(SigningOperationsTest, RsaNoPadding) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

425

// Padding must be specified

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

426

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(

427

KM_DIGEST_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

428

AuthorizationSet begin_params(client_params());

429

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

430

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

431

}

432

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

433

TEST_F(SigningOperationsTest, RsaTooShortMessage) {

434

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

435

.RsaSigningKey(256, 3)

436

.Digest(KM_DIGEST_NONE)

437

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

438

AuthorizationSet begin_params(client_params());

439

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

440

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

441

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

442

443

string message = "1234567890123456789012345678901";

444

string result;

445

size_t input_consumed;

446

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

447

EXPECT_EQ(0U, result.size());

448

EXPECT_EQ(31U, input_consumed);

449

450

string signature;

451

ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature));

452

EXPECT_EQ(0U, signature.length());

453

}

454

455

TEST_F(SigningOperationsTest, RsaSignWithEncryptionKey) {

456

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

457

.RsaEncryptionKey(256, 3)

458

.Digest(KM_DIGEST_NONE)

459

.Padding(KM_PAD_NONE)));

460

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

461

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

462

}

463

464

TEST_F(SigningOperationsTest, EcdsaSuccess) {

465

ASSERT_EQ(KM_ERROR_OK,

466

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

467

string message = "123456789012345678901234567890123456789012345678";

468

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

469

SignMessage(message, &signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

470

}

471

472

TEST_F(SigningOperationsTest, AesEcbSign) {

473

ASSERT_EQ(KM_ERROR_OK,

474

GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(

475

TAG_BLOCK_MODE, KM_MODE_ECB)));

476

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

477

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

478

}

479

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

480

TEST_F(SigningOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

481

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

482

string message = "12345678901234567890123456789012";

483

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

484

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

485

ASSERT_EQ(20U, signature.size());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

486

}

487

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

488

TEST_F(SigningOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

489

ASSERT_EQ(KM_ERROR_OK,

490

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

491

string message = "12345678901234567890123456789012";

492

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

493

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

494

ASSERT_EQ(28U, signature.size());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

495

}

496

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

497

TEST_F(SigningOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

498

ASSERT_EQ(KM_ERROR_OK,

499

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

500

string message = "12345678901234567890123456789012";

501

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

502

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

503

ASSERT_EQ(32U, signature.size());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

504

}

505

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

506

TEST_F(SigningOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

507

ASSERT_EQ(KM_ERROR_OK,

508

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));

509

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

510

string message = "12345678901234567890123456789012";

511

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

512

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

513

ASSERT_EQ(48U, signature.size());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

514

}

515

516

TEST_F(SigningOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

517

ASSERT_EQ(KM_ERROR_OK,

518

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

519

string message = "12345678901234567890123456789012";

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

520

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

521

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

522

ASSERT_EQ(64U, signature.size());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

523

}

524

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

525

TEST_F(SigningOperationsTest, HmacLengthInKey) {

526

// TODO(swillden): unified API should generate an error on key generation.

527

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

528

.HmacKey(128)

529

.Digest(KM_DIGEST_SHA_2_256)

530

.Authorization(TAG_MAC_LENGTH, 20)));

531

string message = "12345678901234567890123456789012";

532

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

533

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

534

// Size in key was ignored.

535

ASSERT_EQ(30U, signature.size());

536

}

537

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

538

TEST_F(SigningOperationsTest, HmacRfc4231TestCase1) {

539

uint8_t key_data[] = {

540

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

541

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

542

};

543

string message = "Hi There";

544

uint8_t sha_224_expected[] = {

545

0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,

546

0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,

547

};

548

uint8_t sha_256_expected[] = {

549

0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,

550

0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,

551

0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,

552

};

553

uint8_t sha_384_expected[] = {

554

0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,

555

0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,

556

0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,

557

0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,

558

};

559

uint8_t sha_512_expected[] = {

560

0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,

561

0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,

562

0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,

563

0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,

564

0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,

565

};

566

567

string key = make_string(key_data);

568

569

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

570

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

571

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

572

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

573

}

574

575

TEST_F(SigningOperationsTest, HmacRfc4231TestCase2) {

576

string key = "Jefe";

577

string message = "what do ya want for nothing?";

578

uint8_t sha_224_expected[] = {

579

0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,

580

0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,

581

};

582

uint8_t sha_256_expected[] = {

583

0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,

584

0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,

585

0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,

586

};

587

uint8_t sha_384_expected[] = {

588

0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,

589

0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,

590

0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,

591

0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,

592

};

593

uint8_t sha_512_expected[] = {

594

0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,

595

0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,

596

0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,

597

0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,

598

0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,

599

};

600

601

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

602

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

603

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

604

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

605

}

606

607

TEST_F(SigningOperationsTest, HmacRfc4231TestCase3) {

608

string key(20, 0xaa);

609

string message(50, 0xdd);

610

uint8_t sha_224_expected[] = {

611

0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,

612

0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,

613

};

614

uint8_t sha_256_expected[] = {

615

0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,

616

0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,

617

0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,

618

};

619

uint8_t sha_384_expected[] = {

620

0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,

621

0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,

622

0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,

623

0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,

624

};

625

uint8_t sha_512_expected[] = {

626

0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,

627

0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,

628

0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,

629

0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,

630

0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,

631

};

632

633

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

634

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

635

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

636

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

637

}

638

639

TEST_F(SigningOperationsTest, HmacRfc4231TestCase4) {

640

uint8_t key_data[25] = {

641

0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,

642

0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,

643

};

644

string key = make_string(key_data);

645

string message(50, 0xcd);

646

uint8_t sha_224_expected[] = {

647

0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,

648

0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,

649

};

650

uint8_t sha_256_expected[] = {

651

0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,

652

0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,

653

0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,

654

};

655

uint8_t sha_384_expected[] = {

656

0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,

657

0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,

658

0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,

659

0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,

660

};

661

uint8_t sha_512_expected[] = {

662

0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,

663

0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,

664

0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,

665

0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,

666

0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,

667

};

668

669

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

670

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

671

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

672

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

673

}

674

675

TEST_F(SigningOperationsTest, HmacRfc4231TestCase5) {

676

string key(20, 0x0c);

677

string message = "Test With Truncation";

678

679

uint8_t sha_224_expected[] = {

680

0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,

681

0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,

682

};

683

uint8_t sha_256_expected[] = {

684

0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,

685

0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,

686

};

687

uint8_t sha_384_expected[] = {

688

0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,

689

0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,

690

};

691

uint8_t sha_512_expected[] = {

692

0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,

693

0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,

694

};

695

696

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

697

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

698

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

699

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

700

}

701

702

TEST_F(SigningOperationsTest, HmacRfc4231TestCase6) {

703

string key(131, 0xaa);

704

string message = "Test Using Larger Than Block-Size Key - Hash Key First";

705

706

uint8_t sha_224_expected[] = {

707

0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,

708

0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,

709

};

710

uint8_t sha_256_expected[] = {

711

0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,

712

0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,

713

0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,

714

};

715

uint8_t sha_384_expected[] = {

716

0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,

717

0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,

718

0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,

719

0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,

720

};

721

uint8_t sha_512_expected[] = {

722

0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,

723

0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,

724

0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,

725

0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,

726

0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,

727

};

728

729

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

730

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

731

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

732

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

733

}

734

735

TEST_F(SigningOperationsTest, HmacRfc4231TestCase7) {

736

string key(131, 0xaa);

737

string message = "This is a test using a larger than block-size key and a larger than "

738

"block-size data. The key needs to be hashed before being used by the HMAC "

739

"algorithm.";

740

741

uint8_t sha_224_expected[] = {

742

0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,

743

0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,

744

};

745

uint8_t sha_256_expected[] = {

746

0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,

747

0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,

748

0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,

749

};

750

uint8_t sha_384_expected[] = {

751

0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,

752

0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,

753

0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,

754

0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,

755

};

756

uint8_t sha_512_expected[] = {

757

0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,

758

0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,

759

0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,

760

0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,

761

0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,

762

};

763

764

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

765

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

766

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

767

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

768

}

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

769

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

770

TEST_F(SigningOperationsTest, HmacSha256TooLargeMacLength) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

771

ASSERT_EQ(KM_ERROR_OK,

772

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

773

AuthorizationSet begin_params(client_params());

Shawn Willden

0c60f6f

2015-04-27 23:40:10 -0600

[diff] [blame]

774

begin_params.push_back(TAG_MAC_LENGTH, 264);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

775

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

776

ASSERT_EQ(KM_ERROR_OK,

777

BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));

778

string message = "1234567890123456789012345678901";

779

string result;

780

size_t input_consumed;

781

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

782

ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

783

}

784

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

785

// TODO(swillden): Add more verification failure tests.

786

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

787

typedef KeymasterTest VerificationOperationsTest;

Shawn Willden

43e999e

2014-08-13 13:29:50 -0600

[diff] [blame]

788

TEST_F(VerificationOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

789

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

790

.RsaSigningKey(256, 3)

791

.Digest(KM_DIGEST_NONE)

792

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

793

string message = "12345678901234567890123456789012";

794

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

795

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

796

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

797

}

798

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

799

TEST_F(VerificationOperationsTest, RsaSha256DigestSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

800

GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

801

.RsaSigningKey(384, 3)

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

802

.Digest(KM_DIGEST_SHA_2_256)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

803

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

804

string message(1024, 'a');

805

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

806

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

807

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

808

}

809

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

810

TEST_F(VerificationOperationsTest, RsaSha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

811

GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

812

.RsaSigningKey(384, 3)

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

813

.Digest(KM_DIGEST_SHA_2_256)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

814

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

815

string message(1024, 'a');

816

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

817

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

818

++signature[signature.size() / 2];

819

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

820

AuthorizationSet begin_params(client_params());

821

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

822

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

823

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

824

825

string result;

826

size_t input_consumed;

827

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

828

EXPECT_EQ(message.size(), input_consumed);

829

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

830

}

831

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

832

TEST_F(VerificationOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

833

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

834

.RsaSigningKey(512, 3)

835

.Digest(KM_DIGEST_SHA_2_256)

836

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

837

// Use large message, which won't work without digesting.

838

string message(1024, 'a');

839

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

840

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

841

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

842

}

843

844

TEST_F(VerificationOperationsTest, RsaPssSha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

845

GenerateKey(AuthorizationSetBuilder()

846

.RsaSigningKey(512, 3)

847

.Digest(KM_DIGEST_SHA_2_256)

848

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

849

string message(1024, 'a');

850

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

851

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

852

++signature[signature.size() / 2];

853

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

854

AuthorizationSet begin_params(client_params());

855

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

856

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

857

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

858

859

string result;

860

size_t input_consumed;

861

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

862

EXPECT_EQ(message.size(), input_consumed);

863

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

864

}

865

866

TEST_F(VerificationOperationsTest, RsaPssSha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

867

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

868

.RsaSigningKey(512, 3)

869

.Digest(KM_DIGEST_SHA_2_256)

870

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

871

// Use large message, which won't work without digesting.

872

string message(1024, 'a');

873

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

874

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

875

++message[message.size() / 2];

876

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

877

AuthorizationSet begin_params(client_params());

878

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

879

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

880

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

881

882

string result;

883

size_t input_consumed;

884

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

885

EXPECT_EQ(message.size(), input_consumed);

886

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

887

}

888

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

889

TEST_F(VerificationOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

890

GenerateKey(AuthorizationSetBuilder()

891

.RsaSigningKey(512, 3)

892

.Digest(KM_DIGEST_SHA_2_256)

893

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

894

string message(1024, 'a');

895

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

896

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

897

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

898

}

899

900

TEST_F(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

901

GenerateKey(AuthorizationSetBuilder()

902

.RsaSigningKey(512, 3)

903

.Digest(KM_DIGEST_SHA_2_256)

904

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

905

string message(1024, 'a');

906

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

907

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

908

++signature[signature.size() / 2];

909

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

910

AuthorizationSet begin_params(client_params());

911

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

912

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

913

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

914

915

string result;

916

size_t input_consumed;

917

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

918

EXPECT_EQ(message.size(), input_consumed);

919

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

920

}

921

922

TEST_F(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

923

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

924

.RsaSigningKey(512, 3)

925

.Digest(KM_DIGEST_SHA_2_256)

926

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

927

// Use large message, which won't work without digesting.

928

string message(1024, 'a');

929

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

930

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

931

++message[message.size() / 2];

932

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

933

AuthorizationSet begin_params(client_params());

934

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

935

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

936

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

937

938

string result;

939

size_t input_consumed;

940

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

941

EXPECT_EQ(message.size(), input_consumed);

942

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

943

}

944

945

template <typename T> vector<T> make_vector(const T* array, size_t len) {

946

return vector<T>(array, array + len);

947

}

948

949

TEST_F(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {

950

// Get all supported digests and padding modes.

951

size_t digests_len;

952

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

953

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

954

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,

955

&digests_len));

956

957

size_t padding_modes_len;

958

keymaster_padding_t* padding_modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame^]

959

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

960

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,

961

&padding_modes, &padding_modes_len));

962

963

// Try them.

964

for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {

965

for (keymaster_digest_t digest : make_vector(digests, digests_len)) {

966

// Compute key & message size that will work.

967

size_t key_bits = 256;

968

size_t message_len = 1000;

969

switch (digest) {

970

case KM_DIGEST_NONE:

971

switch (padding_mode) {

972

case KM_PAD_NONE:

973

// Match key size.

974

message_len = key_bits / 8;

975

break;

976

case KM_PAD_RSA_PKCS1_1_5_SIGN:

977

message_len = key_bits / 8 - 11;

978

break;

979

case KM_PAD_RSA_PSS:

980

// PSS requires a digest.

981

continue;

982

default:

983

FAIL() << "Missing padding";

break;

}

break;

case KM_DIGEST_SHA_2_256:

989

switch (padding_mode) {

990

case KM_PAD_NONE:

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

991

// Digesting requires padding

992

continue;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

993

case KM_PAD_RSA_PKCS1_1_5_SIGN:

key_bits += 8 * 11;

break;

case KM_PAD_RSA_PSS:

key_bits += 8 * 10;

break;

default:

FAIL() << "Missing padding";

break;

}

break;

default:

FAIL() << "Missing digest";

1006

}

1007

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1008

GenerateKey(AuthorizationSetBuilder()

1009

.RsaSigningKey(key_bits, 3)

1010

.Digest(digest)

1011

.Padding(padding_mode));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1012

string message(message_len, 'a');

1013

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1014

SignMessage(message, &signature, digest, padding_mode);

1015

VerifyMessage(message, signature, digest, padding_mode);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

}

}

free(padding_modes);

free(digests);

}

Shawn Willden

2014-08-18 15:33:10 -0600

[diff] [blame]

1023

TEST_F(VerificationOperationsTest, EcdsaSuccess) {

Shawn Willden

2015-03-11 07:21:32 -0600

[diff] [blame]

1024

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1025

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1026

string message = "123456789012345678901234567890123456789012345678";

1027

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1028

SignMessage(message, &signature, KM_DIGEST_NONE);

1029

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

5ac2f8f

2014-08-18 15:33:10 -0600

[diff] [blame]

1030

}

1031

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1032

TEST_F(VerificationOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1033

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1034

string message = "123456789012345678901234567890123456789012345678";

1035

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1036

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

1037

VerifyMessage(message, signature, KM_DIGEST_SHA1);

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1038

}

1039

1040

TEST_F(VerificationOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1041

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1042

string message = "123456789012345678901234567890123456789012345678";

1043

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1044

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

1045

VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1046

}

1047

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1048

TEST_F(VerificationOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1049

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1050

string message = "123456789012345678901234567890123456789012345678";

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1051

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1052

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

1053

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1054

}

1055

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1056

TEST_F(VerificationOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1057

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1058

string message = "123456789012345678901234567890123456789012345678";

1059

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1060

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

1061

VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1062

}

1063

1064

TEST_F(VerificationOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1065

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1066

string message = "123456789012345678901234567890123456789012345678";

1067

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1068

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

1069

VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1070

}

1071

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1072

typedef VerificationOperationsTest ExportKeyTest;

Shawn Willden

ffd790c

2014-08-18 21:20:06 -0600

[diff] [blame]

1073

TEST_F(ExportKeyTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1074

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1075

.RsaSigningKey(256, 3)

1076

.Digest(KM_DIGEST_NONE)

1077

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1078

string export_data;

1079

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1080

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1081

1082

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

ffd790c

2014-08-18 21:20:06 -0600

[diff] [blame]

1083

}

1084

Shawn Willden

2014-08-19 15:36:26 -0600

[diff] [blame]

1085

TEST_F(ExportKeyTest, EcdsaSuccess) {

Shawn Willden

2015-03-11 07:21:32 -0600

[diff] [blame]

1086

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1087

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1088

string export_data;

1089

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1090

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1091

1092

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2014-08-19 15:36:26 -0600

[diff] [blame]

1093

}

1094

1095

TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1096

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1097

.RsaSigningKey(256, 3)

1098

.Digest(KM_DIGEST_NONE)

1099

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1100

string export_data;

1101

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

Shawn Willden

2014-08-19 15:36:26 -0600

[diff] [blame]

1102

}

1103

1104

TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1105

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1106

.RsaSigningKey(256, 3)

1107

.Digest(KM_DIGEST_NONE)

1108

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1109

corrupt_key_blob();

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1110

string export_data;

1111

ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2014-08-19 15:36:26 -0600

[diff] [blame]

1112

}

1113

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1114

TEST_F(ExportKeyTest, AesKeyExportFails) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1115

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1116

string export_data;

1117

1118

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));

1119

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

1120

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));

1121

}

1122

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1123

static string read_file(const string& file_name) {

1124

ifstream file_stream(file_name, std::ios::binary);

1125

istreambuf_iterator<char> file_begin(file_stream);

1126

istreambuf_iterator<char> file_end;

1127

return string(file_begin, file_end);

1128

}

1129

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1130

typedef VerificationOperationsTest ImportKeyTest;

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1131

TEST_F(ImportKeyTest, RsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1132

string pk8_key = read_file("rsa_privkey_pk8.der");

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1133

ASSERT_EQ(633U, pk8_key.size());

1134

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1135

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1136

.RsaSigningKey(1024, 65537)

1137

.Digest(KM_DIGEST_NONE)

1138

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1139

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1140

1141

// Check values derived from the key.

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1142

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

1143

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 1024));

1144

EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 65537U));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1145

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1146

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1147

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1148

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1149

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1150

string message(1024 / 8, 'a');

1151

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1152

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

1153

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1154

}

1155

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1156

TEST_F(ImportKeyTest, OldApiRsaSuccess) {

1157

string pk8_key = read_file("rsa_privkey_pk8.der");

1158

ASSERT_EQ(633U, pk8_key.size());

1159

1160

// NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that

1161

// point softkeymaster will no longer support keymaster0 APIs anyway.

1162

uint8_t* key_blob;

1163

size_t key_blob_length;

1164

ASSERT_EQ(0,

1165

device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),

1166

pk8_key.size(), &key_blob, &key_blob_length));

1167

set_key_blob(key_blob, key_blob_length);

1168

1169

string message(1024 / 8, 'a');

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1170

AuthorizationSet begin_params; // Don't use client data.

1171

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1172

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1173

AuthorizationSet update_params;

1174

AuthorizationSet output_params;

1175

string signature =

1176

ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);

1177

ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,

1178

&output_params);

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1179

}

1180

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1181

TEST_F(ImportKeyTest, RsaKeySizeMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1182

string pk8_key = read_file("rsa_privkey_pk8.der");

1183

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1184

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1185

ImportKey(AuthorizationSetBuilder()

1186

.RsaSigningKey(2048 /* Doesn't match key */, 3)

1187

.Digest(KM_DIGEST_NONE)

1188

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1189

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1190

}

1191

1192

TEST_F(ImportKeyTest, RsaPublicExponenMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1193

string pk8_key = read_file("rsa_privkey_pk8.der");

1194

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1195

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1196

ImportKey(AuthorizationSetBuilder()

1197

.RsaSigningKey(256, 3 /* Doesnt' match key */)

1198

.Digest(KM_DIGEST_NONE)

1199

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1200

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1201

}

1202

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1203

TEST_F(ImportKeyTest, EcdsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1204

string pk8_key = read_file("ec_privkey_pk8.der");

1205

ASSERT_EQ(138U, pk8_key.size());

1206

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1207

ASSERT_EQ(KM_ERROR_OK,

1208

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1209

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1210

1211

// Check values derived from the key.

Shawn Willden

2015-04-07 17:01:10 -0600

[diff] [blame]

1212

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1213

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1214

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1215

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1216

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1217

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1218

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1219

string message(1024 / 8, 'a');

1220

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1221

SignMessage(message, &signature, KM_DIGEST_NONE);

1222

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1223

}

1224

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1225

TEST_F(ImportKeyTest, EcdsaSizeSpecified) {

1226

string pk8_key = read_file("ec_privkey_pk8.der");

1227

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1228

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1229

ASSERT_EQ(KM_ERROR_OK,

1230

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1231

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1232

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1233

// Check values derived from the key.

Shawn Willden

2015-04-07 17:01:10 -0600

[diff] [blame]

1234

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1235

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256));

1236

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1237

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1238

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1239

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1240

1241

string message(1024 / 8, 'a');

1242

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1243

SignMessage(message, &signature, KM_DIGEST_NONE);

1244

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1245

}

1246

1247

TEST_F(ImportKeyTest, EcdsaSizeMismatch) {

1248

string pk8_key = read_file("ec_privkey_pk8.der");

1249

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1250

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1251

ImportKey(AuthorizationSetBuilder()

1252

.EcdsaSigningKey(224 /* Doesn't match key */)

1253

.Digest(KM_DIGEST_NONE),

1254

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1255

}

1256

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1257

TEST_F(ImportKeyTest, AesKeySuccess) {

1258

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1259

string key(key_data, sizeof(key_data));

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1260

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

c47c88f

2015-04-07 17:23:27 -0600

[diff] [blame]

1261

ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(

1262

TAG_PADDING, KM_PAD_PKCS7),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1263

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1264

1265

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1266

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1267

1268

string message = "Hello World!";

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1269

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

1270

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1271

EXPECT_EQ(message, plaintext);

1272

}

1273

1274

TEST_F(ImportKeyTest, HmacSha256KeySuccess) {

1275

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1276

string key(key_data, sizeof(key_data));

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1277

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1278

.HmacKey(sizeof(key_data) * 8)

1279

.Digest(KM_DIGEST_SHA_2_256)

1280

.Authorization(TAG_MAC_LENGTH, 32),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1281

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1282

1283

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1284

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1285

1286

string message = "Hello World!";

1287

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1288

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);

1289

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1290

}

1291

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1292

typedef KeymasterTest EncryptionOperationsTest;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1293

TEST_F(EncryptionOperationsTest, RsaOaepSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1294

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1295

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1296

1297

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1298

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1299

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1300

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1301

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1302

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1303

1304

// OAEP randomizes padding so every result should be different.

1305

EXPECT_NE(ciphertext1, ciphertext2);

1306

}

1307

1308

TEST_F(EncryptionOperationsTest, RsaOaepRoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1309

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1310

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1311

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1312

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1313

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1314

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1315

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_OAEP);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1316

EXPECT_EQ(message, plaintext);

1317

}

1318

1319

TEST_F(EncryptionOperationsTest, RsaOaepTooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1320

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1321

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1322

string message = "12345678901234567890123";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1323

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1324

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1325

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1326

AuthorizationSet begin_params(client_params());

1327

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1328

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1329

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1330

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1331

EXPECT_EQ(0U, result.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1332

}

1333

1334

TEST_F(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1335

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1336

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1337

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1338

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1339

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1340

1341

// Corrupt the ciphertext

1342

ciphertext[512 / 8 / 2]++;

1343

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1344

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1345

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1346

AuthorizationSet begin_params(client_params());

1347

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1348

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1349

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1350

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1351

EXPECT_EQ(0U, result.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1352

}

1353

1354

TEST_F(EncryptionOperationsTest, RsaPkcs1Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1355

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1356

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1357

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1358

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1359

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1360

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1361

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1362

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1363

1364

// PKCS1 v1.5 randomizes padding so every result should be different.

1365

EXPECT_NE(ciphertext1, ciphertext2);

1366

}

1367

1368

TEST_F(EncryptionOperationsTest, RsaPkcs1RoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1369

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1370

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1371

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1372

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1373

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1374

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1375

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1376

EXPECT_EQ(message, plaintext);

1377

}

1378

1379

TEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1380

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1381

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1382

string message = "12345678901234567890123456789012345678901234567890123";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1383

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1384

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1385

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1386

AuthorizationSet begin_params(client_params());

1387

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1388

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1389

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1390

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1391

EXPECT_EQ(0U, result.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1392

}

1393

1394

TEST_F(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1395

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1396

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1397

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1398

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1399

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1400

1401

// Corrupt the ciphertext

1402

ciphertext[512 / 8 / 2]++;

1403

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1404

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1405

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1406

AuthorizationSet begin_params(client_params());

1407

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1408

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1409

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1410

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1411

EXPECT_EQ(0U, result.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1412

}

1413

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1414

TEST_F(EncryptionOperationsTest, RsaEncryptWithSigningKey) {

1415

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1416

.RsaSigningKey(256, 3)

1417

.Digest(KM_DIGEST_NONE)

1418

.Padding(KM_PAD_NONE)));

1419

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1420

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

1421

}

1422

1423

TEST_F(EncryptionOperationsTest, EcdsaEncrypt) {

1424

ASSERT_EQ(KM_ERROR_OK,

1425

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

1426

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1427

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

1428

}

1429

1430

TEST_F(EncryptionOperationsTest, HmacEncrypt) {

ASSERT_EQ(

KM_ERROR_OK,

GenerateKey(

AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));

1435

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1436

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

1437

}

1438

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1439

TEST_F(EncryptionOperationsTest, AesEcbRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1440

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1441

.AesEncryptionKey(128)

1442

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1443

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1444

// Two-block message.

1445

string message = "12345678901234567890123456789012";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1446

string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1447

EXPECT_EQ(message.size(), ciphertext1.size());

1448

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1449

string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1450

EXPECT_EQ(message.size(), ciphertext2.size());

1451

1452

// ECB is deterministic.

1453

EXPECT_EQ(ciphertext1, ciphertext2);

1454

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1455

string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1456

EXPECT_EQ(message, plaintext);

1457

}

1458

1459

TEST_F(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1460

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1461

.AesEncryptionKey(128)

1462

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1463

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1464

// Message is slightly shorter than two blocks.

1465

string message = "1234567890123456789012345678901";

1466

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1467

AuthorizationSet begin_params(client_params());

1468

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1469

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1470

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1471

string ciphertext;

1472

size_t input_consumed;

1473

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));

1474

EXPECT_EQ(message.size(), input_consumed);

1475

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));

1476

}

1477

1478

TEST_F(EncryptionOperationsTest, AesEcbPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1479

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1480

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1481

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1482

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1483

1484

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1485

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1486

string message(i, 'a');

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1487

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1488

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1489

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1490

EXPECT_EQ(message, plaintext);

}

}

TEST_F(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1495

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1496

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1497

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1498

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1499

1500

string message = "a";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1501

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1502

EXPECT_EQ(16U, ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1503

EXPECT_NE(ciphertext, message);

1504

++ciphertext[ciphertext.size() / 2];

1505

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1506

AuthorizationSet begin_params(client_params());

1507

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1508

begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1509

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1510

string plaintext;

1511

size_t input_consumed;

1512

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));

1513

EXPECT_EQ(ciphertext.size(), input_consumed);

1514

EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));

1515

}

1516

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1517

TEST_F(EncryptionOperationsTest, AesCtrRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1518

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1519

.AesEncryptionKey(128)

1520

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1521

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1522

string message = "123";

1523

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1524

string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1525

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1526

EXPECT_EQ(16U, iv1.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1527

1528

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1529

string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1530

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1531

EXPECT_EQ(16U, iv2.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1532

1533

// IVs should be random, so ciphertexts should differ.

1534

EXPECT_NE(iv1, iv2);

1535

EXPECT_NE(ciphertext1, ciphertext2);

1536

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1537

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1538

EXPECT_EQ(message, plaintext);

1539

}

1540

1541

TEST_F(EncryptionOperationsTest, AesCtrIncremental) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1542

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1543

.AesEncryptionKey(128)

1544

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1545

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1546

1547

int increment = 15;

1548

string message(239, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1549

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1550

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1551

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1552

AuthorizationSet output_params;

1553

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

1554

1555

string ciphertext;

1556

size_t input_consumed;

1557

for (size_t i = 0; i < message.size(); i += increment)

1558

EXPECT_EQ(KM_ERROR_OK,

1559

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

1560

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

1561

EXPECT_EQ(message.size(), ciphertext.size());

1562

1563

// Move TAG_NONCE into input_params

1564

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1565

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1566

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1567

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1568

output_params.Clear();

1569

1570

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

1571

string plaintext;

1572

for (size_t i = 0; i < ciphertext.size(); i += increment)

1573

EXPECT_EQ(KM_ERROR_OK,

1574

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

1575

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

1576

EXPECT_EQ(ciphertext.size(), plaintext.size());

1577

EXPECT_EQ(message, plaintext);

1578

}

1579

1580

struct AesCtrSp80038aTestVector {

1581

const char* key;

1582

const char* nonce;

1583

const char* plaintext;

1584

const char* ciphertext;

1585

};

1586

1587

// These test vectors are taken from

1588

// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.

1589

static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {

1590

// AES-128

1591

{

1592

"2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

1593

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

1594

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

1595

"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"

1596

"5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",

},

// AES-192

{

"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

1601

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

1602

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

1603

"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"

1604

"1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",

},

// AES-256

{

"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",

1609

"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

1610

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

1611

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

1612

"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"

1613

"2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",

},

};

TEST_F(EncryptionOperationsTest, AesCtrSp80038aTestVector) {

1618

for (size_t i = 0; i < 3; i++) {

1619

const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);

1620

const string key = hex2str(test.key);

1621

const string nonce = hex2str(test.nonce);

1622

const string plaintext = hex2str(test.plaintext);

1623

const string ciphertext = hex2str(test.ciphertext);

1624

CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);

}

}

TEST_F(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {

1629

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1630

.AesEncryptionKey(128)

1631

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1632

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1633

AuthorizationSet begin_params(client_params());

1634

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1635

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1636

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1637

}

1638

1639

TEST_F(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {

1640

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1641

.AesEncryptionKey(128)

1642

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1643

.Authorization(TAG_CALLER_NONCE)

1644

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1645

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1646

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1647

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1648

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1649

input_params.push_back(TAG_NONCE, "123", 3);

1650

EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));

1651

}

1652

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1653

TEST_F(EncryptionOperationsTest, AesCbcRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1654

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1655

.AesEncryptionKey(128)

1656

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

1657

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1658

// Two-block message.

1659

string message = "12345678901234567890123456789012";

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1660

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1661

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1662

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1663

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1664

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1665

string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1666

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1667

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1668

// IVs should be random, so ciphertexts should differ.

1669

EXPECT_NE(iv1, iv2);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1670

EXPECT_NE(ciphertext1, ciphertext2);

1671

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1672

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1673

EXPECT_EQ(message, plaintext);

1674

}

1675

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

1676

TEST_F(EncryptionOperationsTest, AesCallerNonce) {

1677

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1678

.AesEncryptionKey(128)

1679

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1680

.Authorization(TAG_CALLER_NONCE)

1681

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

1682

string message = "12345678901234567890123456789012";

1683

string iv1;

1684

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1685

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

1686

EXPECT_EQ(message.size(), ciphertext1.size());

1687

EXPECT_EQ(16U, iv1.size());

1688

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1689

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

1690

EXPECT_EQ(message, plaintext);

1691

1692

// Now specify a nonce, should also work.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1693

AuthorizationSet input_params(client_params());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

1694

AuthorizationSet update_params;

1695

AuthorizationSet output_params;

1696

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1697

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1698

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

1699

string ciphertext2 =

1700

ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);

1701

1702

// Decrypt with correct nonce.

1703

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

1704

&output_params);

1705

EXPECT_EQ(message, plaintext);

1706

1707

// Now try with wrong nonce.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1708

input_params.Reinitialize(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1709

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1710

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

1711

input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);

1712

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

1713

&output_params);

1714

EXPECT_NE(message, plaintext);

1715

}

1716

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

1717

TEST_F(EncryptionOperationsTest, AesCallerNonceProhibited) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1718

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1719

.AesEncryptionKey(128)

1720

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

1721

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

1722

1723

string message = "12345678901234567890123456789012";

1724

string iv1;

1725

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1726

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

1727

EXPECT_EQ(message.size(), ciphertext1.size());

1728

EXPECT_EQ(16U, iv1.size());

1729

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1730

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

1731

EXPECT_EQ(message, plaintext);

1732

1733

// Now specify a nonce, should fail.

1734

AuthorizationSet input_params(client_params());

1735

AuthorizationSet update_params;

1736

AuthorizationSet output_params;

1737

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1738

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1739

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

1740

1741

EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,

1742

BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

1743

}

1744

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1745

TEST_F(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1746

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1747

.AesEncryptionKey(128)

1748

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

1749

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1750

1751

int increment = 15;

1752

string message(240, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1753

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1754

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1755

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1756

AuthorizationSet output_params;

1757

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

1758

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1759

string ciphertext;

1760

size_t input_consumed;

1761

for (size_t i = 0; i < message.size(); i += increment)

1762

EXPECT_EQ(KM_ERROR_OK,

1763

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

1764

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1765

EXPECT_EQ(message.size(), ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1766

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1767

// Move TAG_NONCE into input_params

1768

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1769

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1770

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1771

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1772

output_params.Clear();

1773

1774

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1775

string plaintext;

1776

for (size_t i = 0; i < ciphertext.size(); i += increment)

1777

EXPECT_EQ(KM_ERROR_OK,

1778

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

1779

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1780

EXPECT_EQ(ciphertext.size(), plaintext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1781

EXPECT_EQ(message, plaintext);

1782

}

1783

1784

TEST_F(EncryptionOperationsTest, AesCbcPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1785

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1786

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1787

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

1788

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1789

1790

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1791

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1792

string message(i, 'a');

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1793

string iv;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1794

string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1795

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1796

string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1797

EXPECT_EQ(message, plaintext);

}

}

Shawn Willden

2015-01-26 14:06:32 -0700

[diff] [blame]

1801

typedef KeymasterTest AddEntropyTest;

1802

TEST_F(AddEntropyTest, AddEntropy) {

1803

// There's no obvious way to test that entropy is actually added, but we can test that the API

1804

// doesn't blow up or return an error.

1805

EXPECT_EQ(KM_ERROR_OK,

1806

device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));

1807

}

1808

Shawn Willden