Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 0d061c80d06f94291568e725f9eb649962a80352 / . / android_keymaster_test.cpp
blob: 2ee8147fd3ad98581e90708a423203a82a660216 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame^]49template <typename T> vector<T> make_vector(const T* array, size_t len) {
50 return vector<T>(array, array + len);
51}
52
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]53class TestKeymasterEnforcement : public KeymasterEnforcement {
54 public:
55 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
56
57 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
58 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
59 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
60 uint32_t /* timeout */) const {
61 return false;
62 }
63 virtual uint32_t get_current_time() const { return 0; }
64 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
65};
66
67class TestKeymasterContext : public SoftKeymasterContext {
68 public:
69 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
70 : SoftKeymasterContext(keymaster0) {}
71
72 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
73
74 private:
75 TestKeymasterEnforcement test_policy_;
76};
77
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]78class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
79 public:
80 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]82 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]83 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]84 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]85
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]86 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]87 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]88};
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
91 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]92 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
93
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]95 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
96 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]97 hw_device_t* softkeymaster_device;
98 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
99 &softkeymaster_device));
100 // Make the software device pretend to be hardware
101 keymaster0_device_t* keymaster0_device =
102 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]103 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
104
105 if (!support_ec_) {
106 // Make the software device pretend not to support EC
107 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
108 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]109
110 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
111
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]112 SoftKeymasterDevice* keymaster =
113 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]114 return keymaster->keymaster_device();
115 }
116
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]117 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
118 switch (algorithm) {
119 case KM_ALGORITHM_RSA:
120 return true;
121 case KM_ALGORITHM_EC:
122 return support_ec_;
123 default:
124 return false;
125 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]126 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]127 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
128
129 private:
130 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]131 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]132};
133
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]134static auto test_params = testing::Values(
135 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
136 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
137 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]138
139typedef Keymaster1Test CheckSupported;
140INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
141
142TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]143 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
144 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]146 size_t len;
147 keymaster_algorithm_t* algorithms;
148 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]149 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]150 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]151 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]152
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]153 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]154}
155
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]156TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
158 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
159 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]160
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]161 size_t len;
162 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]163 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]165 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]166 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]167
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]168 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]169 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]170 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]171
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]172 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]173 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]174 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]175 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]176
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]177 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]178}
179
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]180TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
182 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
183 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]184
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]185 size_t len;
186 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]187 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]188 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]189 EXPECT_TRUE(
190 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]191 free(modes);
192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]194 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]197 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]198
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]199 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]200 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]201 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]202 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]203
204 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
205 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
206 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]207
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]208 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]209}
210
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]211TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 EXPECT_EQ(
213 KM_ERROR_OUTPUT_PARAMETER_NULL,
214 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]215
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 size_t len;
217 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]218 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]220 EXPECT_TRUE(
221 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
222 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
223 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]227 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame^]228 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
229 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
230 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]231 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]232
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]233 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
234 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
235 &len));
236
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]237 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]238 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]239 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
240 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
241 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]242 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]243
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]244 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]245}
246
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]247TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
249 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]250
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 size_t len;
252 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]253 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]254 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]255 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]257
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]258 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
260 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
261 free(formats);
262
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]263 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]264 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
265 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
266 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]267
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]268 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]269}
270
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]271TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
273 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]274
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 size_t len;
276 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]277 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]278 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]279 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]280 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]281
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]282 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]283 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]284 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]286
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]287 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]288 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]289 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]290 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]291
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]292 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]293 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]294 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 free(formats);
296
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]297 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]298 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]299 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]300 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]301
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]302 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]303}
304
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]305class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]306 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]308 AuthorizationSet auths = sw_enforced();
309 EXPECT_GT(auths.SerializedSize(), 12U);
310
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
312 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
313 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]314 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]316
317 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]318 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
319 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
320 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]321
322 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]323 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
324 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
325 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]326
327 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]328 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]329 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]330 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]331};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]332INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
333
334TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]335 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
336 .RsaSigningKey(256, 3)
337 .Digest(KM_DIGEST_NONE)
338 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]339 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]340
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]341 // Check specified tags are all present, and in the right set.
342 AuthorizationSet crypto_params;
343 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]344 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]345 EXPECT_NE(0U, hw_enforced().size());
346 EXPECT_NE(0U, sw_enforced().size());
347 crypto_params.push_back(hw_enforced());
348 non_crypto_params.push_back(sw_enforced());
349 } else {
350 EXPECT_EQ(0U, hw_enforced().size());
351 EXPECT_NE(0U, sw_enforced().size());
352 crypto_params.push_back(sw_enforced());
353 }
354
355 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
356 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
357 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
358 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
359 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
360 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
361
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]362 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]363 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]364}
365
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]366TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]367 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
368 GenerateKey(AuthorizationSetBuilder()
369 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
370 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
371 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]372
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]373 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]374}
375
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]376TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]377 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]378 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]379 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]380
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]381 // Check specified tags are all present, and in the right set.
382 AuthorizationSet crypto_params;
383 AuthorizationSet non_crypto_params;
384 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
385 EXPECT_NE(0U, hw_enforced().size());
386 EXPECT_NE(0U, sw_enforced().size());
387 crypto_params.push_back(hw_enforced());
388 non_crypto_params.push_back(sw_enforced());
389 } else {
390 EXPECT_EQ(0U, hw_enforced().size());
391 EXPECT_NE(0U, sw_enforced().size());
392 crypto_params.push_back(sw_enforced());
393 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]394
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]395 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
396 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
397 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
398 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
399
400 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
401 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]402}
403
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]404TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]405 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
406 GenerateKey(AuthorizationSetBuilder()
407 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
408 .SigningKey()
409 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]410
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]411 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]412}
413
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]414TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]415 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
416 ASSERT_EQ(
417 KM_ERROR_UNKNOWN_ERROR,
418 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
419 else
420 ASSERT_EQ(
421 KM_ERROR_UNSUPPORTED_KEY_SIZE,
422 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]423
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]424 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
425 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]426}
427
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]428TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]429 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]430 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]431 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
432 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]433 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]434 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]435
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]436 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
437 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]438}
439
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]440TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]441 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]442 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]443
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]444 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]445}
446
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]447typedef Keymaster1Test GetKeyCharacteristics;
448INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
449
450TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]451 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
452 .RsaSigningKey(256, 3)
453 .Digest(KM_DIGEST_NONE)
454 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]455 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]456
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]457 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
458 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]459
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]460 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]461 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]462}
463
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]464typedef Keymaster1Test SigningOperationsTest;
465INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
466
467TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]468 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
469 .RsaSigningKey(256, 3)
470 .Digest(KM_DIGEST_NONE)
471 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]472 string message = "12345678901234567890123456789012";
473 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]474 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]475
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]476 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]477 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]478}
479
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]480TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]481 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
482 .RsaSigningKey(512, 3)
483 .Digest(KM_DIGEST_SHA_2_256)
484 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]485 // Use large message, which won't work without digesting.
486 string message(1024, 'a');
487 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]488 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]489
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]490 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]491 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]492}
493
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]494TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
495 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
496 .RsaSigningKey(512, 3)
497 .Digest(KM_DIGEST_NONE)
498 .Padding(KM_PAD_NONE)));
499 string message = "12345678901234567890123456789012";
500 string signature;
501 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
502
503 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
504 EXPECT_EQ(3, GetParam()->keymaster0_calls());
505}
506
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]507TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]508 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
509 .RsaSigningKey(512, 3)
510 .Digest(KM_DIGEST_SHA_2_256)
511 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]512 string message(1024, 'a');
513 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]514 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]515
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]516 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]517 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]518}
519
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]520TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
521 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
522 .RsaSigningKey(512, 3)
523 .Digest(KM_DIGEST_NONE)
524 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
525 string message(53, 'a');
526 string signature;
527 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
528
529 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
530 EXPECT_EQ(3, GetParam()->keymaster0_calls());
531}
532
533TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
535 .RsaSigningKey(512, 3)
536 .Digest(KM_DIGEST_NONE)
537 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
538 string message(54, 'a');
539
540 AuthorizationSet begin_params(client_params());
541 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
542 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
543 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
544 string result;
545 size_t input_consumed;
546 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
547 string signature;
548 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
549
550 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
551 EXPECT_EQ(2, GetParam()->keymaster0_calls());
552}
553
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]554TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]555 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
556 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]557 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
558 .RsaSigningKey(256 + 9 * 8, 3)
559 .Digest(KM_DIGEST_SHA_2_256)
560 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]561 string message(1024, 'a');
562 string signature;
563
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]564 AuthorizationSet begin_params(client_params());
565 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]566 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]567 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]568}
569
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]570TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
571 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
572 .RsaSigningKey(256, 3)
573 .Digest(KM_DIGEST_NONE)
574 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
575 string message(64 * 1024, 'a');
576 string signature;
577 AuthorizationSet begin_params(client_params());
578 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
579 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
580 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
581 string result;
582 size_t input_consumed;
583 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
584
585 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
586 EXPECT_EQ(2, GetParam()->keymaster0_calls());
587}
588
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]589TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]590 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
591 .RsaSigningKey(256, 3)
592 .Digest(KM_DIGEST_NONE)
593 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]594 AuthorizationSet begin_params(client_params());
595 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]596 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]597 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]598 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
599 // Another abort should fail
600 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]601
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]602 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]603 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]604}
605
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]606TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]607 GenerateKey(AuthorizationSetBuilder()
608 .RsaSigningKey(256, 3)
609 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
610 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]611 AuthorizationSet begin_params(client_params());
612 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
613 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]614
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]615 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]616 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]617}
618
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]619TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]620 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]621 GenerateKey(AuthorizationSetBuilder()
622 .RsaSigningKey(256, 3)
623 .Digest(KM_DIGEST_NONE)
624 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]625 AuthorizationSet begin_params(client_params());
626 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]627 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]628 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]629
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]630 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]631 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]632}
633
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]634TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]635 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]636 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
637 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]638 AuthorizationSet begin_params(client_params());
639 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
640 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]641
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]642 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]643 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]644}
645
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]646TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]647 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
648 .RsaSigningKey(256, 3)
649 .Digest(KM_DIGEST_NONE)
650 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 AuthorizationSet begin_params(client_params());
652 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]653 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]654 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]655
656 string message = "1234567890123456789012345678901";
657 string result;
658 size_t input_consumed;
659 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
660 EXPECT_EQ(0U, result.size());
661 EXPECT_EQ(31U, input_consumed);
662
663 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]664 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]665 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]666
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]667 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]668 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]669}
670
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]671TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]672 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
673 .RsaEncryptionKey(256, 3)
674 .Digest(KM_DIGEST_NONE)
675 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]676 AuthorizationSet begin_params(client_params());
677 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
678 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
679 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]680
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]681 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]682 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]683}
684
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]685TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]686 ASSERT_EQ(KM_ERROR_OK,
687 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]688 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]689 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]690 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]691
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]692 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
693 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]694}
695
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]696TEST_P(SigningOperationsTest, EcdsaSha256Success) {
697 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
698 KM_DIGEST_SHA_2_256)));
699 string message(1024, 'a');
700 string signature;
701 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
702
703 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
704 EXPECT_EQ(3, GetParam()->keymaster0_calls());
705}
706
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]707TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
708 ASSERT_EQ(KM_ERROR_OK,
709 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
710 string message(64 * 1024, 'a');
711 string signature;
712 AuthorizationSet begin_params(client_params());
713 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
714 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
715 string result;
716 size_t input_consumed;
717 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
718
719 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
720 EXPECT_EQ(2, GetParam()->keymaster0_calls());
721}
722
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame^]723TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) {
724 size_t len;
725 keymaster_digest_t* digest_arr;
726 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
727 KM_PURPOSE_SIGN, &digest_arr, &len));
728 vector<int> key_sizes = {224, 256, 384, 521};
729 vector<keymaster_digest_t> digests = make_vector(digest_arr, len);
730 free(digest_arr);
731
732 for (int key_size : key_sizes) {
733 for (keymaster_digest_t digest : digests) {
734 ASSERT_EQ(
735 KM_ERROR_OK,
736 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest)));
737
738 string message(1024, 'a');
739 string signature;
740 if (digest == KM_DIGEST_NONE)
741 message.resize(key_size / 8);
742 SignMessage(message, &signature, digest);
743 }
744 }
745
746 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
747 EXPECT_EQ(digests.size() * key_sizes.size() * 3,
748 static_cast<size_t>(GetParam()->keymaster0_calls()));
749}
750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]751TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]752 ASSERT_EQ(KM_ERROR_OK,
753 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
754 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]755 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
756 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]757
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]758 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]759}
760
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]761TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]762 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]763 string message = "12345678901234567890123456789012";
764 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]765 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]766 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]767
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]768 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]769}
770
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]771TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]772 ASSERT_EQ(KM_ERROR_OK,
773 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]774 string message = "12345678901234567890123456789012";
775 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]776 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]777 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]778
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]779 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]780}
781
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]782TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]783 ASSERT_EQ(KM_ERROR_OK,
784 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]785 string message = "12345678901234567890123456789012";
786 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]787 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]788 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]789
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]790 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]791}
792
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]793TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]794 ASSERT_EQ(KM_ERROR_OK,
795 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
796
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]797 string message = "12345678901234567890123456789012";
798 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]799 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]800 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]801
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]802 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]803}
804
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]805TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]806 ASSERT_EQ(KM_ERROR_OK,
807 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]808 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]809 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]810 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]811 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]812
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]813 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]814}
815
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]816TEST_P(SigningOperationsTest, HmacAnyDigestSuccess) {
817 ASSERT_EQ(KM_ERROR_OK,
818 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
819 string message = "12345678901234567890123456789012";
820 string signature;
821
822 size_t len;
823 keymaster_digest_t* digests;
824 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
825 KM_PURPOSE_SIGN, &digests, &len));
826 for (size_t i = 0; i < len; ++i)
827 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
828 free(digests);
829
830 // Ensure that we can't actually try to do an HMAC with no digest
831 AuthorizationSet begin_params(client_params());
832 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
833 begin_params.push_back(TAG_MAC_LENGTH, 128);
834 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
835
836 EXPECT_EQ(0, GetParam()->keymaster0_calls());
837}
838
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]839TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]840 // TODO(swillden): unified API should generate an error on key generation.
841 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
842 .HmacKey(128)
843 .Digest(KM_DIGEST_SHA_2_256)
844 .Authorization(TAG_MAC_LENGTH, 20)));
845 string message = "12345678901234567890123456789012";
846 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]847 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]848 // Size in key was ignored.
849 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]850
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]851 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]852}
853
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]854TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]855 uint8_t key_data[] = {
856 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
857 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
858 };
859 string message = "Hi There";
860 uint8_t sha_224_expected[] = {
861 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
862 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
863 };
864 uint8_t sha_256_expected[] = {
865 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
866 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
867 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
868 };
869 uint8_t sha_384_expected[] = {
870 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
871 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
872 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
873 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
874 };
875 uint8_t sha_512_expected[] = {
876 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
877 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
878 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
879 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
880 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
881 };
882
883 string key = make_string(key_data);
884
885 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
886 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
887 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
888 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]889
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]890 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]891}
892
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]893TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]894 string key = "Jefe";
895 string message = "what do ya want for nothing?";
896 uint8_t sha_224_expected[] = {
897 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
898 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
899 };
900 uint8_t sha_256_expected[] = {
901 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
902 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
903 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
904 };
905 uint8_t sha_384_expected[] = {
906 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
907 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
908 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
909 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
910 };
911 uint8_t sha_512_expected[] = {
912 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
913 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
914 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
915 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
916 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
917 };
918
919 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
920 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
921 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
922 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]923
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]924 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]925}
926
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]927TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]928 string key(20, 0xaa);
929 string message(50, 0xdd);
930 uint8_t sha_224_expected[] = {
931 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
932 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
933 };
934 uint8_t sha_256_expected[] = {
935 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
936 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
937 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
938 };
939 uint8_t sha_384_expected[] = {
940 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
941 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
942 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
943 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
944 };
945 uint8_t sha_512_expected[] = {
946 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
947 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
948 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
949 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
950 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
951 };
952
953 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
954 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
955 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
956 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]957
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]958 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]959}
960
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]961TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]962 uint8_t key_data[25] = {
963 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
964 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
965 };
966 string key = make_string(key_data);
967 string message(50, 0xcd);
968 uint8_t sha_224_expected[] = {
969 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
970 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
971 };
972 uint8_t sha_256_expected[] = {
973 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
974 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
975 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
976 };
977 uint8_t sha_384_expected[] = {
978 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
979 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
980 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
981 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
982 };
983 uint8_t sha_512_expected[] = {
984 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
985 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
986 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
987 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
988 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
989 };
990
991 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
992 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
993 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
994 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]995
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]996 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]997}
998
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]999TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1000 string key(20, 0x0c);
1001 string message = "Test With Truncation";
1002
1003 uint8_t sha_224_expected[] = {
1004 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
1005 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
1006 };
1007 uint8_t sha_256_expected[] = {
1008 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
1009 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
1010 };
1011 uint8_t sha_384_expected[] = {
1012 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
1013 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
1014 };
1015 uint8_t sha_512_expected[] = {
1016 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
1017 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
1018 };
1019
1020 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1021 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1022 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1023 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1024
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1025 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1026}
1027
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1028TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1029 string key(131, 0xaa);
1030 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1031
1032 uint8_t sha_224_expected[] = {
1033 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1034 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1035 };
1036 uint8_t sha_256_expected[] = {
1037 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1038 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1039 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1040 };
1041 uint8_t sha_384_expected[] = {
1042 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1043 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1044 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1045 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1046 };
1047 uint8_t sha_512_expected[] = {
1048 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1049 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1050 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1051 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1052 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1053 };
1054
1055 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1056 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1057 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1058 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1059
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1060 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1061}
1062
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1063TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1064 string key(131, 0xaa);
1065 string message = "This is a test using a larger than block-size key and a larger than "
1066 "block-size data. The key needs to be hashed before being used by the HMAC "
1067 "algorithm.";
1068
1069 uint8_t sha_224_expected[] = {
1070 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1071 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1072 };
1073 uint8_t sha_256_expected[] = {
1074 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1075 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1076 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1077 };
1078 uint8_t sha_384_expected[] = {
1079 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1080 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1081 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1082 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1083 };
1084 uint8_t sha_512_expected[] = {
1085 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1086 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1087 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1088 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1089 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1090 };
1091
1092 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1093 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1094 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1095 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1096
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1097 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1098}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1099
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1100TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1101 ASSERT_EQ(KM_ERROR_OK,
1102 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
1103 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1104 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1105 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1106 ASSERT_EQ(KM_ERROR_OK,
1107 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
1108 string message = "1234567890123456789012345678901";
1109 string result;
1110 size_t input_consumed;
1111 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1112 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1113
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1114 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1115}
1116
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1117// TODO(swillden): Add more verification failure tests.
1118
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1119typedef Keymaster1Test VerificationOperationsTest;
1120INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1121
1122TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1123 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1124 .RsaSigningKey(256, 3)
1125 .Digest(KM_DIGEST_NONE)
1126 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1127 string message = "12345678901234567890123456789012";
1128 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1129 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1130 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1131
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1132 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1133 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1134}
1135
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1136TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1137 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1138 .RsaSigningKey(512, 3)
1139 .Digest(KM_DIGEST_SHA_2_256)
1140 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1141 // Use large message, which won't work without digesting.
1142 string message(1024, 'a');
1143 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1144 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1145 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1146
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1147 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1148 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1149}
1150
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1151TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1152 GenerateKey(AuthorizationSetBuilder()
1153 .RsaSigningKey(512, 3)
1154 .Digest(KM_DIGEST_SHA_2_256)
1155 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1156 string message(1024, 'a');
1157 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1158 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1159 ++signature[signature.size() / 2];
1160
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1161 AuthorizationSet begin_params(client_params());
1162 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1163 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1164 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1165
1166 string result;
1167 size_t input_consumed;
1168 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1169 EXPECT_EQ(message.size(), input_consumed);
1170 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1171
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1172 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1173 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1174}
1175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1176TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1177 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1178 .RsaSigningKey(512, 3)
1179 .Digest(KM_DIGEST_SHA_2_256)
1180 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1181 // Use large message, which won't work without digesting.
1182 string message(1024, 'a');
1183 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1184 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1185 ++message[message.size() / 2];
1186
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1187 AuthorizationSet begin_params(client_params());
1188 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1189 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1190 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1191
1192 string result;
1193 size_t input_consumed;
1194 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1195 EXPECT_EQ(message.size(), input_consumed);
1196 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1197
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1198 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1199 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1200}
1201
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1202TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1203 GenerateKey(AuthorizationSetBuilder()
1204 .RsaSigningKey(512, 3)
1205 .Digest(KM_DIGEST_SHA_2_256)
1206 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1207 string message(1024, 'a');
1208 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1209 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1210 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1212 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1213 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1214}
1215
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1216TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1217 GenerateKey(AuthorizationSetBuilder()
1218 .RsaSigningKey(512, 3)
1219 .Digest(KM_DIGEST_SHA_2_256)
1220 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1221 string message(1024, 'a');
1222 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1223 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1224 ++signature[signature.size() / 2];
1225
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1226 AuthorizationSet begin_params(client_params());
1227 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1228 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1229 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1230
1231 string result;
1232 size_t input_consumed;
1233 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1234 EXPECT_EQ(message.size(), input_consumed);
1235 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1236
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1237 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1238 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1239}
1240
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1241TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1242 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1243 .RsaSigningKey(512, 3)
1244 .Digest(KM_DIGEST_SHA_2_256)
1245 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1246 // Use large message, which won't work without digesting.
1247 string message(1024, 'a');
1248 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1249 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1250 ++message[message.size() / 2];
1251
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1252 AuthorizationSet begin_params(client_params());
1253 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1254 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1255 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1256
1257 string result;
1258 size_t input_consumed;
1259 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1260 EXPECT_EQ(message.size(), input_consumed);
1261 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1262
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1263 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1264 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1265}
1266
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1267TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1268 // Get all supported digests and padding modes.
1269 size_t digests_len;
1270 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1271 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1272 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1273 &digests_len));
1274
1275 size_t padding_modes_len;
1276 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1277 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1278 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1279 &padding_modes, &padding_modes_len));
1280
1281 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1282 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1283 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1284 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1285 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1286 // Digesting requires padding
1287 continue;
1288
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1289 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1290 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1291 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1292
1293 if (digest == KM_DIGEST_NONE) {
1294 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1295 switch (padding_mode) {
1296 case KM_PAD_NONE:
1297 // Match key size.
1298 message_len = key_bits / 8;
1299 break;
1300 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1301 message_len = key_bits / 8 - 11;
1302 break;
1303 case KM_PAD_RSA_PSS:
1304 // PSS requires a digest.
1305 continue;
1306 default:
1307 FAIL() << "Missing padding";
1308 break;
1309 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1310 } else {
1311 size_t digest_bits;
1312 switch (digest) {
1313 case KM_DIGEST_MD5:
1314 digest_bits = 128;
1315 break;
1316 case KM_DIGEST_SHA1:
1317 digest_bits = 160;
1318 break;
1319 case KM_DIGEST_SHA_2_224:
1320 digest_bits = 224;
1321 break;
1322 case KM_DIGEST_SHA_2_256:
1323 digest_bits = 256;
1324 break;
1325 case KM_DIGEST_SHA_2_384:
1326 digest_bits = 384;
1327 break;
1328 case KM_DIGEST_SHA_2_512:
1329 digest_bits = 512;
1330 break;
1331 default:
1332 FAIL() << "Missing digest";
1333 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1334
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1335 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1336 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1337 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1338 break;
1339 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1340 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1341 break;
1342 default:
1343 FAIL() << "Missing padding";
1344 break;
1345 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1346 }
1347
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1348 GenerateKey(AuthorizationSetBuilder()
1349 .RsaSigningKey(key_bits, 3)
1350 .Digest(digest)
1351 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1352 string message(message_len, 'a');
1353 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1354 SignMessage(message, &signature, digest, padding_mode);
1355 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1356 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1357 }
1358 }
1359
1360 free(padding_modes);
1361 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1362
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1363 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1364 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1365}
1366
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1367TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1368 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1369 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1370 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1371 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1372 SignMessage(message, &signature, KM_DIGEST_NONE);
1373 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1374
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1375 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1376 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1377}
1378
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1379TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1380 ASSERT_EQ(KM_ERROR_OK,
1381 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1382 string message = "12345678901234567890";
1383 string signature;
1384 SignMessage(message, &signature, KM_DIGEST_NONE);
1385 VerifyMessage(message, signature, KM_DIGEST_NONE);
1386
1387 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1388 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1389}
1390
1391TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1392 ASSERT_EQ(KM_ERROR_OK,
1393 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1394 string message = "1234567890123456789012345678901234";
1395 string signature;
1396
1397 AuthorizationSet begin_params(client_params());
1398 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1399 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1400 string output;
1401 size_t input_consumed;
1402 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1403
1404 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1405 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1406}
1407
1408TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1409 ASSERT_EQ(KM_ERROR_OK,
1410 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1411
1412 string message(66, 'a');
1413 string signature;
1414 SignMessage(message, &signature, KM_DIGEST_NONE);
1415 VerifyMessage(message, signature, KM_DIGEST_NONE);
1416
1417 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1418 message[65] ^= 7;
1419 VerifyMessage(message, signature, KM_DIGEST_NONE);
1420
1421 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1422 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1423}
1424
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1425TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1426 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1427 .EcdsaSigningKey(256)
1428 .Digest(KM_DIGEST_SHA_2_256)
1429 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1430 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1431 string signature;
1432 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1433 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1434
1435 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1436 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1437
1438 // Just for giggles, try verifying with the wrong digest.
1439 AuthorizationSet begin_params(client_params());
1440 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1441 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1442
1443 string result;
1444 size_t input_consumed;
1445 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1446 EXPECT_EQ(message.size(), input_consumed);
1447 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1448}
1449
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1450TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1451 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1452 string message = "123456789012345678901234567890123456789012345678";
1453 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1454 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1455 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1456
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1457 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1458}
1459
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1460TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1461 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1462 string message = "123456789012345678901234567890123456789012345678";
1463 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1464 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1465 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1466
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1467 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1468}
1469
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1470TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1471 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1472 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1473 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1474 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1475 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1476
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1477 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1478}
1479
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1480TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1481 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1482 string message = "123456789012345678901234567890123456789012345678";
1483 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1484 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1485 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1486
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1487 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1488}
1489
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1490TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1491 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1492 string message = "123456789012345678901234567890123456789012345678";
1493 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1494 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1495 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1496
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1497 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1498}
1499
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1500TEST_P(VerificationOperationsTest, HmacAnyDigestSuccess) {
1501 ASSERT_EQ(KM_ERROR_OK,
1502 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
1503 string message = "12345678901234567890123456789012";
1504 string signature;
1505
1506 size_t len;
1507 keymaster_digest_t* digests;
1508 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
1509 KM_PURPOSE_SIGN, &digests, &len));
1510 for (size_t i = 0; i < len; ++i) {
1511 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
1512 VerifyMessage(message, signature, digests[i]);
1513 if (len > 1) {
1514 size_t wrong_digest_index = (i == 0) ? 1 : 0;
1515 AuthorizationSet begin_params(client_params());
1516 begin_params.push_back(TAG_DIGEST, digests[wrong_digest_index]);
1517 begin_params.push_back(TAG_MAC_LENGTH, 128);
1518 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1519 string output;
1520 size_t input_consumed;
1521 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &output, &input_consumed));
1522 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &output));
1523 }
1524 }
1525 free(digests);
1526
1527 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1528}
1529
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1530typedef Keymaster1Test ExportKeyTest;
1531INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1532
1533TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1535 .RsaSigningKey(256, 3)
1536 .Digest(KM_DIGEST_NONE)
1537 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1538 string export_data;
1539 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1540 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1541
1542 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1543
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1544 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1545 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1546}
1547
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1548TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1549 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1550 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1551 string export_data;
1552 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1553 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1554
1555 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1556
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1557 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1558 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1559}
1560
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1561TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1562 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1563 .RsaSigningKey(256, 3)
1564 .Digest(KM_DIGEST_NONE)
1565 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1566 string export_data;
1567 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1568
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1569 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1570 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1571}
1572
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1573TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1574 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1575 .RsaSigningKey(256, 3)
1576 .Digest(KM_DIGEST_NONE)
1577 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1578 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1579 string export_data;
1580 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1581
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1583 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1584}
1585
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1586TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1588 string export_data;
1589
1590 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1591 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1592 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1593
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1594 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1595}
1596
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1597static string read_file(const string& file_name) {
1598 ifstream file_stream(file_name, std::ios::binary);
1599 istreambuf_iterator<char> file_begin(file_stream);
1600 istreambuf_iterator<char> file_end;
1601 return string(file_begin, file_end);
1602}
1603
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1604typedef Keymaster1Test ImportKeyTest;
1605INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1606
1607TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1608 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1609 ASSERT_EQ(633U, pk8_key.size());
1610
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1611 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1612 .RsaSigningKey(1024, 65537)
1613 .Digest(KM_DIGEST_NONE)
1614 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1615 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1616
1617 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1618 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1619 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1620 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1621 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1622 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1623 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1624 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1625 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1626 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1627
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1628 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1629 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1630 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1631
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1632 string message(1024 / 8, 'a');
1633 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1634 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1635 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1636
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1637 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1638 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1639}
1640
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1641TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1642 string pk8_key = read_file("rsa_privkey_pk8.der");
1643 ASSERT_EQ(633U, pk8_key.size());
1644
1645 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1646 // point softkeymaster will no longer support keymaster0 APIs anyway.
1647 uint8_t* key_blob;
1648 size_t key_blob_length;
1649 ASSERT_EQ(0,
1650 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1651 pk8_key.size(), &key_blob, &key_blob_length));
1652 set_key_blob(key_blob, key_blob_length);
1653
1654 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1655 AuthorizationSet begin_params; // Don't use client data.
1656 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1657 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1658 AuthorizationSet update_params;
1659 AuthorizationSet output_params;
1660 string signature =
1661 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1662 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1663 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1664
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1665 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1666 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1667}
1668
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1669TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1670 string pk8_key = read_file("rsa_privkey_pk8.der");
1671 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1672 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1673 ImportKey(AuthorizationSetBuilder()
1674 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1675 .Digest(KM_DIGEST_NONE)
1676 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1677 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1678
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1679 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1680}
1681
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1682TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1683 string pk8_key = read_file("rsa_privkey_pk8.der");
1684 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1685 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1686 ImportKey(AuthorizationSetBuilder()
1687 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1688 .Digest(KM_DIGEST_NONE)
1689 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1690 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1691
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1692 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1693}
1694
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1695TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1696 string pk8_key = read_file("ec_privkey_pk8.der");
1697 ASSERT_EQ(138U, pk8_key.size());
1698
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1699 ASSERT_EQ(KM_ERROR_OK,
1700 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1701 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1702
1703 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1704 EXPECT_TRUE(
1705 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1706 TAG_ALGORITHM, KM_ALGORITHM_EC));
1707 EXPECT_TRUE(
1708 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1709 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1710
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1711 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1712 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1713 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1714
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1715 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1716 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1717 SignMessage(message, &signature, KM_DIGEST_NONE);
1718 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1719
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1720 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1721 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1722}
1723
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1724TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1725 string pk8_key = read_file("ec_privkey_pk8.der");
1726 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1727
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1728 ASSERT_EQ(KM_ERROR_OK,
1729 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1730 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1731
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1732 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1733 EXPECT_TRUE(
1734 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1735 TAG_ALGORITHM, KM_ALGORITHM_EC));
1736 EXPECT_TRUE(
1737 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1738 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1739
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1740 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1741 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1742 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1743
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1744 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1745 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1746 SignMessage(message, &signature, KM_DIGEST_NONE);
1747 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1748
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1749 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1750 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1751}
1752
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1753TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1754 string pk8_key = read_file("ec_privkey_pk8.der");
1755 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1756 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1757 ImportKey(AuthorizationSetBuilder()
1758 .EcdsaSigningKey(224 /* Doesn't match key */)
1759 .Digest(KM_DIGEST_NONE),
1760 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1761
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1762 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1763}
1764
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1765TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1766 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1767 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1768 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1769 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1770 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1771 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1772
1773 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1774 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1775
1776 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1777 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1778 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1779 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1780
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1781 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1782}
1783
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1784TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1785 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1786 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1787 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1788 .HmacKey(sizeof(key_data) * 8)
1789 .Digest(KM_DIGEST_SHA_2_256)
1790 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1791 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1792
1793 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1794 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1795
1796 string message = "Hello World!";
1797 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1798 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1799 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1800
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1801 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1802}
1803
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1804typedef Keymaster1Test EncryptionOperationsTest;
1805INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1806
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1807TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1808 ASSERT_EQ(KM_ERROR_OK,
1809 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1810
1811 string message = "12345678901234567890123456789012";
1812 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1813 EXPECT_EQ(256U / 8, ciphertext1.size());
1814
1815 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1816 EXPECT_EQ(256U / 8, ciphertext2.size());
1817
1818 // Unpadded RSA is deterministic
1819 EXPECT_EQ(ciphertext1, ciphertext2);
1820
1821 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1822 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1823}
1824
1825TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1826 ASSERT_EQ(KM_ERROR_OK,
1827 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1828
1829 string message = "1234567890123456789012345678901";
1830
1831 AuthorizationSet begin_params(client_params());
1832 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1833 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1834
1835 string result;
1836 size_t input_consumed;
1837 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1838 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1839 EXPECT_EQ(0U, result.size());
1840
1841 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1842 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1843}
1844
1845TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1846 ASSERT_EQ(KM_ERROR_OK,
1847 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1848
1849 string message = "123456789012345678901234567890123";
1850
1851 AuthorizationSet begin_params(client_params());
1852 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1853 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1854
1855 string result;
1856 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1857 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1858
1859 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1860 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1861}
1862
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1863TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1864 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1865 .RsaEncryptionKey(512, 3)
1866 .Padding(KM_PAD_RSA_OAEP)
1867 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1868
1869 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1870 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1871 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1872
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1873 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1874 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1875
1876 // OAEP randomizes padding so every result should be different.
1877 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1878
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1879 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1880 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1881}
1882
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1883TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1884 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1885 .RsaEncryptionKey(512, 3)
1886 .Padding(KM_PAD_RSA_OAEP)
1887 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1888 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1889 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1890 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1891
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1892 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1893 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1894
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1895 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1896 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1897}
1898
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1899TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1900 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1901 .RsaEncryptionKey(512, 3)
1902 .Padding(KM_PAD_RSA_OAEP)
1903 .Digest(KM_DIGEST_NONE)));
1904 string message = "Hello World!";
1905
1906 AuthorizationSet begin_params(client_params());
1907 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1908 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1909 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1910
1911 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1912 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1913}
1914
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1915TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1916 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1917 .RsaEncryptionKey(512, 3)
1918 .Padding(KM_PAD_RSA_OAEP)
1919 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1920 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1921 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1922 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1923
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1924 AuthorizationSet begin_params(client_params());
1925 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1926 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1927 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1928 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1929 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1930 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1931
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1932 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1933 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1934}
1935
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1936TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1937 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1938 .RsaEncryptionKey(512, 3)
1939 .Padding(KM_PAD_RSA_OAEP)
1940 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1941 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1942 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1943 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1944
1945 // Corrupt the ciphertext
1946 ciphertext[512 / 8 / 2]++;
1947
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1948 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1949 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1950 AuthorizationSet begin_params(client_params());
1951 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1952 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1953 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1954 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1955 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1956 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1957
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1958 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1959 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1960}
1961
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1962TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1963 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1964 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1965 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1966 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1967 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1968
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1969 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1970 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1971
1972 // PKCS1 v1.5 randomizes padding so every result should be different.
1973 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1974
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1975 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1976 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1977}
1978
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1979TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1980 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1981 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1982 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1983 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1984 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1985
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1986 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1987 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1988
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1989 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1990 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1991}
1992
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1993TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1994 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1995 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1996 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1997 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1998 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1999
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2000 AuthorizationSet begin_params(client_params());
2001 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2002 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2003 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2004 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2005 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2006
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2007 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2008 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2009}
2010
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2011TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
2012 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2013 .RsaEncryptionKey(512, 3)
2014 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
2015 .Digest(KM_DIGEST_NONE)));
2016 string message = "Hello World!";
2017 string result;
2018
2019 AuthorizationSet begin_params(client_params());
2020 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2021 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
2022 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2023
2024 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2025 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2026}
2027
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2028TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2029 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2030 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2031 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2032 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2033 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2034
2035 // Corrupt the ciphertext
2036 ciphertext[512 / 8 / 2]++;
2037
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2038 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2039 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2040 AuthorizationSet begin_params(client_params());
2041 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2042 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2043 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2044 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2045 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2046
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2047 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2048 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2049}
2050
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2051TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2052 ASSERT_EQ(KM_ERROR_OK,
2053 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2054
2055 AuthorizationSet begin_params(client_params());
2056 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2057 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2058
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2059 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2060 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2061}
2062
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2063TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2064 ASSERT_EQ(KM_ERROR_OK,
2065 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2066 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2067 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2068
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2069 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2070 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2071}
2072
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2073TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2074 ASSERT_EQ(
2075 KM_ERROR_OK,
2076 GenerateKey(
2077 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2078 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2079 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2080
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2081 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2082}
2083
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2084TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2085 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2086 .AesEncryptionKey(128)
2087 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2088 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2089 // Two-block message.
2090 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2091 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2092 EXPECT_EQ(message.size(), ciphertext1.size());
2093
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2094 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2095 EXPECT_EQ(message.size(), ciphertext2.size());
2096
2097 // ECB is deterministic.
2098 EXPECT_EQ(ciphertext1, ciphertext2);
2099
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2100 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2101 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2102
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2103 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2104}
2105
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2106TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2107 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2108 .AesEncryptionKey(128)
2109 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2110 .Padding(KM_PAD_NONE)));
2111 // Two-block message.
2112 string message = "12345678901234567890123456789012";
2113 AuthorizationSet begin_params(client_params());
2114 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2115 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2116 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2117
2118 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2119}
2120
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2121TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2122 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2123 .AesEncryptionKey(128)
2124 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2125 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2126 // Message is slightly shorter than two blocks.
2127 string message = "1234567890123456789012345678901";
2128
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2129 AuthorizationSet begin_params(client_params());
2130 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2131 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2132 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2133 string ciphertext;
2134 size_t input_consumed;
2135 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2136 EXPECT_EQ(message.size(), input_consumed);
2137 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2138
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2139 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2140}
2141
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2142TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2143 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2144 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2145 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2146 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2147
2148 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2149 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2150 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2151 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2152 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2153 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2154 EXPECT_EQ(message, plaintext);
2155 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2156
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2157 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2158}
2159
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2160TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2161 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2162 .AesEncryptionKey(128)
2163 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2164 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2165
2166 // Try various message lengths; all should work.
2167 for (size_t i = 0; i < 32; ++i) {
2168 string message(i, 'a');
2169 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
2170 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
2171 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
2172 EXPECT_EQ(message, plaintext);
2173 }
2174
2175 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2176}
2177
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2178TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2179 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2180 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2181 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2182 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2183
2184 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2185 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2186 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2187 EXPECT_NE(ciphertext, message);
2188 ++ciphertext[ciphertext.size() / 2];
2189
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2190 AuthorizationSet begin_params(client_params());
2191 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2192 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2193 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2194 string plaintext;
2195 size_t input_consumed;
2196 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2197 EXPECT_EQ(ciphertext.size(), input_consumed);
2198 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2199
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2200 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2201}
2202
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2203TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2204 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2205 .AesEncryptionKey(128)
2206 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2207 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2208 string message = "123";
2209 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2210 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2211 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2212 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2213
2214 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2215 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2216 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2217 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2218
2219 // IVs should be random, so ciphertexts should differ.
2220 EXPECT_NE(iv1, iv2);
2221 EXPECT_NE(ciphertext1, ciphertext2);
2222
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2223 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2224 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2225
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2226 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2227}
2228
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2229TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2230 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2231 .AesEncryptionKey(128)
2232 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2233 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2234
2235 int increment = 15;
2236 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2237 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2238 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2239 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2240 AuthorizationSet output_params;
2241 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2242
2243 string ciphertext;
2244 size_t input_consumed;
2245 for (size_t i = 0; i < message.size(); i += increment)
2246 EXPECT_EQ(KM_ERROR_OK,
2247 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2248 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2249 EXPECT_EQ(message.size(), ciphertext.size());
2250
2251 // Move TAG_NONCE into input_params
2252 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2253 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2254 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2255 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2256 output_params.Clear();
2257
2258 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2259 string plaintext;
2260 for (size_t i = 0; i < ciphertext.size(); i += increment)
2261 EXPECT_EQ(KM_ERROR_OK,
2262 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2263 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2264 EXPECT_EQ(ciphertext.size(), plaintext.size());
2265 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2266
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2267 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2268}
2269
2270struct AesCtrSp80038aTestVector {
2271 const char* key;
2272 const char* nonce;
2273 const char* plaintext;
2274 const char* ciphertext;
2275};
2276
2277// These test vectors are taken from
2278// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2279static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2280 // AES-128
2281 {
2282 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2283 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2284 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2285 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2286 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2287 },
2288 // AES-192
2289 {
2290 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2291 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2292 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2293 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2294 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2295 },
2296 // AES-256
2297 {
2298 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2299 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2300 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2301 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2302 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2303 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2304 },
2305};
2306
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2307TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2308 for (size_t i = 0; i < 3; i++) {
2309 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2310 const string key = hex2str(test.key);
2311 const string nonce = hex2str(test.nonce);
2312 const string plaintext = hex2str(test.plaintext);
2313 const string ciphertext = hex2str(test.ciphertext);
2314 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2315 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2316
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2317 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2318}
2319
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2320TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2321 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2322 .AesEncryptionKey(128)
2323 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2324 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2325 AuthorizationSet begin_params(client_params());
2326 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2327 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2328 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2329
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2330 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2331}
2332
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2333TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2334 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2335 .AesEncryptionKey(128)
2336 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2337 .Authorization(TAG_CALLER_NONCE)
2338 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2339
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2340 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2341 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2342 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2343 input_params.push_back(TAG_NONCE, "123", 3);
2344 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2345
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2346 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2347}
2348
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2349TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2350 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2351 .AesEncryptionKey(128)
2352 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2353 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2354 // Two-block message.
2355 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2356 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2357 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2358 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2359
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2360 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2361 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2362 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2363
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2364 // IVs should be random, so ciphertexts should differ.
2365 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2366 EXPECT_NE(ciphertext1, ciphertext2);
2367
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2368 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2369 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2370
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2371 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2372}
2373
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2374TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2375 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2376 .AesEncryptionKey(128)
2377 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2378 .Authorization(TAG_CALLER_NONCE)
2379 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2380 string message = "12345678901234567890123456789012";
2381 string iv1;
2382 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2383 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2384 EXPECT_EQ(message.size(), ciphertext1.size());
2385 EXPECT_EQ(16U, iv1.size());
2386
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2387 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2388 EXPECT_EQ(message, plaintext);
2389
2390 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2391 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2392 AuthorizationSet update_params;
2393 AuthorizationSet output_params;
2394 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2395 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2396 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2397 string ciphertext2 =
2398 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2399
2400 // Decrypt with correct nonce.
2401 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2402 &output_params);
2403 EXPECT_EQ(message, plaintext);
2404
2405 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2406 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2407 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2408 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2409 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2410 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2411 &output_params);
2412 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2413
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2414 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2415}
2416
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2417TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2418 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2419 .AesEncryptionKey(128)
2420 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2421 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2422
2423 string message = "12345678901234567890123456789012";
2424 string iv1;
2425 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2426 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2427 EXPECT_EQ(message.size(), ciphertext1.size());
2428 EXPECT_EQ(16U, iv1.size());
2429
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2430 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2431 EXPECT_EQ(message, plaintext);
2432
2433 // Now specify a nonce, should fail.
2434 AuthorizationSet input_params(client_params());
2435 AuthorizationSet update_params;
2436 AuthorizationSet output_params;
2437 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2438 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2439 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2440
2441 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2442 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2443
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2444 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2445}
2446
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2447TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2448 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2449 .AesEncryptionKey(128)
2450 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2451 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2452
2453 int increment = 15;
2454 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2455 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2456 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2457 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2458 AuthorizationSet output_params;
2459 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2460
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2461 string ciphertext;
2462 size_t input_consumed;
2463 for (size_t i = 0; i < message.size(); i += increment)
2464 EXPECT_EQ(KM_ERROR_OK,
2465 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2466 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2467 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2468
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2469 // Move TAG_NONCE into input_params
2470 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2471 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2472 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2473 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2474 output_params.Clear();
2475
2476 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2477 string plaintext;
2478 for (size_t i = 0; i < ciphertext.size(); i += increment)
2479 EXPECT_EQ(KM_ERROR_OK,
2480 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2481 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2482 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2483 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2484
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2485 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2486}
2487
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2488TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2489 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2490 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2491 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2492 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2493
2494 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2495 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2496 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2497 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2498 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2499 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2500 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2501 EXPECT_EQ(message, plaintext);
2502 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2503
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2504 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2505}
2506
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2507TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2508 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2509 .AesEncryptionKey(128)
2510 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2511 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2512 string aad = "foobar";
2513 string message = "123456789012345678901234567890123456";
2514 AuthorizationSet begin_params(client_params());
2515 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2516 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2517 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2518
2519 AuthorizationSet update_params;
2520 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2521
2522 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2523 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2524 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2525 string ciphertext;
2526 size_t input_consumed;
2527 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2528 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2529 &input_consumed));
2530 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2531 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2532
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2533 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2534 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2535 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2536
2537 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2538 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2539 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2540 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2541 &plaintext, &input_consumed));
2542 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2543 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2544
2545 EXPECT_EQ(message, plaintext);
2546 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2547}
2548
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2549TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2550 uint8_t nonce[] = {
2551 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2552 };
2553 uint8_t ciphertext[] = {
2554 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2555 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2556 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2557 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2558 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2559 };
2560 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2561
2562 AuthorizationSet begin_params(client_params());
2563 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2564 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2565 begin_params.push_back(TAG_MAC_LENGTH, 128);
2566 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2567
2568 string plaintext;
2569 size_t input_consumed;
2570
2571 // Import correct key and decrypt
2572 uint8_t good_key[] = {
2573 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2574 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2575 };
2576 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2577 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2578 .AesEncryptionKey(128)
2579 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2580 .Authorization(TAG_PADDING, KM_PAD_NONE)
2581 .Authorization(TAG_CALLER_NONCE),
2582 KM_KEY_FORMAT_RAW, good_key_str));
2583 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2584 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2585 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2586
2587 // Import bad key and decrypt
2588 uint8_t bad_key[] = {
2589 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2590 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2591 };
2592 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2593 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2594 .AesEncryptionKey(128)
2595 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2596 .Authorization(TAG_PADDING, KM_PAD_NONE),
2597 KM_KEY_FORMAT_RAW, bad_key_str));
2598 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2599 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2600 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2601
2602 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2603}
2604
2605TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2606 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2607 .AesEncryptionKey(128)
2608 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2609 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2610 string aad = "123456789012345678";
2611 string empty_message;
2612 AuthorizationSet begin_params(client_params());
2613 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2614 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2615 begin_params.push_back(TAG_MAC_LENGTH, 128);
2616
2617 AuthorizationSet update_params;
2618 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2619
2620 // Encrypt
2621 AuthorizationSet begin_out_params;
2622 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2623 string ciphertext;
2624 size_t input_consumed;
2625 AuthorizationSet update_out_params;
2626 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2627 &ciphertext, &input_consumed));
2628 EXPECT_EQ(0U, input_consumed);
2629 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2630
2631 // Grab nonce
2632 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2633 begin_params.push_back(begin_out_params);
2634
2635 // Decrypt.
2636 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2637 string plaintext;
2638 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2639 &plaintext, &input_consumed));
2640 EXPECT_EQ(ciphertext.size(), input_consumed);
2641 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2642
2643 EXPECT_EQ(empty_message, plaintext);
2644 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2645}
2646
2647TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2648 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2649 .AesEncryptionKey(128)
2650 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2651 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2652 AuthorizationSet begin_params(client_params());
2653 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2654 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2655 begin_params.push_back(TAG_MAC_LENGTH, 128);
2656
2657 AuthorizationSet update_params;
2658 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2659
2660 // Encrypt
2661 AuthorizationSet begin_out_params;
2662 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2663 string ciphertext;
2664 size_t input_consumed;
2665 AuthorizationSet update_out_params;
2666
2667 // Send AAD, incrementally
2668 for (int i = 0; i < 1000; ++i) {
2669 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2670 &input_consumed));
2671 EXPECT_EQ(0U, input_consumed);
2672 EXPECT_EQ(0U, ciphertext.size());
2673 }
2674
2675 // Now send data, incrementally, no data.
2676 AuthorizationSet empty_params;
2677 for (int i = 0; i < 1000; ++i) {
2678 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2679 &input_consumed));
2680 EXPECT_EQ(1U, input_consumed);
2681 }
2682 EXPECT_EQ(1000U, ciphertext.size());
2683
2684 // And finish.
2685 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2686 EXPECT_EQ(1016U, ciphertext.size());
2687
2688 // Grab nonce
2689 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2690 begin_params.push_back(begin_out_params);
2691
2692 // Decrypt.
2693 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2694 string plaintext;
2695
2696 // Send AAD, incrementally, no data
2697 for (int i = 0; i < 1000; ++i) {
2698 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2699 &input_consumed));
2700 EXPECT_EQ(0U, input_consumed);
2701 EXPECT_EQ(0U, plaintext.size());
2702 }
2703
2704 // Now send data, incrementally.
2705 for (size_t i = 0; i < ciphertext.length(); ++i) {
2706 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2707 &update_out_params, &plaintext, &input_consumed));
2708 EXPECT_EQ(1U, input_consumed);
2709 }
2710 EXPECT_EQ(1000U, plaintext.size());
2711 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2712
2713 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2714}
2715
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2716TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2717 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2718 .AesEncryptionKey(128)
2719 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2720 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2721 string message = "123456789012345678901234567890123456";
2722 AuthorizationSet begin_params(client_params());
2723 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2724 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2725 begin_params.push_back(TAG_MAC_LENGTH, 128);
2726 AuthorizationSet begin_out_params;
2727
2728 AuthorizationSet update_params;
2729 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2730
2731 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2732
2733 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2734 string ciphertext;
2735 size_t input_consumed;
2736 AuthorizationSet update_out_params;
2737 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2738 &ciphertext, &input_consumed));
2739 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2740
2741 // AAD and data.
2742 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2743 &input_consumed));
2744 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2745 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2746
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2747 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2748 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2749 begin_params.push_back(begin_out_params);
2750
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2751 // Decrypt
2752 update_params.Clear();
2753 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2754
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2755 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2756 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2757 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2758 &plaintext, &input_consumed));
2759 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2760 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2761
2762 EXPECT_EQ(message, plaintext);
2763 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2764}
2765
2766TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2767 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2768 .AesEncryptionKey(128)
2769 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2770 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2771 string message = "12345678901234567890123456789012";
2772 AuthorizationSet begin_params(client_params());
2773 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2774 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2775 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2776
2777 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2778 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2779
2780 AuthorizationSet finish_params;
2781 AuthorizationSet finish_out_params;
2782
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2783 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2784 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2785 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2786 AuthorizationSet update_out_params;
2787 string ciphertext;
2788 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2789 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2790 &input_consumed));
2791 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2792 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2793
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2794 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2795 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2796 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2797
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2798 update_params.Clear();
2799 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2800
2801 // Decrypt.
2802 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2803 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2804 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2805 &plaintext, &input_consumed));
2806 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2807 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2808
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2809 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2810}
2811
2812TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2813 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2814 .AesEncryptionKey(128)
2815 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2816 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2817 string message = "12345678901234567890123456789012";
2818 AuthorizationSet begin_params(client_params());
2819 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2820 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2821 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2822
2823 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2824 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2825
2826 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2827 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2828 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2829 AuthorizationSet update_out_params;
2830 string ciphertext;
2831 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2832 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2833 &input_consumed));
2834 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2835 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2836
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2837 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2838
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2839 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2840 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2841 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2842 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2843 &plaintext, &input_consumed));
2844 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2845 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2846
2847 // With wrong nonce, should have gotten garbage plaintext.
2848 EXPECT_NE(message, plaintext);
2849 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2850}
2851
2852TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2853 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2854 .AesEncryptionKey(128)
2855 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2856 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2857 string aad = "foobar";
2858 string message = "123456789012345678901234567890123456";
2859 AuthorizationSet begin_params(client_params());
2860 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2861 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2862 begin_params.push_back(TAG_MAC_LENGTH, 128);
2863 AuthorizationSet begin_out_params;
2864
2865 AuthorizationSet update_params;
2866 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2867
2868 // Encrypt
2869 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2870 AuthorizationSet update_out_params;
2871 string ciphertext;
2872 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2873 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2874 &input_consumed));
2875 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2876 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2877
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2878 // Corrupt tag
2879 (*ciphertext.rbegin())++;
2880
2881 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2882 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2883 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2884
2885 // Decrypt.
2886 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2887 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2888 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2889 &plaintext, &input_consumed));
2890 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2891 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2892
2893 EXPECT_EQ(message, plaintext);
2894 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2895}
2896
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2897typedef Keymaster1Test MaxOperationsTest;
2898INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
2899
2900TEST_P(MaxOperationsTest, TestLimit) {
2901 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2902 .AesEncryptionKey(128)
2903 .EcbMode()
2904 .Authorization(TAG_PADDING, KM_PAD_NONE)
2905 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2906
2907 string message = "1234567890123456";
2908 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2909 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2910 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2911
2912 // Fourth time should fail.
2913 AuthorizationSet begin_params(client_params());
2914 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2915 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2916 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2917
2918 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2919}
2920
2921TEST_P(MaxOperationsTest, TestAbort) {
2922 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2923 .AesEncryptionKey(128)
2924 .EcbMode()
2925 .Authorization(TAG_PADDING, KM_PAD_NONE)
2926 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2927
2928 string message = "1234567890123456";
2929 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2930 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2931 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2932
2933 // Fourth time should fail.
2934 AuthorizationSet begin_params(client_params());
2935 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2936 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2937 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2938
2939 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2940}
2941
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2942typedef Keymaster1Test AddEntropyTest;
2943INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2944
2945TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2946 // There's no obvious way to test that entropy is actually added, but we can test that the API
2947 // doesn't blow up or return an error.
2948 EXPECT_EQ(KM_ERROR_OK,
2949 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2950
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2951 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2952}
2953
2954typedef Keymaster1Test Keymaster0AdapterTest;
2955INSTANTIATE_TEST_CASE_P(
2956 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2957 ::testing::Values(
2958 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2959 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2960
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2961TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2962 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2963 // key data.
2964 string km1_sw = read_file("km1_sw_rsa_512.blob");
2965 EXPECT_EQ(486U, km1_sw.length());
2966
2967 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2968 memcpy(key_data, km1_sw.data(), km1_sw.length());
2969 set_key_blob(key_data, km1_sw.length());
2970
2971 string message(64, 'a');
2972 string signature;
2973 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2974
2975 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2976}
2977
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]2978TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
2979 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
2980 // blobs contain OCB-encrypted key data.
2981 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
2982 EXPECT_EQ(477U, km1_sw.length());
2983
2984 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2985 memcpy(key_data, km1_sw.data(), km1_sw.length());
2986 set_key_blob(key_data, km1_sw.length());
2987
2988 string message(64, 'a');
2989 string signature;
2990 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2991
2992 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2993}
2994
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2995TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2996 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2997 // key data.
2998 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2999 EXPECT_EQ(270U, km1_sw.length());
3000
3001 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3002 memcpy(key_data, km1_sw.data(), km1_sw.length());
3003 set_key_blob(key_data, km1_sw.length());
3004
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]3005 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3006 string signature;
3007 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3008
3009 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3010}
3011
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3012struct Malloc_Delete {
3013 void operator()(void* p) { free(p); }
3014};
3015
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3016TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3017 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3018 string km0_sw = read_file("km0_sw_rsa_512.blob");
3019 EXPECT_EQ(333U, km0_sw.length());
3020
3021 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3022 memcpy(key_data, km0_sw.data(), km0_sw.length());
3023 set_key_blob(key_data, km0_sw.length());
3024
3025 string message(64, 'a');
3026 string signature;
3027 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3028
3029 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3030}
3031
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3032TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3033 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3034 string km0_sw = read_file("km0_sw_rsa_512.blob");
3035 EXPECT_EQ(333U, km0_sw.length());
3036
3037 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3038 memcpy(key_data, km0_sw.data(), km0_sw.length());
3039 set_key_blob(key_data, km0_sw.length());
3040
3041 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3042 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3043 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3044 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3045 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3046 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3047 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3048 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3049 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3050 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3051
3052 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3053}
3054
3055TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3056 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3057 string km0_sw = read_file("km0_sw_rsa_512.blob");
3058 EXPECT_EQ(333U, km0_sw.length());
3059
3060 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3061 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3062 EXPECT_EQ('P', km0_sw[0]);
3063 km0_sw[0] = 'Q';
3064
3065 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3066 memcpy(key_data, km0_sw.data(), km0_sw.length());
3067 set_key_blob(key_data, km0_sw.length());
3068
3069 string message(64, 'a');
3070 string signature;
3071 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3072 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3073
3074 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3075}
3076
3077TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3078 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3079 string km0_sw = read_file("km0_sw_rsa_512.blob");
3080 EXPECT_EQ(333U, km0_sw.length());
3081
3082 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3083 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3084 EXPECT_EQ('P', km0_sw[0]);
3085 km0_sw[0] = 'Q';
3086
3087 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3088 memcpy(key_data, km0_sw.data(), km0_sw.length());
3089 set_key_blob(key_data, km0_sw.length());
3090
3091 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3092 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3093 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3094 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3095 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3096 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
3097 EXPECT_EQ(5U, hw_enforced().size());
3098
3099 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3100 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3101 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3102 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3103
3104 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3105 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3106 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3107 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3108 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3109
3110 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3111}
3112
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3113} // namespace test
3114} // namespace keymaster