Blame - android_keymaster_test.cpp - fp2-dev/platform/system/keymaster

2014-08-06 12:31:33 -0600

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

17

#include <fstream>

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

18

#include <string>

19

#include <vector>

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

20

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

21

#include <hardware/keymaster0.h>

Shawn Willden

b751033

2015-02-06 19:58:29 -0700

[diff] [blame]

22

#include <keymaster/soft_keymaster_device.h>

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

23

#include <keymaster/softkeymaster.h>

Shawn Willden

98d9b92

2014-08-26 08:14:10 -0600

[diff] [blame]

24

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

25

#include "android_keymaster_test_utils.h"

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

26

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

27

using std::ifstream;

28

using std::istreambuf_iterator;

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

29

using std::string;

30

using std::vector;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

31

using std::unique_ptr;

32

33

extern "C" {

34

int __android_log_print(int prio, const char* tag, const char* fmt);

35

int __android_log_print(int prio, const char* tag, const char* fmt) {

prio, tag, fmt;

return 0;

}

} // extern "C"

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

40

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

41

namespace keymaster {

42

namespace test {

43

Shawn Willden

567a4a0

2014-12-31 12:14:46 -0700

[diff] [blame]

44

StdoutLogger logger;

45

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

46

class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {

47

public:

48

keymaster1_device_t* CreateDevice() const override {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

49

std::cerr << "Creating software-only device" << std::endl;

Shawn Willden

95dda36

2015-02-27 10:58:37 -0700

[diff] [blame]

50

SoftKeymasterDevice* device = new SoftKeymasterDevice;

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

51

return device->keymaster_device();

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

52

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

53

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

54

bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

55

int keymaster0_calls() const override { return 0; }

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

56

};

57

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

58

class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {

59

public:

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

60

Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}

61

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

62

keymaster1_device_t* CreateDevice() const {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

63

std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_

64

<< ")." << std::endl;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

65

hw_device_t* softkeymaster_device;

66

EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,

67

&softkeymaster_device));

68

// Make the software device pretend to be hardware

69

keymaster0_device_t* keymaster0_device =

70

reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

71

keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;

72

73

if (!support_ec_) {

74

// Make the software device pretend not to support EC

75

keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;

76

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

77

78

counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);

79

80

SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);

81

return keymaster->keymaster_device();

82

}

83

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

84

bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {

85

switch (algorithm) {

86

case KM_ALGORITHM_RSA:

87

return true;

88

case KM_ALGORITHM_EC:

return support_ec_;

default:

return false;

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

93

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

94

int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }

95

96

private:

97

mutable Keymaster0CountingWrapper* counting_keymaster0_device_;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

98

bool support_ec_;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

99

};

100

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

101

static auto test_params = testing::Values(

102

InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),

103

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

104

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

105

106

typedef Keymaster1Test CheckSupported;

107

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);

108

109

TEST_P(CheckSupported, SupportedAlgorithms) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

110

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

111

device()->get_supported_algorithms(device(), NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

112

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

113

size_t len;

114

keymaster_algorithm_t* algorithms;

115

EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));

Shawn Willden

a278f61

2014-12-23 11:22:21 -0700

[diff] [blame]

116

EXPECT_TRUE(ResponseContains(

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

117

{KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

118

free(algorithms);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

119

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

120

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

121

}

122

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

123

TEST_P(CheckSupported, SupportedBlockModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

124

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

125

device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

126

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

127

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

128

size_t len;

129

keymaster_block_mode_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

130

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

131

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

132

EXPECT_EQ(0U, len);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

133

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

134

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

135

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

136

device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

137

&modes, &len));

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

138

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

139

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

140

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

c47c88f

2015-04-07 17:23:27 -0600

[diff] [blame]

141

EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

142

free(modes);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

143

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

144

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

145

}

146

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

147

TEST_P(CheckSupported, SupportedPaddingModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

148

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

149

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

150

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

151

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

152

size_t len;

153

keymaster_padding_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

154

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

155

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

156

EXPECT_TRUE(

157

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

158

free(modes);

159

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

160

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

161

KM_PURPOSE_ENCRYPT, &modes, &len));

162

EXPECT_TRUE(ResponseContains({KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

163

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

164

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

165

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

166

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

167

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

168

free(modes);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

169

170

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

171

device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,

172

&modes, &len));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

173

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

174

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

175

}

176

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

177

TEST_P(CheckSupported, SupportedDigests) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

178

EXPECT_EQ(

179

KM_ERROR_OUTPUT_PARAMETER_NULL,

180

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

181

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

182

size_t len;

183

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

184

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

185

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

186

EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

187

free(digests);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

188

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

189

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

190

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

e998c13

2015-04-14 14:41:46 -0600

[diff] [blame]

191

EXPECT_TRUE(ResponseContains(KM_DIGEST_NONE, digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

192

free(digests);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

193

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

194

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

195

device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,

196

&len));

197

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

198

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

199

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

200

EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,

201

KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},

202

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

203

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

204

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

205

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

206

}

207

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

208

TEST_P(CheckSupported, SupportedImportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

209

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

210

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

211

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

212

size_t len;

213

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

214

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

215

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

216

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

217

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

218

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

219

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

220

device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));

221

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

222

free(formats);

223

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

224

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

225

device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

226

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

227

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

228

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

229

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

230

}

231

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

232

TEST_P(CheckSupported, SupportedExportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

233

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

234

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

235

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

236

size_t len;

237

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

238

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

239

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

240

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

241

free(formats);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

242

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

243

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

244

device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

245

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

246

free(formats);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

247

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

248

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

249

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

250

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

251

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

252

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

253

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

254

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

255

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

256

free(formats);

257

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

258

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

259

device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

260

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

261

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

262

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

263

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

264

}

265

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

266

class NewKeyGeneration : public Keymaster1Test {

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

267

protected:

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

268

void CheckBaseParams() {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

269

AuthorizationSet auths = sw_enforced();

270

EXPECT_GT(auths.SerializedSize(), 12U);

271

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

272

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));

273

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));

274

EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));

Shawn Willden

eb63b97

2015-03-14 08:01:12 -0600

[diff] [blame]

275

EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

276

EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

277

278

// Verify that App ID, App data and ROT are NOT included.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

279

EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));

280

EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));

281

EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

282

283

// Just for giggles, check that some unexpected tags/values are NOT present.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

284

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));

285

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));

286

EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

287

288

// Now check that unspecified, defaulted tags are correct.

Shawn Willden

0b2d333

2015-04-07 17:46:18 -0600

[diff] [blame]

289

EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

290

EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

291

}

Shawn Willden

2079ae8

2015-01-22 13:42:31 -0700

[diff] [blame]

292

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

293

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);

294

295

TEST_P(NewKeyGeneration, Rsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

296

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

297

.RsaSigningKey(256, 3)

298

.Digest(KM_DIGEST_NONE)

299

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

300

CheckBaseParams();

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

301

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

302

// Check specified tags are all present, and in the right set.

303

AuthorizationSet crypto_params;

304

AuthorizationSet non_crypto_params;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

305

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

306

EXPECT_NE(0U, hw_enforced().size());

307

EXPECT_NE(0U, sw_enforced().size());

308

crypto_params.push_back(hw_enforced());

309

non_crypto_params.push_back(sw_enforced());

310

} else {

311

EXPECT_EQ(0U, hw_enforced().size());

312

EXPECT_NE(0U, sw_enforced().size());

313

crypto_params.push_back(sw_enforced());

314

}

315

316

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

317

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

318

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));

319

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));

320

EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

321

EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

322

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

323

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

324

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

325

}

326

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

327

TEST_P(NewKeyGeneration, RsaDefaultSize) {

Shawn Willden

3b4e165

2015-02-27 13:33:01 -0700

[diff] [blame]

328

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

329

GenerateKey(AuthorizationSetBuilder()

330

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)

331

.Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)

332

.SigningKey()));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

333

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

334

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

335

}

336

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

337

TEST_P(NewKeyGeneration, Ecdsa) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

338

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

339

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

340

CheckBaseParams();

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

341

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

342

// Check specified tags are all present, and in the right set.

343

AuthorizationSet crypto_params;

344

AuthorizationSet non_crypto_params;

345

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {

346

EXPECT_NE(0U, hw_enforced().size());

347

EXPECT_NE(0U, sw_enforced().size());

348

crypto_params.push_back(hw_enforced());

349

non_crypto_params.push_back(sw_enforced());

350

} else {

351

EXPECT_EQ(0U, hw_enforced().size());

352

EXPECT_NE(0U, sw_enforced().size());

353

crypto_params.push_back(sw_enforced());

354

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

355

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

356

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

357

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

358

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));

359

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));

360

361

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

362

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

363

}

364

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

365

TEST_P(NewKeyGeneration, EcdsaDefaultSize) {

Shawn Willden

4f83b89

2015-05-26 12:52:54 -0600

[diff] [blame]

366

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

367

GenerateKey(AuthorizationSetBuilder()

368

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)

369

.SigningKey()

370

.Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

371

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

372

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

373

}

374

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

375

TEST_P(NewKeyGeneration, EcdsaInvalidSize) {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

376

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

377

ASSERT_EQ(

378

KM_ERROR_UNKNOWN_ERROR,

379

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

380

else

381

ASSERT_EQ(

382

KM_ERROR_UNSUPPORTED_KEY_SIZE,

383

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

384

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

385

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

386

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

387

}

388

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

389

TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {

Shawn Willden

8c856c8

2014-09-26 09:34:36 -0600

[diff] [blame]

390

size_t valid_sizes[] = {224, 256, 384, 521};

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

391

for (size_t size : valid_sizes) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

392

EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(

393

KM_DIGEST_NONE)))

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

394

<< "Failed to generate size: "

395

<< size;

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

396

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

397

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

398

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

399

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

400

}

401

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

402

TEST_P(NewKeyGeneration, HmacSha256) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

403

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

404

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

405

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

406

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

407

}

408

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

409

typedef Keymaster1Test GetKeyCharacteristics;

410

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);

411

412

TEST_P(GetKeyCharacteristics, SimpleRsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

413

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

414

.RsaSigningKey(256, 3)

415

.Digest(KM_DIGEST_NONE)

416

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

417

AuthorizationSet original(sw_enforced());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

418

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

419

ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());

420

EXPECT_EQ(original, sw_enforced());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

421

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

422

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

423

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

424

}

425

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

426

typedef Keymaster1Test SigningOperationsTest;

427

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);

428

429

TEST_P(SigningOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

430

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

431

.RsaSigningKey(256, 3)

432

.Digest(KM_DIGEST_NONE)

433

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

434

string message = "12345678901234567890123456789012";

435

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

436

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

437

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

438

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

439

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

440

}

441

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

442

TEST_P(SigningOperationsTest, RsaSha256DigestSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

443

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

444

.RsaSigningKey(384, 3)

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

445

.Digest(KM_DIGEST_SHA_2_256)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

446

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

447

string message(1024, 'a');

448

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

449

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

450

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

451

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

452

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

453

}

454

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

455

TEST_P(SigningOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

456

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

457

.RsaSigningKey(512, 3)

458

.Digest(KM_DIGEST_SHA_2_256)

459

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

460

// Use large message, which won't work without digesting.

461

string message(1024, 'a');

462

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

463

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

464

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

465

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

466

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

467

}

468

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

469

TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

470

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

471

.RsaSigningKey(512, 3)

472

.Digest(KM_DIGEST_SHA_2_256)

473

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

474

string message(1024, 'a');

475

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

476

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

477

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

478

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

479

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

480

}

481

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

482

TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

483

// Key must be at least 10 bytes larger than hash, to provide minimal random salt, so verify

484

// that 9 bytes larger than hash won't work.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

485

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

486

.RsaSigningKey(256 + 9 * 8, 3)

487

.Digest(KM_DIGEST_SHA_2_256)

488

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

489

string message(1024, 'a');

490

string signature;

491

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

492

AuthorizationSet begin_params(client_params());

493

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

494

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

495

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

496

497

string result;

498

size_t input_consumed;

499

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

500

EXPECT_EQ(message.size(), input_consumed);

501

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

502

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

503

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

504

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

505

}

506

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

507

TEST_P(SigningOperationsTest, RsaAbort) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

508

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

509

.RsaSigningKey(256, 3)

510

.Digest(KM_DIGEST_NONE)

511

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

512

AuthorizationSet begin_params(client_params());

513

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

514

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

515

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

516

EXPECT_EQ(KM_ERROR_OK, AbortOperation());

517

// Another abort should fail

518

EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

519

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

520

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

521

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

522

}

523

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

524

TEST_P(SigningOperationsTest, RsaUnsupportedDigest) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

525

GenerateKey(AuthorizationSetBuilder()

526

.RsaSigningKey(256, 3)

527

.Digest(KM_DIGEST_MD5)

528

.Padding(KM_PAD_RSA_PSS /* supported padding */));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

529

ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

530

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

531

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

532

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

533

}

534

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

535

TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

536

GenerateKey(AuthorizationSetBuilder()

537

.RsaSigningKey(256, 3)

538

.Digest(KM_DIGEST_SHA_2_256 /* supported digest */)

539

.Padding(KM_PAD_PKCS7));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

540

AuthorizationSet begin_params(client_params());

541

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

542

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

543

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

544

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

545

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

546

}

547

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

548

TEST_P(SigningOperationsTest, RsaNoDigest) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

549

// PSS requires a digest.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

550

GenerateKey(AuthorizationSetBuilder()

551

.RsaSigningKey(256, 3)

552

.Digest(KM_DIGEST_NONE)

553

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

554

AuthorizationSet begin_params(client_params());

555

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

556

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

557

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

558

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

559

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

560

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

561

}

562

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

563

TEST_P(SigningOperationsTest, RsaNoPadding) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

564

// Padding must be specified

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

565

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(

566

KM_DIGEST_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

567

AuthorizationSet begin_params(client_params());

568

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

569

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

570

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

571

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

572

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

573

}

574

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

575

TEST_P(SigningOperationsTest, RsaTooShortMessage) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

576

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

577

.RsaSigningKey(256, 3)

578

.Digest(KM_DIGEST_NONE)

579

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

580

AuthorizationSet begin_params(client_params());

581

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

582

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

583

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

584

585

string message = "1234567890123456789012345678901";

586

string result;

587

size_t input_consumed;

588

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

589

EXPECT_EQ(0U, result.size());

590

EXPECT_EQ(31U, input_consumed);

591

592

string signature;

593

ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature));

594

EXPECT_EQ(0U, signature.length());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

595

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

596

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

597

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

598

}

599

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

600

TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

601

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

602

.RsaEncryptionKey(256, 3)

603

.Digest(KM_DIGEST_NONE)

604

.Padding(KM_PAD_NONE)));

605

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

606

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

607

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

608

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

609

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

610

}

611

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

612

TEST_P(SigningOperationsTest, EcdsaSuccess) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

613

ASSERT_EQ(KM_ERROR_OK,

614

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

615

string message = "123456789012345678901234567890123456789012345678";

616

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

617

SignMessage(message, &signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

618

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

619

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

620

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

621

}

622

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

623

TEST_P(SigningOperationsTest, AesEcbSign) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

624

ASSERT_EQ(KM_ERROR_OK,

625

GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(

626

TAG_BLOCK_MODE, KM_MODE_ECB)));

627

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

628

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

629

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

630

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

631

}

632

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

633

TEST_P(SigningOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

634

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

635

string message = "12345678901234567890123456789012";

636

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

637

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

638

ASSERT_EQ(20U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

639

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

640

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

641

}

642

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

643

TEST_P(SigningOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

644

ASSERT_EQ(KM_ERROR_OK,

645

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

646

string message = "12345678901234567890123456789012";

647

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

648

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

649

ASSERT_EQ(28U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

650

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

651

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

652

}

653

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

654

TEST_P(SigningOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

655

ASSERT_EQ(KM_ERROR_OK,

656

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

657

string message = "12345678901234567890123456789012";

658

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

659

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

660

ASSERT_EQ(32U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

661

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

662

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

663

}

664

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

665

TEST_P(SigningOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

666

ASSERT_EQ(KM_ERROR_OK,

667

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));

668

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

669

string message = "12345678901234567890123456789012";

670

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

671

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

672

ASSERT_EQ(48U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

673

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

674

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

675

}

676

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

677

TEST_P(SigningOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

678

ASSERT_EQ(KM_ERROR_OK,

679

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

680

string message = "12345678901234567890123456789012";

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

681

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

682

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

683

ASSERT_EQ(64U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

684

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

685

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

686

}

687

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

688

TEST_P(SigningOperationsTest, HmacLengthInKey) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

689

// TODO(swillden): unified API should generate an error on key generation.

690

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

691

.HmacKey(128)

692

.Digest(KM_DIGEST_SHA_2_256)

693

.Authorization(TAG_MAC_LENGTH, 20)));

694

string message = "12345678901234567890123456789012";

695

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

696

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

697

// Size in key was ignored.

698

ASSERT_EQ(30U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

699

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

700

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

701

}

702

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

703

TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

704

uint8_t key_data[] = {

705

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

706

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

707

};

708

string message = "Hi There";

709

uint8_t sha_224_expected[] = {

710

0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,

711

0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,

712

};

713

uint8_t sha_256_expected[] = {

714

0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,

715

0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,

716

0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,

717

};

718

uint8_t sha_384_expected[] = {

719

0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,

720

0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,

721

0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,

722

0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,

723

};

724

uint8_t sha_512_expected[] = {

725

0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,

726

0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,

727

0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,

728

0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,

729

0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,

730

};

731

732

string key = make_string(key_data);

733

734

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

735

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

736

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

737

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

738

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

739

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

740

}

741

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

742

TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

743

string key = "Jefe";

744

string message = "what do ya want for nothing?";

745

uint8_t sha_224_expected[] = {

746

0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,

747

0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,

748

};

749

uint8_t sha_256_expected[] = {

750

0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,

751

0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,

752

0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,

753

};

754

uint8_t sha_384_expected[] = {

755

0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,

756

0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,

757

0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,

758

0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,

759

};

760

uint8_t sha_512_expected[] = {

761

0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,

762

0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,

763

0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,

764

0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,

765

0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,

766

};

767

768

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

769

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

770

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

771

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

772

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

773

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

774

}

775

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

776

TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

777

string key(20, 0xaa);

778

string message(50, 0xdd);

779

uint8_t sha_224_expected[] = {

780

0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,

781

0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,

782

};

783

uint8_t sha_256_expected[] = {

784

0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,

785

0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,

786

0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,

787

};

788

uint8_t sha_384_expected[] = {

789

0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,

790

0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,

791

0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,

792

0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,

793

};

794

uint8_t sha_512_expected[] = {

795

0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,

796

0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,

797

0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,

798

0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,

799

0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,

800

};

801

802

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

803

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

804

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

805

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

806

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

807

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

808

}

809

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

810

TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

811

uint8_t key_data[25] = {

812

0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,

813

0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,

814

};

815

string key = make_string(key_data);

816

string message(50, 0xcd);

817

uint8_t sha_224_expected[] = {

818

0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,

819

0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,

820

};

821

uint8_t sha_256_expected[] = {

822

0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,

823

0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,

824

0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,

825

};

826

uint8_t sha_384_expected[] = {

827

0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,

828

0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,

829

0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,

830

0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,

831

};

832

uint8_t sha_512_expected[] = {

833

0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,

834

0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,

835

0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,

836

0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,

837

0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,

838

};

839

840

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

841

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

842

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

843

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

844

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

845

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

846

}

847

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

848

TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

849

string key(20, 0x0c);

850

string message = "Test With Truncation";

851

852

uint8_t sha_224_expected[] = {

853

0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,

854

0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,

855

};

856

uint8_t sha_256_expected[] = {

857

0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,

858

0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,

859

};

860

uint8_t sha_384_expected[] = {

861

0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,

862

0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,

863

};

864

uint8_t sha_512_expected[] = {

865

0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,

866

0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,

867

};

868

869

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

870

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

871

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

872

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

873

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

874

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

875

}

876

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

877

TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

878

string key(131, 0xaa);

879

string message = "Test Using Larger Than Block-Size Key - Hash Key First";

880

881

uint8_t sha_224_expected[] = {

882

0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,

883

0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,

884

};

885

uint8_t sha_256_expected[] = {

886

0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,

887

0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,

888

0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,

889

};

890

uint8_t sha_384_expected[] = {

891

0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,

892

0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,

893

0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,

894

0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,

895

};

896

uint8_t sha_512_expected[] = {

897

0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,

898

0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,

899

0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,

900

0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,

901

0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,

902

};

903

904

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

905

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

906

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

907

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

908

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

909

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

910

}

911

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

912

TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

913

string key(131, 0xaa);

914

string message = "This is a test using a larger than block-size key and a larger than "

915

"block-size data. The key needs to be hashed before being used by the HMAC "

916

"algorithm.";

917

918

uint8_t sha_224_expected[] = {

919

0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,

920

0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,

921

};

922

uint8_t sha_256_expected[] = {

923

0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,

924

0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,

925

0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,

926

};

927

uint8_t sha_384_expected[] = {

928

0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,

929

0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,

930

0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,

931

0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,

932

};

933

uint8_t sha_512_expected[] = {

934

0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,

935

0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,

936

0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,

937

0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,

938

0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,

939

};

940

941

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

942

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

943

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

944

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

945

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

946

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

947

}

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

948

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

949

TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

950

ASSERT_EQ(KM_ERROR_OK,

951

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

952

AuthorizationSet begin_params(client_params());

Shawn Willden

0c60f6f

2015-04-27 23:40:10 -0600

[diff] [blame]

953

begin_params.push_back(TAG_MAC_LENGTH, 264);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

954

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

955

ASSERT_EQ(KM_ERROR_OK,

956

BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));

957

string message = "1234567890123456789012345678901";

958

string result;

959

size_t input_consumed;

960

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

961

ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

962

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

963

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

964

}

965

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

966

// TODO(swillden): Add more verification failure tests.

967

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

968

typedef Keymaster1Test VerificationOperationsTest;

969

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);

970

971

TEST_P(VerificationOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

972

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

973

.RsaSigningKey(256, 3)

974

.Digest(KM_DIGEST_NONE)

975

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

976

string message = "12345678901234567890123456789012";

977

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

978

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

979

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

980

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

981

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

982

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

983

}

984

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

985

TEST_P(VerificationOperationsTest, RsaSha256DigestSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

986

GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

987

.RsaSigningKey(384, 3)

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

988

.Digest(KM_DIGEST_SHA_2_256)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

989

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

990

string message(1024, 'a');

991

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

992

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

993

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

994

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

995

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

996

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

997

}

998

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

999

TEST_P(VerificationOperationsTest, RsaSha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1000

GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1001

.RsaSigningKey(384, 3)

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1002

.Digest(KM_DIGEST_SHA_2_256)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1003

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1004

string message(1024, 'a');

1005

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1006

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1007

++signature[signature.size() / 2];

1008

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1009

AuthorizationSet begin_params(client_params());

1010

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1011

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1012

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1013

1014

string result;

1015

size_t input_consumed;

1016

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1017

EXPECT_EQ(message.size(), input_consumed);

1018

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1019

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1020

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1021

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1022

}

1023

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1024

TEST_P(VerificationOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1025

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1026

.RsaSigningKey(512, 3)

1027

.Digest(KM_DIGEST_SHA_2_256)

1028

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1029

// Use large message, which won't work without digesting.

1030

string message(1024, 'a');

1031

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1032

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

1033

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1034

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1035

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1036

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1037

}

1038

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1039

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1040

GenerateKey(AuthorizationSetBuilder()

1041

.RsaSigningKey(512, 3)

1042

.Digest(KM_DIGEST_SHA_2_256)

1043

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1044

string message(1024, 'a');

1045

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1046

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1047

++signature[signature.size() / 2];

1048

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1049

AuthorizationSet begin_params(client_params());

1050

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1051

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1052

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1053

1054

string result;

1055

size_t input_consumed;

1056

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1057

EXPECT_EQ(message.size(), input_consumed);

1058

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1059

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1060

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1061

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1062

}

1063

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1064

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1065

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1066

.RsaSigningKey(512, 3)

1067

.Digest(KM_DIGEST_SHA_2_256)

1068

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1069

// Use large message, which won't work without digesting.

1070

string message(1024, 'a');

1071

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1072

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1073

++message[message.size() / 2];

1074

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1075

AuthorizationSet begin_params(client_params());

1076

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1077

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1078

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1079

1080

string result;

1081

size_t input_consumed;

1082

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1083

EXPECT_EQ(message.size(), input_consumed);

1084

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1085

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1086

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1087

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1088

}

1089

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1090

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1091

GenerateKey(AuthorizationSetBuilder()

1092

.RsaSigningKey(512, 3)

1093

.Digest(KM_DIGEST_SHA_2_256)

1094

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1095

string message(1024, 'a');

1096

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1097

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

1098

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1099

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1100

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1101

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1102

}

1103

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1104

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1105

GenerateKey(AuthorizationSetBuilder()

1106

.RsaSigningKey(512, 3)

1107

.Digest(KM_DIGEST_SHA_2_256)

1108

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1109

string message(1024, 'a');

1110

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1111

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1112

++signature[signature.size() / 2];

1113

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1114

AuthorizationSet begin_params(client_params());

1115

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1116

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1117

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1118

1119

string result;

1120

size_t input_consumed;

1121

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1122

EXPECT_EQ(message.size(), input_consumed);

1123

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1124

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1125

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1126

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1127

}

1128

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1129

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1130

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1131

.RsaSigningKey(512, 3)

1132

.Digest(KM_DIGEST_SHA_2_256)

1133

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1134

// Use large message, which won't work without digesting.

1135

string message(1024, 'a');

1136

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1137

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1138

++message[message.size() / 2];

1139

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1140

AuthorizationSet begin_params(client_params());

1141

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1142

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1143

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1144

1145

string result;

1146

size_t input_consumed;

1147

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1148

EXPECT_EQ(message.size(), input_consumed);

1149

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1150

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1151

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1152

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1153

}

1154

1155

template <typename T> vector<T> make_vector(const T* array, size_t len) {

1156

return vector<T>(array, array + len);

1157

}

1158

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1159

TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1160

// Get all supported digests and padding modes.

1161

size_t digests_len;

1162

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1163

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1164

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,

1165

&digests_len));

1166

1167

size_t padding_modes_len;

1168

keymaster_padding_t* padding_modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1169

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1170

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,

1171

&padding_modes, &padding_modes_len));

1172

1173

// Try them.

1174

for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {

1175

for (keymaster_digest_t digest : make_vector(digests, digests_len)) {

1176

// Compute key & message size that will work.

1177

size_t key_bits = 256;

1178

size_t message_len = 1000;

1179

switch (digest) {

1180

case KM_DIGEST_NONE:

1181

switch (padding_mode) {

1182

case KM_PAD_NONE:

1183

// Match key size.

1184

message_len = key_bits / 8;

1185

break;

1186

case KM_PAD_RSA_PKCS1_1_5_SIGN:

1187

message_len = key_bits / 8 - 11;

1188

break;

1189

case KM_PAD_RSA_PSS:

1190

// PSS requires a digest.

1191

continue;

1192

default:

1193

FAIL() << "Missing padding";

break;

}

break;

case KM_DIGEST_SHA_2_256:

1199

switch (padding_mode) {

1200

case KM_PAD_NONE:

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1201

// Digesting requires padding

1202

continue;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1203

case KM_PAD_RSA_PKCS1_1_5_SIGN:

key_bits += 8 * 11;

break;

case KM_PAD_RSA_PSS:

key_bits += 8 * 10;

break;

default:

FAIL() << "Missing padding";

break;

}

break;

default:

FAIL() << "Missing digest";

1216

}

1217

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1218

GenerateKey(AuthorizationSetBuilder()

1219

.RsaSigningKey(key_bits, 3)

1220

.Digest(digest)

1221

.Padding(padding_mode));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1222

string message(message_len, 'a');

1223

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1224

SignMessage(message, &signature, digest, padding_mode);

1225

VerifyMessage(message, signature, digest, padding_mode);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

}

}

free(padding_modes);

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1231

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1232

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1233

EXPECT_EQ(16, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1234

}

1235

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1236

TEST_P(VerificationOperationsTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1237

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1238

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1239

string message = "123456789012345678901234567890123456789012345678";

1240

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1241

SignMessage(message, &signature, KM_DIGEST_NONE);

1242

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1243

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1244

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1245

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

5ac2f8f

2014-08-18 15:33:10 -0600

[diff] [blame]

1246

}

1247

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1248

TEST_P(VerificationOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1249

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1250

string message = "123456789012345678901234567890123456789012345678";

1251

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1252

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

1253

VerifyMessage(message, signature, KM_DIGEST_SHA1);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1254

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1255

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1256

}

1257

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1258

TEST_P(VerificationOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1259

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1260

string message = "123456789012345678901234567890123456789012345678";

1261

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1262

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

1263

VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1264

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1265

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1266

}

1267

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1268

TEST_P(VerificationOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1269

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1270

string message = "123456789012345678901234567890123456789012345678";

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1271

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1272

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

1273

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1274

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1275

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1276

}

1277

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1278

TEST_P(VerificationOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1279

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1280

string message = "123456789012345678901234567890123456789012345678";

1281

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1282

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

1283

VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1284

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1285

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1286

}

1287

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1288

TEST_P(VerificationOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1289

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1290

string message = "123456789012345678901234567890123456789012345678";

1291

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1292

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

1293

VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1294

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1295

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1296

}

1297

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1298

typedef Keymaster1Test ExportKeyTest;

1299

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);

1300

1301

TEST_P(ExportKeyTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1302

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1303

.RsaSigningKey(256, 3)

1304

.Digest(KM_DIGEST_NONE)

1305

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1306

string export_data;

1307

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1308

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1309

1310

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1311

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1312

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1313

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

ffd790c

2014-08-18 21:20:06 -0600

[diff] [blame]

1314

}

1315

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1316

TEST_P(ExportKeyTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1317

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1318

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1319

string export_data;

1320

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1321

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1322

1323

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1324

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1325

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1326

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1327

}

1328

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1329

TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1330

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1331

.RsaSigningKey(256, 3)

1332

.Digest(KM_DIGEST_NONE)

1333

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1334

string export_data;

1335

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1336

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1337

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1338

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1339

}

1340

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1341

TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1342

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1343

.RsaSigningKey(256, 3)

1344

.Digest(KM_DIGEST_NONE)

1345

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1346

corrupt_key_blob();

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1347

string export_data;

1348

ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1349

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1350

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1351

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1352

}

1353

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1354

TEST_P(ExportKeyTest, AesKeyExportFails) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1355

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1356

string export_data;

1357

1358

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));

1359

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

1360

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1361

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1362

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1363

}

1364

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1365

static string read_file(const string& file_name) {

1366

ifstream file_stream(file_name, std::ios::binary);

1367

istreambuf_iterator<char> file_begin(file_stream);

1368

istreambuf_iterator<char> file_end;

1369

return string(file_begin, file_end);

1370

}

1371

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1372

typedef Keymaster1Test ImportKeyTest;

1373

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);

1374

1375

TEST_P(ImportKeyTest, RsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1376

string pk8_key = read_file("rsa_privkey_pk8.der");

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1377

ASSERT_EQ(633U, pk8_key.size());

1378

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1379

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1380

.RsaSigningKey(1024, 65537)

1381

.Digest(KM_DIGEST_NONE)

1382

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1383

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1384

1385

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1386

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1387

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1388

TAG_ALGORITHM, KM_ALGORITHM_RSA));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1389

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1390

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1391

TAG_KEY_SIZE, 1024));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1392

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1393

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1394

TAG_RSA_PUBLIC_EXPONENT, 65537U));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1395

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1396

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1397

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1398

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1399

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1400

string message(1024 / 8, 'a');

1401

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1402

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

1403

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1404

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1405

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1406

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1407

}

1408

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1409

TEST_P(ImportKeyTest, OldApiRsaSuccess) {

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1410

string pk8_key = read_file("rsa_privkey_pk8.der");

1411

ASSERT_EQ(633U, pk8_key.size());

1412

1413

// NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that

1414

// point softkeymaster will no longer support keymaster0 APIs anyway.

1415

uint8_t* key_blob;

1416

size_t key_blob_length;

1417

ASSERT_EQ(0,

1418

device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),

1419

pk8_key.size(), &key_blob, &key_blob_length));

1420

set_key_blob(key_blob, key_blob_length);

1421

1422

string message(1024 / 8, 'a');

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1423

AuthorizationSet begin_params; // Don't use client data.

1424

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1425

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1426

AuthorizationSet update_params;

1427

AuthorizationSet output_params;

1428

string signature =

1429

ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);

1430

ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,

1431

&output_params);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1432

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1433

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1434

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1435

}

1436

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1437

TEST_P(ImportKeyTest, RsaKeySizeMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1438

string pk8_key = read_file("rsa_privkey_pk8.der");

1439

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1440

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1441

ImportKey(AuthorizationSetBuilder()

1442

.RsaSigningKey(2048 /* Doesn't match key */, 3)

1443

.Digest(KM_DIGEST_NONE)

1444

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1445

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1446

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1447

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1448

}

1449

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1450

TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1451

string pk8_key = read_file("rsa_privkey_pk8.der");

1452

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1453

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1454

ImportKey(AuthorizationSetBuilder()

1455

.RsaSigningKey(256, 3 /* Doesnt' match key */)

1456

.Digest(KM_DIGEST_NONE)

1457

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1458

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1459

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1460

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1461

}

1462

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1463

TEST_P(ImportKeyTest, EcdsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1464

string pk8_key = read_file("ec_privkey_pk8.der");

1465

ASSERT_EQ(138U, pk8_key.size());

1466

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1467

ASSERT_EQ(KM_ERROR_OK,

1468

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1469

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1470

1471

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1472

EXPECT_TRUE(

1473

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1474

TAG_ALGORITHM, KM_ALGORITHM_EC));

1475

EXPECT_TRUE(

1476

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1477

TAG_KEY_SIZE, 256));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1478

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1479

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1480

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1481

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1482

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1483

string message(1024 / 8, 'a');

1484

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1485

SignMessage(message, &signature, KM_DIGEST_NONE);

1486

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1487

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1488

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1489

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1490

}

1491

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1492

TEST_P(ImportKeyTest, EcdsaSizeSpecified) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1493

string pk8_key = read_file("ec_privkey_pk8.der");

1494

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1495

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1496

ASSERT_EQ(KM_ERROR_OK,

1497

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1498

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1499

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1500

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1501

EXPECT_TRUE(

1502

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1503

TAG_ALGORITHM, KM_ALGORITHM_EC));

1504

EXPECT_TRUE(

1505

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1506

TAG_KEY_SIZE, 256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1507

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1508

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1509

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1510

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1511

1512

string message(1024 / 8, 'a');

1513

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1514

SignMessage(message, &signature, KM_DIGEST_NONE);

1515

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1516

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1517

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1518

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1519

}

1520

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1521

TEST_P(ImportKeyTest, EcdsaSizeMismatch) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1522

string pk8_key = read_file("ec_privkey_pk8.der");

1523

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1524

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1525

ImportKey(AuthorizationSetBuilder()

1526

.EcdsaSigningKey(224 /* Doesn't match key */)

1527

.Digest(KM_DIGEST_NONE),

1528

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1529

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1530

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1531

}

1532

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1533

TEST_P(ImportKeyTest, AesKeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1534

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1535

string key(key_data, sizeof(key_data));

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1536

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

c47c88f

2015-04-07 17:23:27 -0600

[diff] [blame]

1537

ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(

1538

TAG_PADDING, KM_PAD_PKCS7),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1539

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1540

1541

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1542

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1543

1544

string message = "Hello World!";

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1545

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

1546

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1547

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1548

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1549

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1550

}

1551

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1552

TEST_P(ImportKeyTest, HmacSha256KeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1553

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1554

string key(key_data, sizeof(key_data));

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1555

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1556

.HmacKey(sizeof(key_data) * 8)

1557

.Digest(KM_DIGEST_SHA_2_256)

1558

.Authorization(TAG_MAC_LENGTH, 32),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1559

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1560

1561

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1562

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1563

1564

string message = "Hello World!";

1565

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1566

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);

1567

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1568

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1569

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1570

}

1571

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1572

typedef Keymaster1Test EncryptionOperationsTest;

1573

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);

1574

1575

TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1576

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1577

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1578

1579

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1580

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1581

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1582

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1583

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1584

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1585

1586

// OAEP randomizes padding so every result should be different.

1587

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1588

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1589

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1590

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1591

}

1592

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1593

TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1594

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1595

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1596

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1597

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1598

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1599

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1600

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_OAEP);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1601

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1602

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1603

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1604

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1605

}

1606

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1607

TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1608

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1609

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1610

string message = "12345678901234567890123";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1611

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1612

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1613

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1614

AuthorizationSet begin_params(client_params());

1615

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1616

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1617

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1618

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1619

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1620

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1621

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1622

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1623

}

1624

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1625

TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1626

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1627

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1628

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1629

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1630

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1631

1632

// Corrupt the ciphertext

1633

ciphertext[512 / 8 / 2]++;

1634

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1635

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1636

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1637

AuthorizationSet begin_params(client_params());

1638

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1639

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1640

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1641

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1642

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1643

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1644

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1645

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1646

}

1647

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1648

TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1649

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1650

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1651

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1652

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1653

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1654

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1655

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1656

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1657

1658

// PKCS1 v1.5 randomizes padding so every result should be different.

1659

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1660

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1661

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1662

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1663

}

1664

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1665

TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1666

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1667

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1668

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1669

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1670

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1671

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1672

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1673

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1674

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1675

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1676

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1677

}

1678

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1679

TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1680

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1681

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

7bae132

2015-05-26 10:16:49 -0600

[diff] [blame]

1682

string message = "123456789012345678901234567890123456789012345678901234";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1683

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1684

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1685

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1686

AuthorizationSet begin_params(client_params());

1687

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1688

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1689

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1690

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1691

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1692

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1693

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1694

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1695

}

1696

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1697

TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1698

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1699

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1700

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1701

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1702

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1703

1704

// Corrupt the ciphertext

1705

ciphertext[512 / 8 / 2]++;

1706

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1707

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1708

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1709

AuthorizationSet begin_params(client_params());

1710

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1711

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1712

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1713

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1714

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1715

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1716

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1717

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1718

}

1719

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1720

TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1721

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1722

.RsaSigningKey(256, 3)

1723

.Digest(KM_DIGEST_NONE)

1724

.Padding(KM_PAD_NONE)));

1725

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1726

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1727

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1728

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1729

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1730

}

1731

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1732

TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1733

ASSERT_EQ(KM_ERROR_OK,

1734

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

1735

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1736

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1737

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1738

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1739

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1740

}

1741

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1742

TEST_P(EncryptionOperationsTest, HmacEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

ASSERT_EQ(

KM_ERROR_OK,

GenerateKey(

AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));

1747

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1748

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1749

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1750

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1751

}

1752

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1753

TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1754

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1755

.AesEncryptionKey(128)

1756

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1757

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1758

// Two-block message.

1759

string message = "12345678901234567890123456789012";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1760

string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1761

EXPECT_EQ(message.size(), ciphertext1.size());

1762

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1763

string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1764

EXPECT_EQ(message.size(), ciphertext2.size());

1765

1766

// ECB is deterministic.

1767

EXPECT_EQ(ciphertext1, ciphertext2);

1768

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1769

string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1770

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1771

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1772

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1773

}

1774

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1775

TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1776

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1777

.AesEncryptionKey(128)

1778

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1779

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1780

// Message is slightly shorter than two blocks.

1781

string message = "1234567890123456789012345678901";

1782

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1783

AuthorizationSet begin_params(client_params());

1784

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1785

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1786

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1787

string ciphertext;

1788

size_t input_consumed;

1789

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));

1790

EXPECT_EQ(message.size(), input_consumed);

1791

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1792

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1793

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1794

}

1795

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1796

TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1797

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1798

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1799

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1800

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1801

1802

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1803

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1804

string message(i, 'a');

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1805

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1806

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1807

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1808

EXPECT_EQ(message, plaintext);

1809

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1810

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1811

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1812

}

1813

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1814

TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1815

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1816

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1817

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1818

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1819

1820

string message = "a";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1821

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1822

EXPECT_EQ(16U, ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1823

EXPECT_NE(ciphertext, message);

1824

++ciphertext[ciphertext.size() / 2];

1825

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1826

AuthorizationSet begin_params(client_params());

1827

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1828

begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1829

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1830

string plaintext;

1831

size_t input_consumed;

1832

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));

1833

EXPECT_EQ(ciphertext.size(), input_consumed);

1834

EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1835

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1836

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1837

}

1838

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1839

TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1840

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1841

.AesEncryptionKey(128)

1842

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1843

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1844

string message = "123";

1845

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1846

string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1847

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1848

EXPECT_EQ(16U, iv1.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1849

1850

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1851

string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1852

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1853

EXPECT_EQ(16U, iv2.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1854

1855

// IVs should be random, so ciphertexts should differ.

1856

EXPECT_NE(iv1, iv2);

1857

EXPECT_NE(ciphertext1, ciphertext2);

1858

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1859

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1860

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1861

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1862

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1863

}

1864

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1865

TEST_P(EncryptionOperationsTest, AesCtrIncremental) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1866

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1867

.AesEncryptionKey(128)

1868

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1869

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1870

1871

int increment = 15;

1872

string message(239, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1873

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1874

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1875

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1876

AuthorizationSet output_params;

1877

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

1878

1879

string ciphertext;

1880

size_t input_consumed;

1881

for (size_t i = 0; i < message.size(); i += increment)

1882

EXPECT_EQ(KM_ERROR_OK,

1883

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

1884

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

1885

EXPECT_EQ(message.size(), ciphertext.size());

1886

1887

// Move TAG_NONCE into input_params

1888

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1889

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1890

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1891

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1892

output_params.Clear();

1893

1894

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

1895

string plaintext;

1896

for (size_t i = 0; i < ciphertext.size(); i += increment)

1897

EXPECT_EQ(KM_ERROR_OK,

1898

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

1899

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

1900

EXPECT_EQ(ciphertext.size(), plaintext.size());

1901

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1902

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1903

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1904

}

1905

1906

struct AesCtrSp80038aTestVector {

1907

const char* key;

1908

const char* nonce;

1909

const char* plaintext;

1910

const char* ciphertext;

1911

};

1912

1913

// These test vectors are taken from

1914

// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.

1915

static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {

1916

// AES-128

1917

{

1918

"2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

1919

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

1920

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

1921

"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"

1922

"5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",

},

// AES-192

{

"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

1927

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

1928

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

1929

"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"

1930

"1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",

},

// AES-256

{

"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",

1935

"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

1936

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

1937

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

1938

"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"

1939

"2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",

},

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1943

TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1944

for (size_t i = 0; i < 3; i++) {

1945

const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);

1946

const string key = hex2str(test.key);

1947

const string nonce = hex2str(test.nonce);

1948

const string plaintext = hex2str(test.plaintext);

1949

const string ciphertext = hex2str(test.ciphertext);

1950

CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);

1951

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1952

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1953

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1954

}

1955

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1956

TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1957

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1958

.AesEncryptionKey(128)

1959

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1960

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1961

AuthorizationSet begin_params(client_params());

1962

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1963

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1964

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1965

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1966

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1967

}

1968

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1969

TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1970

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1971

.AesEncryptionKey(128)

1972

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1973

.Authorization(TAG_CALLER_NONCE)

1974

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1975

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1976

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1977

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1978

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1979

input_params.push_back(TAG_NONCE, "123", 3);

1980

EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1981

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1982

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1983

}

1984

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1985

TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1986

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1987

.AesEncryptionKey(128)

1988

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

1989

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1990

// Two-block message.

1991

string message = "12345678901234567890123456789012";

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1992

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1993

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1994

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1995

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1996

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1997

string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

1998

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1999

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2000

// IVs should be random, so ciphertexts should differ.

2001

EXPECT_NE(iv1, iv2);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2002

EXPECT_NE(ciphertext1, ciphertext2);

2003

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2004

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2005

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2006

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2007

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2008

}

2009

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2010

TEST_P(EncryptionOperationsTest, AesCallerNonce) {

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2011

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2012

.AesEncryptionKey(128)

2013

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2014

.Authorization(TAG_CALLER_NONCE)

2015

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2016

string message = "12345678901234567890123456789012";

2017

string iv1;

2018

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2019

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2020

EXPECT_EQ(message.size(), ciphertext1.size());

2021

EXPECT_EQ(16U, iv1.size());

2022

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2023

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2024

EXPECT_EQ(message, plaintext);

2025

2026

// Now specify a nonce, should also work.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2027

AuthorizationSet input_params(client_params());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2028

AuthorizationSet update_params;

2029

AuthorizationSet output_params;

2030

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2031

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2032

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2033

string ciphertext2 =

2034

ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);

2035

2036

// Decrypt with correct nonce.

2037

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2038

&output_params);

2039

EXPECT_EQ(message, plaintext);

2040

2041

// Now try with wrong nonce.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2042

input_params.Reinitialize(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2043

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2044

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2045

input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);

2046

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2047

&output_params);

2048

EXPECT_NE(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2049

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2050

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2051

}

2052

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2053

TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2054

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2055

.AesEncryptionKey(128)

2056

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2057

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2058

2059

string message = "12345678901234567890123456789012";

2060

string iv1;

2061

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2062

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2063

EXPECT_EQ(message.size(), ciphertext1.size());

2064

EXPECT_EQ(16U, iv1.size());

2065

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2066

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2067

EXPECT_EQ(message, plaintext);

2068

2069

// Now specify a nonce, should fail.

2070

AuthorizationSet input_params(client_params());

2071

AuthorizationSet update_params;

2072

AuthorizationSet output_params;

2073

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2074

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2075

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2076

2077

EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,

2078

BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2079

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2080

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2081

}

2082

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2083

TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2084

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2085

.AesEncryptionKey(128)

2086

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2087

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2088

2089

int increment = 15;

2090

string message(240, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2091

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2092

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2093

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2094

AuthorizationSet output_params;

2095

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

2096

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2097

string ciphertext;

2098

size_t input_consumed;

2099

for (size_t i = 0; i < message.size(); i += increment)

2100

EXPECT_EQ(KM_ERROR_OK,

2101

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

2102

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2103

EXPECT_EQ(message.size(), ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2104

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2105

// Move TAG_NONCE into input_params

2106

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2107

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2108

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2109

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2110

output_params.Clear();

2111

2112

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2113

string plaintext;

2114

for (size_t i = 0; i < ciphertext.size(); i += increment)

2115

EXPECT_EQ(KM_ERROR_OK,

2116

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

2117

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2118

EXPECT_EQ(ciphertext.size(), plaintext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2119

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2120

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2121

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2122

}

2123

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2124

TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2125

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2126

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2127

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2128

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2129

2130

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

2131

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2132

string message(i, 'a');

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2133

string iv;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2134

string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2135

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2136

string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2137

EXPECT_EQ(message, plaintext);

2138

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2139

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2140

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2141

}

2142

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2143

typedef Keymaster1Test AddEntropyTest;

2144

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);

2145

2146

TEST_P(AddEntropyTest, AddEntropy) {

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2147

// There's no obvious way to test that entropy is actually added, but we can test that the API

2148

// doesn't blow up or return an error.

2149

EXPECT_EQ(KM_ERROR_OK,

2150

device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2151

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2152

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2153

}

2154

2155

typedef Keymaster1Test Keymaster0AdapterTest;

2156

INSTANTIATE_TEST_CASE_P(

2157

AndroidKeymasterTest, Keymaster0AdapterTest,

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2158

::testing::Values(

2159

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

2160

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2161

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2162

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2163

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2164

// key data.

2165

string km1_sw = read_file("km1_sw_rsa_512.blob");

2166

EXPECT_EQ(486U, km1_sw.length());

2167

2168

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2169

memcpy(key_data, km1_sw.data(), km1_sw.length());

2170

set_key_blob(key_data, km1_sw.length());

2171

2172

string message(64, 'a');

2173

string signature;

2174

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2175

2176

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2177

}

2178

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2179

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {

2180

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2181

// key data.

2182

string km1_sw = read_file("km1_sw_ecdsa_256.blob");

2183

EXPECT_EQ(270U, km1_sw.length());

2184

2185

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2186

memcpy(key_data, km1_sw.data(), km1_sw.length());

2187

set_key_blob(key_data, km1_sw.length());

2188

2189

string message(64, 'a');

2190

string signature;

2191

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2192

2193

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2194

}

2195

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2196

struct Malloc_Delete {

2197

void operator()(void* p) { free(p); }

2198

};

2199

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2200

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2201

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2202

string km0_sw = read_file("km0_sw_rsa_512.blob");

2203

EXPECT_EQ(333U, km0_sw.length());

2204

2205

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2206

memcpy(key_data, km0_sw.data(), km0_sw.length());

2207

set_key_blob(key_data, km0_sw.length());

2208

2209

string message(64, 'a');

2210

string signature;

2211

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2212

2213

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2214

}

2215

Shawn Willden