Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 12248fd3e82e61ca4be194caf6347152dacf219d / . / android_keymaster_test.cpp
blob: cb120a6ec9074a2b305b2448183a9bc98cad4da0 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]49class TestKeymasterEnforcement : public KeymasterEnforcement {
50 public:
51 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
52
53 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
54 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
55 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
56 uint32_t /* timeout */) const {
57 return false;
58 }
59 virtual uint32_t get_current_time() const { return 0; }
60 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
61};
62
63class TestKeymasterContext : public SoftKeymasterContext {
64 public:
65 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
66 : SoftKeymasterContext(keymaster0) {}
67
68 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
69
70 private:
71 TestKeymasterEnforcement test_policy_;
72};
73
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]74class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
75 public:
76 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]78 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]79 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]80 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]82 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]83 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]84};
85
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]86class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
87 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]88 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]91 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
92 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 hw_device_t* softkeymaster_device;
94 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
95 &softkeymaster_device));
96 // Make the software device pretend to be hardware
97 keymaster0_device_t* keymaster0_device =
98 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]99 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
100
101 if (!support_ec_) {
102 // Make the software device pretend not to support EC
103 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
104 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]105
106 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
107
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]108 SoftKeymasterDevice* keymaster =
109 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]110 return keymaster->keymaster_device();
111 }
112
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]113 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
114 switch (algorithm) {
115 case KM_ALGORITHM_RSA:
116 return true;
117 case KM_ALGORITHM_EC:
118 return support_ec_;
119 default:
120 return false;
121 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]122 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]123 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
124
125 private:
126 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]127 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]128};
129
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]130static auto test_params = testing::Values(
131 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
132 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
133 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]134
135typedef Keymaster1Test CheckSupported;
136INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
137
138TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]139 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
140 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]141
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]142 size_t len;
143 keymaster_algorithm_t* algorithms;
144 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]145 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]146 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]147 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]148
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]149 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]150}
151
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]152TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]153 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
154 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
155 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]156
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 size_t len;
158 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]159 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]160 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]161 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]162 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]163
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]165 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]166 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]167
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]168 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]169 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]170 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]171 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]172
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]173 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]174}
175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]176TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]177 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
178 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
179 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]180
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 size_t len;
182 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]183 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]184 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]185 EXPECT_TRUE(
186 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]187 free(modes);
188
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]189 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]190 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]191 EXPECT_TRUE(
192 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]193 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]194
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]195 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]196 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]197 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]198 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]199
200 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
201 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
202 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]203
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]204 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]205}
206
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]207TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]208 EXPECT_EQ(
209 KM_ERROR_OUTPUT_PARAMETER_NULL,
210 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]211
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 size_t len;
213 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]214 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]215 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]216 EXPECT_TRUE(
217 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
218 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
219 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]220 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]221
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]222 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]223 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]224 EXPECT_TRUE(
225 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
226 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
227 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]228 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]229
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]230 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
231 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
232 &len));
233
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]234 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]235 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]236 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
237 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
238 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]239 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]240
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]241 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242}
243
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]244TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]245 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
246 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]247
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 size_t len;
249 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]256 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
257 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
258 free(formats);
259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
262 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
263 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]264
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]265 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]266}
267
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]268TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]269 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
270 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 size_t len;
273 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]274 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]276 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]277 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]278
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]279 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]280 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]281 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]282 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]283
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]284 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]286 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]287 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]288
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]289 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]290 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]291 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]292 free(formats);
293
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]294 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]296 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]297 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]298
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]299 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]300}
301
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]302class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]303 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]304 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]305 AuthorizationSet auths = sw_enforced();
306 EXPECT_GT(auths.SerializedSize(), 12U);
307
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]308 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
309 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
310 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]312 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]313
314 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
316 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
317 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]318
319 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]320 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
321 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
322 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]323
324 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]325 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]326 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]327 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]328};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]329INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
330
331TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]332 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
333 .RsaSigningKey(256, 3)
334 .Digest(KM_DIGEST_NONE)
335 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]336 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]337
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]338 // Check specified tags are all present, and in the right set.
339 AuthorizationSet crypto_params;
340 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]342 EXPECT_NE(0U, hw_enforced().size());
343 EXPECT_NE(0U, sw_enforced().size());
344 crypto_params.push_back(hw_enforced());
345 non_crypto_params.push_back(sw_enforced());
346 } else {
347 EXPECT_EQ(0U, hw_enforced().size());
348 EXPECT_NE(0U, sw_enforced().size());
349 crypto_params.push_back(sw_enforced());
350 }
351
352 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
353 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
354 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
355 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
356 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
357 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
358
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]359 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]360 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]361}
362
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]363TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]364 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
365 GenerateKey(AuthorizationSetBuilder()
366 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
367 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
368 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]369
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]370 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]371}
372
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]373TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]374 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]375 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]376 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]377
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]378 // Check specified tags are all present, and in the right set.
379 AuthorizationSet crypto_params;
380 AuthorizationSet non_crypto_params;
381 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
382 EXPECT_NE(0U, hw_enforced().size());
383 EXPECT_NE(0U, sw_enforced().size());
384 crypto_params.push_back(hw_enforced());
385 non_crypto_params.push_back(sw_enforced());
386 } else {
387 EXPECT_EQ(0U, hw_enforced().size());
388 EXPECT_NE(0U, sw_enforced().size());
389 crypto_params.push_back(sw_enforced());
390 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
393 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
394 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
395 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
396
397 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
398 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]399}
400
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]401TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]402 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
403 GenerateKey(AuthorizationSetBuilder()
404 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
405 .SigningKey()
406 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]407
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]408 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]409}
410
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]411TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]412 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
413 ASSERT_EQ(
414 KM_ERROR_UNKNOWN_ERROR,
415 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
416 else
417 ASSERT_EQ(
418 KM_ERROR_UNSUPPORTED_KEY_SIZE,
419 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]420
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]421 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
422 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]423}
424
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]425TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]426 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]427 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]428 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
429 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]430 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]431 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]432
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]433 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
434 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]435}
436
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]437TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]438 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]439 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]440
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]441 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]442}
443
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]444typedef Keymaster1Test GetKeyCharacteristics;
445INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
446
447TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]448 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
449 .RsaSigningKey(256, 3)
450 .Digest(KM_DIGEST_NONE)
451 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]452 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]453
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]454 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
455 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]456
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]457 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]458 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]459}
460
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]461typedef Keymaster1Test SigningOperationsTest;
462INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
463
464TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]465 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
466 .RsaSigningKey(256, 3)
467 .Digest(KM_DIGEST_NONE)
468 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]469 string message = "12345678901234567890123456789012";
470 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]471 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]472
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]473 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]474 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]475}
476
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]477TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]478 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
479 .RsaSigningKey(512, 3)
480 .Digest(KM_DIGEST_SHA_2_256)
481 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]482 // Use large message, which won't work without digesting.
483 string message(1024, 'a');
484 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]485 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]486
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]487 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]488 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]489}
490
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]491TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
492 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
493 .RsaSigningKey(512, 3)
494 .Digest(KM_DIGEST_NONE)
495 .Padding(KM_PAD_NONE)));
496 string message = "12345678901234567890123456789012";
497 string signature;
498 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
499
500 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
501 EXPECT_EQ(3, GetParam()->keymaster0_calls());
502}
503
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]504TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]505 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
506 .RsaSigningKey(512, 3)
507 .Digest(KM_DIGEST_SHA_2_256)
508 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]509 string message(1024, 'a');
510 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]511 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]513 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]514 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]515}
516
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]517TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
518 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
519 .RsaSigningKey(512, 3)
520 .Digest(KM_DIGEST_NONE)
521 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
522 string message(53, 'a');
523 string signature;
524 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
525
526 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
527 EXPECT_EQ(3, GetParam()->keymaster0_calls());
528}
529
530TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
531 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
532 .RsaSigningKey(512, 3)
533 .Digest(KM_DIGEST_NONE)
534 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
535 string message(54, 'a');
536
537 AuthorizationSet begin_params(client_params());
538 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
539 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
540 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
541 string result;
542 size_t input_consumed;
543 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
544 string signature;
545 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
546
547 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
548 EXPECT_EQ(2, GetParam()->keymaster0_calls());
549}
550
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]551TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]552 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
553 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]554 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
555 .RsaSigningKey(256 + 9 * 8, 3)
556 .Digest(KM_DIGEST_SHA_2_256)
557 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]558 string message(1024, 'a');
559 string signature;
560
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]561 AuthorizationSet begin_params(client_params());
562 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]563 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]564 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]565}
566
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]567TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
568 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
569 .RsaSigningKey(256, 3)
570 .Digest(KM_DIGEST_NONE)
571 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
572 string message(64 * 1024, 'a');
573 string signature;
574 AuthorizationSet begin_params(client_params());
575 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
576 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
577 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
578 string result;
579 size_t input_consumed;
580 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
581
582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
583 EXPECT_EQ(2, GetParam()->keymaster0_calls());
584}
585
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]586TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
588 .RsaSigningKey(256, 3)
589 .Digest(KM_DIGEST_NONE)
590 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]591 AuthorizationSet begin_params(client_params());
592 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]593 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]594 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]595 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
596 // Another abort should fail
597 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]598
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]599 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]600 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]601}
602
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]603TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]604 GenerateKey(AuthorizationSetBuilder()
605 .RsaSigningKey(256, 3)
606 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
607 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]608 AuthorizationSet begin_params(client_params());
609 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
610 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]611
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]612 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]613 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]614}
615
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]616TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]617 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]618 GenerateKey(AuthorizationSetBuilder()
619 .RsaSigningKey(256, 3)
620 .Digest(KM_DIGEST_NONE)
621 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]622 AuthorizationSet begin_params(client_params());
623 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]624 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]625 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]626
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]627 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]628 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]629}
630
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]631TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]632 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]633 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
634 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]635 AuthorizationSet begin_params(client_params());
636 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
637 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]638
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]639 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]640 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]641}
642
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]643TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]644 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
645 .RsaSigningKey(256, 3)
646 .Digest(KM_DIGEST_NONE)
647 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]648 AuthorizationSet begin_params(client_params());
649 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]650 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]652
653 string message = "1234567890123456789012345678901";
654 string result;
655 size_t input_consumed;
656 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
657 EXPECT_EQ(0U, result.size());
658 EXPECT_EQ(31U, input_consumed);
659
660 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]661 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]662 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]663
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]664 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]665 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]666}
667
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]668TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]669 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
670 .RsaEncryptionKey(256, 3)
671 .Digest(KM_DIGEST_NONE)
672 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]673 AuthorizationSet begin_params(client_params());
674 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
675 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
676 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]677
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]678 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]679 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]680}
681
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]682TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]683 ASSERT_EQ(KM_ERROR_OK,
684 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]685 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]686 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]687 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]688
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]689 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
690 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]691}
692
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]693TEST_P(SigningOperationsTest, EcdsaSha256Success) {
694 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
695 KM_DIGEST_SHA_2_256)));
696 string message(1024, 'a');
697 string signature;
698 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
699
700 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
701 EXPECT_EQ(3, GetParam()->keymaster0_calls());
702}
703
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]704TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
705 ASSERT_EQ(KM_ERROR_OK,
706 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
707 string message(64 * 1024, 'a');
708 string signature;
709 AuthorizationSet begin_params(client_params());
710 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
711 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
712 string result;
713 size_t input_consumed;
714 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
715
716 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
717 EXPECT_EQ(2, GetParam()->keymaster0_calls());
718}
719
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]720TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]721 ASSERT_EQ(KM_ERROR_OK,
722 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
723 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]724 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
725 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]726
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]727 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]728}
729
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]730TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]731 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]732 string message = "12345678901234567890123456789012";
733 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]734 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]735 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]736
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]737 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]738}
739
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]740TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]741 ASSERT_EQ(KM_ERROR_OK,
742 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]743 string message = "12345678901234567890123456789012";
744 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]745 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]746 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]747
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]748 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]749}
750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]751TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]752 ASSERT_EQ(KM_ERROR_OK,
753 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]754 string message = "12345678901234567890123456789012";
755 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]756 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]757 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]758
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]759 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]760}
761
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]762TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]763 ASSERT_EQ(KM_ERROR_OK,
764 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
765
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]766 string message = "12345678901234567890123456789012";
767 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]768 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]769 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]770
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]771 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]772}
773
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]774TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]775 ASSERT_EQ(KM_ERROR_OK,
776 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]777 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]778 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]779 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]780 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]781
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]782 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]783}
784
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]785TEST_P(SigningOperationsTest, HmacAnyDigestSuccess) {
786 ASSERT_EQ(KM_ERROR_OK,
787 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
788 string message = "12345678901234567890123456789012";
789 string signature;
790
791 size_t len;
792 keymaster_digest_t* digests;
793 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
794 KM_PURPOSE_SIGN, &digests, &len));
795 for (size_t i = 0; i < len; ++i)
796 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
797 free(digests);
798
799 // Ensure that we can't actually try to do an HMAC with no digest
800 AuthorizationSet begin_params(client_params());
801 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
802 begin_params.push_back(TAG_MAC_LENGTH, 128);
803 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
804
805 EXPECT_EQ(0, GetParam()->keymaster0_calls());
806}
807
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]808TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]809 // TODO(swillden): unified API should generate an error on key generation.
810 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
811 .HmacKey(128)
812 .Digest(KM_DIGEST_SHA_2_256)
813 .Authorization(TAG_MAC_LENGTH, 20)));
814 string message = "12345678901234567890123456789012";
815 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]816 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]817 // Size in key was ignored.
818 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]819
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]820 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]821}
822
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]823TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]824 uint8_t key_data[] = {
825 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
826 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
827 };
828 string message = "Hi There";
829 uint8_t sha_224_expected[] = {
830 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
831 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
832 };
833 uint8_t sha_256_expected[] = {
834 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
835 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
836 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
837 };
838 uint8_t sha_384_expected[] = {
839 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
840 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
841 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
842 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
843 };
844 uint8_t sha_512_expected[] = {
845 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
846 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
847 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
848 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
849 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
850 };
851
852 string key = make_string(key_data);
853
854 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
855 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
856 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
857 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]858
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]859 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]860}
861
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]862TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]863 string key = "Jefe";
864 string message = "what do ya want for nothing?";
865 uint8_t sha_224_expected[] = {
866 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
867 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
868 };
869 uint8_t sha_256_expected[] = {
870 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
871 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
872 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
873 };
874 uint8_t sha_384_expected[] = {
875 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
876 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
877 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
878 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
879 };
880 uint8_t sha_512_expected[] = {
881 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
882 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
883 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
884 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
885 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
886 };
887
888 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
889 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
890 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
891 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]892
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]893 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]894}
895
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]896TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]897 string key(20, 0xaa);
898 string message(50, 0xdd);
899 uint8_t sha_224_expected[] = {
900 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
901 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
902 };
903 uint8_t sha_256_expected[] = {
904 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
905 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
906 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
907 };
908 uint8_t sha_384_expected[] = {
909 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
910 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
911 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
912 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
913 };
914 uint8_t sha_512_expected[] = {
915 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
916 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
917 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
918 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
919 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
920 };
921
922 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
923 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
924 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
925 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]926
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]927 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]928}
929
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]930TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]931 uint8_t key_data[25] = {
932 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
933 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
934 };
935 string key = make_string(key_data);
936 string message(50, 0xcd);
937 uint8_t sha_224_expected[] = {
938 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
939 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
940 };
941 uint8_t sha_256_expected[] = {
942 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
943 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
944 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
945 };
946 uint8_t sha_384_expected[] = {
947 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
948 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
949 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
950 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
951 };
952 uint8_t sha_512_expected[] = {
953 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
954 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
955 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
956 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
957 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
958 };
959
960 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
961 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
962 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
963 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]964
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]965 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]966}
967
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]968TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]969 string key(20, 0x0c);
970 string message = "Test With Truncation";
971
972 uint8_t sha_224_expected[] = {
973 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
974 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
975 };
976 uint8_t sha_256_expected[] = {
977 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
978 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
979 };
980 uint8_t sha_384_expected[] = {
981 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
982 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
983 };
984 uint8_t sha_512_expected[] = {
985 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
986 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
987 };
988
989 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
990 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
991 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
992 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]993
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]994 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]995}
996
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]997TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]998 string key(131, 0xaa);
999 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1000
1001 uint8_t sha_224_expected[] = {
1002 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1003 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1004 };
1005 uint8_t sha_256_expected[] = {
1006 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1007 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1008 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1009 };
1010 uint8_t sha_384_expected[] = {
1011 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1012 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1013 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1014 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1015 };
1016 uint8_t sha_512_expected[] = {
1017 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1018 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1019 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1020 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1021 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1022 };
1023
1024 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1025 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1026 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1027 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1028
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1029 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1030}
1031
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1032TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1033 string key(131, 0xaa);
1034 string message = "This is a test using a larger than block-size key and a larger than "
1035 "block-size data. The key needs to be hashed before being used by the HMAC "
1036 "algorithm.";
1037
1038 uint8_t sha_224_expected[] = {
1039 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1040 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1041 };
1042 uint8_t sha_256_expected[] = {
1043 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1044 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1045 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1046 };
1047 uint8_t sha_384_expected[] = {
1048 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1049 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1050 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1051 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1052 };
1053 uint8_t sha_512_expected[] = {
1054 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1055 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1056 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1057 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1058 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1059 };
1060
1061 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1062 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1063 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1064 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1065
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1066 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1067}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1068
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1069TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1070 ASSERT_EQ(KM_ERROR_OK,
1071 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
1072 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1073 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1074 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1075 ASSERT_EQ(KM_ERROR_OK,
1076 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
1077 string message = "1234567890123456789012345678901";
1078 string result;
1079 size_t input_consumed;
1080 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1081 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1082
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1083 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1084}
1085
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1086// TODO(swillden): Add more verification failure tests.
1087
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1088typedef Keymaster1Test VerificationOperationsTest;
1089INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1090
1091TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1092 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1093 .RsaSigningKey(256, 3)
1094 .Digest(KM_DIGEST_NONE)
1095 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1096 string message = "12345678901234567890123456789012";
1097 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1098 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1099 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1101 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1102 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1103}
1104
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1105TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1106 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1107 .RsaSigningKey(512, 3)
1108 .Digest(KM_DIGEST_SHA_2_256)
1109 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1110 // Use large message, which won't work without digesting.
1111 string message(1024, 'a');
1112 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1113 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1114 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1115
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1116 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1117 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1118}
1119
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1120TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1121 GenerateKey(AuthorizationSetBuilder()
1122 .RsaSigningKey(512, 3)
1123 .Digest(KM_DIGEST_SHA_2_256)
1124 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1125 string message(1024, 'a');
1126 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1127 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1128 ++signature[signature.size() / 2];
1129
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1130 AuthorizationSet begin_params(client_params());
1131 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1132 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1133 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1134
1135 string result;
1136 size_t input_consumed;
1137 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1138 EXPECT_EQ(message.size(), input_consumed);
1139 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1140
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1141 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1142 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1143}
1144
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1145TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1146 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1147 .RsaSigningKey(512, 3)
1148 .Digest(KM_DIGEST_SHA_2_256)
1149 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1150 // Use large message, which won't work without digesting.
1151 string message(1024, 'a');
1152 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1153 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1154 ++message[message.size() / 2];
1155
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1156 AuthorizationSet begin_params(client_params());
1157 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1158 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1159 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1160
1161 string result;
1162 size_t input_consumed;
1163 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1164 EXPECT_EQ(message.size(), input_consumed);
1165 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1166
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1167 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1168 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1169}
1170
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1171TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1172 GenerateKey(AuthorizationSetBuilder()
1173 .RsaSigningKey(512, 3)
1174 .Digest(KM_DIGEST_SHA_2_256)
1175 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1176 string message(1024, 'a');
1177 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1178 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1179 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1180
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1181 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1182 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1183}
1184
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1185TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1186 GenerateKey(AuthorizationSetBuilder()
1187 .RsaSigningKey(512, 3)
1188 .Digest(KM_DIGEST_SHA_2_256)
1189 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1190 string message(1024, 'a');
1191 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1192 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1193 ++signature[signature.size() / 2];
1194
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1195 AuthorizationSet begin_params(client_params());
1196 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1197 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1198 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1199
1200 string result;
1201 size_t input_consumed;
1202 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1203 EXPECT_EQ(message.size(), input_consumed);
1204 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1205
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1206 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1207 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1208}
1209
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1210TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1211 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1212 .RsaSigningKey(512, 3)
1213 .Digest(KM_DIGEST_SHA_2_256)
1214 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1215 // Use large message, which won't work without digesting.
1216 string message(1024, 'a');
1217 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1218 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1219 ++message[message.size() / 2];
1220
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1221 AuthorizationSet begin_params(client_params());
1222 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1223 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1224 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1225
1226 string result;
1227 size_t input_consumed;
1228 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1229 EXPECT_EQ(message.size(), input_consumed);
1230 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1231
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1232 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1233 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1234}
1235
1236template <typename T> vector<T> make_vector(const T* array, size_t len) {
1237 return vector<T>(array, array + len);
1238}
1239
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1240TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1241 // Get all supported digests and padding modes.
1242 size_t digests_len;
1243 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1244 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1245 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1246 &digests_len));
1247
1248 size_t padding_modes_len;
1249 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1251 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1252 &padding_modes, &padding_modes_len));
1253
1254 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1255 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1256 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1257 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1258 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1259 // Digesting requires padding
1260 continue;
1261
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1262 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1263 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1264 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1265
1266 if (digest == KM_DIGEST_NONE) {
1267 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1268 switch (padding_mode) {
1269 case KM_PAD_NONE:
1270 // Match key size.
1271 message_len = key_bits / 8;
1272 break;
1273 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1274 message_len = key_bits / 8 - 11;
1275 break;
1276 case KM_PAD_RSA_PSS:
1277 // PSS requires a digest.
1278 continue;
1279 default:
1280 FAIL() << "Missing padding";
1281 break;
1282 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1283 } else {
1284 size_t digest_bits;
1285 switch (digest) {
1286 case KM_DIGEST_MD5:
1287 digest_bits = 128;
1288 break;
1289 case KM_DIGEST_SHA1:
1290 digest_bits = 160;
1291 break;
1292 case KM_DIGEST_SHA_2_224:
1293 digest_bits = 224;
1294 break;
1295 case KM_DIGEST_SHA_2_256:
1296 digest_bits = 256;
1297 break;
1298 case KM_DIGEST_SHA_2_384:
1299 digest_bits = 384;
1300 break;
1301 case KM_DIGEST_SHA_2_512:
1302 digest_bits = 512;
1303 break;
1304 default:
1305 FAIL() << "Missing digest";
1306 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1307
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1308 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1309 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1310 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1311 break;
1312 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1313 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1314 break;
1315 default:
1316 FAIL() << "Missing padding";
1317 break;
1318 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1319 }
1320
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1321 GenerateKey(AuthorizationSetBuilder()
1322 .RsaSigningKey(key_bits, 3)
1323 .Digest(digest)
1324 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1325 string message(message_len, 'a');
1326 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1327 SignMessage(message, &signature, digest, padding_mode);
1328 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1329 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1330 }
1331 }
1332
1333 free(padding_modes);
1334 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1335
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1336 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1337 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1338}
1339
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1340TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1341 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1342 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1343 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1344 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1345 SignMessage(message, &signature, KM_DIGEST_NONE);
1346 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1347
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1348 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1349 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1350}
1351
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1352TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1353 ASSERT_EQ(KM_ERROR_OK,
1354 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1355 string message = "12345678901234567890";
1356 string signature;
1357 SignMessage(message, &signature, KM_DIGEST_NONE);
1358 VerifyMessage(message, signature, KM_DIGEST_NONE);
1359
1360 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1361 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1362}
1363
1364TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1365 ASSERT_EQ(KM_ERROR_OK,
1366 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1367 string message = "1234567890123456789012345678901234";
1368 string signature;
1369
1370 AuthorizationSet begin_params(client_params());
1371 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1372 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1373 string output;
1374 size_t input_consumed;
1375 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1376
1377 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1378 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1379}
1380
1381TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1382 ASSERT_EQ(KM_ERROR_OK,
1383 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1384
1385 string message(66, 'a');
1386 string signature;
1387 SignMessage(message, &signature, KM_DIGEST_NONE);
1388 VerifyMessage(message, signature, KM_DIGEST_NONE);
1389
1390 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1391 message[65] ^= 7;
1392 VerifyMessage(message, signature, KM_DIGEST_NONE);
1393
1394 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1395 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1396}
1397
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1398TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1399 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1400 .EcdsaSigningKey(256)
1401 .Digest(KM_DIGEST_SHA_2_256)
1402 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1403 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1404 string signature;
1405 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1406 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1407
1408 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1409 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1410
1411 // Just for giggles, try verifying with the wrong digest.
1412 AuthorizationSet begin_params(client_params());
1413 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1414 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1415
1416 string result;
1417 size_t input_consumed;
1418 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1419 EXPECT_EQ(message.size(), input_consumed);
1420 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1421}
1422
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1423TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1424 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1425 string message = "123456789012345678901234567890123456789012345678";
1426 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1427 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1428 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1429
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1430 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1431}
1432
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1433TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1434 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1435 string message = "123456789012345678901234567890123456789012345678";
1436 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1437 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1438 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1439
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1440 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1441}
1442
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1443TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1444 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1445 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1446 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1447 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1448 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1449
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1450 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1451}
1452
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1453TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1454 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1455 string message = "123456789012345678901234567890123456789012345678";
1456 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1457 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1458 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1459
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1460 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1461}
1462
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1463TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1464 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1465 string message = "123456789012345678901234567890123456789012345678";
1466 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1467 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1468 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1469
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1470 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1471}
1472
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1473TEST_P(VerificationOperationsTest, HmacAnyDigestSuccess) {
1474 ASSERT_EQ(KM_ERROR_OK,
1475 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
1476 string message = "12345678901234567890123456789012";
1477 string signature;
1478
1479 size_t len;
1480 keymaster_digest_t* digests;
1481 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
1482 KM_PURPOSE_SIGN, &digests, &len));
1483 for (size_t i = 0; i < len; ++i) {
1484 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
1485 VerifyMessage(message, signature, digests[i]);
1486 if (len > 1) {
1487 size_t wrong_digest_index = (i == 0) ? 1 : 0;
1488 AuthorizationSet begin_params(client_params());
1489 begin_params.push_back(TAG_DIGEST, digests[wrong_digest_index]);
1490 begin_params.push_back(TAG_MAC_LENGTH, 128);
1491 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1492 string output;
1493 size_t input_consumed;
1494 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &output, &input_consumed));
1495 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &output));
1496 }
1497 }
1498 free(digests);
1499
1500 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1501}
1502
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1503typedef Keymaster1Test ExportKeyTest;
1504INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1505
1506TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1507 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1508 .RsaSigningKey(256, 3)
1509 .Digest(KM_DIGEST_NONE)
1510 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1511 string export_data;
1512 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1513 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1514
1515 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1516
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1517 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1518 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1519}
1520
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1521TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1522 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1523 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1524 string export_data;
1525 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1526 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1527
1528 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1529
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1530 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1531 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1532}
1533
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1534TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1535 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1536 .RsaSigningKey(256, 3)
1537 .Digest(KM_DIGEST_NONE)
1538 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1539 string export_data;
1540 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1541
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1542 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1543 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1544}
1545
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1546TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1547 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1548 .RsaSigningKey(256, 3)
1549 .Digest(KM_DIGEST_NONE)
1550 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1551 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1552 string export_data;
1553 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1554
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1555 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1556 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1557}
1558
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1559TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1560 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1561 string export_data;
1562
1563 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1564 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1565 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1566
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1567 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1568}
1569
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1570static string read_file(const string& file_name) {
1571 ifstream file_stream(file_name, std::ios::binary);
1572 istreambuf_iterator<char> file_begin(file_stream);
1573 istreambuf_iterator<char> file_end;
1574 return string(file_begin, file_end);
1575}
1576
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1577typedef Keymaster1Test ImportKeyTest;
1578INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1579
1580TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1581 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1582 ASSERT_EQ(633U, pk8_key.size());
1583
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1584 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1585 .RsaSigningKey(1024, 65537)
1586 .Digest(KM_DIGEST_NONE)
1587 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1588 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1589
1590 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1591 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1592 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1593 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1594 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1595 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1596 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1597 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1598 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1599 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1600
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1601 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1602 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1603 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1604
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1605 string message(1024 / 8, 'a');
1606 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1607 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1608 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1609
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1610 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1611 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1612}
1613
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1614TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1615 string pk8_key = read_file("rsa_privkey_pk8.der");
1616 ASSERT_EQ(633U, pk8_key.size());
1617
1618 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1619 // point softkeymaster will no longer support keymaster0 APIs anyway.
1620 uint8_t* key_blob;
1621 size_t key_blob_length;
1622 ASSERT_EQ(0,
1623 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1624 pk8_key.size(), &key_blob, &key_blob_length));
1625 set_key_blob(key_blob, key_blob_length);
1626
1627 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1628 AuthorizationSet begin_params; // Don't use client data.
1629 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1630 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1631 AuthorizationSet update_params;
1632 AuthorizationSet output_params;
1633 string signature =
1634 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1635 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1636 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1637
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1638 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1639 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1640}
1641
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1642TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1643 string pk8_key = read_file("rsa_privkey_pk8.der");
1644 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1645 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1646 ImportKey(AuthorizationSetBuilder()
1647 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1648 .Digest(KM_DIGEST_NONE)
1649 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1650 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1651
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1652 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1653}
1654
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1655TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1656 string pk8_key = read_file("rsa_privkey_pk8.der");
1657 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1658 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1659 ImportKey(AuthorizationSetBuilder()
1660 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1661 .Digest(KM_DIGEST_NONE)
1662 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1663 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1664
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1665 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1666}
1667
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1668TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1669 string pk8_key = read_file("ec_privkey_pk8.der");
1670 ASSERT_EQ(138U, pk8_key.size());
1671
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1672 ASSERT_EQ(KM_ERROR_OK,
1673 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1674 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1675
1676 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1677 EXPECT_TRUE(
1678 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1679 TAG_ALGORITHM, KM_ALGORITHM_EC));
1680 EXPECT_TRUE(
1681 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1682 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1683
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1684 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1685 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1686 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1687
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1688 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1689 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1690 SignMessage(message, &signature, KM_DIGEST_NONE);
1691 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1692
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1693 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1694 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1695}
1696
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1697TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1698 string pk8_key = read_file("ec_privkey_pk8.der");
1699 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1700
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1701 ASSERT_EQ(KM_ERROR_OK,
1702 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1703 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1704
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1705 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1706 EXPECT_TRUE(
1707 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1708 TAG_ALGORITHM, KM_ALGORITHM_EC));
1709 EXPECT_TRUE(
1710 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1711 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1712
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1713 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1714 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1715 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1716
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1717 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1718 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1719 SignMessage(message, &signature, KM_DIGEST_NONE);
1720 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1721
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1722 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1723 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1724}
1725
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1726TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1727 string pk8_key = read_file("ec_privkey_pk8.der");
1728 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1729 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1730 ImportKey(AuthorizationSetBuilder()
1731 .EcdsaSigningKey(224 /* Doesn't match key */)
1732 .Digest(KM_DIGEST_NONE),
1733 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1734
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1735 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1736}
1737
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1738TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1739 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1740 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1741 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1742 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1743 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1744 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1745
1746 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1747 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1748
1749 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1750 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1751 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1752 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1753
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1754 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1755}
1756
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1757TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1758 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1759 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1760 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1761 .HmacKey(sizeof(key_data) * 8)
1762 .Digest(KM_DIGEST_SHA_2_256)
1763 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1764 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1765
1766 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1767 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1768
1769 string message = "Hello World!";
1770 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1771 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1772 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1773
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1774 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1775}
1776
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1777typedef Keymaster1Test EncryptionOperationsTest;
1778INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1779
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1780TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1781 ASSERT_EQ(KM_ERROR_OK,
1782 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1783
1784 string message = "12345678901234567890123456789012";
1785 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1786 EXPECT_EQ(256U / 8, ciphertext1.size());
1787
1788 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1789 EXPECT_EQ(256U / 8, ciphertext2.size());
1790
1791 // Unpadded RSA is deterministic
1792 EXPECT_EQ(ciphertext1, ciphertext2);
1793
1794 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1795 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1796}
1797
1798TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1799 ASSERT_EQ(KM_ERROR_OK,
1800 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1801
1802 string message = "1234567890123456789012345678901";
1803
1804 AuthorizationSet begin_params(client_params());
1805 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1806 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1807
1808 string result;
1809 size_t input_consumed;
1810 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1811 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1812 EXPECT_EQ(0U, result.size());
1813
1814 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1815 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1816}
1817
1818TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1819 ASSERT_EQ(KM_ERROR_OK,
1820 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1821
1822 string message = "123456789012345678901234567890123";
1823
1824 AuthorizationSet begin_params(client_params());
1825 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1826 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1827
1828 string result;
1829 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1830 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1831
1832 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1833 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1834}
1835
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1836TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1837 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1838 .RsaEncryptionKey(512, 3)
1839 .Padding(KM_PAD_RSA_OAEP)
1840 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1841
1842 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1843 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1844 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1845
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1846 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1847 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1848
1849 // OAEP randomizes padding so every result should be different.
1850 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1851
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1852 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1853 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1854}
1855
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1856TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1857 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1858 .RsaEncryptionKey(512, 3)
1859 .Padding(KM_PAD_RSA_OAEP)
1860 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1861 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1862 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1863 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1864
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1865 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1866 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1867
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1868 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1869 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1870}
1871
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1872TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1873 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1874 .RsaEncryptionKey(512, 3)
1875 .Padding(KM_PAD_RSA_OAEP)
1876 .Digest(KM_DIGEST_NONE)));
1877 string message = "Hello World!";
1878
1879 AuthorizationSet begin_params(client_params());
1880 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1881 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1882 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1883
1884 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1885 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1886}
1887
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1888TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1889 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1890 .RsaEncryptionKey(512, 3)
1891 .Padding(KM_PAD_RSA_OAEP)
1892 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1893 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1894 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1895 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1896
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1897 AuthorizationSet begin_params(client_params());
1898 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1899 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1900 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1901 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1902 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1903 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1904
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1905 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1906 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1907}
1908
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1909TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1910 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1911 .RsaEncryptionKey(512, 3)
1912 .Padding(KM_PAD_RSA_OAEP)
1913 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1914 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1915 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1916 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1917
1918 // Corrupt the ciphertext
1919 ciphertext[512 / 8 / 2]++;
1920
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1921 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1922 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1923 AuthorizationSet begin_params(client_params());
1924 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1925 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1926 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1927 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1928 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1929 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1930
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1931 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1932 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1933}
1934
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1935TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1936 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1937 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1938 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1939 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1940 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1941
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1942 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1943 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1944
1945 // PKCS1 v1.5 randomizes padding so every result should be different.
1946 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1947
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1948 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1949 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1950}
1951
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1952TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1953 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1954 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1955 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1956 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1957 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1958
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1959 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1960 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1961
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1962 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1963 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1964}
1965
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1966TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1967 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1968 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1969 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1970 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1971 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1972
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1973 AuthorizationSet begin_params(client_params());
1974 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1975 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1976 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1977 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1978 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1979
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1980 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1981 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1982}
1983
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1984TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
1985 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1986 .RsaEncryptionKey(512, 3)
1987 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
1988 .Digest(KM_DIGEST_NONE)));
1989 string message = "Hello World!";
1990 string result;
1991
1992 AuthorizationSet begin_params(client_params());
1993 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1994 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
1995 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1996
1997 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1998 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1999}
2000
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2001TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2002 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2003 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2004 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2005 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2006 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2007
2008 // Corrupt the ciphertext
2009 ciphertext[512 / 8 / 2]++;
2010
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2011 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2012 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2013 AuthorizationSet begin_params(client_params());
2014 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2015 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2016 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2017 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2018 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2019
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2020 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2021 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2022}
2023
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2024TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2025 ASSERT_EQ(KM_ERROR_OK,
2026 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2027
2028 AuthorizationSet begin_params(client_params());
2029 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2030 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2031
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2032 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2033 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2034}
2035
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2036TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2037 ASSERT_EQ(KM_ERROR_OK,
2038 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2039 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2040 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2041
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2042 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2043 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2044}
2045
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2046TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2047 ASSERT_EQ(
2048 KM_ERROR_OK,
2049 GenerateKey(
2050 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2051 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2052 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2053
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2054 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2055}
2056
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2057TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2058 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2059 .AesEncryptionKey(128)
2060 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2061 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2062 // Two-block message.
2063 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2064 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2065 EXPECT_EQ(message.size(), ciphertext1.size());
2066
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2067 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2068 EXPECT_EQ(message.size(), ciphertext2.size());
2069
2070 // ECB is deterministic.
2071 EXPECT_EQ(ciphertext1, ciphertext2);
2072
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2073 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2074 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2075
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2076 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2077}
2078
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2079TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2080 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2081 .AesEncryptionKey(128)
2082 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2083 .Padding(KM_PAD_NONE)));
2084 // Two-block message.
2085 string message = "12345678901234567890123456789012";
2086 AuthorizationSet begin_params(client_params());
2087 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2088 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2089 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2090
2091 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2092}
2093
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2094TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2095 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2096 .AesEncryptionKey(128)
2097 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2098 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2099 // Message is slightly shorter than two blocks.
2100 string message = "1234567890123456789012345678901";
2101
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2102 AuthorizationSet begin_params(client_params());
2103 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2104 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2105 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2106 string ciphertext;
2107 size_t input_consumed;
2108 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2109 EXPECT_EQ(message.size(), input_consumed);
2110 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2111
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2112 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2113}
2114
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2115TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2116 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2117 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2118 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2119 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2120
2121 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2122 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2123 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2124 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2125 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2126 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2127 EXPECT_EQ(message, plaintext);
2128 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2129
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2130 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2131}
2132
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2133TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2134 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2135 .AesEncryptionKey(128)
2136 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2137 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2138
2139 // Try various message lengths; all should work.
2140 for (size_t i = 0; i < 32; ++i) {
2141 string message(i, 'a');
2142 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
2143 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
2144 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
2145 EXPECT_EQ(message, plaintext);
2146 }
2147
2148 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2149}
2150
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2151TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2152 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2153 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2154 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2155 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2156
2157 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2158 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2159 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2160 EXPECT_NE(ciphertext, message);
2161 ++ciphertext[ciphertext.size() / 2];
2162
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2163 AuthorizationSet begin_params(client_params());
2164 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2165 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2166 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2167 string plaintext;
2168 size_t input_consumed;
2169 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2170 EXPECT_EQ(ciphertext.size(), input_consumed);
2171 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2172
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2173 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2174}
2175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2176TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2177 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2178 .AesEncryptionKey(128)
2179 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2180 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2181 string message = "123";
2182 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2183 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2184 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2185 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2186
2187 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2188 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2189 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2190 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2191
2192 // IVs should be random, so ciphertexts should differ.
2193 EXPECT_NE(iv1, iv2);
2194 EXPECT_NE(ciphertext1, ciphertext2);
2195
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2196 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2197 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2198
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2199 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2200}
2201
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2202TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2203 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2204 .AesEncryptionKey(128)
2205 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2206 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2207
2208 int increment = 15;
2209 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2210 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2211 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2212 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2213 AuthorizationSet output_params;
2214 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2215
2216 string ciphertext;
2217 size_t input_consumed;
2218 for (size_t i = 0; i < message.size(); i += increment)
2219 EXPECT_EQ(KM_ERROR_OK,
2220 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2221 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2222 EXPECT_EQ(message.size(), ciphertext.size());
2223
2224 // Move TAG_NONCE into input_params
2225 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2226 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2227 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2228 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2229 output_params.Clear();
2230
2231 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2232 string plaintext;
2233 for (size_t i = 0; i < ciphertext.size(); i += increment)
2234 EXPECT_EQ(KM_ERROR_OK,
2235 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2236 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2237 EXPECT_EQ(ciphertext.size(), plaintext.size());
2238 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2239
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2240 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2241}
2242
2243struct AesCtrSp80038aTestVector {
2244 const char* key;
2245 const char* nonce;
2246 const char* plaintext;
2247 const char* ciphertext;
2248};
2249
2250// These test vectors are taken from
2251// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2252static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2253 // AES-128
2254 {
2255 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2256 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2257 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2258 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2259 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2260 },
2261 // AES-192
2262 {
2263 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2264 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2265 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2266 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2267 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2268 },
2269 // AES-256
2270 {
2271 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2272 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2273 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2274 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2275 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2276 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2277 },
2278};
2279
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2280TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2281 for (size_t i = 0; i < 3; i++) {
2282 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2283 const string key = hex2str(test.key);
2284 const string nonce = hex2str(test.nonce);
2285 const string plaintext = hex2str(test.plaintext);
2286 const string ciphertext = hex2str(test.ciphertext);
2287 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2288 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2289
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2290 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2291}
2292
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2293TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2294 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2295 .AesEncryptionKey(128)
2296 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2297 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2298 AuthorizationSet begin_params(client_params());
2299 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2300 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2301 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2302
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2303 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2304}
2305
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2306TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2307 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2308 .AesEncryptionKey(128)
2309 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2310 .Authorization(TAG_CALLER_NONCE)
2311 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2312
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2313 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2314 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2315 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2316 input_params.push_back(TAG_NONCE, "123", 3);
2317 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2318
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2319 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2320}
2321
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2322TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2323 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2324 .AesEncryptionKey(128)
2325 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2326 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2327 // Two-block message.
2328 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2329 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2330 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2331 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2332
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2333 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2334 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2335 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2336
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2337 // IVs should be random, so ciphertexts should differ.
2338 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2339 EXPECT_NE(ciphertext1, ciphertext2);
2340
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2341 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2342 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2343
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2344 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2345}
2346
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2347TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2348 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2349 .AesEncryptionKey(128)
2350 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2351 .Authorization(TAG_CALLER_NONCE)
2352 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2353 string message = "12345678901234567890123456789012";
2354 string iv1;
2355 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2356 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2357 EXPECT_EQ(message.size(), ciphertext1.size());
2358 EXPECT_EQ(16U, iv1.size());
2359
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2360 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2361 EXPECT_EQ(message, plaintext);
2362
2363 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2364 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2365 AuthorizationSet update_params;
2366 AuthorizationSet output_params;
2367 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2368 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2369 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2370 string ciphertext2 =
2371 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2372
2373 // Decrypt with correct nonce.
2374 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2375 &output_params);
2376 EXPECT_EQ(message, plaintext);
2377
2378 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2379 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2380 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2381 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2382 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2383 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2384 &output_params);
2385 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2386
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2387 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2388}
2389
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2390TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2391 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2392 .AesEncryptionKey(128)
2393 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2394 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2395
2396 string message = "12345678901234567890123456789012";
2397 string iv1;
2398 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2399 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2400 EXPECT_EQ(message.size(), ciphertext1.size());
2401 EXPECT_EQ(16U, iv1.size());
2402
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2403 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2404 EXPECT_EQ(message, plaintext);
2405
2406 // Now specify a nonce, should fail.
2407 AuthorizationSet input_params(client_params());
2408 AuthorizationSet update_params;
2409 AuthorizationSet output_params;
2410 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2411 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2412 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2413
2414 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2415 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2416
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2417 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2418}
2419
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2420TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2421 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2422 .AesEncryptionKey(128)
2423 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2424 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2425
2426 int increment = 15;
2427 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2428 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2429 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2430 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2431 AuthorizationSet output_params;
2432 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2433
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2434 string ciphertext;
2435 size_t input_consumed;
2436 for (size_t i = 0; i < message.size(); i += increment)
2437 EXPECT_EQ(KM_ERROR_OK,
2438 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2439 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2440 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2441
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2442 // Move TAG_NONCE into input_params
2443 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2444 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2445 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2446 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2447 output_params.Clear();
2448
2449 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2450 string plaintext;
2451 for (size_t i = 0; i < ciphertext.size(); i += increment)
2452 EXPECT_EQ(KM_ERROR_OK,
2453 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2454 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2455 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2456 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2457
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2458 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2459}
2460
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2461TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2462 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2463 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2464 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2465 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2466
2467 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2468 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2469 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2470 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2471 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2472 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2473 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2474 EXPECT_EQ(message, plaintext);
2475 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2476
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2477 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2478}
2479
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2480TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2481 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2482 .AesEncryptionKey(128)
2483 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2484 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2485 string aad = "foobar";
2486 string message = "123456789012345678901234567890123456";
2487 AuthorizationSet begin_params(client_params());
2488 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2489 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2490 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2491
2492 AuthorizationSet update_params;
2493 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2494
2495 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2496 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2497 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2498 string ciphertext;
2499 size_t input_consumed;
2500 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2501 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2502 &input_consumed));
2503 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2504 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2505
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2506 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2507 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2508 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2509
2510 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2511 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2512 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2513 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2514 &plaintext, &input_consumed));
2515 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2516 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2517
2518 EXPECT_EQ(message, plaintext);
2519 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2520}
2521
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2522TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2523 uint8_t nonce[] = {
2524 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2525 };
2526 uint8_t ciphertext[] = {
2527 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2528 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2529 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2530 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2531 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2532 };
2533 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2534
2535 AuthorizationSet begin_params(client_params());
2536 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2537 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2538 begin_params.push_back(TAG_MAC_LENGTH, 128);
2539 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2540
2541 string plaintext;
2542 size_t input_consumed;
2543
2544 // Import correct key and decrypt
2545 uint8_t good_key[] = {
2546 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2547 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2548 };
2549 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2550 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2551 .AesEncryptionKey(128)
2552 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2553 .Authorization(TAG_PADDING, KM_PAD_NONE)
2554 .Authorization(TAG_CALLER_NONCE),
2555 KM_KEY_FORMAT_RAW, good_key_str));
2556 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2557 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2558 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2559
2560 // Import bad key and decrypt
2561 uint8_t bad_key[] = {
2562 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2563 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2564 };
2565 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2566 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2567 .AesEncryptionKey(128)
2568 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2569 .Authorization(TAG_PADDING, KM_PAD_NONE),
2570 KM_KEY_FORMAT_RAW, bad_key_str));
2571 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2572 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2573 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2574
2575 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2576}
2577
2578TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2579 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2580 .AesEncryptionKey(128)
2581 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2582 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2583 string aad = "123456789012345678";
2584 string empty_message;
2585 AuthorizationSet begin_params(client_params());
2586 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2587 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2588 begin_params.push_back(TAG_MAC_LENGTH, 128);
2589
2590 AuthorizationSet update_params;
2591 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2592
2593 // Encrypt
2594 AuthorizationSet begin_out_params;
2595 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2596 string ciphertext;
2597 size_t input_consumed;
2598 AuthorizationSet update_out_params;
2599 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2600 &ciphertext, &input_consumed));
2601 EXPECT_EQ(0U, input_consumed);
2602 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2603
2604 // Grab nonce
2605 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2606 begin_params.push_back(begin_out_params);
2607
2608 // Decrypt.
2609 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2610 string plaintext;
2611 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2612 &plaintext, &input_consumed));
2613 EXPECT_EQ(ciphertext.size(), input_consumed);
2614 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2615
2616 EXPECT_EQ(empty_message, plaintext);
2617 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2618}
2619
2620TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2621 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2622 .AesEncryptionKey(128)
2623 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2624 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2625 AuthorizationSet begin_params(client_params());
2626 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2627 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2628 begin_params.push_back(TAG_MAC_LENGTH, 128);
2629
2630 AuthorizationSet update_params;
2631 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2632
2633 // Encrypt
2634 AuthorizationSet begin_out_params;
2635 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2636 string ciphertext;
2637 size_t input_consumed;
2638 AuthorizationSet update_out_params;
2639
2640 // Send AAD, incrementally
2641 for (int i = 0; i < 1000; ++i) {
2642 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2643 &input_consumed));
2644 EXPECT_EQ(0U, input_consumed);
2645 EXPECT_EQ(0U, ciphertext.size());
2646 }
2647
2648 // Now send data, incrementally, no data.
2649 AuthorizationSet empty_params;
2650 for (int i = 0; i < 1000; ++i) {
2651 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2652 &input_consumed));
2653 EXPECT_EQ(1U, input_consumed);
2654 }
2655 EXPECT_EQ(1000U, ciphertext.size());
2656
2657 // And finish.
2658 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2659 EXPECT_EQ(1016U, ciphertext.size());
2660
2661 // Grab nonce
2662 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2663 begin_params.push_back(begin_out_params);
2664
2665 // Decrypt.
2666 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2667 string plaintext;
2668
2669 // Send AAD, incrementally, no data
2670 for (int i = 0; i < 1000; ++i) {
2671 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2672 &input_consumed));
2673 EXPECT_EQ(0U, input_consumed);
2674 EXPECT_EQ(0U, plaintext.size());
2675 }
2676
2677 // Now send data, incrementally.
2678 for (size_t i = 0; i < ciphertext.length(); ++i) {
2679 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2680 &update_out_params, &plaintext, &input_consumed));
2681 EXPECT_EQ(1U, input_consumed);
2682 }
2683 EXPECT_EQ(1000U, plaintext.size());
2684 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2685
2686 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2687}
2688
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2689TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2690 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2691 .AesEncryptionKey(128)
2692 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2693 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2694 string message = "123456789012345678901234567890123456";
2695 AuthorizationSet begin_params(client_params());
2696 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2697 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2698 begin_params.push_back(TAG_MAC_LENGTH, 128);
2699 AuthorizationSet begin_out_params;
2700
2701 AuthorizationSet update_params;
2702 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2703
2704 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2705
2706 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2707 string ciphertext;
2708 size_t input_consumed;
2709 AuthorizationSet update_out_params;
2710 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2711 &ciphertext, &input_consumed));
2712 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2713
2714 // AAD and data.
2715 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2716 &input_consumed));
2717 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2718 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2719
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2720 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2721 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2722 begin_params.push_back(begin_out_params);
2723
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2724 // Decrypt
2725 update_params.Clear();
2726 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2727
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2728 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2729 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2730 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2731 &plaintext, &input_consumed));
2732 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2733 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2734
2735 EXPECT_EQ(message, plaintext);
2736 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2737}
2738
2739TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2740 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2741 .AesEncryptionKey(128)
2742 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2743 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2744 string message = "12345678901234567890123456789012";
2745 AuthorizationSet begin_params(client_params());
2746 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2747 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2748 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2749
2750 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2751 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2752
2753 AuthorizationSet finish_params;
2754 AuthorizationSet finish_out_params;
2755
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2756 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2757 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2758 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2759 AuthorizationSet update_out_params;
2760 string ciphertext;
2761 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2762 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2763 &input_consumed));
2764 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2765 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2766
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2767 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2768 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2769 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2770
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2771 update_params.Clear();
2772 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2773
2774 // Decrypt.
2775 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2776 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2777 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2778 &plaintext, &input_consumed));
2779 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2780 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2781
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2782 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2783}
2784
2785TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2786 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2787 .AesEncryptionKey(128)
2788 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2789 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2790 string message = "12345678901234567890123456789012";
2791 AuthorizationSet begin_params(client_params());
2792 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2793 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2794 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2795
2796 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2797 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2798
2799 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2800 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2801 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2802 AuthorizationSet update_out_params;
2803 string ciphertext;
2804 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2805 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2806 &input_consumed));
2807 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2808 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2809
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2810 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2811
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2812 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2813 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2814 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2815 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2816 &plaintext, &input_consumed));
2817 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2818 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2819
2820 // With wrong nonce, should have gotten garbage plaintext.
2821 EXPECT_NE(message, plaintext);
2822 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2823}
2824
2825TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2826 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2827 .AesEncryptionKey(128)
2828 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2829 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2830 string aad = "foobar";
2831 string message = "123456789012345678901234567890123456";
2832 AuthorizationSet begin_params(client_params());
2833 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2834 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2835 begin_params.push_back(TAG_MAC_LENGTH, 128);
2836 AuthorizationSet begin_out_params;
2837
2838 AuthorizationSet update_params;
2839 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2840
2841 // Encrypt
2842 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2843 AuthorizationSet update_out_params;
2844 string ciphertext;
2845 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2846 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2847 &input_consumed));
2848 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2849 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2850
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2851 // Corrupt tag
2852 (*ciphertext.rbegin())++;
2853
2854 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2855 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2856 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2857
2858 // Decrypt.
2859 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2860 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2861 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2862 &plaintext, &input_consumed));
2863 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2864 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2865
2866 EXPECT_EQ(message, plaintext);
2867 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2868}
2869
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2870typedef Keymaster1Test MaxOperationsTest;
2871INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
2872
2873TEST_P(MaxOperationsTest, TestLimit) {
2874 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2875 .AesEncryptionKey(128)
2876 .EcbMode()
2877 .Authorization(TAG_PADDING, KM_PAD_NONE)
2878 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2879
2880 string message = "1234567890123456";
2881 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2882 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2883 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2884
2885 // Fourth time should fail.
2886 AuthorizationSet begin_params(client_params());
2887 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2888 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2889 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2890
2891 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2892}
2893
2894TEST_P(MaxOperationsTest, TestAbort) {
2895 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2896 .AesEncryptionKey(128)
2897 .EcbMode()
2898 .Authorization(TAG_PADDING, KM_PAD_NONE)
2899 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2900
2901 string message = "1234567890123456";
2902 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2903 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2904 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2905
2906 // Fourth time should fail.
2907 AuthorizationSet begin_params(client_params());
2908 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2909 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2910 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2911
2912 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2913}
2914
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2915typedef Keymaster1Test AddEntropyTest;
2916INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2917
2918TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2919 // There's no obvious way to test that entropy is actually added, but we can test that the API
2920 // doesn't blow up or return an error.
2921 EXPECT_EQ(KM_ERROR_OK,
2922 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2923
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2924 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2925}
2926
2927typedef Keymaster1Test Keymaster0AdapterTest;
2928INSTANTIATE_TEST_CASE_P(
2929 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2930 ::testing::Values(
2931 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2932 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2933
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2934TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2935 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2936 // key data.
2937 string km1_sw = read_file("km1_sw_rsa_512.blob");
2938 EXPECT_EQ(486U, km1_sw.length());
2939
2940 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2941 memcpy(key_data, km1_sw.data(), km1_sw.length());
2942 set_key_blob(key_data, km1_sw.length());
2943
2944 string message(64, 'a');
2945 string signature;
2946 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2947
2948 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2949}
2950
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]2951TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
2952 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
2953 // blobs contain OCB-encrypted key data.
2954 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
2955 EXPECT_EQ(477U, km1_sw.length());
2956
2957 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2958 memcpy(key_data, km1_sw.data(), km1_sw.length());
2959 set_key_blob(key_data, km1_sw.length());
2960
2961 string message(64, 'a');
2962 string signature;
2963 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2964
2965 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2966}
2967
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2968TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2969 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2970 // key data.
2971 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2972 EXPECT_EQ(270U, km1_sw.length());
2973
2974 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2975 memcpy(key_data, km1_sw.data(), km1_sw.length());
2976 set_key_blob(key_data, km1_sw.length());
2977
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]2978 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2979 string signature;
2980 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2981
2982 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2983}
2984
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2985struct Malloc_Delete {
2986 void operator()(void* p) { free(p); }
2987};
2988
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2989TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2990 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2991 string km0_sw = read_file("km0_sw_rsa_512.blob");
2992 EXPECT_EQ(333U, km0_sw.length());
2993
2994 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2995 memcpy(key_data, km0_sw.data(), km0_sw.length());
2996 set_key_blob(key_data, km0_sw.length());
2997
2998 string message(64, 'a');
2999 string signature;
3000 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3001
3002 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3003}
3004
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3005TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3006 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3007 string km0_sw = read_file("km0_sw_rsa_512.blob");
3008 EXPECT_EQ(333U, km0_sw.length());
3009
3010 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3011 memcpy(key_data, km0_sw.data(), km0_sw.length());
3012 set_key_blob(key_data, km0_sw.length());
3013
3014 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3015 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3016 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3017 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3018 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3019 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3020 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3021 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3022 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3023 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3024
3025 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3026}
3027
3028TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3029 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3030 string km0_sw = read_file("km0_sw_rsa_512.blob");
3031 EXPECT_EQ(333U, km0_sw.length());
3032
3033 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3034 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3035 EXPECT_EQ('P', km0_sw[0]);
3036 km0_sw[0] = 'Q';
3037
3038 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3039 memcpy(key_data, km0_sw.data(), km0_sw.length());
3040 set_key_blob(key_data, km0_sw.length());
3041
3042 string message(64, 'a');
3043 string signature;
3044 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3045 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3046
3047 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3048}
3049
3050TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3051 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3052 string km0_sw = read_file("km0_sw_rsa_512.blob");
3053 EXPECT_EQ(333U, km0_sw.length());
3054
3055 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3056 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3057 EXPECT_EQ('P', km0_sw[0]);
3058 km0_sw[0] = 'Q';
3059
3060 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3061 memcpy(key_data, km0_sw.data(), km0_sw.length());
3062 set_key_blob(key_data, km0_sw.length());
3063
3064 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3065 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3066 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3067 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3068 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3069 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
3070 EXPECT_EQ(5U, hw_enforced().size());
3071
3072 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3073 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3074 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3075 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3076
3077 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3078 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3079 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3080 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3081 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3082
3083 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3084}
3085
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3086} // namespace test
3087} // namespace keymaster