Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 2101e9e8215cce6da36d8d7382486737b68e8c93 / . / android_keymaster_test.cpp
blob: f7b37d3b642f83a6f865031c8a2b3c6d0d12aa62 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]22#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]23#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]24
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]25#include "android_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]26
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]27using std::ifstream;
28using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]29using std::string;
30using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]31using std::unique_ptr;
32
33extern "C" {
34int __android_log_print(int prio, const char* tag, const char* fmt);
35int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]36 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]37 return 0;
38}
39} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]40
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]41namespace keymaster {
42namespace test {
43
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]44StdoutLogger logger;
45
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]46class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
47 public:
48 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]49 std::cerr << "Creating software-only device" << std::endl;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]50 SoftKeymasterDevice* device = new SoftKeymasterDevice;
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]51 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]52 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]53
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]54 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]55 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]56};
57
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]58class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
59 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]60 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
61
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]62 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]63 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
64 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]65 hw_device_t* softkeymaster_device;
66 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
67 &softkeymaster_device));
68 // Make the software device pretend to be hardware
69 keymaster0_device_t* keymaster0_device =
70 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]71 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
72
73 if (!support_ec_) {
74 // Make the software device pretend not to support EC
75 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
76 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77
78 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
79
80 SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);
81 return keymaster->keymaster_device();
82 }
83
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]84 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
85 switch (algorithm) {
86 case KM_ALGORITHM_RSA:
87 return true;
88 case KM_ALGORITHM_EC:
89 return support_ec_;
90 default:
91 return false;
92 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
95
96 private:
97 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]98 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]99};
100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]101static auto test_params = testing::Values(
102 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
103 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
104 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]105
106typedef Keymaster1Test CheckSupported;
107INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
108
109TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]110 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
111 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]112
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]113 size_t len;
114 keymaster_algorithm_t* algorithms;
115 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]116 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]117 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]118 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]119
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]120 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]121}
122
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]123TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]124 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
125 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
126 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]127
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]128 size_t len;
129 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]130 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]131 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]132 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]133 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]134
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]135 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]136 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]137 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]138
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]139 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]140 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]141 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]142 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]143
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]144 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145}
146
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]147TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]148 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
149 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
150 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]151
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]152 size_t len;
153 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]154 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]155 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]156 EXPECT_TRUE(
157 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]158 free(modes);
159
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]160 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]161 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]162 EXPECT_TRUE(
163 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]164 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]165
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]166 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]167 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]168 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]169 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]170
171 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
172 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
173 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]174
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]175 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]176}
177
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]178TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]179 EXPECT_EQ(
180 KM_ERROR_OUTPUT_PARAMETER_NULL,
181 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]182
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]183 size_t len;
184 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]185 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]186 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]187 EXPECT_TRUE(
188 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
189 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
190 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]191 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]194 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
197 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
198 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]199 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]200
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]201 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
202 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
203 &len));
204
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]205 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]206 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]207 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
208 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
209 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]210 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]212 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]213}
214
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]215TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
217 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]218
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 size_t len;
220 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]221 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]222 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]223 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]227 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
228 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
229 free(formats);
230
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]231 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]232 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
233 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
234 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]235
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]236 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]237}
238
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]239TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]240 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
241 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]243 size_t len;
244 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]245 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]246 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]247 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]249
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]251 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]257 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]258 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]262 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]263 free(formats);
264
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]265 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]266 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]267 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]268 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]269
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]270 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271}
272
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]273class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]274 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]275 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]276 AuthorizationSet auths = sw_enforced();
277 EXPECT_GT(auths.SerializedSize(), 12U);
278
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]279 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
280 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
281 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]282 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]283 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]284
285 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]286 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
287 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
288 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]289
290 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]291 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
292 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
293 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]294
295 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]296 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]297 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]298 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]299};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]300INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
301
302TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]303 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
304 .RsaSigningKey(256, 3)
305 .Digest(KM_DIGEST_NONE)
306 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]308
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]309 // Check specified tags are all present, and in the right set.
310 AuthorizationSet crypto_params;
311 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]312 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]313 EXPECT_NE(0U, hw_enforced().size());
314 EXPECT_NE(0U, sw_enforced().size());
315 crypto_params.push_back(hw_enforced());
316 non_crypto_params.push_back(sw_enforced());
317 } else {
318 EXPECT_EQ(0U, hw_enforced().size());
319 EXPECT_NE(0U, sw_enforced().size());
320 crypto_params.push_back(sw_enforced());
321 }
322
323 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
324 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
325 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
326 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
327 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
328 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
329
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]330 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]331 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]332}
333
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]334TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]335 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
336 GenerateKey(AuthorizationSetBuilder()
337 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
338 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
339 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]340
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]342}
343
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]344TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]345 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]346 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]347 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]348
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]349 // Check specified tags are all present, and in the right set.
350 AuthorizationSet crypto_params;
351 AuthorizationSet non_crypto_params;
352 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
353 EXPECT_NE(0U, hw_enforced().size());
354 EXPECT_NE(0U, sw_enforced().size());
355 crypto_params.push_back(hw_enforced());
356 non_crypto_params.push_back(sw_enforced());
357 } else {
358 EXPECT_EQ(0U, hw_enforced().size());
359 EXPECT_NE(0U, sw_enforced().size());
360 crypto_params.push_back(sw_enforced());
361 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]362
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]363 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
364 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
365 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
366 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
367
368 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
369 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]370}
371
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]372TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]373 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
374 GenerateKey(AuthorizationSetBuilder()
375 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
376 .SigningKey()
377 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]378
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]379 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]380}
381
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]382TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]383 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
384 ASSERT_EQ(
385 KM_ERROR_UNKNOWN_ERROR,
386 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
387 else
388 ASSERT_EQ(
389 KM_ERROR_UNSUPPORTED_KEY_SIZE,
390 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
393 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]394}
395
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]396TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]397 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]398 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]399 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
400 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]401 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]402 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]403
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]404 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
405 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]406}
407
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]408TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]409 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]410 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]411
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]412 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]413}
414
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]415typedef Keymaster1Test GetKeyCharacteristics;
416INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
417
418TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]419 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
420 .RsaSigningKey(256, 3)
421 .Digest(KM_DIGEST_NONE)
422 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]423 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]424
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]425 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
426 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]427
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]428 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]429 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]430}
431
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]432typedef Keymaster1Test SigningOperationsTest;
433INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
434
435TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]436 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
437 .RsaSigningKey(256, 3)
438 .Digest(KM_DIGEST_NONE)
439 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]440 string message = "12345678901234567890123456789012";
441 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]442 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]443
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]444 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]445 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]446}
447
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]448TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]449 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
450 .RsaSigningKey(512, 3)
451 .Digest(KM_DIGEST_SHA_2_256)
452 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]453 // Use large message, which won't work without digesting.
454 string message(1024, 'a');
455 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]456 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]457
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]458 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]459 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]460}
461
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]462TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
463 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
464 .RsaSigningKey(512, 3)
465 .Digest(KM_DIGEST_NONE)
466 .Padding(KM_PAD_NONE)));
467 string message = "12345678901234567890123456789012";
468 string signature;
469 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
470
471 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
472 EXPECT_EQ(3, GetParam()->keymaster0_calls());
473}
474
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]475TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]476 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
477 .RsaSigningKey(512, 3)
478 .Digest(KM_DIGEST_SHA_2_256)
479 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]480 string message(1024, 'a');
481 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]482 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]483
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]484 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]485 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]486}
487
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]488TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
489 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
490 .RsaSigningKey(512, 3)
491 .Digest(KM_DIGEST_NONE)
492 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
493 string message(53, 'a');
494 string signature;
495 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
496
497 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
498 EXPECT_EQ(3, GetParam()->keymaster0_calls());
499}
500
501TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
502 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
503 .RsaSigningKey(512, 3)
504 .Digest(KM_DIGEST_NONE)
505 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
506 string message(54, 'a');
507
508 AuthorizationSet begin_params(client_params());
509 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
510 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
511 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
512 string result;
513 size_t input_consumed;
514 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
515 string signature;
516 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
517
518 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
519 EXPECT_EQ(2, GetParam()->keymaster0_calls());
520}
521
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]522TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]523 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
524 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]525 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
526 .RsaSigningKey(256 + 9 * 8, 3)
527 .Digest(KM_DIGEST_SHA_2_256)
528 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]529 string message(1024, 'a');
530 string signature;
531
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]532 AuthorizationSet begin_params(client_params());
533 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]534 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]535 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]536}
537
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]538TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
539 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
540 .RsaSigningKey(256, 3)
541 .Digest(KM_DIGEST_NONE)
542 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
543 string message(64 * 1024, 'a');
544 string signature;
545 AuthorizationSet begin_params(client_params());
546 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
547 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
548 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
549 string result;
550 size_t input_consumed;
551 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
552
553 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
554 EXPECT_EQ(2, GetParam()->keymaster0_calls());
555}
556
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]557TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]558 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
559 .RsaSigningKey(256, 3)
560 .Digest(KM_DIGEST_NONE)
561 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]562 AuthorizationSet begin_params(client_params());
563 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]564 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]565 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]566 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
567 // Another abort should fail
568 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]569
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]570 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]571 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]572}
573
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]574TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]575 GenerateKey(AuthorizationSetBuilder()
576 .RsaSigningKey(256, 3)
577 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
578 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]579 AuthorizationSet begin_params(client_params());
580 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
581 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]582
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]583 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]584 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]585}
586
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]587TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]588 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]589 GenerateKey(AuthorizationSetBuilder()
590 .RsaSigningKey(256, 3)
591 .Digest(KM_DIGEST_NONE)
592 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]593 AuthorizationSet begin_params(client_params());
594 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]595 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]596 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]597
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]598 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]599 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]600}
601
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]602TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]603 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]604 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
605 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]606 AuthorizationSet begin_params(client_params());
607 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
608 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]609
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]610 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]611 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]612}
613
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]614TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]615 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
616 .RsaSigningKey(256, 3)
617 .Digest(KM_DIGEST_NONE)
618 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]619 AuthorizationSet begin_params(client_params());
620 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]621 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]622 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]623
624 string message = "1234567890123456789012345678901";
625 string result;
626 size_t input_consumed;
627 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
628 EXPECT_EQ(0U, result.size());
629 EXPECT_EQ(31U, input_consumed);
630
631 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]632 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]633 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]634
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]635 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]636 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]637}
638
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]639TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]640 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
641 .RsaEncryptionKey(256, 3)
642 .Digest(KM_DIGEST_NONE)
643 .Padding(KM_PAD_NONE)));
644 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]645
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]646 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]647 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]648}
649
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]650TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK,
652 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]653 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]654 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]655 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]656
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]657 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
658 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]659}
660
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]661TEST_P(SigningOperationsTest, EcdsaSha256Success) {
662 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
663 KM_DIGEST_SHA_2_256)));
664 string message(1024, 'a');
665 string signature;
666 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
667
668 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
669 EXPECT_EQ(3, GetParam()->keymaster0_calls());
670}
671
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]672TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
673 ASSERT_EQ(KM_ERROR_OK,
674 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
675 string message(64 * 1024, 'a');
676 string signature;
677 AuthorizationSet begin_params(client_params());
678 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
679 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
680 string result;
681 size_t input_consumed;
682 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
683
684 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
685 EXPECT_EQ(2, GetParam()->keymaster0_calls());
686}
687
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]688TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]689 ASSERT_EQ(KM_ERROR_OK,
690 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
691 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]692 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
693 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]694
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]695 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]696}
697
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]698TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]699 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]700 string message = "12345678901234567890123456789012";
701 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]702 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]703 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]704
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]705 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]706}
707
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]708TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]709 ASSERT_EQ(KM_ERROR_OK,
710 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]711 string message = "12345678901234567890123456789012";
712 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]713 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]714 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]715
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]716 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]717}
718
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]719TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]720 ASSERT_EQ(KM_ERROR_OK,
721 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]722 string message = "12345678901234567890123456789012";
723 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]724 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]725 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]726
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]727 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]728}
729
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]730TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]731 ASSERT_EQ(KM_ERROR_OK,
732 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
733
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]734 string message = "12345678901234567890123456789012";
735 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]736 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]737 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]738
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]739 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]740}
741
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]742TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]743 ASSERT_EQ(KM_ERROR_OK,
744 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]745 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]746 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]747 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]748 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]749
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]750 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]751}
752
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]753TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]754 // TODO(swillden): unified API should generate an error on key generation.
755 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
756 .HmacKey(128)
757 .Digest(KM_DIGEST_SHA_2_256)
758 .Authorization(TAG_MAC_LENGTH, 20)));
759 string message = "12345678901234567890123456789012";
760 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]761 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]762 // Size in key was ignored.
763 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]764
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]765 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]766}
767
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]768TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]769 uint8_t key_data[] = {
770 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
771 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
772 };
773 string message = "Hi There";
774 uint8_t sha_224_expected[] = {
775 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
776 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
777 };
778 uint8_t sha_256_expected[] = {
779 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
780 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
781 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
782 };
783 uint8_t sha_384_expected[] = {
784 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
785 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
786 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
787 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
788 };
789 uint8_t sha_512_expected[] = {
790 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
791 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
792 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
793 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
794 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
795 };
796
797 string key = make_string(key_data);
798
799 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
800 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
801 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
802 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]803
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]804 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]805}
806
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]807TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]808 string key = "Jefe";
809 string message = "what do ya want for nothing?";
810 uint8_t sha_224_expected[] = {
811 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
812 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
813 };
814 uint8_t sha_256_expected[] = {
815 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
816 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
817 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
818 };
819 uint8_t sha_384_expected[] = {
820 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
821 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
822 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
823 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
824 };
825 uint8_t sha_512_expected[] = {
826 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
827 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
828 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
829 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
830 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
831 };
832
833 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
834 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
835 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
836 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]837
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]838 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]839}
840
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]841TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]842 string key(20, 0xaa);
843 string message(50, 0xdd);
844 uint8_t sha_224_expected[] = {
845 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
846 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
847 };
848 uint8_t sha_256_expected[] = {
849 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
850 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
851 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
852 };
853 uint8_t sha_384_expected[] = {
854 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
855 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
856 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
857 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
858 };
859 uint8_t sha_512_expected[] = {
860 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
861 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
862 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
863 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
864 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
865 };
866
867 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
868 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
869 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
870 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]871
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]872 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]873}
874
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]875TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]876 uint8_t key_data[25] = {
877 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
878 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
879 };
880 string key = make_string(key_data);
881 string message(50, 0xcd);
882 uint8_t sha_224_expected[] = {
883 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
884 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
885 };
886 uint8_t sha_256_expected[] = {
887 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
888 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
889 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
890 };
891 uint8_t sha_384_expected[] = {
892 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
893 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
894 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
895 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
896 };
897 uint8_t sha_512_expected[] = {
898 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
899 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
900 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
901 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
902 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
903 };
904
905 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
906 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
907 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
908 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]909
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]910 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]911}
912
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]913TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]914 string key(20, 0x0c);
915 string message = "Test With Truncation";
916
917 uint8_t sha_224_expected[] = {
918 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
919 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
920 };
921 uint8_t sha_256_expected[] = {
922 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
923 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
924 };
925 uint8_t sha_384_expected[] = {
926 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
927 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
928 };
929 uint8_t sha_512_expected[] = {
930 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
931 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
932 };
933
934 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
935 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
936 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
937 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]938
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]939 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]940}
941
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]942TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]943 string key(131, 0xaa);
944 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
945
946 uint8_t sha_224_expected[] = {
947 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
948 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
949 };
950 uint8_t sha_256_expected[] = {
951 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
952 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
953 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
954 };
955 uint8_t sha_384_expected[] = {
956 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
957 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
958 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
959 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
960 };
961 uint8_t sha_512_expected[] = {
962 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
963 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
964 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
965 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
966 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
967 };
968
969 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
970 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
971 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
972 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]973
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]974 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]975}
976
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]977TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]978 string key(131, 0xaa);
979 string message = "This is a test using a larger than block-size key and a larger than "
980 "block-size data. The key needs to be hashed before being used by the HMAC "
981 "algorithm.";
982
983 uint8_t sha_224_expected[] = {
984 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
985 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
986 };
987 uint8_t sha_256_expected[] = {
988 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
989 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
990 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
991 };
992 uint8_t sha_384_expected[] = {
993 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
994 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
995 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
996 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
997 };
998 uint8_t sha_512_expected[] = {
999 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1000 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1001 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1002 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1003 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1004 };
1005
1006 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1007 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1008 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1009 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1010
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1011 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1012}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1013
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1014TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1015 ASSERT_EQ(KM_ERROR_OK,
1016 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
1017 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1018 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1019 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1020 ASSERT_EQ(KM_ERROR_OK,
1021 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
1022 string message = "1234567890123456789012345678901";
1023 string result;
1024 size_t input_consumed;
1025 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1026 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1027
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1028 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1029}
1030
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1031// TODO(swillden): Add more verification failure tests.
1032
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1033typedef Keymaster1Test VerificationOperationsTest;
1034INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1035
1036TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1037 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1038 .RsaSigningKey(256, 3)
1039 .Digest(KM_DIGEST_NONE)
1040 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1041 string message = "12345678901234567890123456789012";
1042 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1043 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1044 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1045
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1046 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1047 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1048}
1049
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1050TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1051 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1052 .RsaSigningKey(512, 3)
1053 .Digest(KM_DIGEST_SHA_2_256)
1054 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1055 // Use large message, which won't work without digesting.
1056 string message(1024, 'a');
1057 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1058 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1059 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1060
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1061 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1062 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1063}
1064
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1065TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1066 GenerateKey(AuthorizationSetBuilder()
1067 .RsaSigningKey(512, 3)
1068 .Digest(KM_DIGEST_SHA_2_256)
1069 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1070 string message(1024, 'a');
1071 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1072 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1073 ++signature[signature.size() / 2];
1074
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1075 AuthorizationSet begin_params(client_params());
1076 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1077 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1078 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1079
1080 string result;
1081 size_t input_consumed;
1082 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1083 EXPECT_EQ(message.size(), input_consumed);
1084 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1085
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1086 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1087 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1088}
1089
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1090TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1091 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1092 .RsaSigningKey(512, 3)
1093 .Digest(KM_DIGEST_SHA_2_256)
1094 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1095 // Use large message, which won't work without digesting.
1096 string message(1024, 'a');
1097 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1098 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1099 ++message[message.size() / 2];
1100
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1101 AuthorizationSet begin_params(client_params());
1102 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1103 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1104 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1105
1106 string result;
1107 size_t input_consumed;
1108 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1109 EXPECT_EQ(message.size(), input_consumed);
1110 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1111
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1112 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1113 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1114}
1115
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1116TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1117 GenerateKey(AuthorizationSetBuilder()
1118 .RsaSigningKey(512, 3)
1119 .Digest(KM_DIGEST_SHA_2_256)
1120 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1121 string message(1024, 'a');
1122 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1123 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1124 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1125
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1126 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1127 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1128}
1129
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1130TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1131 GenerateKey(AuthorizationSetBuilder()
1132 .RsaSigningKey(512, 3)
1133 .Digest(KM_DIGEST_SHA_2_256)
1134 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1135 string message(1024, 'a');
1136 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1137 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1138 ++signature[signature.size() / 2];
1139
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1140 AuthorizationSet begin_params(client_params());
1141 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1142 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1143 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1144
1145 string result;
1146 size_t input_consumed;
1147 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1148 EXPECT_EQ(message.size(), input_consumed);
1149 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1150
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1151 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1152 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1153}
1154
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1155TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1156 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1157 .RsaSigningKey(512, 3)
1158 .Digest(KM_DIGEST_SHA_2_256)
1159 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1160 // Use large message, which won't work without digesting.
1161 string message(1024, 'a');
1162 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1163 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1164 ++message[message.size() / 2];
1165
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1166 AuthorizationSet begin_params(client_params());
1167 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1168 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1169 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1170
1171 string result;
1172 size_t input_consumed;
1173 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1174 EXPECT_EQ(message.size(), input_consumed);
1175 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1176
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1177 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1178 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1179}
1180
1181template <typename T> vector<T> make_vector(const T* array, size_t len) {
1182 return vector<T>(array, array + len);
1183}
1184
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1185TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1186 // Get all supported digests and padding modes.
1187 size_t digests_len;
1188 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1189 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1190 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1191 &digests_len));
1192
1193 size_t padding_modes_len;
1194 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1195 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1196 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1197 &padding_modes, &padding_modes_len));
1198
1199 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1200 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1201 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1202 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1203 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1204 // Digesting requires padding
1205 continue;
1206
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1207 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1208 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1209 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1210
1211 if (digest == KM_DIGEST_NONE) {
1212 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1213 switch (padding_mode) {
1214 case KM_PAD_NONE:
1215 // Match key size.
1216 message_len = key_bits / 8;
1217 break;
1218 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1219 message_len = key_bits / 8 - 11;
1220 break;
1221 case KM_PAD_RSA_PSS:
1222 // PSS requires a digest.
1223 continue;
1224 default:
1225 FAIL() << "Missing padding";
1226 break;
1227 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1228 } else {
1229 size_t digest_bits;
1230 switch (digest) {
1231 case KM_DIGEST_MD5:
1232 digest_bits = 128;
1233 break;
1234 case KM_DIGEST_SHA1:
1235 digest_bits = 160;
1236 break;
1237 case KM_DIGEST_SHA_2_224:
1238 digest_bits = 224;
1239 break;
1240 case KM_DIGEST_SHA_2_256:
1241 digest_bits = 256;
1242 break;
1243 case KM_DIGEST_SHA_2_384:
1244 digest_bits = 384;
1245 break;
1246 case KM_DIGEST_SHA_2_512:
1247 digest_bits = 512;
1248 break;
1249 default:
1250 FAIL() << "Missing digest";
1251 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1252
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1253 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1254 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1255 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1256 break;
1257 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1258 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1259 break;
1260 default:
1261 FAIL() << "Missing padding";
1262 break;
1263 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1264 }
1265
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1266 GenerateKey(AuthorizationSetBuilder()
1267 .RsaSigningKey(key_bits, 3)
1268 .Digest(digest)
1269 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1270 string message(message_len, 'a');
1271 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1272 SignMessage(message, &signature, digest, padding_mode);
1273 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1274 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1275 }
1276 }
1277
1278 free(padding_modes);
1279 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1280
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1281 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1282 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1283}
1284
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1285TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1286 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1287 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1288 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1289 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1290 SignMessage(message, &signature, KM_DIGEST_NONE);
1291 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1292
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1293 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1294 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1295}
1296
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame^]1297TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1298 ASSERT_EQ(KM_ERROR_OK,
1299 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1300 string message = "12345678901234567890";
1301 string signature;
1302 SignMessage(message, &signature, KM_DIGEST_NONE);
1303 VerifyMessage(message, signature, KM_DIGEST_NONE);
1304
1305 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1306 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1307}
1308
1309TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1310 ASSERT_EQ(KM_ERROR_OK,
1311 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1312 string message = "1234567890123456789012345678901234";
1313 string signature;
1314
1315 AuthorizationSet begin_params(client_params());
1316 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1317 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1318 string output;
1319 size_t input_consumed;
1320 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1321
1322 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1323 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1324}
1325
1326TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1327 ASSERT_EQ(KM_ERROR_OK,
1328 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1329
1330 string message(66, 'a');
1331 string signature;
1332 SignMessage(message, &signature, KM_DIGEST_NONE);
1333 VerifyMessage(message, signature, KM_DIGEST_NONE);
1334
1335 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1336 message[65] ^= 7;
1337 VerifyMessage(message, signature, KM_DIGEST_NONE);
1338
1339 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1340 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1341}
1342
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1343TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1344 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1345 .EcdsaSigningKey(256)
1346 .Digest(KM_DIGEST_SHA_2_256)
1347 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1348 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1349 string signature;
1350 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1351 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1352
1353 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1354 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1355
1356 // Just for giggles, try verifying with the wrong digest.
1357 AuthorizationSet begin_params(client_params());
1358 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1359 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1360
1361 string result;
1362 size_t input_consumed;
1363 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1364 EXPECT_EQ(message.size(), input_consumed);
1365 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1366}
1367
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1368TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1369 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1370 string message = "123456789012345678901234567890123456789012345678";
1371 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1372 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1373 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1374
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1375 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1376}
1377
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1378TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1379 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1380 string message = "123456789012345678901234567890123456789012345678";
1381 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1382 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1383 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1384
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1385 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1386}
1387
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1388TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1389 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1390 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1391 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1392 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1393 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1394
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1395 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1396}
1397
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1398TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1399 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1400 string message = "123456789012345678901234567890123456789012345678";
1401 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1402 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1403 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1404
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1405 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1406}
1407
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1408TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1409 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1410 string message = "123456789012345678901234567890123456789012345678";
1411 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1412 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1413 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1414
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1415 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1416}
1417
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1418typedef Keymaster1Test ExportKeyTest;
1419INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1420
1421TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1422 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1423 .RsaSigningKey(256, 3)
1424 .Digest(KM_DIGEST_NONE)
1425 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1426 string export_data;
1427 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1428 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1429
1430 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1431
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1432 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1433 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1434}
1435
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1436TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1437 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1438 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1439 string export_data;
1440 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1441 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1442
1443 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1444
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1445 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1446 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1447}
1448
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1449TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1450 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1451 .RsaSigningKey(256, 3)
1452 .Digest(KM_DIGEST_NONE)
1453 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1454 string export_data;
1455 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1456
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1457 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1458 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1459}
1460
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1461TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1462 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1463 .RsaSigningKey(256, 3)
1464 .Digest(KM_DIGEST_NONE)
1465 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1466 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1467 string export_data;
1468 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1469
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1470 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1471 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1472}
1473
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1474TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1475 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1476 string export_data;
1477
1478 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1479 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1480 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1481
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1482 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1483}
1484
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1485static string read_file(const string& file_name) {
1486 ifstream file_stream(file_name, std::ios::binary);
1487 istreambuf_iterator<char> file_begin(file_stream);
1488 istreambuf_iterator<char> file_end;
1489 return string(file_begin, file_end);
1490}
1491
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1492typedef Keymaster1Test ImportKeyTest;
1493INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1494
1495TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1496 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1497 ASSERT_EQ(633U, pk8_key.size());
1498
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1499 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1500 .RsaSigningKey(1024, 65537)
1501 .Digest(KM_DIGEST_NONE)
1502 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1503 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1504
1505 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1506 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1507 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1508 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1509 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1510 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1511 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1512 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1513 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1514 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1515
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1516 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1517 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1518 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1519
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1520 string message(1024 / 8, 'a');
1521 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1522 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1523 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1524
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1525 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1526 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1527}
1528
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1529TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1530 string pk8_key = read_file("rsa_privkey_pk8.der");
1531 ASSERT_EQ(633U, pk8_key.size());
1532
1533 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1534 // point softkeymaster will no longer support keymaster0 APIs anyway.
1535 uint8_t* key_blob;
1536 size_t key_blob_length;
1537 ASSERT_EQ(0,
1538 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1539 pk8_key.size(), &key_blob, &key_blob_length));
1540 set_key_blob(key_blob, key_blob_length);
1541
1542 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1543 AuthorizationSet begin_params; // Don't use client data.
1544 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1545 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1546 AuthorizationSet update_params;
1547 AuthorizationSet output_params;
1548 string signature =
1549 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1550 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1551 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1552
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1553 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1554 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1555}
1556
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1557TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1558 string pk8_key = read_file("rsa_privkey_pk8.der");
1559 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1560 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1561 ImportKey(AuthorizationSetBuilder()
1562 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1563 .Digest(KM_DIGEST_NONE)
1564 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1565 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1566
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1567 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1568}
1569
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1570TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1571 string pk8_key = read_file("rsa_privkey_pk8.der");
1572 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1573 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1574 ImportKey(AuthorizationSetBuilder()
1575 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1576 .Digest(KM_DIGEST_NONE)
1577 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1578 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1579
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1580 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1581}
1582
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1583TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1584 string pk8_key = read_file("ec_privkey_pk8.der");
1585 ASSERT_EQ(138U, pk8_key.size());
1586
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1587 ASSERT_EQ(KM_ERROR_OK,
1588 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1589 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1590
1591 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1592 EXPECT_TRUE(
1593 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1594 TAG_ALGORITHM, KM_ALGORITHM_EC));
1595 EXPECT_TRUE(
1596 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1597 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1598
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1599 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1600 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1601 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1602
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1603 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1604 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1605 SignMessage(message, &signature, KM_DIGEST_NONE);
1606 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1607
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1608 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1609 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1610}
1611
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1612TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1613 string pk8_key = read_file("ec_privkey_pk8.der");
1614 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1615
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1616 ASSERT_EQ(KM_ERROR_OK,
1617 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1618 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1619
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1620 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1621 EXPECT_TRUE(
1622 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1623 TAG_ALGORITHM, KM_ALGORITHM_EC));
1624 EXPECT_TRUE(
1625 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1626 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1627
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1628 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1629 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1630 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1631
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1632 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1633 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1634 SignMessage(message, &signature, KM_DIGEST_NONE);
1635 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1636
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1637 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1638 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1639}
1640
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1641TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1642 string pk8_key = read_file("ec_privkey_pk8.der");
1643 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1644 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1645 ImportKey(AuthorizationSetBuilder()
1646 .EcdsaSigningKey(224 /* Doesn't match key */)
1647 .Digest(KM_DIGEST_NONE),
1648 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1649
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1650 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1651}
1652
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1653TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1654 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1655 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1656 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1657 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1658 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1659 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1660
1661 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1662 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1663
1664 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1665 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1666 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1667 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1668
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1669 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1670}
1671
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1672TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1673 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1674 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1675 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1676 .HmacKey(sizeof(key_data) * 8)
1677 .Digest(KM_DIGEST_SHA_2_256)
1678 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1679 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1680
1681 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1682 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1683
1684 string message = "Hello World!";
1685 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1686 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1687 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1688
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1689 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1690}
1691
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1692typedef Keymaster1Test EncryptionOperationsTest;
1693INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1694
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1695TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1696 ASSERT_EQ(KM_ERROR_OK,
1697 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1698
1699 string message = "12345678901234567890123456789012";
1700 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1701 EXPECT_EQ(256U / 8, ciphertext1.size());
1702
1703 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1704 EXPECT_EQ(256U / 8, ciphertext2.size());
1705
1706 // Unpadded RSA is deterministic
1707 EXPECT_EQ(ciphertext1, ciphertext2);
1708
1709 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1710 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1711}
1712
1713TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1714 ASSERT_EQ(KM_ERROR_OK,
1715 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1716
1717 string message = "1234567890123456789012345678901";
1718
1719 AuthorizationSet begin_params(client_params());
1720 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1721 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1722
1723 string result;
1724 size_t input_consumed;
1725 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1726 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1727 EXPECT_EQ(0U, result.size());
1728
1729 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1730 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1731}
1732
1733TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1734 ASSERT_EQ(KM_ERROR_OK,
1735 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1736
1737 string message = "123456789012345678901234567890123";
1738
1739 AuthorizationSet begin_params(client_params());
1740 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1741 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1742
1743 string result;
1744 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1745 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1746
1747 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1748 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1749}
1750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1751TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1752 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1753 .RsaEncryptionKey(512, 3)
1754 .Padding(KM_PAD_RSA_OAEP)
1755 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1756
1757 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1758 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1759 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1760
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1761 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1762 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1763
1764 // OAEP randomizes padding so every result should be different.
1765 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1766
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1767 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1768 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1769}
1770
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1771TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1772 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1773 .RsaEncryptionKey(512, 3)
1774 .Padding(KM_PAD_RSA_OAEP)
1775 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1776 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1777 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1778 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1779
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1780 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1781 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1782
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1783 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1784 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1785}
1786
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1787TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1788 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1789 .RsaEncryptionKey(512, 3)
1790 .Padding(KM_PAD_RSA_OAEP)
1791 .Digest(KM_DIGEST_NONE)));
1792 string message = "Hello World!";
1793
1794 AuthorizationSet begin_params(client_params());
1795 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1796 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1797 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1798
1799 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1800 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1801}
1802
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1803TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1804 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1805 .RsaEncryptionKey(512, 3)
1806 .Padding(KM_PAD_RSA_OAEP)
1807 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1808 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1809 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1810 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1811
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1812 AuthorizationSet begin_params(client_params());
1813 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1814 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1815 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1816 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1817 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1818 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1819
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1820 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1821 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1822}
1823
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1824TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1825 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1826 .RsaEncryptionKey(512, 3)
1827 .Padding(KM_PAD_RSA_OAEP)
1828 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1829 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1830 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1831 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1832
1833 // Corrupt the ciphertext
1834 ciphertext[512 / 8 / 2]++;
1835
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1836 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1837 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1838 AuthorizationSet begin_params(client_params());
1839 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1840 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1841 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1842 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1843 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1844 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1845
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1846 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1847 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1848}
1849
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1850TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1851 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1852 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1853 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1854 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1855 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1856
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1857 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1858 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1859
1860 // PKCS1 v1.5 randomizes padding so every result should be different.
1861 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1862
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1863 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1864 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1865}
1866
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1867TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1868 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1869 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1870 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1871 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1872 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1873
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1874 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1875 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1876
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1877 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1878 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1879}
1880
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1881TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1882 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1883 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1884 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1885 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1886 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1887
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1888 AuthorizationSet begin_params(client_params());
1889 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1890 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1891 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1892 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1893 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1894
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1895 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1896 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1897}
1898
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1899TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
1900 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1901 .RsaEncryptionKey(512, 3)
1902 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
1903 .Digest(KM_DIGEST_NONE)));
1904 string message = "Hello World!";
1905 string result;
1906
1907 AuthorizationSet begin_params(client_params());
1908 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1909 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
1910 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1911
1912 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1913 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1914}
1915
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1916TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1917 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1918 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1919 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1920 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1921 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1922
1923 // Corrupt the ciphertext
1924 ciphertext[512 / 8 / 2]++;
1925
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1926 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1927 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1928 AuthorizationSet begin_params(client_params());
1929 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1930 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1931 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1932 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1933 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1934
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1935 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1936 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1937}
1938
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1939TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1940 ASSERT_EQ(KM_ERROR_OK,
1941 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1942 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1943
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1944 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]1945 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1946}
1947
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1948TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1949 ASSERT_EQ(KM_ERROR_OK,
1950 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]1951 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1952 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1953
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1954 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1955 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1956}
1957
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1958TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1959 ASSERT_EQ(
1960 KM_ERROR_OK,
1961 GenerateKey(
1962 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]1963 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1964 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1965
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1966 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1967}
1968
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1969TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1970 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1971 .AesEncryptionKey(128)
1972 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1973 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1974 // Two-block message.
1975 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1976 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1977 EXPECT_EQ(message.size(), ciphertext1.size());
1978
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1979 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1980 EXPECT_EQ(message.size(), ciphertext2.size());
1981
1982 // ECB is deterministic.
1983 EXPECT_EQ(ciphertext1, ciphertext2);
1984
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1985 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1986 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1987
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1988 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1989}
1990
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1991TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1992 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1993 .AesEncryptionKey(128)
1994 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1995 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1996 // Message is slightly shorter than two blocks.
1997 string message = "1234567890123456789012345678901";
1998
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1999 AuthorizationSet begin_params(client_params());
2000 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2001 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2002 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2003 string ciphertext;
2004 size_t input_consumed;
2005 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2006 EXPECT_EQ(message.size(), input_consumed);
2007 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2008
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2009 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2010}
2011
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2012TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2013 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2014 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2015 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2016 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2017
2018 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2019 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2020 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2021 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2022 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2023 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2024 EXPECT_EQ(message, plaintext);
2025 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2026
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2027 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2028}
2029
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2030TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2031 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2032 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2033 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2034 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2035
2036 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2037 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2038 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2039 EXPECT_NE(ciphertext, message);
2040 ++ciphertext[ciphertext.size() / 2];
2041
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2042 AuthorizationSet begin_params(client_params());
2043 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2044 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2045 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2046 string plaintext;
2047 size_t input_consumed;
2048 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2049 EXPECT_EQ(ciphertext.size(), input_consumed);
2050 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2051
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2052 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2053}
2054
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2055TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2056 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2057 .AesEncryptionKey(128)
2058 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2059 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2060 string message = "123";
2061 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2062 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2063 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2064 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2065
2066 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2067 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2068 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2069 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2070
2071 // IVs should be random, so ciphertexts should differ.
2072 EXPECT_NE(iv1, iv2);
2073 EXPECT_NE(ciphertext1, ciphertext2);
2074
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2075 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2076 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2077
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2078 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2079}
2080
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2081TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2082 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2083 .AesEncryptionKey(128)
2084 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2085 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2086
2087 int increment = 15;
2088 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2089 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2090 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2091 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2092 AuthorizationSet output_params;
2093 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2094
2095 string ciphertext;
2096 size_t input_consumed;
2097 for (size_t i = 0; i < message.size(); i += increment)
2098 EXPECT_EQ(KM_ERROR_OK,
2099 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2100 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2101 EXPECT_EQ(message.size(), ciphertext.size());
2102
2103 // Move TAG_NONCE into input_params
2104 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2105 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2106 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2107 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2108 output_params.Clear();
2109
2110 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2111 string plaintext;
2112 for (size_t i = 0; i < ciphertext.size(); i += increment)
2113 EXPECT_EQ(KM_ERROR_OK,
2114 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2115 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2116 EXPECT_EQ(ciphertext.size(), plaintext.size());
2117 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2118
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2119 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2120}
2121
2122struct AesCtrSp80038aTestVector {
2123 const char* key;
2124 const char* nonce;
2125 const char* plaintext;
2126 const char* ciphertext;
2127};
2128
2129// These test vectors are taken from
2130// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2131static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2132 // AES-128
2133 {
2134 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2135 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2136 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2137 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2138 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2139 },
2140 // AES-192
2141 {
2142 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2143 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2144 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2145 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2146 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2147 },
2148 // AES-256
2149 {
2150 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2151 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2152 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2153 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2154 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2155 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2156 },
2157};
2158
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2159TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2160 for (size_t i = 0; i < 3; i++) {
2161 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2162 const string key = hex2str(test.key);
2163 const string nonce = hex2str(test.nonce);
2164 const string plaintext = hex2str(test.plaintext);
2165 const string ciphertext = hex2str(test.ciphertext);
2166 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2167 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2168
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2169 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2170}
2171
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2172TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2173 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2174 .AesEncryptionKey(128)
2175 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2176 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2177 AuthorizationSet begin_params(client_params());
2178 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2179 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2180 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2181
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2182 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2183}
2184
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2185TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2186 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2187 .AesEncryptionKey(128)
2188 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2189 .Authorization(TAG_CALLER_NONCE)
2190 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2191
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2192 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2193 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2194 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2195 input_params.push_back(TAG_NONCE, "123", 3);
2196 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2197
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2198 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2199}
2200
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2201TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2202 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2203 .AesEncryptionKey(128)
2204 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2205 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2206 // Two-block message.
2207 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2208 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2209 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2210 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2211
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2212 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2213 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2214 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2215
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2216 // IVs should be random, so ciphertexts should differ.
2217 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2218 EXPECT_NE(ciphertext1, ciphertext2);
2219
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2220 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2221 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2222
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2223 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2224}
2225
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2226TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2227 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2228 .AesEncryptionKey(128)
2229 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2230 .Authorization(TAG_CALLER_NONCE)
2231 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2232 string message = "12345678901234567890123456789012";
2233 string iv1;
2234 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2235 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2236 EXPECT_EQ(message.size(), ciphertext1.size());
2237 EXPECT_EQ(16U, iv1.size());
2238
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2239 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2240 EXPECT_EQ(message, plaintext);
2241
2242 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2243 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2244 AuthorizationSet update_params;
2245 AuthorizationSet output_params;
2246 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2247 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2248 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2249 string ciphertext2 =
2250 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2251
2252 // Decrypt with correct nonce.
2253 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2254 &output_params);
2255 EXPECT_EQ(message, plaintext);
2256
2257 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2258 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2259 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2260 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2261 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2262 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2263 &output_params);
2264 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2265
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2266 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2267}
2268
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2269TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2270 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2271 .AesEncryptionKey(128)
2272 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2273 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2274
2275 string message = "12345678901234567890123456789012";
2276 string iv1;
2277 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2278 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2279 EXPECT_EQ(message.size(), ciphertext1.size());
2280 EXPECT_EQ(16U, iv1.size());
2281
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2282 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2283 EXPECT_EQ(message, plaintext);
2284
2285 // Now specify a nonce, should fail.
2286 AuthorizationSet input_params(client_params());
2287 AuthorizationSet update_params;
2288 AuthorizationSet output_params;
2289 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2290 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2291 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2292
2293 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2294 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2295
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2296 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2297}
2298
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2299TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2300 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2301 .AesEncryptionKey(128)
2302 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2303 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2304
2305 int increment = 15;
2306 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2307 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2308 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2309 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2310 AuthorizationSet output_params;
2311 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2312
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2313 string ciphertext;
2314 size_t input_consumed;
2315 for (size_t i = 0; i < message.size(); i += increment)
2316 EXPECT_EQ(KM_ERROR_OK,
2317 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2318 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2319 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2320
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2321 // Move TAG_NONCE into input_params
2322 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2323 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2324 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2325 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2326 output_params.Clear();
2327
2328 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2329 string plaintext;
2330 for (size_t i = 0; i < ciphertext.size(); i += increment)
2331 EXPECT_EQ(KM_ERROR_OK,
2332 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2333 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2334 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2335 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2336
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2337 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2338}
2339
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2340TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2341 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2342 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2343 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2344 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2345
2346 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2347 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2348 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2349 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2350 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2351 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2352 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2353 EXPECT_EQ(message, plaintext);
2354 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2355
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2356 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2357}
2358
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2359TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2360 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2361 .AesEncryptionKey(128)
2362 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2363 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2364 string aad = "foobar";
2365 string message = "123456789012345678901234567890123456";
2366 AuthorizationSet begin_params(client_params());
2367 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2368 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2369 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2370
2371 AuthorizationSet update_params;
2372 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2373
2374 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2375 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2376 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2377 string ciphertext;
2378 size_t input_consumed;
2379 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2380 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2381 &input_consumed));
2382 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2383 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2384
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2385 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2386 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2387 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2388
2389 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2390 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2391 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2392 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2393 &plaintext, &input_consumed));
2394 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2395 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2396
2397 EXPECT_EQ(message, plaintext);
2398 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2399}
2400
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2401TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2402 uint8_t nonce[] = {
2403 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2404 };
2405 uint8_t ciphertext[] = {
2406 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2407 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2408 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2409 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2410 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2411 };
2412 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2413
2414 AuthorizationSet begin_params(client_params());
2415 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2416 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2417 begin_params.push_back(TAG_MAC_LENGTH, 128);
2418 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2419
2420 string plaintext;
2421 size_t input_consumed;
2422
2423 // Import correct key and decrypt
2424 uint8_t good_key[] = {
2425 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2426 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2427 };
2428 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2429 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2430 .AesEncryptionKey(128)
2431 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2432 .Authorization(TAG_PADDING, KM_PAD_NONE)
2433 .Authorization(TAG_CALLER_NONCE),
2434 KM_KEY_FORMAT_RAW, good_key_str));
2435 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2436 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2437 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2438
2439 // Import bad key and decrypt
2440 uint8_t bad_key[] = {
2441 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2442 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2443 };
2444 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2445 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2446 .AesEncryptionKey(128)
2447 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2448 .Authorization(TAG_PADDING, KM_PAD_NONE),
2449 KM_KEY_FORMAT_RAW, bad_key_str));
2450 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2451 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2452 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2453
2454 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2455}
2456
2457TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2458 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2459 .AesEncryptionKey(128)
2460 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2461 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2462 string aad = "123456789012345678";
2463 string empty_message;
2464 AuthorizationSet begin_params(client_params());
2465 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2466 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2467 begin_params.push_back(TAG_MAC_LENGTH, 128);
2468
2469 AuthorizationSet update_params;
2470 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2471
2472 // Encrypt
2473 AuthorizationSet begin_out_params;
2474 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2475 string ciphertext;
2476 size_t input_consumed;
2477 AuthorizationSet update_out_params;
2478 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2479 &ciphertext, &input_consumed));
2480 EXPECT_EQ(0U, input_consumed);
2481 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2482
2483 // Grab nonce
2484 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2485 begin_params.push_back(begin_out_params);
2486
2487 // Decrypt.
2488 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2489 string plaintext;
2490 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2491 &plaintext, &input_consumed));
2492 EXPECT_EQ(ciphertext.size(), input_consumed);
2493 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2494
2495 EXPECT_EQ(empty_message, plaintext);
2496 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2497}
2498
2499TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2500 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2501 .AesEncryptionKey(128)
2502 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2503 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2504 AuthorizationSet begin_params(client_params());
2505 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2506 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2507 begin_params.push_back(TAG_MAC_LENGTH, 128);
2508
2509 AuthorizationSet update_params;
2510 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2511
2512 // Encrypt
2513 AuthorizationSet begin_out_params;
2514 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2515 string ciphertext;
2516 size_t input_consumed;
2517 AuthorizationSet update_out_params;
2518
2519 // Send AAD, incrementally
2520 for (int i = 0; i < 1000; ++i) {
2521 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2522 &input_consumed));
2523 EXPECT_EQ(0U, input_consumed);
2524 EXPECT_EQ(0U, ciphertext.size());
2525 }
2526
2527 // Now send data, incrementally, no data.
2528 AuthorizationSet empty_params;
2529 for (int i = 0; i < 1000; ++i) {
2530 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2531 &input_consumed));
2532 EXPECT_EQ(1U, input_consumed);
2533 }
2534 EXPECT_EQ(1000U, ciphertext.size());
2535
2536 // And finish.
2537 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2538 EXPECT_EQ(1016U, ciphertext.size());
2539
2540 // Grab nonce
2541 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2542 begin_params.push_back(begin_out_params);
2543
2544 // Decrypt.
2545 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2546 string plaintext;
2547
2548 // Send AAD, incrementally, no data
2549 for (int i = 0; i < 1000; ++i) {
2550 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2551 &input_consumed));
2552 EXPECT_EQ(0U, input_consumed);
2553 EXPECT_EQ(0U, plaintext.size());
2554 }
2555
2556 // Now send data, incrementally.
2557 for (size_t i = 0; i < ciphertext.length(); ++i) {
2558 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2559 &update_out_params, &plaintext, &input_consumed));
2560 EXPECT_EQ(1U, input_consumed);
2561 }
2562 EXPECT_EQ(1000U, plaintext.size());
2563 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2564
2565 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2566}
2567
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2568TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2569 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2570 .AesEncryptionKey(128)
2571 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2572 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2573 string message = "123456789012345678901234567890123456";
2574 AuthorizationSet begin_params(client_params());
2575 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2576 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2577 begin_params.push_back(TAG_MAC_LENGTH, 128);
2578 AuthorizationSet begin_out_params;
2579
2580 AuthorizationSet update_params;
2581 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2582
2583 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2584
2585 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2586 string ciphertext;
2587 size_t input_consumed;
2588 AuthorizationSet update_out_params;
2589 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2590 &ciphertext, &input_consumed));
2591 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2592
2593 // AAD and data.
2594 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2595 &input_consumed));
2596 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2597 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2598
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2599 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2600 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2601 begin_params.push_back(begin_out_params);
2602
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2603 // Decrypt
2604 update_params.Clear();
2605 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2606
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2607 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2608 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2609 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2610 &plaintext, &input_consumed));
2611 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2612 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2613
2614 EXPECT_EQ(message, plaintext);
2615 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2616}
2617
2618TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2619 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2620 .AesEncryptionKey(128)
2621 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2622 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2623 string message = "12345678901234567890123456789012";
2624 AuthorizationSet begin_params(client_params());
2625 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2626 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2627 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2628
2629 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2630 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2631
2632 AuthorizationSet finish_params;
2633 AuthorizationSet finish_out_params;
2634
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2635 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2636 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2637 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2638 AuthorizationSet update_out_params;
2639 string ciphertext;
2640 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2641 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2642 &input_consumed));
2643 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2644 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2645
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2646 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2647 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2648 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2649
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2650 update_params.Clear();
2651 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2652
2653 // Decrypt.
2654 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2655 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2656 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2657 &plaintext, &input_consumed));
2658 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2659 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2660
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2661 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2662}
2663
2664TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2665 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2666 .AesEncryptionKey(128)
2667 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2668 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2669 string message = "12345678901234567890123456789012";
2670 AuthorizationSet begin_params(client_params());
2671 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2672 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2673 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2674
2675 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2676 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2677
2678 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2679 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2680 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2681 AuthorizationSet update_out_params;
2682 string ciphertext;
2683 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2684 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2685 &input_consumed));
2686 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2687 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2688
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2689 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2690
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2691 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2692 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2693 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2694 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2695 &plaintext, &input_consumed));
2696 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2697 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2698
2699 // With wrong nonce, should have gotten garbage plaintext.
2700 EXPECT_NE(message, plaintext);
2701 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2702}
2703
2704TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2705 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2706 .AesEncryptionKey(128)
2707 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2708 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2709 string aad = "foobar";
2710 string message = "123456789012345678901234567890123456";
2711 AuthorizationSet begin_params(client_params());
2712 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2713 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2714 begin_params.push_back(TAG_MAC_LENGTH, 128);
2715 AuthorizationSet begin_out_params;
2716
2717 AuthorizationSet update_params;
2718 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2719
2720 // Encrypt
2721 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2722 AuthorizationSet update_out_params;
2723 string ciphertext;
2724 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2725 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2726 &input_consumed));
2727 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2728 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2729
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2730 // Corrupt tag
2731 (*ciphertext.rbegin())++;
2732
2733 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2734 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2735 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2736
2737 // Decrypt.
2738 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2739 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2740 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2741 &plaintext, &input_consumed));
2742 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2743 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2744
2745 EXPECT_EQ(message, plaintext);
2746 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2747}
2748
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2749typedef Keymaster1Test AddEntropyTest;
2750INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2751
2752TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2753 // There's no obvious way to test that entropy is actually added, but we can test that the API
2754 // doesn't blow up or return an error.
2755 EXPECT_EQ(KM_ERROR_OK,
2756 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2757
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2758 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2759}
2760
2761typedef Keymaster1Test Keymaster0AdapterTest;
2762INSTANTIATE_TEST_CASE_P(
2763 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2764 ::testing::Values(
2765 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2766 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2767
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2768TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2769 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2770 // key data.
2771 string km1_sw = read_file("km1_sw_rsa_512.blob");
2772 EXPECT_EQ(486U, km1_sw.length());
2773
2774 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2775 memcpy(key_data, km1_sw.data(), km1_sw.length());
2776 set_key_blob(key_data, km1_sw.length());
2777
2778 string message(64, 'a');
2779 string signature;
2780 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2781
2782 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2783}
2784
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]2785TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
2786 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
2787 // blobs contain OCB-encrypted key data.
2788 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
2789 EXPECT_EQ(477U, km1_sw.length());
2790
2791 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2792 memcpy(key_data, km1_sw.data(), km1_sw.length());
2793 set_key_blob(key_data, km1_sw.length());
2794
2795 string message(64, 'a');
2796 string signature;
2797 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2798
2799 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2800}
2801
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2802TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2803 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2804 // key data.
2805 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2806 EXPECT_EQ(270U, km1_sw.length());
2807
2808 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2809 memcpy(key_data, km1_sw.data(), km1_sw.length());
2810 set_key_blob(key_data, km1_sw.length());
2811
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]2812 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2813 string signature;
2814 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2815
2816 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2817}
2818
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2819struct Malloc_Delete {
2820 void operator()(void* p) { free(p); }
2821};
2822
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2823TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2824 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2825 string km0_sw = read_file("km0_sw_rsa_512.blob");
2826 EXPECT_EQ(333U, km0_sw.length());
2827
2828 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2829 memcpy(key_data, km0_sw.data(), km0_sw.length());
2830 set_key_blob(key_data, km0_sw.length());
2831
2832 string message(64, 'a');
2833 string signature;
2834 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2835
2836 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2837}
2838
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]2839TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
2840 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2841 string km0_sw = read_file("km0_sw_rsa_512.blob");
2842 EXPECT_EQ(333U, km0_sw.length());
2843
2844 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2845 memcpy(key_data, km0_sw.data(), km0_sw.length());
2846 set_key_blob(key_data, km0_sw.length());
2847
2848 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2849 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2850 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2851 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2852 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2853 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2854 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2855 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2856 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2857 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2858
2859 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2860}
2861
2862TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
2863 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2864 string km0_sw = read_file("km0_sw_rsa_512.blob");
2865 EXPECT_EQ(333U, km0_sw.length());
2866
2867 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2868 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2869 EXPECT_EQ('P', km0_sw[0]);
2870 km0_sw[0] = 'Q';
2871
2872 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2873 memcpy(key_data, km0_sw.data(), km0_sw.length());
2874 set_key_blob(key_data, km0_sw.length());
2875
2876 string message(64, 'a');
2877 string signature;
2878 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2879 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
2880
2881 EXPECT_EQ(5, GetParam()->keymaster0_calls());
2882}
2883
2884TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
2885 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2886 string km0_sw = read_file("km0_sw_rsa_512.blob");
2887 EXPECT_EQ(333U, km0_sw.length());
2888
2889 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2890 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2891 EXPECT_EQ('P', km0_sw[0]);
2892 km0_sw[0] = 'Q';
2893
2894 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2895 memcpy(key_data, km0_sw.data(), km0_sw.length());
2896 set_key_blob(key_data, km0_sw.length());
2897
2898 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2899 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2900 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
2901 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2902 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2903 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
2904 EXPECT_EQ(5U, hw_enforced().size());
2905
2906 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2907 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2908 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2909 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2910
2911 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2912 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2913 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2914 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2915 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2916
2917 EXPECT_EQ(1, GetParam()->keymaster0_calls());
2918}
2919
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]2920} // namespace test
2921} // namespace keymaster