Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 294a2db0e5f2eb46d84e4f5c9ce25245ac474147 / . / android_keymaster_test.cpp
blob: 542d4303e9b9b5c56ba0f74402d3dc9ef404a04a [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]22#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]23#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]24
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]25#include "android_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]26
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]27using std::ifstream;
28using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]29using std::string;
30using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]31using std::unique_ptr;
32
33extern "C" {
34int __android_log_print(int prio, const char* tag, const char* fmt);
35int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]36 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]37 return 0;
38}
39} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]40
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]41namespace keymaster {
42namespace test {
43
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]44StdoutLogger logger;
45
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]46class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
47 public:
48 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]49 std::cerr << "Creating software-only device" << std::endl;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]50 SoftKeymasterDevice* device = new SoftKeymasterDevice;
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]51 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]52 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]53
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]54 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]55 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]56};
57
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]58class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
59 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]60 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
61
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]62 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]63 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
64 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]65 hw_device_t* softkeymaster_device;
66 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
67 &softkeymaster_device));
68 // Make the software device pretend to be hardware
69 keymaster0_device_t* keymaster0_device =
70 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]71 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
72
73 if (!support_ec_) {
74 // Make the software device pretend not to support EC
75 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
76 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77
78 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
79
80 SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);
81 return keymaster->keymaster_device();
82 }
83
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]84 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
85 switch (algorithm) {
86 case KM_ALGORITHM_RSA:
87 return true;
88 case KM_ALGORITHM_EC:
89 return support_ec_;
90 default:
91 return false;
92 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
95
96 private:
97 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]98 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]99};
100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]101static auto test_params = testing::Values(
102 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
103 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
104 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]105
106typedef Keymaster1Test CheckSupported;
107INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
108
109TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]110 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
111 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]112
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]113 size_t len;
114 keymaster_algorithm_t* algorithms;
115 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]116 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]117 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]118 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]119
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]120 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]121}
122
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]123TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]124 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
125 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
126 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]127
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]128 size_t len;
129 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]130 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]131 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]132 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]133 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]134
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]135 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]136 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]137 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]138
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]139 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]140 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]141 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]142 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]143
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]144 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145}
146
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]147TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]148 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
149 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
150 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]151
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]152 size_t len;
153 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]154 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]155 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]156 EXPECT_TRUE(
157 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]158 free(modes);
159
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]160 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]161 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]162 EXPECT_TRUE(
163 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]164 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]165
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]166 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]167 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]168 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]169 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]170
171 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
172 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
173 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]174
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]175 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]176}
177
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]178TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]179 EXPECT_EQ(
180 KM_ERROR_OUTPUT_PARAMETER_NULL,
181 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]182
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]183 size_t len;
184 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]185 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]186 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]187 EXPECT_TRUE(
188 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
189 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
190 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]191 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]194 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
197 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
198 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]199 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]200
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]201 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
202 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
203 &len));
204
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]205 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]206 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]207 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
208 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
209 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]210 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]212 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]213}
214
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]215TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
217 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]218
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 size_t len;
220 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]221 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]222 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]223 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]227 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
228 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
229 free(formats);
230
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]231 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]232 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
233 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
234 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]235
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]236 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]237}
238
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]239TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]240 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
241 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]243 size_t len;
244 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]245 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]246 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]247 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]249
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]251 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]257 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]258 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]262 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]263 free(formats);
264
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]265 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]266 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]267 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]268 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]269
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]270 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271}
272
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]273class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]274 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]275 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]276 AuthorizationSet auths = sw_enforced();
277 EXPECT_GT(auths.SerializedSize(), 12U);
278
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]279 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
280 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
281 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]282 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]283 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]284
285 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]286 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
287 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
288 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]289
290 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]291 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
292 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
293 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]294
295 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]296 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]297 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]298 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]299};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]300INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
301
302TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]303 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
304 .RsaSigningKey(256, 3)
305 .Digest(KM_DIGEST_NONE)
306 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]308
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]309 // Check specified tags are all present, and in the right set.
310 AuthorizationSet crypto_params;
311 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]312 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]313 EXPECT_NE(0U, hw_enforced().size());
314 EXPECT_NE(0U, sw_enforced().size());
315 crypto_params.push_back(hw_enforced());
316 non_crypto_params.push_back(sw_enforced());
317 } else {
318 EXPECT_EQ(0U, hw_enforced().size());
319 EXPECT_NE(0U, sw_enforced().size());
320 crypto_params.push_back(sw_enforced());
321 }
322
323 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
324 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
325 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
326 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
327 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
328 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
329
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]330 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]331 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]332}
333
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]334TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]335 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
336 GenerateKey(AuthorizationSetBuilder()
337 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
338 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
339 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]340
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]342}
343
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]344TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]345 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]346 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]347 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]348
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]349 // Check specified tags are all present, and in the right set.
350 AuthorizationSet crypto_params;
351 AuthorizationSet non_crypto_params;
352 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
353 EXPECT_NE(0U, hw_enforced().size());
354 EXPECT_NE(0U, sw_enforced().size());
355 crypto_params.push_back(hw_enforced());
356 non_crypto_params.push_back(sw_enforced());
357 } else {
358 EXPECT_EQ(0U, hw_enforced().size());
359 EXPECT_NE(0U, sw_enforced().size());
360 crypto_params.push_back(sw_enforced());
361 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]362
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]363 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
364 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
365 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
366 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
367
368 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
369 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]370}
371
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]372TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]373 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
374 GenerateKey(AuthorizationSetBuilder()
375 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
376 .SigningKey()
377 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]378
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]379 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]380}
381
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]382TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]383 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
384 ASSERT_EQ(
385 KM_ERROR_UNKNOWN_ERROR,
386 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
387 else
388 ASSERT_EQ(
389 KM_ERROR_UNSUPPORTED_KEY_SIZE,
390 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
393 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]394}
395
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]396TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]397 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]398 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]399 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
400 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]401 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]402 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]403
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]404 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
405 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]406}
407
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]408TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]409 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]410 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]411
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]412 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]413}
414
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]415typedef Keymaster1Test GetKeyCharacteristics;
416INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
417
418TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]419 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
420 .RsaSigningKey(256, 3)
421 .Digest(KM_DIGEST_NONE)
422 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]423 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]424
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]425 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
426 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]427
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]428 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]429 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]430}
431
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]432typedef Keymaster1Test SigningOperationsTest;
433INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
434
435TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]436 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
437 .RsaSigningKey(256, 3)
438 .Digest(KM_DIGEST_NONE)
439 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]440 string message = "12345678901234567890123456789012";
441 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]442 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]443
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]444 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]445 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]446}
447
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]448TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]449 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
450 .RsaSigningKey(512, 3)
451 .Digest(KM_DIGEST_SHA_2_256)
452 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]453 // Use large message, which won't work without digesting.
454 string message(1024, 'a');
455 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]456 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]457
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]458 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]459 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]460}
461
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]462TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
463 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
464 .RsaSigningKey(512, 3)
465 .Digest(KM_DIGEST_NONE)
466 .Padding(KM_PAD_NONE)));
467 string message = "12345678901234567890123456789012";
468 string signature;
469 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
470
471 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
472 EXPECT_EQ(3, GetParam()->keymaster0_calls());
473}
474
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]475TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]476 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
477 .RsaSigningKey(512, 3)
478 .Digest(KM_DIGEST_SHA_2_256)
479 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]480 string message(1024, 'a');
481 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]482 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]483
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]484 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]485 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]486}
487
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]488TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]489 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
490 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]491 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
492 .RsaSigningKey(256 + 9 * 8, 3)
493 .Digest(KM_DIGEST_SHA_2_256)
494 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]495 string message(1024, 'a');
496 string signature;
497
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]498 AuthorizationSet begin_params(client_params());
499 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]500 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]501 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]502}
503
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]504TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]505 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
506 .RsaSigningKey(256, 3)
507 .Digest(KM_DIGEST_NONE)
508 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]509 AuthorizationSet begin_params(client_params());
510 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]511 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]512 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]513 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
514 // Another abort should fail
515 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]516
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]517 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]518 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]519}
520
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]521TEST_P(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]522 GenerateKey(AuthorizationSetBuilder()
523 .RsaSigningKey(256, 3)
524 .Digest(KM_DIGEST_MD5)
525 .Padding(KM_PAD_RSA_PSS /* supported padding */));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]526 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]527
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]528 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]529 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]530}
531
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]532TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]533 GenerateKey(AuthorizationSetBuilder()
534 .RsaSigningKey(256, 3)
535 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
536 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]537 AuthorizationSet begin_params(client_params());
538 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
539 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]540
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]541 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]542 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]543}
544
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]545TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]546 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]547 GenerateKey(AuthorizationSetBuilder()
548 .RsaSigningKey(256, 3)
549 .Digest(KM_DIGEST_NONE)
550 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]551 AuthorizationSet begin_params(client_params());
552 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]553 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]554 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]555
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]556 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]557 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]558}
559
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]560TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]561 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]562 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
563 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]564 AuthorizationSet begin_params(client_params());
565 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
566 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]567
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]568 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]569 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]570}
571
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]572TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]573 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
574 .RsaSigningKey(256, 3)
575 .Digest(KM_DIGEST_NONE)
576 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]577 AuthorizationSet begin_params(client_params());
578 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]579 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]580 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]581
582 string message = "1234567890123456789012345678901";
583 string result;
584 size_t input_consumed;
585 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
586 EXPECT_EQ(0U, result.size());
587 EXPECT_EQ(31U, input_consumed);
588
589 string signature;
590 ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature));
591 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]592
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]593 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]594 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]595}
596
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]597TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]598 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
599 .RsaEncryptionKey(256, 3)
600 .Digest(KM_DIGEST_NONE)
601 .Padding(KM_PAD_NONE)));
602 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]603
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]604 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame^]605 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]606}
607
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]608TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]609 ASSERT_EQ(KM_ERROR_OK,
610 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]611 string message(1024, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]612 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]613 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]614
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]615 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
616 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]617}
618
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]619TEST_P(SigningOperationsTest, EcdsaSha256Success) {
620 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
621 KM_DIGEST_SHA_2_256)));
622 string message(1024, 'a');
623 string signature;
624 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
625
626 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
627 EXPECT_EQ(3, GetParam()->keymaster0_calls());
628}
629
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]630TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]631 ASSERT_EQ(KM_ERROR_OK,
632 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
633 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame^]634 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
635 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]636
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]637 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]638}
639
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]640TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]641 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]642 string message = "12345678901234567890123456789012";
643 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]644 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]645 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]646
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]647 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]648}
649
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]650TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK,
652 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]653 string message = "12345678901234567890123456789012";
654 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]655 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]656 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]657
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]658 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]659}
660
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]661TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]662 ASSERT_EQ(KM_ERROR_OK,
663 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]664 string message = "12345678901234567890123456789012";
665 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]666 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]667 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]668
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]669 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]670}
671
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]672TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]673 ASSERT_EQ(KM_ERROR_OK,
674 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
675
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]676 string message = "12345678901234567890123456789012";
677 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]678 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]679 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]680
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]681 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]682}
683
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]684TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]685 ASSERT_EQ(KM_ERROR_OK,
686 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]687 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]688 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]689 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]690 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]691
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]692 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]693}
694
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]695TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]696 // TODO(swillden): unified API should generate an error on key generation.
697 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
698 .HmacKey(128)
699 .Digest(KM_DIGEST_SHA_2_256)
700 .Authorization(TAG_MAC_LENGTH, 20)));
701 string message = "12345678901234567890123456789012";
702 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]703 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]704 // Size in key was ignored.
705 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]706
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]707 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]708}
709
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]710TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]711 uint8_t key_data[] = {
712 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
713 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
714 };
715 string message = "Hi There";
716 uint8_t sha_224_expected[] = {
717 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
718 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
719 };
720 uint8_t sha_256_expected[] = {
721 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
722 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
723 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
724 };
725 uint8_t sha_384_expected[] = {
726 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
727 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
728 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
729 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
730 };
731 uint8_t sha_512_expected[] = {
732 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
733 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
734 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
735 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
736 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
737 };
738
739 string key = make_string(key_data);
740
741 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
742 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
743 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
744 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]745
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]746 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]747}
748
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]749TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]750 string key = "Jefe";
751 string message = "what do ya want for nothing?";
752 uint8_t sha_224_expected[] = {
753 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
754 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
755 };
756 uint8_t sha_256_expected[] = {
757 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
758 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
759 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
760 };
761 uint8_t sha_384_expected[] = {
762 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
763 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
764 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
765 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
766 };
767 uint8_t sha_512_expected[] = {
768 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
769 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
770 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
771 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
772 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
773 };
774
775 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
776 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
777 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
778 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]779
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]780 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]781}
782
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]783TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]784 string key(20, 0xaa);
785 string message(50, 0xdd);
786 uint8_t sha_224_expected[] = {
787 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
788 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
789 };
790 uint8_t sha_256_expected[] = {
791 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
792 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
793 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
794 };
795 uint8_t sha_384_expected[] = {
796 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
797 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
798 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
799 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
800 };
801 uint8_t sha_512_expected[] = {
802 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
803 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
804 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
805 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
806 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
807 };
808
809 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
810 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
811 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
812 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]813
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]814 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]815}
816
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]817TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]818 uint8_t key_data[25] = {
819 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
820 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
821 };
822 string key = make_string(key_data);
823 string message(50, 0xcd);
824 uint8_t sha_224_expected[] = {
825 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
826 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
827 };
828 uint8_t sha_256_expected[] = {
829 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
830 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
831 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
832 };
833 uint8_t sha_384_expected[] = {
834 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
835 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
836 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
837 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
838 };
839 uint8_t sha_512_expected[] = {
840 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
841 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
842 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
843 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
844 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
845 };
846
847 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
848 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
849 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
850 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]851
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]852 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]853}
854
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]855TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]856 string key(20, 0x0c);
857 string message = "Test With Truncation";
858
859 uint8_t sha_224_expected[] = {
860 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
861 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
862 };
863 uint8_t sha_256_expected[] = {
864 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
865 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
866 };
867 uint8_t sha_384_expected[] = {
868 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
869 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
870 };
871 uint8_t sha_512_expected[] = {
872 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
873 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
874 };
875
876 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
877 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
878 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
879 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]880
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]881 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]882}
883
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]884TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]885 string key(131, 0xaa);
886 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
887
888 uint8_t sha_224_expected[] = {
889 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
890 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
891 };
892 uint8_t sha_256_expected[] = {
893 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
894 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
895 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
896 };
897 uint8_t sha_384_expected[] = {
898 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
899 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
900 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
901 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
902 };
903 uint8_t sha_512_expected[] = {
904 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
905 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
906 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
907 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
908 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
909 };
910
911 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
912 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
913 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
914 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]915
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]916 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]917}
918
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]919TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]920 string key(131, 0xaa);
921 string message = "This is a test using a larger than block-size key and a larger than "
922 "block-size data. The key needs to be hashed before being used by the HMAC "
923 "algorithm.";
924
925 uint8_t sha_224_expected[] = {
926 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
927 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
928 };
929 uint8_t sha_256_expected[] = {
930 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
931 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
932 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
933 };
934 uint8_t sha_384_expected[] = {
935 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
936 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
937 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
938 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
939 };
940 uint8_t sha_512_expected[] = {
941 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
942 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
943 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
944 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
945 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
946 };
947
948 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
949 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
950 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
951 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]952
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]953 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]954}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]955
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]956TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]957 ASSERT_EQ(KM_ERROR_OK,
958 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
959 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]960 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]961 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]962 ASSERT_EQ(KM_ERROR_OK,
963 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
964 string message = "1234567890123456789012345678901";
965 string result;
966 size_t input_consumed;
967 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
968 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]969
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]970 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]971}
972
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]973// TODO(swillden): Add more verification failure tests.
974
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]975typedef Keymaster1Test VerificationOperationsTest;
976INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
977
978TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]979 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
980 .RsaSigningKey(256, 3)
981 .Digest(KM_DIGEST_NONE)
982 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]983 string message = "12345678901234567890123456789012";
984 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]985 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
986 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]987
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]988 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]989 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]990}
991
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]992TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]993 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
994 .RsaSigningKey(512, 3)
995 .Digest(KM_DIGEST_SHA_2_256)
996 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]997 // Use large message, which won't work without digesting.
998 string message(1024, 'a');
999 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1000 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1001 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1002
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1003 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1004 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1005}
1006
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1007TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1008 GenerateKey(AuthorizationSetBuilder()
1009 .RsaSigningKey(512, 3)
1010 .Digest(KM_DIGEST_SHA_2_256)
1011 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1012 string message(1024, 'a');
1013 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1014 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1015 ++signature[signature.size() / 2];
1016
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1017 AuthorizationSet begin_params(client_params());
1018 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1019 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1020 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1021
1022 string result;
1023 size_t input_consumed;
1024 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1025 EXPECT_EQ(message.size(), input_consumed);
1026 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1027
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1028 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1029 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1030}
1031
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1032TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1033 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1034 .RsaSigningKey(512, 3)
1035 .Digest(KM_DIGEST_SHA_2_256)
1036 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1037 // Use large message, which won't work without digesting.
1038 string message(1024, 'a');
1039 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1040 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1041 ++message[message.size() / 2];
1042
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1043 AuthorizationSet begin_params(client_params());
1044 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1045 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1046 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1047
1048 string result;
1049 size_t input_consumed;
1050 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1051 EXPECT_EQ(message.size(), input_consumed);
1052 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1053
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1054 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1055 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1056}
1057
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1058TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1059 GenerateKey(AuthorizationSetBuilder()
1060 .RsaSigningKey(512, 3)
1061 .Digest(KM_DIGEST_SHA_2_256)
1062 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1063 string message(1024, 'a');
1064 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1065 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1066 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1067
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1068 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1069 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1070}
1071
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1072TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1073 GenerateKey(AuthorizationSetBuilder()
1074 .RsaSigningKey(512, 3)
1075 .Digest(KM_DIGEST_SHA_2_256)
1076 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1077 string message(1024, 'a');
1078 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1079 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1080 ++signature[signature.size() / 2];
1081
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1082 AuthorizationSet begin_params(client_params());
1083 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1084 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1085 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1086
1087 string result;
1088 size_t input_consumed;
1089 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1090 EXPECT_EQ(message.size(), input_consumed);
1091 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1092
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1093 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1094 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1095}
1096
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1097TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1098 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1099 .RsaSigningKey(512, 3)
1100 .Digest(KM_DIGEST_SHA_2_256)
1101 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1102 // Use large message, which won't work without digesting.
1103 string message(1024, 'a');
1104 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1105 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1106 ++message[message.size() / 2];
1107
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1108 AuthorizationSet begin_params(client_params());
1109 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1110 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1111 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1112
1113 string result;
1114 size_t input_consumed;
1115 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1116 EXPECT_EQ(message.size(), input_consumed);
1117 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1118
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1119 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1120 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1121}
1122
1123template <typename T> vector<T> make_vector(const T* array, size_t len) {
1124 return vector<T>(array, array + len);
1125}
1126
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1127TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1128 // Get all supported digests and padding modes.
1129 size_t digests_len;
1130 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1131 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1132 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1133 &digests_len));
1134
1135 size_t padding_modes_len;
1136 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1137 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1138 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1139 &padding_modes, &padding_modes_len));
1140
1141 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1142 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1143 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1144 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1145 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1146 // Digesting requires padding
1147 continue;
1148
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1149 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1150 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1151 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1152
1153 if (digest == KM_DIGEST_NONE) {
1154 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1155 switch (padding_mode) {
1156 case KM_PAD_NONE:
1157 // Match key size.
1158 message_len = key_bits / 8;
1159 break;
1160 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1161 message_len = key_bits / 8 - 11;
1162 break;
1163 case KM_PAD_RSA_PSS:
1164 // PSS requires a digest.
1165 continue;
1166 default:
1167 FAIL() << "Missing padding";
1168 break;
1169 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1170 } else {
1171 size_t digest_bits;
1172 switch (digest) {
1173 case KM_DIGEST_MD5:
1174 digest_bits = 128;
1175 break;
1176 case KM_DIGEST_SHA1:
1177 digest_bits = 160;
1178 break;
1179 case KM_DIGEST_SHA_2_224:
1180 digest_bits = 224;
1181 break;
1182 case KM_DIGEST_SHA_2_256:
1183 digest_bits = 256;
1184 break;
1185 case KM_DIGEST_SHA_2_384:
1186 digest_bits = 384;
1187 break;
1188 case KM_DIGEST_SHA_2_512:
1189 digest_bits = 512;
1190 break;
1191 default:
1192 FAIL() << "Missing digest";
1193 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1194
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1195 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1196 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1197 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1198 break;
1199 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1200 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1201 break;
1202 default:
1203 FAIL() << "Missing padding";
1204 break;
1205 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1206 }
1207
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1208 GenerateKey(AuthorizationSetBuilder()
1209 .RsaSigningKey(key_bits, 3)
1210 .Digest(digest)
1211 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1212 string message(message_len, 'a');
1213 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1214 SignMessage(message, &signature, digest, padding_mode);
1215 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1216 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1217 }
1218 }
1219
1220 free(padding_modes);
1221 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1222
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1223 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1224 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1225}
1226
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1227TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1228 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1229 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1230 string message = "123456789012345678901234567890123456789012345678";
1231 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1232 SignMessage(message, &signature, KM_DIGEST_NONE);
1233 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1234
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1235 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1236 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1237}
1238
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1239TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1240 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1241 .EcdsaSigningKey(256)
1242 .Digest(KM_DIGEST_SHA_2_256)
1243 .Digest(KM_DIGEST_NONE)));
1244 string message = "123456789012345678901234567890123456789012345678";
1245 string signature;
1246 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1247 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1248
1249 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1250 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1251
1252 // Just for giggles, try verifying with the wrong digest.
1253 AuthorizationSet begin_params(client_params());
1254 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1255 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1256
1257 string result;
1258 size_t input_consumed;
1259 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1260 EXPECT_EQ(message.size(), input_consumed);
1261 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1262}
1263
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1264TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1265 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1266 string message = "123456789012345678901234567890123456789012345678";
1267 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1268 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1269 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1270
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1271 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1272}
1273
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1274TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1275 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1276 string message = "123456789012345678901234567890123456789012345678";
1277 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1278 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1279 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1280
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1281 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1282}
1283
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1284TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1285 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1286 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1287 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1288 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1289 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1290
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1291 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1292}
1293
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1294TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1295 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1296 string message = "123456789012345678901234567890123456789012345678";
1297 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1298 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1299 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1300
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1301 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1302}
1303
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1304TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1305 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1306 string message = "123456789012345678901234567890123456789012345678";
1307 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1308 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1309 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1310
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1311 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1312}
1313
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1314typedef Keymaster1Test ExportKeyTest;
1315INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1316
1317TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1318 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1319 .RsaSigningKey(256, 3)
1320 .Digest(KM_DIGEST_NONE)
1321 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1322 string export_data;
1323 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1324 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1325
1326 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1327
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1328 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1329 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1330}
1331
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1332TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1333 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1334 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1335 string export_data;
1336 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1337 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1338
1339 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1340
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1341 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1342 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1343}
1344
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1345TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1346 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1347 .RsaSigningKey(256, 3)
1348 .Digest(KM_DIGEST_NONE)
1349 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1350 string export_data;
1351 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1352
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1353 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1354 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1355}
1356
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1357TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1358 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1359 .RsaSigningKey(256, 3)
1360 .Digest(KM_DIGEST_NONE)
1361 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1362 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1363 string export_data;
1364 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1365
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1366 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1367 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1368}
1369
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1370TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1371 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1372 string export_data;
1373
1374 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1375 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1376 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1377
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1378 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1379}
1380
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1381static string read_file(const string& file_name) {
1382 ifstream file_stream(file_name, std::ios::binary);
1383 istreambuf_iterator<char> file_begin(file_stream);
1384 istreambuf_iterator<char> file_end;
1385 return string(file_begin, file_end);
1386}
1387
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1388typedef Keymaster1Test ImportKeyTest;
1389INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1390
1391TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1392 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1393 ASSERT_EQ(633U, pk8_key.size());
1394
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1395 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1396 .RsaSigningKey(1024, 65537)
1397 .Digest(KM_DIGEST_NONE)
1398 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1399 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1400
1401 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1402 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1403 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1404 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1405 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1406 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1407 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1408 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1409 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1410 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1411
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1412 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1413 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1414 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1415
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1416 string message(1024 / 8, 'a');
1417 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1418 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1419 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1420
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1421 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1422 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1423}
1424
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1425TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1426 string pk8_key = read_file("rsa_privkey_pk8.der");
1427 ASSERT_EQ(633U, pk8_key.size());
1428
1429 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1430 // point softkeymaster will no longer support keymaster0 APIs anyway.
1431 uint8_t* key_blob;
1432 size_t key_blob_length;
1433 ASSERT_EQ(0,
1434 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1435 pk8_key.size(), &key_blob, &key_blob_length));
1436 set_key_blob(key_blob, key_blob_length);
1437
1438 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1439 AuthorizationSet begin_params; // Don't use client data.
1440 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1441 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1442 AuthorizationSet update_params;
1443 AuthorizationSet output_params;
1444 string signature =
1445 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1446 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1447 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1448
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1449 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1450 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1451}
1452
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1453TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1454 string pk8_key = read_file("rsa_privkey_pk8.der");
1455 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1456 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1457 ImportKey(AuthorizationSetBuilder()
1458 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1459 .Digest(KM_DIGEST_NONE)
1460 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1461 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1462
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1463 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1464}
1465
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1466TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1467 string pk8_key = read_file("rsa_privkey_pk8.der");
1468 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1469 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1470 ImportKey(AuthorizationSetBuilder()
1471 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1472 .Digest(KM_DIGEST_NONE)
1473 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1474 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1475
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1476 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1477}
1478
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1479TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1480 string pk8_key = read_file("ec_privkey_pk8.der");
1481 ASSERT_EQ(138U, pk8_key.size());
1482
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1483 ASSERT_EQ(KM_ERROR_OK,
1484 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1485 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1486
1487 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1488 EXPECT_TRUE(
1489 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1490 TAG_ALGORITHM, KM_ALGORITHM_EC));
1491 EXPECT_TRUE(
1492 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1493 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1494
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1495 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1496 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1497 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1498
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1499 string message(1024 / 8, 'a');
1500 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1501 SignMessage(message, &signature, KM_DIGEST_NONE);
1502 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1503
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1504 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1505 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1506}
1507
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1508TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1509 string pk8_key = read_file("ec_privkey_pk8.der");
1510 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1511
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1512 ASSERT_EQ(KM_ERROR_OK,
1513 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1514 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1515
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1516 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1517 EXPECT_TRUE(
1518 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1519 TAG_ALGORITHM, KM_ALGORITHM_EC));
1520 EXPECT_TRUE(
1521 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1522 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1523
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1524 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1525 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1526 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1527
1528 string message(1024 / 8, 'a');
1529 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1530 SignMessage(message, &signature, KM_DIGEST_NONE);
1531 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1532
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1533 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1534 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1535}
1536
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1537TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1538 string pk8_key = read_file("ec_privkey_pk8.der");
1539 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1540 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1541 ImportKey(AuthorizationSetBuilder()
1542 .EcdsaSigningKey(224 /* Doesn't match key */)
1543 .Digest(KM_DIGEST_NONE),
1544 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1545
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1546 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1547}
1548
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1549TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1550 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1551 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1552 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1553 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1554 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1555 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1556
1557 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1558 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1559
1560 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1561 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1562 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1563 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1564
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1565 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1566}
1567
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1568TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1569 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1570 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1571 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1572 .HmacKey(sizeof(key_data) * 8)
1573 .Digest(KM_DIGEST_SHA_2_256)
1574 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1575 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1576
1577 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1578 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1579
1580 string message = "Hello World!";
1581 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1582 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1583 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1584
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1585 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1586}
1587
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1588typedef Keymaster1Test EncryptionOperationsTest;
1589INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1590
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1591TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1592 ASSERT_EQ(KM_ERROR_OK,
1593 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1594
1595 string message = "12345678901234567890123456789012";
1596 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1597 EXPECT_EQ(256U / 8, ciphertext1.size());
1598
1599 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1600 EXPECT_EQ(256U / 8, ciphertext2.size());
1601
1602 // Unpadded RSA is deterministic
1603 EXPECT_EQ(ciphertext1, ciphertext2);
1604
1605 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1606 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1607}
1608
1609TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1610 ASSERT_EQ(KM_ERROR_OK,
1611 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1612
1613 string message = "1234567890123456789012345678901";
1614
1615 AuthorizationSet begin_params(client_params());
1616 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1617 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1618
1619 string result;
1620 size_t input_consumed;
1621 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1622 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1623 EXPECT_EQ(0U, result.size());
1624
1625 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1626 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1627}
1628
1629TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1630 ASSERT_EQ(KM_ERROR_OK,
1631 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1632
1633 string message = "123456789012345678901234567890123";
1634
1635 AuthorizationSet begin_params(client_params());
1636 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1637 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1638
1639 string result;
1640 size_t input_consumed;
1641 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1642 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1643 EXPECT_EQ(0U, result.size());
1644
1645 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1646 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1647}
1648
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1649TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1650 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1651 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1652
1653 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1654 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1655 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1656
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1657 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1658 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1659
1660 // OAEP randomizes padding so every result should be different.
1661 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1662
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1663 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1664 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1665}
1666
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1667TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1668 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1669 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1670 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1671 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1672 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1673
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1674 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1675 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1676
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1677 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1678 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1679}
1680
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1681TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1682 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1683 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1684 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1685 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1686 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1687
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1688 AuthorizationSet begin_params(client_params());
1689 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1690 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1691 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1692 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1693 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1694
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1695 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1696 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1697}
1698
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1699TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1700 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1701 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1702 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1703 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1704 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1705
1706 // Corrupt the ciphertext
1707 ciphertext[512 / 8 / 2]++;
1708
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1709 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1710 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1711 AuthorizationSet begin_params(client_params());
1712 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1713 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1714 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1715 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1716 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1717
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1718 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1719 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1720}
1721
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1722TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1723 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1724 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1725 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1726 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1727 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1728
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1729 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1730 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1731
1732 // PKCS1 v1.5 randomizes padding so every result should be different.
1733 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1734
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1735 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1736 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1737}
1738
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1739TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1740 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1741 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1742 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1743 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1744 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1745
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1746 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1747 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1748
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1749 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1750 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1751}
1752
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1753TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1754 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1755 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1756 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1757 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1758 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1759
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1760 AuthorizationSet begin_params(client_params());
1761 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1762 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1763 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1764 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1765 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1766
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1767 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1768 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1769}
1770
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1771TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1772 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1773 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1774 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1775 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1776 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1777
1778 // Corrupt the ciphertext
1779 ciphertext[512 / 8 / 2]++;
1780
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1781 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1782 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1783 AuthorizationSet begin_params(client_params());
1784 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1785 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1786 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1787 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1788 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1789
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1790 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1791 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1792}
1793
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1794TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1795 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1796 .RsaSigningKey(256, 3)
1797 .Digest(KM_DIGEST_NONE)
1798 .Padding(KM_PAD_NONE)));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1799 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1800
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1801 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame^]1802 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1803}
1804
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1805TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1806 ASSERT_EQ(KM_ERROR_OK,
1807 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame^]1808 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1809 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1810
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1811 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1812 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1813}
1814
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1815TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1816 ASSERT_EQ(
1817 KM_ERROR_OK,
1818 GenerateKey(
1819 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame^]1820 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1821 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1822
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1823 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1824}
1825
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1826TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1827 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1828 .AesEncryptionKey(128)
1829 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1830 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1831 // Two-block message.
1832 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1833 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1834 EXPECT_EQ(message.size(), ciphertext1.size());
1835
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1836 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1837 EXPECT_EQ(message.size(), ciphertext2.size());
1838
1839 // ECB is deterministic.
1840 EXPECT_EQ(ciphertext1, ciphertext2);
1841
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1842 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1843 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1844
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1845 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1846}
1847
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1848TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1849 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1850 .AesEncryptionKey(128)
1851 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1852 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1853 // Message is slightly shorter than two blocks.
1854 string message = "1234567890123456789012345678901";
1855
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1856 AuthorizationSet begin_params(client_params());
1857 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1858 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1859 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1860 string ciphertext;
1861 size_t input_consumed;
1862 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
1863 EXPECT_EQ(message.size(), input_consumed);
1864 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1865
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1866 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1867}
1868
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1869TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1870 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1871 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1872 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1873 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1874
1875 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1876 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1877 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1878 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1879 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1880 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1881 EXPECT_EQ(message, plaintext);
1882 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1883
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1884 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1885}
1886
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1887TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1888 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1889 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1890 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1891 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1892
1893 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1894 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1895 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1896 EXPECT_NE(ciphertext, message);
1897 ++ciphertext[ciphertext.size() / 2];
1898
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1899 AuthorizationSet begin_params(client_params());
1900 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1901 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1902 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1903 string plaintext;
1904 size_t input_consumed;
1905 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
1906 EXPECT_EQ(ciphertext.size(), input_consumed);
1907 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1908
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1909 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1910}
1911
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1912TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1913 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1914 .AesEncryptionKey(128)
1915 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
1916 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1917 string message = "123";
1918 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1919 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1920 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]1921 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1922
1923 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1924 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1925 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]1926 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1927
1928 // IVs should be random, so ciphertexts should differ.
1929 EXPECT_NE(iv1, iv2);
1930 EXPECT_NE(ciphertext1, ciphertext2);
1931
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1932 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1933 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1934
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1935 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1936}
1937
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1938TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1939 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1940 .AesEncryptionKey(128)
1941 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
1942 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1943
1944 int increment = 15;
1945 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1946 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1947 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1948 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1949 AuthorizationSet output_params;
1950 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
1951
1952 string ciphertext;
1953 size_t input_consumed;
1954 for (size_t i = 0; i < message.size(); i += increment)
1955 EXPECT_EQ(KM_ERROR_OK,
1956 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
1957 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
1958 EXPECT_EQ(message.size(), ciphertext.size());
1959
1960 // Move TAG_NONCE into input_params
1961 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1962 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1963 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1964 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1965 output_params.Clear();
1966
1967 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
1968 string plaintext;
1969 for (size_t i = 0; i < ciphertext.size(); i += increment)
1970 EXPECT_EQ(KM_ERROR_OK,
1971 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
1972 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
1973 EXPECT_EQ(ciphertext.size(), plaintext.size());
1974 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1975
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1976 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1977}
1978
1979struct AesCtrSp80038aTestVector {
1980 const char* key;
1981 const char* nonce;
1982 const char* plaintext;
1983 const char* ciphertext;
1984};
1985
1986// These test vectors are taken from
1987// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
1988static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
1989 // AES-128
1990 {
1991 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1992 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
1993 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
1994 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
1995 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
1996 },
1997 // AES-192
1998 {
1999 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2000 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2001 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2002 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2003 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2004 },
2005 // AES-256
2006 {
2007 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2008 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2009 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2010 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2011 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2012 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2013 },
2014};
2015
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2016TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2017 for (size_t i = 0; i < 3; i++) {
2018 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2019 const string key = hex2str(test.key);
2020 const string nonce = hex2str(test.nonce);
2021 const string plaintext = hex2str(test.plaintext);
2022 const string ciphertext = hex2str(test.ciphertext);
2023 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2024 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2025
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2026 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2027}
2028
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2029TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2030 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2031 .AesEncryptionKey(128)
2032 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2033 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2034 AuthorizationSet begin_params(client_params());
2035 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2036 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2037 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2038
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2039 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2040}
2041
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2042TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2043 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2044 .AesEncryptionKey(128)
2045 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2046 .Authorization(TAG_CALLER_NONCE)
2047 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2048
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2049 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2050 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2051 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2052 input_params.push_back(TAG_NONCE, "123", 3);
2053 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2054
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2055 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2056}
2057
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2058TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2059 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2060 .AesEncryptionKey(128)
2061 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2062 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2063 // Two-block message.
2064 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2065 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2066 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2067 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2068
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2069 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2070 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2071 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2072
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2073 // IVs should be random, so ciphertexts should differ.
2074 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2075 EXPECT_NE(ciphertext1, ciphertext2);
2076
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2077 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2078 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2079
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2080 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2081}
2082
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2083TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2084 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2085 .AesEncryptionKey(128)
2086 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2087 .Authorization(TAG_CALLER_NONCE)
2088 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2089 string message = "12345678901234567890123456789012";
2090 string iv1;
2091 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2092 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2093 EXPECT_EQ(message.size(), ciphertext1.size());
2094 EXPECT_EQ(16U, iv1.size());
2095
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2096 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2097 EXPECT_EQ(message, plaintext);
2098
2099 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2100 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2101 AuthorizationSet update_params;
2102 AuthorizationSet output_params;
2103 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2104 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2105 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2106 string ciphertext2 =
2107 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2108
2109 // Decrypt with correct nonce.
2110 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2111 &output_params);
2112 EXPECT_EQ(message, plaintext);
2113
2114 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2115 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2116 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2117 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2118 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2119 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2120 &output_params);
2121 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2122
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2123 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2124}
2125
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2126TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2127 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2128 .AesEncryptionKey(128)
2129 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2130 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2131
2132 string message = "12345678901234567890123456789012";
2133 string iv1;
2134 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2135 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2136 EXPECT_EQ(message.size(), ciphertext1.size());
2137 EXPECT_EQ(16U, iv1.size());
2138
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2139 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2140 EXPECT_EQ(message, plaintext);
2141
2142 // Now specify a nonce, should fail.
2143 AuthorizationSet input_params(client_params());
2144 AuthorizationSet update_params;
2145 AuthorizationSet output_params;
2146 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2147 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2148 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2149
2150 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2151 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2152
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2153 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2154}
2155
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2156TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2157 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2158 .AesEncryptionKey(128)
2159 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2160 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2161
2162 int increment = 15;
2163 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2164 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2165 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2166 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2167 AuthorizationSet output_params;
2168 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2169
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2170 string ciphertext;
2171 size_t input_consumed;
2172 for (size_t i = 0; i < message.size(); i += increment)
2173 EXPECT_EQ(KM_ERROR_OK,
2174 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2175 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2176 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2177
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2178 // Move TAG_NONCE into input_params
2179 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2180 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2181 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2182 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2183 output_params.Clear();
2184
2185 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2186 string plaintext;
2187 for (size_t i = 0; i < ciphertext.size(); i += increment)
2188 EXPECT_EQ(KM_ERROR_OK,
2189 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2190 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2191 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2192 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2193
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2194 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2195}
2196
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2197TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2198 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2199 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2200 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2201 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2202
2203 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2204 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2205 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2206 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2207 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2208 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2209 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2210 EXPECT_EQ(message, plaintext);
2211 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2212
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2213 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2214}
2215
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2216TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2217 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2218 .AesEncryptionKey(128)
2219 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2220 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2221 string aad = "foobar";
2222 string message = "123456789012345678901234567890123456";
2223 AuthorizationSet begin_params(client_params());
2224 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2225 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2226 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2227
2228 AuthorizationSet update_params;
2229 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2230
2231 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2232 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2233 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2234 string ciphertext;
2235 size_t input_consumed;
2236 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2237 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2238 &input_consumed));
2239 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2240 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2241
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2242 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2243 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2244 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2245
2246 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2247 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2248 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2249 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2250 &plaintext, &input_consumed));
2251 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2252 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2253
2254 EXPECT_EQ(message, plaintext);
2255 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2256}
2257
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2258TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2259 uint8_t nonce[] = {
2260 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2261 };
2262 uint8_t ciphertext[] = {
2263 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2264 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2265 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2266 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2267 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2268 };
2269 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2270
2271 AuthorizationSet begin_params(client_params());
2272 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2273 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2274 begin_params.push_back(TAG_MAC_LENGTH, 128);
2275 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2276
2277 string plaintext;
2278 size_t input_consumed;
2279
2280 // Import correct key and decrypt
2281 uint8_t good_key[] = {
2282 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2283 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2284 };
2285 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2286 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2287 .AesEncryptionKey(128)
2288 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2289 .Authorization(TAG_PADDING, KM_PAD_NONE)
2290 .Authorization(TAG_CALLER_NONCE),
2291 KM_KEY_FORMAT_RAW, good_key_str));
2292 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2293 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2294 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2295
2296 // Import bad key and decrypt
2297 uint8_t bad_key[] = {
2298 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2299 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2300 };
2301 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2302 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2303 .AesEncryptionKey(128)
2304 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2305 .Authorization(TAG_PADDING, KM_PAD_NONE),
2306 KM_KEY_FORMAT_RAW, bad_key_str));
2307 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2308 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2309 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2310
2311 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2312}
2313
2314TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2315 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2316 .AesEncryptionKey(128)
2317 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2318 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2319 string aad = "123456789012345678";
2320 string empty_message;
2321 AuthorizationSet begin_params(client_params());
2322 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2323 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2324 begin_params.push_back(TAG_MAC_LENGTH, 128);
2325
2326 AuthorizationSet update_params;
2327 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2328
2329 // Encrypt
2330 AuthorizationSet begin_out_params;
2331 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2332 string ciphertext;
2333 size_t input_consumed;
2334 AuthorizationSet update_out_params;
2335 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2336 &ciphertext, &input_consumed));
2337 EXPECT_EQ(0U, input_consumed);
2338 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2339
2340 // Grab nonce
2341 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2342 begin_params.push_back(begin_out_params);
2343
2344 // Decrypt.
2345 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2346 string plaintext;
2347 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2348 &plaintext, &input_consumed));
2349 EXPECT_EQ(ciphertext.size(), input_consumed);
2350 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2351
2352 EXPECT_EQ(empty_message, plaintext);
2353 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2354}
2355
2356TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2357 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2358 .AesEncryptionKey(128)
2359 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2360 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2361 AuthorizationSet begin_params(client_params());
2362 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2363 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2364 begin_params.push_back(TAG_MAC_LENGTH, 128);
2365
2366 AuthorizationSet update_params;
2367 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2368
2369 // Encrypt
2370 AuthorizationSet begin_out_params;
2371 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2372 string ciphertext;
2373 size_t input_consumed;
2374 AuthorizationSet update_out_params;
2375
2376 // Send AAD, incrementally
2377 for (int i = 0; i < 1000; ++i) {
2378 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2379 &input_consumed));
2380 EXPECT_EQ(0U, input_consumed);
2381 EXPECT_EQ(0U, ciphertext.size());
2382 }
2383
2384 // Now send data, incrementally, no data.
2385 AuthorizationSet empty_params;
2386 for (int i = 0; i < 1000; ++i) {
2387 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2388 &input_consumed));
2389 EXPECT_EQ(1U, input_consumed);
2390 }
2391 EXPECT_EQ(1000U, ciphertext.size());
2392
2393 // And finish.
2394 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2395 EXPECT_EQ(1016U, ciphertext.size());
2396
2397 // Grab nonce
2398 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2399 begin_params.push_back(begin_out_params);
2400
2401 // Decrypt.
2402 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2403 string plaintext;
2404
2405 // Send AAD, incrementally, no data
2406 for (int i = 0; i < 1000; ++i) {
2407 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2408 &input_consumed));
2409 EXPECT_EQ(0U, input_consumed);
2410 EXPECT_EQ(0U, plaintext.size());
2411 }
2412
2413 // Now send data, incrementally.
2414 for (size_t i = 0; i < ciphertext.length(); ++i) {
2415 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2416 &update_out_params, &plaintext, &input_consumed));
2417 EXPECT_EQ(1U, input_consumed);
2418 }
2419 EXPECT_EQ(1000U, plaintext.size());
2420 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2421
2422 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2423}
2424
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2425TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2426 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2427 .AesEncryptionKey(128)
2428 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2429 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2430 string message = "123456789012345678901234567890123456";
2431 AuthorizationSet begin_params(client_params());
2432 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2433 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2434 begin_params.push_back(TAG_MAC_LENGTH, 128);
2435 AuthorizationSet begin_out_params;
2436
2437 AuthorizationSet update_params;
2438 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2439
2440 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2441
2442 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2443 string ciphertext;
2444 size_t input_consumed;
2445 AuthorizationSet update_out_params;
2446 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2447 &ciphertext, &input_consumed));
2448 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2449
2450 // AAD and data.
2451 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2452 &input_consumed));
2453 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2454 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2455
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2456 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2457 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2458 begin_params.push_back(begin_out_params);
2459
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2460 // Decrypt
2461 update_params.Clear();
2462 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2463
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2464 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2465 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2466 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2467 &plaintext, &input_consumed));
2468 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2469 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2470
2471 EXPECT_EQ(message, plaintext);
2472 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2473}
2474
2475TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2476 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2477 .AesEncryptionKey(128)
2478 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2479 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2480 string message = "12345678901234567890123456789012";
2481 AuthorizationSet begin_params(client_params());
2482 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2483 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2484 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2485
2486 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2487 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2488
2489 AuthorizationSet finish_params;
2490 AuthorizationSet finish_out_params;
2491
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2492 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2493 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2494 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2495 AuthorizationSet update_out_params;
2496 string ciphertext;
2497 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2498 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2499 &input_consumed));
2500 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2501 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2502
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2503 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2504 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2505 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2506
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2507 update_params.Clear();
2508 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2509
2510 // Decrypt.
2511 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2512 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2513 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2514 &plaintext, &input_consumed));
2515 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2516 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2517
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2518 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2519}
2520
2521TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2522 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2523 .AesEncryptionKey(128)
2524 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2525 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2526 string message = "12345678901234567890123456789012";
2527 AuthorizationSet begin_params(client_params());
2528 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2529 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2530 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2531
2532 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2533 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2534
2535 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2536 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2537 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2538 AuthorizationSet update_out_params;
2539 string ciphertext;
2540 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2541 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2542 &input_consumed));
2543 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2544 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2545
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2546 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2547
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2548 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2549 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2550 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2551 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2552 &plaintext, &input_consumed));
2553 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2554 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2555
2556 // With wrong nonce, should have gotten garbage plaintext.
2557 EXPECT_NE(message, plaintext);
2558 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2559}
2560
2561TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2562 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2563 .AesEncryptionKey(128)
2564 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2565 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2566 string aad = "foobar";
2567 string message = "123456789012345678901234567890123456";
2568 AuthorizationSet begin_params(client_params());
2569 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2570 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2571 begin_params.push_back(TAG_MAC_LENGTH, 128);
2572 AuthorizationSet begin_out_params;
2573
2574 AuthorizationSet update_params;
2575 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2576
2577 // Encrypt
2578 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2579 AuthorizationSet update_out_params;
2580 string ciphertext;
2581 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2582 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2583 &input_consumed));
2584 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2585 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2586
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2587 // Corrupt tag
2588 (*ciphertext.rbegin())++;
2589
2590 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2591 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2592 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2593
2594 // Decrypt.
2595 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2596 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2597 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2598 &plaintext, &input_consumed));
2599 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2600 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2601
2602 EXPECT_EQ(message, plaintext);
2603 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2604}
2605
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2606typedef Keymaster1Test AddEntropyTest;
2607INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2608
2609TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2610 // There's no obvious way to test that entropy is actually added, but we can test that the API
2611 // doesn't blow up or return an error.
2612 EXPECT_EQ(KM_ERROR_OK,
2613 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2614
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2615 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2616}
2617
2618typedef Keymaster1Test Keymaster0AdapterTest;
2619INSTANTIATE_TEST_CASE_P(
2620 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2621 ::testing::Values(
2622 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2623 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2624
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2625TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2626 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2627 // key data.
2628 string km1_sw = read_file("km1_sw_rsa_512.blob");
2629 EXPECT_EQ(486U, km1_sw.length());
2630
2631 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2632 memcpy(key_data, km1_sw.data(), km1_sw.length());
2633 set_key_blob(key_data, km1_sw.length());
2634
2635 string message(64, 'a');
2636 string signature;
2637 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2638
2639 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2640}
2641
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]2642TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
2643 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
2644 // blobs contain OCB-encrypted key data.
2645 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
2646 EXPECT_EQ(477U, km1_sw.length());
2647
2648 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2649 memcpy(key_data, km1_sw.data(), km1_sw.length());
2650 set_key_blob(key_data, km1_sw.length());
2651
2652 string message(64, 'a');
2653 string signature;
2654 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2655
2656 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2657}
2658
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2659TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2660 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2661 // key data.
2662 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2663 EXPECT_EQ(270U, km1_sw.length());
2664
2665 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2666 memcpy(key_data, km1_sw.data(), km1_sw.length());
2667 set_key_blob(key_data, km1_sw.length());
2668
2669 string message(64, 'a');
2670 string signature;
2671 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2672
2673 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2674}
2675
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2676struct Malloc_Delete {
2677 void operator()(void* p) { free(p); }
2678};
2679
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2680TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2681 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2682 string km0_sw = read_file("km0_sw_rsa_512.blob");
2683 EXPECT_EQ(333U, km0_sw.length());
2684
2685 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2686 memcpy(key_data, km0_sw.data(), km0_sw.length());
2687 set_key_blob(key_data, km0_sw.length());
2688
2689 string message(64, 'a');
2690 string signature;
2691 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2692
2693 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2694}
2695
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]2696TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
2697 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2698 string km0_sw = read_file("km0_sw_rsa_512.blob");
2699 EXPECT_EQ(333U, km0_sw.length());
2700
2701 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2702 memcpy(key_data, km0_sw.data(), km0_sw.length());
2703 set_key_blob(key_data, km0_sw.length());
2704
2705 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2706 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2707 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2708 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2709 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2710 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2711 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2712 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2713 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2714 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2715
2716 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2717}
2718
2719TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
2720 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2721 string km0_sw = read_file("km0_sw_rsa_512.blob");
2722 EXPECT_EQ(333U, km0_sw.length());
2723
2724 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2725 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2726 EXPECT_EQ('P', km0_sw[0]);
2727 km0_sw[0] = 'Q';
2728
2729 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2730 memcpy(key_data, km0_sw.data(), km0_sw.length());
2731 set_key_blob(key_data, km0_sw.length());
2732
2733 string message(64, 'a');
2734 string signature;
2735 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2736 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
2737
2738 EXPECT_EQ(5, GetParam()->keymaster0_calls());
2739}
2740
2741TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
2742 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2743 string km0_sw = read_file("km0_sw_rsa_512.blob");
2744 EXPECT_EQ(333U, km0_sw.length());
2745
2746 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2747 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2748 EXPECT_EQ('P', km0_sw[0]);
2749 km0_sw[0] = 'Q';
2750
2751 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2752 memcpy(key_data, km0_sw.data(), km0_sw.length());
2753 set_key_blob(key_data, km0_sw.length());
2754
2755 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2756 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2757 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
2758 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2759 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2760 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
2761 EXPECT_EQ(5U, hw_enforced().size());
2762
2763 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2764 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2765 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2766 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2767
2768 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2769 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2770 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2771 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2772 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2773
2774 EXPECT_EQ(1, GetParam()->keymaster0_calls());
2775}
2776
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]2777} // namespace test
2778} // namespace keymaster