Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 2f3be368e5ad911cc0b014421dd3682130260ffc / . / google_keymaster_test.cpp
blob: bfb6a6f030888788769df6281f465181dafdff14 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <string>
18#include <fstream>
19
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]20#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include <openssl/engine.h>
23
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]24#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]25#include "google_keymaster_utils.h"
26#include "google_softkeymaster.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]27#include "keymaster_tags.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]28
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]29using std::string;
30using std::ifstream;
31using std::istreambuf_iterator;
32
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]33int main(int argc, char** argv) {
34 ::testing::InitGoogleTest(&argc, argv);
35 int result = RUN_ALL_TESTS();
36 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
37 CRYPTO_cleanup_all_ex_data();
38 ERR_free_strings();
39 return result;
40}
41
42namespace keymaster {
43namespace test {
44
45class KeymasterTest : public testing::Test {
46 protected:
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame^]47 KeymasterTest() : device(5, new StdoutLogger) { RAND_seed("foobar", 6); }
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]48 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]49
50 GoogleSoftKeymaster device;
51};
52
53template <keymaster_tag_t Tag, typename KeymasterEnum>
54bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM, Tag, KeymasterEnum> tag,
55 KeymasterEnum val) {
56 int pos = set.find(tag);
57 return pos != -1 && set[pos].enumerated == val;
58}
59
60template <keymaster_tag_t Tag, typename KeymasterEnum>
61bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM_REP, Tag, KeymasterEnum> tag,
62 KeymasterEnum val) {
63 int pos = -1;
64 while ((pos = set.find(tag, pos)) != -1)
65 if (set[pos].enumerated == val)
66 return true;
67 return false;
68}
69
70template <keymaster_tag_t Tag>
71bool contains(const AuthorizationSet& set, TypedTag<KM_INT, Tag> tag, uint32_t val) {
72 int pos = set.find(tag);
73 return pos != -1 && set[pos].integer == val;
74}
75
76template <keymaster_tag_t Tag>
77bool contains(const AuthorizationSet& set, TypedTag<KM_INT_REP, Tag> tag, uint32_t val) {
78 int pos = -1;
79 while ((pos = set.find(tag, pos)) != -1)
80 if (set[pos].integer == val)
81 return true;
82 return false;
83}
84
85template <keymaster_tag_t Tag>
86bool contains(const AuthorizationSet& set, TypedTag<KM_LONG, Tag> tag, uint64_t val) {
87 int pos = set.find(tag);
88 return pos != -1 && set[pos].long_integer == val;
89}
90
91template <keymaster_tag_t Tag>
92bool contains(const AuthorizationSet& set, TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
93 int pos = set.find(tag);
94 return pos != -1 &&
95 std::string(reinterpret_cast<const char*>(set[pos].blob.data),
96 set[pos].blob.data_length) == val;
97}
98
99inline bool contains(const AuthorizationSet& set, keymaster_tag_t tag) {
100 return set.find(tag) != -1;
101}
102
103typedef KeymasterTest CheckSupported;
104TEST_F(CheckSupported, SupportedAlgorithms) {
105 // Shouldn't blow up on NULL.
106 device.SupportedAlgorithms(NULL);
107
108 SupportedResponse<keymaster_algorithm_t> response;
109 device.SupportedAlgorithms(&response);
110 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]111 EXPECT_EQ(3U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]112 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]113 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]114 EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]115}
116
117TEST_F(CheckSupported, SupportedBlockModes) {
118 // Shouldn't blow up on NULL.
119 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
120
121 SupportedResponse<keymaster_block_mode_t> response;
122 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
123 EXPECT_EQ(KM_ERROR_OK, response.error);
124 EXPECT_EQ(0U, response.results_length);
125
126 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]127 EXPECT_EQ(KM_ERROR_OK, response.error);
128 EXPECT_EQ(0U, response.results_length);
129
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]130 device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
131 EXPECT_EQ(KM_ERROR_OK, response.error);
132 EXPECT_EQ(0U, response.results_length);
133
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]134 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]135 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
136}
137
138TEST_F(CheckSupported, SupportedPaddingModes) {
139 // Shouldn't blow up on NULL.
140 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
141
142 SupportedResponse<keymaster_padding_t> response;
143 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
144 EXPECT_EQ(KM_ERROR_OK, response.error);
145 EXPECT_EQ(1U, response.results_length);
146 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
147
148 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]149 EXPECT_EQ(KM_ERROR_OK, response.error);
150 EXPECT_EQ(1U, response.results_length);
151 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
152
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]153 device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
154 EXPECT_EQ(KM_ERROR_OK, response.error);
155 EXPECT_EQ(1U, response.results_length);
156 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
157
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]158 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]159 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
160}
161
162TEST_F(CheckSupported, SupportedDigests) {
163 // Shouldn't blow up on NULL.
164 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
165
166 SupportedResponse<keymaster_digest_t> response;
167 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
168 EXPECT_EQ(KM_ERROR_OK, response.error);
169 EXPECT_EQ(1U, response.results_length);
170 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
171
172 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]173 EXPECT_EQ(KM_ERROR_OK, response.error);
174 EXPECT_EQ(1U, response.results_length);
175 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
176
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]177 device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
178 EXPECT_EQ(KM_ERROR_OK, response.error);
179 EXPECT_EQ(1U, response.results_length);
180 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
181
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]182 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]183 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
184}
185
186TEST_F(CheckSupported, SupportedImportFormats) {
187 // Shouldn't blow up on NULL.
188 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
189
190 SupportedResponse<keymaster_key_format_t> response;
191 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
192 EXPECT_EQ(KM_ERROR_OK, response.error);
193 EXPECT_EQ(1U, response.results_length);
194 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
195
196 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]197 EXPECT_EQ(KM_ERROR_OK, response.error);
198 EXPECT_EQ(1U, response.results_length);
199 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
200
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]201 device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
202 EXPECT_EQ(KM_ERROR_OK, response.error);
203 EXPECT_EQ(1U, response.results_length);
204 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
205
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]206 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]207 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
208}
209
210TEST_F(CheckSupported, SupportedExportFormats) {
211 // Shouldn't blow up on NULL.
212 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
213
214 SupportedResponse<keymaster_key_format_t> response;
215 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
216 EXPECT_EQ(KM_ERROR_OK, response.error);
217 EXPECT_EQ(1U, response.results_length);
218 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
219
220 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]221 EXPECT_EQ(KM_ERROR_OK, response.error);
222 EXPECT_EQ(1U, response.results_length);
223 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
224
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]225 device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
226 EXPECT_EQ(KM_ERROR_OK, response.error);
227 EXPECT_EQ(1U, response.results_length);
228 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
229
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]230 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]231 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
232}
233
234typedef KeymasterTest NewKeyGeneration;
235TEST_F(NewKeyGeneration, Rsa) {
236 keymaster_key_param_t params[] = {
237 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
238 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
239 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]240 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]241 Authorization(TAG_USER_ID, 7),
242 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]243 Authorization(TAG_APPLICATION_ID, "app_id", 6),
244 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]245 Authorization(TAG_AUTH_TIMEOUT, 300),
246 };
247 GenerateKeyRequest req;
248 req.key_description.Reinitialize(params, array_length(params));
249 GenerateKeyResponse rsp;
250
251 device.GenerateKey(req, &rsp);
252
253 ASSERT_EQ(KM_ERROR_OK, rsp.error);
254 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]255 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
256 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]257
258 // Check specified tags are all present in unenforced characteristics
259 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
260 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
261
262 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
263
264 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
265 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]266 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]267 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
268
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]269 // Verify that App ID, App data and ROT are NOT included.
270 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
271 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
272 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
273
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]274 // Just for giggles, check that some unexpected tags/values are NOT present.
275 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
276 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
277 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
278 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
279
280 // Now check that unspecified, defaulted tags are correct.
281 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
282 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
283 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]284}
285
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]286TEST_F(NewKeyGeneration, Dsa) {
287 keymaster_key_param_t params[] = {
288 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
289 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
290 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
291 Authorization(TAG_KEY_SIZE, 256),
292 Authorization(TAG_USER_ID, 7),
293 Authorization(TAG_USER_AUTH_ID, 8),
294 Authorization(TAG_APPLICATION_ID, "app_id", 6),
295 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
296 Authorization(TAG_AUTH_TIMEOUT, 300),
297 };
298 GenerateKeyRequest req;
299 req.key_description.Reinitialize(params, array_length(params));
300 GenerateKeyResponse rsp;
301
302 device.GenerateKey(req, &rsp);
303
304 ASSERT_EQ(KM_ERROR_OK, rsp.error);
305 EXPECT_EQ(0U, rsp.enforced.size());
306 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
307 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
308
309 // Check specified tags are all present in unenforced characteristics
310 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
311 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
312
313 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
314
315 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
316 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
317 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
318 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
319
320 // Verify that App ID, App data and ROT are NOT included.
321 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
322 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
323 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
324
325 // Just for giggles, check that some unexpected tags/values are NOT present.
326 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
327 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
328 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
329 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
330
331 // Now check that unspecified, defaulted tags are correct.
332 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
333 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
334
335 // Generator should have created DSA params.
336 keymaster_blob_t g, p, q;
337 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
338 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
339 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]340 EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]341 EXPECT_EQ(64U, p.data_length);
342 EXPECT_EQ(20U, q.data_length);
343}
344
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]345TEST_F(NewKeyGeneration, Ecdsa) {
346 keymaster_key_param_t params[] = {
347 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
348 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
349 Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
350 Authorization(TAG_KEY_SIZE, 256),
351 Authorization(TAG_USER_ID, 7),
352 Authorization(TAG_USER_AUTH_ID, 8),
353 Authorization(TAG_APPLICATION_ID, "app_id", 6),
354 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
355 Authorization(TAG_AUTH_TIMEOUT, 300),
356 };
357 GenerateKeyRequest req;
358 req.key_description.Reinitialize(params, array_length(params));
359 GenerateKeyResponse rsp;
360
361 device.GenerateKey(req, &rsp);
362
363 ASSERT_EQ(KM_ERROR_OK, rsp.error);
364 EXPECT_EQ(0U, rsp.enforced.size());
365 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
366 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
367
368 // Check specified tags are all present in unenforced characteristics
369 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
370 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
371
372 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
373
374 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
375 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
376 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
377 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
378
379 // Verify that App ID, App data and ROT are NOT included.
380 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
381 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
382 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
383
384 // Just for giggles, check that some unexpected tags/values are NOT present.
385 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
386 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
387 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
388 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
389
390 // Now check that unspecified, defaulted tags are correct.
391 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
392 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
393}
394
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]395typedef KeymasterTest GetKeyCharacteristics;
396TEST_F(GetKeyCharacteristics, SimpleRsa) {
397 keymaster_key_param_t params[] = {
398 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
399 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
400 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
401 Authorization(TAG_KEY_SIZE, 256),
402 Authorization(TAG_USER_ID, 7),
403 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]404 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]405 Authorization(TAG_AUTH_TIMEOUT, 300),
406 };
407
408 GenerateKeyRequest gen_req;
409 gen_req.key_description.Reinitialize(params, array_length(params));
410 GenerateKeyResponse gen_rsp;
411
412 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]413 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]414
415 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]416 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]417 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]418
419 GetKeyCharacteristicsResponse rsp;
420 device.GetKeyCharacteristics(req, &rsp);
421 ASSERT_EQ(KM_ERROR_OK, rsp.error);
422
423 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
424 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
425}
426
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]427/**
428 * Test class that provides some infrastructure for generating keys and signing messages.
429 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]430class SigningOperationsTest : public KeymasterTest {
431 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]432 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
433 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]434 keymaster_key_param_t params[] = {
435 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
436 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]437 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]438 Authorization(TAG_KEY_SIZE, key_size),
439 Authorization(TAG_USER_ID, 7),
440 Authorization(TAG_USER_AUTH_ID, 8),
441 Authorization(TAG_APPLICATION_ID, "app_id", 6),
442 Authorization(TAG_AUTH_TIMEOUT, 300),
443 };
444 GenerateKeyRequest generate_request;
445 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]446 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]447 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]448 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]449 generate_request.key_description.push_back(TAG_PADDING, padding);
450 device.GenerateKey(generate_request, &generate_response_);
451 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]452 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]453
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]454 void SignMessage(const void* message, size_t size) {
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]455 SignMessage(generate_response_.key_blob, message, size);
456 }
457
458 void SignMessage(const keymaster_key_blob_t& key_blob, const void* message, size_t size) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]459 BeginOperationRequest begin_request;
460 BeginOperationResponse begin_response;
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]461 begin_request.SetKeyMaterial(key_blob);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]462 begin_request.purpose = KM_PURPOSE_SIGN;
463 AddClientParams(&begin_request.additional_params);
464
465 device.BeginOperation(begin_request, &begin_response);
466 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
467
468 UpdateOperationRequest update_request;
469 UpdateOperationResponse update_response;
470 update_request.op_handle = begin_response.op_handle;
471 update_request.input.Reinitialize(message, size);
472 EXPECT_EQ(size, update_request.input.available_read());
473
474 device.UpdateOperation(update_request, &update_response);
475 ASSERT_EQ(KM_ERROR_OK, update_response.error);
476 EXPECT_EQ(0U, update_response.output.available_read());
477
478 FinishOperationRequest finish_request;
479 finish_request.op_handle = begin_response.op_handle;
480 device.FinishOperation(finish_request, &finish_response_);
481 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
482 EXPECT_GT(finish_response_.output.available_read(), 0U);
483 }
484
485 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
486
487 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]488
489 const keymaster_key_blob_t& corrupt_key_blob() {
490 ++generate_response_.key_blob
491 .key_material[generate_response_.key_blob.key_material_size / 2];
492 return generate_response_.key_blob;
493 }
494
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]495 Buffer* signature() {
496 if (finish_response_.error == KM_ERROR_OK)
497 return &finish_response_.output;
498 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]499 }
500
501 private:
502 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]503 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]504};
505
506TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]507 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]508 const char message[] = "12345678901234567890123456789012";
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]509
510 BeginOperationRequest begin_request;
511 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]512 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]513 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]514 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]515
516 device.BeginOperation(begin_request, &begin_response);
517 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
518
519 UpdateOperationRequest update_request;
520 UpdateOperationResponse update_response;
521 update_request.op_handle = begin_response.op_handle;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]522 update_request.input.Reinitialize(message, array_size(message) - 1);
523 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]524
525 device.UpdateOperation(update_request, &update_response);
526 ASSERT_EQ(KM_ERROR_OK, update_response.error);
527 EXPECT_EQ(0U, update_response.output.available_read());
528
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]529 FinishOperationRequest finish_request;
530 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]531 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]532 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]533 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]534 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]535
536 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
537}
538
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]539TEST_F(SigningOperationsTest, DsaSuccess) {
540 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
541
542 BeginOperationRequest begin_request;
543 BeginOperationResponse begin_response;
544 begin_request.SetKeyMaterial(key_blob());
545 begin_request.purpose = KM_PURPOSE_SIGN;
546 AddClientParams(&begin_request.additional_params);
547
548 device.BeginOperation(begin_request, &begin_response);
549 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
550
551 UpdateOperationRequest update_request;
552 UpdateOperationResponse update_response;
553 update_request.op_handle = begin_response.op_handle;
554 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
555 EXPECT_EQ(48U, update_request.input.available_read());
556
557 device.UpdateOperation(update_request, &update_response);
558 ASSERT_EQ(KM_ERROR_OK, update_response.error);
559 EXPECT_EQ(0U, update_response.output.available_read());
560
561 FinishOperationRequest finish_request;
562 finish_request.op_handle = begin_response.op_handle;
563 FinishOperationResponse finish_response;
564 device.FinishOperation(finish_request, &finish_response);
565 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
566 EXPECT_GT(finish_response.output.available_read(), 0U);
567
568 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
569}
570
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]571TEST_F(SigningOperationsTest, EcdsaSuccess) {
572 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
573
574 BeginOperationRequest begin_request;
575 BeginOperationResponse begin_response;
576 begin_request.SetKeyMaterial(key_blob());
577 begin_request.purpose = KM_PURPOSE_SIGN;
578 AddClientParams(&begin_request.additional_params);
579
580 device.BeginOperation(begin_request, &begin_response);
581 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
582
583 UpdateOperationRequest update_request;
584 UpdateOperationResponse update_response;
585 update_request.op_handle = begin_response.op_handle;
586 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
587 EXPECT_EQ(48U, update_request.input.available_read());
588
589 device.UpdateOperation(update_request, &update_response);
590 ASSERT_EQ(KM_ERROR_OK, update_response.error);
591 EXPECT_EQ(0U, update_response.output.available_read());
592
593 FinishOperationRequest finish_request;
594 finish_request.op_handle = begin_response.op_handle;
595 FinishOperationResponse finish_response;
596 device.FinishOperation(finish_request, &finish_response);
597 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
598 EXPECT_GT(finish_response.output.available_read(), 0U);
599
600 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
601}
602
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]603TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]604 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]605
606 BeginOperationRequest begin_request;
607 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]608 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]609 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]610 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]611
612 device.BeginOperation(begin_request, &begin_response);
613 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
614
615 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
616
617 // Another abort should fail
618 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
619}
620
621TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]622 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]623
624 BeginOperationRequest begin_request;
625 BeginOperationResponse begin_response;
626 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]627 begin_request.SetKeyMaterial(key_blob());
628 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]629
630 device.BeginOperation(begin_request, &begin_response);
631 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
632
633 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
634}
635
636TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]637 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]638
639 BeginOperationRequest begin_request;
640 BeginOperationResponse begin_response;
641 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]642 begin_request.SetKeyMaterial(key_blob());
643 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]644
645 device.BeginOperation(begin_request, &begin_response);
646 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
647
648 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
649}
650
651TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]652 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
653 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]654
655 BeginOperationRequest begin_request;
656 BeginOperationResponse begin_response;
657 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]658 begin_request.SetKeyMaterial(key_blob());
659 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]660
661 device.BeginOperation(begin_request, &begin_response);
662 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
663
664 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
665}
666
667TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]668 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
669 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]670
671 BeginOperationRequest begin_request;
672 BeginOperationResponse begin_response;
673 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]674 begin_request.SetKeyMaterial(key_blob());
675 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]676
677 device.BeginOperation(begin_request, &begin_response);
678 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
679
680 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
681}
682
683TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]684 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]685
686 BeginOperationRequest begin_request;
687 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]688 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]689 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]690 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]691
692 device.BeginOperation(begin_request, &begin_response);
693 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
694
695 UpdateOperationRequest update_request;
696 UpdateOperationResponse update_response;
697 update_request.op_handle = begin_response.op_handle;
698 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
699 EXPECT_EQ(31U, update_request.input.available_read());
700
701 device.UpdateOperation(update_request, &update_response);
702 ASSERT_EQ(KM_ERROR_OK, update_response.error);
703 EXPECT_EQ(0U, update_response.output.available_read());
704
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]705 FinishOperationRequest finish_request;
706 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]707 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]708 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]709 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]710 EXPECT_EQ(0U, finish_response.output.available_read());
711
712 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
713}
714
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]715typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]716TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]717 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
718 const char message[] = "12345678901234567890123456789012";
719 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]720 ASSERT_TRUE(signature() != NULL);
721
722 BeginOperationRequest begin_request;
723 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]724 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]725 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]726 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]727
728 device.BeginOperation(begin_request, &begin_response);
729 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
730
731 UpdateOperationRequest update_request;
732 UpdateOperationResponse update_response;
733 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]734 update_request.input.Reinitialize(message, array_size(message) - 1);
735 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]736
737 device.UpdateOperation(update_request, &update_response);
738 ASSERT_EQ(KM_ERROR_OK, update_response.error);
739 EXPECT_EQ(0U, update_response.output.available_read());
740
741 FinishOperationRequest finish_request;
742 finish_request.op_handle = begin_response.op_handle;
743 finish_request.signature.Reinitialize(*signature());
744 FinishOperationResponse finish_response;
745 device.FinishOperation(finish_request, &finish_response);
746 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]747 EXPECT_EQ(0U, finish_response.output.available_read());
748
749 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
750}
751
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]752TEST_F(VerificationOperationsTest, DsaSuccess) {
753 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
754 const char message[] = "123456789012345678901234567890123456789012345678";
755 SignMessage(message, array_size(message) - 1);
756 ASSERT_TRUE(signature() != NULL);
757
758 BeginOperationRequest begin_request;
759 BeginOperationResponse begin_response;
760 begin_request.SetKeyMaterial(key_blob());
761 begin_request.purpose = KM_PURPOSE_VERIFY;
762 AddClientParams(&begin_request.additional_params);
763
764 device.BeginOperation(begin_request, &begin_response);
765 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
766
767 UpdateOperationRequest update_request;
768 UpdateOperationResponse update_response;
769 update_request.op_handle = begin_response.op_handle;
770 update_request.input.Reinitialize(message, array_size(message) - 1);
771 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
772
773 device.UpdateOperation(update_request, &update_response);
774 ASSERT_EQ(KM_ERROR_OK, update_response.error);
775 EXPECT_EQ(0U, update_response.output.available_read());
776
777 FinishOperationRequest finish_request;
778 finish_request.op_handle = begin_response.op_handle;
779 finish_request.signature.Reinitialize(*signature());
780 FinishOperationResponse finish_response;
781 device.FinishOperation(finish_request, &finish_response);
782 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
783 EXPECT_EQ(0U, finish_response.output.available_read());
784
785 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
786}
787
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]788TEST_F(VerificationOperationsTest, EcdsaSuccess) {
789 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
790 const char message[] = "123456789012345678901234567890123456789012345678";
791 SignMessage(message, array_size(message) - 1);
792 ASSERT_TRUE(signature() != NULL);
793
794 BeginOperationRequest begin_request;
795 BeginOperationResponse begin_response;
796 begin_request.SetKeyMaterial(key_blob());
797 begin_request.purpose = KM_PURPOSE_VERIFY;
798 AddClientParams(&begin_request.additional_params);
799
800 device.BeginOperation(begin_request, &begin_response);
801 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
802
803 UpdateOperationRequest update_request;
804 UpdateOperationResponse update_response;
805 update_request.op_handle = begin_response.op_handle;
806 update_request.input.Reinitialize(message, array_size(message) - 1);
807 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
808
809 device.UpdateOperation(update_request, &update_response);
810 ASSERT_EQ(KM_ERROR_OK, update_response.error);
811 EXPECT_EQ(0U, update_response.output.available_read());
812
813 FinishOperationRequest finish_request;
814 finish_request.op_handle = begin_response.op_handle;
815 finish_request.signature.Reinitialize(*signature());
816 FinishOperationResponse finish_response;
817 device.FinishOperation(finish_request, &finish_response);
818 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
819 EXPECT_EQ(0U, finish_response.output.available_read());
820
821 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
822}
823
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]824typedef SigningOperationsTest ExportKeyTest;
825TEST_F(ExportKeyTest, RsaSuccess) {
826 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]827
828 ExportKeyRequest request;
829 ExportKeyResponse response;
830 AddClientParams(&request.additional_params);
831 request.key_format = KM_KEY_FORMAT_X509;
832 request.SetKeyMaterial(key_blob());
833
834 device.ExportKey(request, &response);
835 ASSERT_EQ(KM_ERROR_OK, response.error);
836 EXPECT_TRUE(response.key_data != NULL);
837}
838
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]839TEST_F(ExportKeyTest, DsaSuccess) {
840 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 1024 /* key size */);
841
842 ExportKeyRequest request;
843 ExportKeyResponse response;
844 AddClientParams(&request.additional_params);
845 request.key_format = KM_KEY_FORMAT_X509;
846 request.SetKeyMaterial(key_blob());
847
848 device.ExportKey(request, &response);
849 ASSERT_EQ(KM_ERROR_OK, response.error);
850 EXPECT_TRUE(response.key_data != NULL);
851}
852
853TEST_F(ExportKeyTest, EcdsaSuccess) {
854 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
855
856 ExportKeyRequest request;
857 ExportKeyResponse response;
858 AddClientParams(&request.additional_params);
859 request.key_format = KM_KEY_FORMAT_X509;
860 request.SetKeyMaterial(key_blob());
861
862 device.ExportKey(request, &response);
863 ASSERT_EQ(KM_ERROR_OK, response.error);
864 EXPECT_TRUE(response.key_data != NULL);
865}
866
867TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
868 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
869
870 ExportKeyRequest request;
871 ExportKeyResponse response;
872 AddClientParams(&request.additional_params);
873
874 /* We have no other defined export formats defined. */
875 request.key_format = KM_KEY_FORMAT_PKCS8;
876 request.SetKeyMaterial(key_blob());
877
878 device.ExportKey(request, &response);
879 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, response.error);
880 EXPECT_TRUE(response.key_data == NULL);
881}
882
883TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
884 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
885
886 ExportKeyRequest request;
887 ExportKeyResponse response;
888 AddClientParams(&request.additional_params);
889 request.key_format = KM_KEY_FORMAT_X509;
890 request.SetKeyMaterial(corrupt_key_blob());
891
892 device.ExportKey(request, &response);
893 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, response.error);
894 ASSERT_TRUE(response.key_data == NULL);
895}
896
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]897static string read_file(const string& file_name) {
898 ifstream file_stream(file_name, std::ios::binary);
899 istreambuf_iterator<char> file_begin(file_stream);
900 istreambuf_iterator<char> file_end;
901 return string(file_begin, file_end);
902}
903
904typedef SigningOperationsTest ImportKeyTest;
905TEST_F(ImportKeyTest, RsaSuccess) {
906 keymaster_key_param_t params[] = {
907 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
908 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
909 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
910 Authorization(TAG_PADDING, KM_PAD_NONE),
911 Authorization(TAG_USER_ID, 7),
912 Authorization(TAG_USER_AUTH_ID, 8),
913 Authorization(TAG_APPLICATION_ID, "app_id", 6),
914 Authorization(TAG_AUTH_TIMEOUT, 300),
915 };
916
917 string pk8_key = read_file("privkey_pk8.der");
918 ASSERT_EQ(633U, pk8_key.size());
919
920 ImportKeyRequest import_request;
921 import_request.key_description.Reinitialize(params, array_length(params));
922 import_request.key_format = KM_KEY_FORMAT_PKCS8;
923 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
924
925 ImportKeyResponse import_response;
926 device.ImportKey(import_request, &import_response);
927 ASSERT_EQ(KM_ERROR_OK, import_response.error);
928 EXPECT_EQ(0U, import_response.enforced.size());
929 EXPECT_GT(import_response.unenforced.size(), 0U);
930
931 // Check values derived from the key.
932 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
933 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
934 EXPECT_TRUE(contains(import_response.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537U));
935
936 // And values provided by GoogleKeymaster
937 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
938 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
939
940 size_t message_len = 1024 / 8;
941 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
942 std::fill(message.get(), message.get() + message_len, 'a');
943 SignMessage(import_response.key_blob, message.get(), message_len);
944 ASSERT_TRUE(signature() != NULL);
945
946 BeginOperationRequest begin_request;
947 BeginOperationResponse begin_response;
948 begin_request.SetKeyMaterial(import_response.key_blob);
949 begin_request.purpose = KM_PURPOSE_VERIFY;
950 AddClientParams(&begin_request.additional_params);
951
952 device.BeginOperation(begin_request, &begin_response);
953 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
954
955 UpdateOperationRequest update_request;
956 UpdateOperationResponse update_response;
957 update_request.op_handle = begin_response.op_handle;
958 update_request.input.Reinitialize(message.get(), message_len);
959 EXPECT_EQ(message_len, update_request.input.available_read());
960
961 device.UpdateOperation(update_request, &update_response);
962 ASSERT_EQ(KM_ERROR_OK, update_response.error);
963 EXPECT_EQ(0U, update_response.output.available_read());
964
965 FinishOperationRequest finish_request;
966 finish_request.op_handle = begin_response.op_handle;
967 finish_request.signature.Reinitialize(*signature());
968 FinishOperationResponse finish_response;
969 device.FinishOperation(finish_request, &finish_response);
970 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
971 EXPECT_EQ(0U, finish_response.output.available_read());
972
973 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
974}
975
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]976} // namespace test
977} // namespace keymaster