Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 33ab0389e908b98702806c746e7babc0d46eb452 / . / android_keymaster_test.cpp
blob: 96fc8b2b1c3c359d58fedff05071dc4f86c7334b [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]49template <typename T> vector<T> make_vector(const T* array, size_t len) {
50 return vector<T>(array, array + len);
51}
52
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]53class TestKeymasterEnforcement : public KeymasterEnforcement {
54 public:
55 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
56
57 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
58 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
59 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
60 uint32_t /* timeout */) const {
61 return false;
62 }
63 virtual uint32_t get_current_time() const { return 0; }
64 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
65};
66
67class TestKeymasterContext : public SoftKeymasterContext {
68 public:
69 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
70 : SoftKeymasterContext(keymaster0) {}
71
72 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
73
74 private:
75 TestKeymasterEnforcement test_policy_;
76};
77
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]78class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
79 public:
80 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]82 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]83 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]84 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]85
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]86 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]87 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]88};
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
91 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]92 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
93
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]95 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
96 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]97 hw_device_t* softkeymaster_device;
98 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
99 &softkeymaster_device));
100 // Make the software device pretend to be hardware
101 keymaster0_device_t* keymaster0_device =
102 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]103 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
104
105 if (!support_ec_) {
106 // Make the software device pretend not to support EC
107 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
108 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]109
110 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
111
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]112 SoftKeymasterDevice* keymaster =
113 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]114 return keymaster->keymaster_device();
115 }
116
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]117 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
118 switch (algorithm) {
119 case KM_ALGORITHM_RSA:
120 return true;
121 case KM_ALGORITHM_EC:
122 return support_ec_;
123 default:
124 return false;
125 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]126 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]127 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
128
129 private:
130 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]131 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]132};
133
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]134static auto test_params = testing::Values(
135 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
136 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
137 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]138
139typedef Keymaster1Test CheckSupported;
140INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
141
142TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]143 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
144 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]146 size_t len;
147 keymaster_algorithm_t* algorithms;
148 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]149 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]150 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]151 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]152
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]153 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]154}
155
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]156TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
158 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
159 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]160
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]161 size_t len;
162 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]163 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]165 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]166 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]167
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]168 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]169 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]170 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]171
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]172 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]173 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]174 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]175 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]176
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]177 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]178}
179
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]180TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
182 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
183 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]184
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]185 size_t len;
186 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]187 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]188 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]189 EXPECT_TRUE(
190 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]191 free(modes);
192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]194 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]197 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]198
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]199 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]200 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]201 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]202 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]203
204 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
205 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
206 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]207
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]208 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]209}
210
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]211TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 EXPECT_EQ(
213 KM_ERROR_OUTPUT_PARAMETER_NULL,
214 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]215
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 size_t len;
217 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]218 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]220 EXPECT_TRUE(
221 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
222 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
223 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]227 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]228 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
229 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
230 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]231 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]232
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]233 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
234 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
235 &len));
236
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]237 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]238 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]239 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
240 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
241 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]242 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]243
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]244 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]245}
246
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]247TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
249 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]250
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 size_t len;
252 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]253 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]254 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]255 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]257
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]258 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
260 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
261 free(formats);
262
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]263 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]264 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
265 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
266 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]267
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]268 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]269}
270
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]271TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
273 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]274
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 size_t len;
276 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]277 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]278 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]279 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]280 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]281
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]282 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]283 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]284 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]286
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]287 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]288 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]289 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]290 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]291
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]292 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]293 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]294 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 free(formats);
296
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]297 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]298 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]299 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]300 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]301
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]302 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]303}
304
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]305class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]306 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]308 AuthorizationSet auths = sw_enforced();
309 EXPECT_GT(auths.SerializedSize(), 12U);
310
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
312 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
313 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]314 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]316
317 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]318 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
319 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
320 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]321
322 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]323 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
324 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
325 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]326
327 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]328 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]329 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]330 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]331};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]332INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
333
334TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]335 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
336 .RsaSigningKey(256, 3)
337 .Digest(KM_DIGEST_NONE)
338 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]339 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]340
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]341 // Check specified tags are all present, and in the right set.
342 AuthorizationSet crypto_params;
343 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]344 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]345 EXPECT_NE(0U, hw_enforced().size());
346 EXPECT_NE(0U, sw_enforced().size());
347 crypto_params.push_back(hw_enforced());
348 non_crypto_params.push_back(sw_enforced());
349 } else {
350 EXPECT_EQ(0U, hw_enforced().size());
351 EXPECT_NE(0U, sw_enforced().size());
352 crypto_params.push_back(sw_enforced());
353 }
354
355 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
356 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
357 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
358 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
359 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
360 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
361
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]362 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]363 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]364}
365
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]366TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]367 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
368 GenerateKey(AuthorizationSetBuilder()
369 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
370 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
371 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]372
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]373 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]374}
375
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]376TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]377 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]378 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]379 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]380
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]381 // Check specified tags are all present, and in the right set.
382 AuthorizationSet crypto_params;
383 AuthorizationSet non_crypto_params;
384 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
385 EXPECT_NE(0U, hw_enforced().size());
386 EXPECT_NE(0U, sw_enforced().size());
387 crypto_params.push_back(hw_enforced());
388 non_crypto_params.push_back(sw_enforced());
389 } else {
390 EXPECT_EQ(0U, hw_enforced().size());
391 EXPECT_NE(0U, sw_enforced().size());
392 crypto_params.push_back(sw_enforced());
393 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]394
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]395 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
396 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
397 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
398 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
399
400 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
401 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]402}
403
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]404TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]405 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
406 GenerateKey(AuthorizationSetBuilder()
407 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
408 .SigningKey()
409 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]410
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]411 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]412}
413
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]414TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]415 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
416 ASSERT_EQ(
417 KM_ERROR_UNKNOWN_ERROR,
418 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
419 else
420 ASSERT_EQ(
421 KM_ERROR_UNSUPPORTED_KEY_SIZE,
422 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]423
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]424 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
425 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]426}
427
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]428TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]429 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]430 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]431 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
432 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]433 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]434 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]435
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]436 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
437 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]438}
439
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]440TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]441 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
442 .HmacKey(128)
443 .Digest(KM_DIGEST_SHA_2_256)
444 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
445
446 EXPECT_EQ(0, GetParam()->keymaster0_calls());
447}
448
449TEST_P(NewKeyGeneration, HmacMultipleDigests) {
450 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
451 GenerateKey(AuthorizationSetBuilder()
452 .HmacKey(128)
453 .Digest(KM_DIGEST_SHA1)
454 .Digest(KM_DIGEST_SHA_2_256)
455 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
456
457 EXPECT_EQ(0, GetParam()->keymaster0_calls());
458}
459
460TEST_P(NewKeyGeneration, HmacDigestNone) {
461 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
462 GenerateKey(AuthorizationSetBuilder()
463 .HmacKey(128)
464 .Digest(KM_DIGEST_NONE)
465 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
466
467 EXPECT_EQ(0, GetParam()->keymaster0_calls());
468}
469
470TEST_P(NewKeyGeneration, HmacSha256TooShortMacLength) {
471 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
472 GenerateKey(AuthorizationSetBuilder()
473 .HmacKey(128)
474 .Digest(KM_DIGEST_SHA_2_256)
475 .Authorization(TAG_MIN_MAC_LENGTH, 48)));
476
477 EXPECT_EQ(0, GetParam()->keymaster0_calls());
478}
479
480TEST_P(NewKeyGeneration, HmacSha256NonIntegralOctetMacLength) {
481 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
482 GenerateKey(AuthorizationSetBuilder()
483 .HmacKey(128)
484 .Digest(KM_DIGEST_SHA_2_256)
485 .Authorization(TAG_MIN_MAC_LENGTH, 130)));
486
487 EXPECT_EQ(0, GetParam()->keymaster0_calls());
488}
489
490TEST_P(NewKeyGeneration, HmacSha256TooLongMacLength) {
491 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
492 GenerateKey(AuthorizationSetBuilder()
493 .HmacKey(128)
494 .Digest(KM_DIGEST_SHA_2_256)
495 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]496
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]497 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]498}
499
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]500typedef Keymaster1Test GetKeyCharacteristics;
501INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
502
503TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]504 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
505 .RsaSigningKey(256, 3)
506 .Digest(KM_DIGEST_NONE)
507 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]508 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]509
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]510 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
511 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]513 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]514 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]515}
516
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]517typedef Keymaster1Test SigningOperationsTest;
518INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
519
520TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]521 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
522 .RsaSigningKey(256, 3)
523 .Digest(KM_DIGEST_NONE)
524 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]525 string message = "12345678901234567890123456789012";
526 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]527 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]528
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]529 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]530 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]531}
532
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]533TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
535 .RsaSigningKey(512, 3)
536 .Digest(KM_DIGEST_SHA_2_256)
537 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]538 // Use large message, which won't work without digesting.
539 string message(1024, 'a');
540 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]541 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]542
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]543 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]544 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]545}
546
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]547TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
548 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
549 .RsaSigningKey(512, 3)
550 .Digest(KM_DIGEST_NONE)
551 .Padding(KM_PAD_NONE)));
552 string message = "12345678901234567890123456789012";
553 string signature;
554 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
555
556 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
557 EXPECT_EQ(3, GetParam()->keymaster0_calls());
558}
559
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]560TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]561 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
562 .RsaSigningKey(512, 3)
563 .Digest(KM_DIGEST_SHA_2_256)
564 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]565 string message(1024, 'a');
566 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]567 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]568
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]569 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]570 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]571}
572
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]573TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
574 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
575 .RsaSigningKey(512, 3)
576 .Digest(KM_DIGEST_NONE)
577 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
578 string message(53, 'a');
579 string signature;
580 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
581
582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
583 EXPECT_EQ(3, GetParam()->keymaster0_calls());
584}
585
586TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
588 .RsaSigningKey(512, 3)
589 .Digest(KM_DIGEST_NONE)
590 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
591 string message(54, 'a');
592
593 AuthorizationSet begin_params(client_params());
594 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
595 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
596 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
597 string result;
598 size_t input_consumed;
599 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
600 string signature;
601 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
602
603 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
604 EXPECT_EQ(2, GetParam()->keymaster0_calls());
605}
606
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]607TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]608 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
609 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]610 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
611 .RsaSigningKey(256 + 9 * 8, 3)
612 .Digest(KM_DIGEST_SHA_2_256)
613 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]614 string message(1024, 'a');
615 string signature;
616
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]617 AuthorizationSet begin_params(client_params());
618 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]619 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]620 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]621}
622
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]623TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
624 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
625 .RsaSigningKey(256, 3)
626 .Digest(KM_DIGEST_NONE)
627 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
628 string message(64 * 1024, 'a');
629 string signature;
630 AuthorizationSet begin_params(client_params());
631 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
632 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
633 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
634 string result;
635 size_t input_consumed;
636 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
637
638 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
639 EXPECT_EQ(2, GetParam()->keymaster0_calls());
640}
641
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]642TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]643 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
644 .RsaSigningKey(256, 3)
645 .Digest(KM_DIGEST_NONE)
646 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]647 AuthorizationSet begin_params(client_params());
648 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]649 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]650 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]651 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
652 // Another abort should fail
653 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]654
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]655 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]656 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]657}
658
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]659TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]660 GenerateKey(AuthorizationSetBuilder()
661 .RsaSigningKey(256, 3)
662 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
663 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]664 AuthorizationSet begin_params(client_params());
665 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
666 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]667
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]668 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]669 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]670}
671
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]672TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]673 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]674 GenerateKey(AuthorizationSetBuilder()
675 .RsaSigningKey(256, 3)
676 .Digest(KM_DIGEST_NONE)
677 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]678 AuthorizationSet begin_params(client_params());
679 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]680 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]681 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]682
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]683 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]684 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]685}
686
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]687TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]688 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]689 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
690 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]691 AuthorizationSet begin_params(client_params());
692 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
693 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]694
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]695 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]696 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]697}
698
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]699TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]700 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
701 .RsaSigningKey(256, 3)
702 .Digest(KM_DIGEST_NONE)
703 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]704 AuthorizationSet begin_params(client_params());
705 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]706 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]707 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]708
709 string message = "1234567890123456789012345678901";
710 string result;
711 size_t input_consumed;
712 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
713 EXPECT_EQ(0U, result.size());
714 EXPECT_EQ(31U, input_consumed);
715
716 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]717 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]718 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]719
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]720 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]721 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]722}
723
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]724TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]725 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
726 .RsaEncryptionKey(256, 3)
727 .Digest(KM_DIGEST_NONE)
728 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]729 AuthorizationSet begin_params(client_params());
730 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
731 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
732 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]733
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]734 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]735 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]736}
737
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]738TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]739 ASSERT_EQ(KM_ERROR_OK,
740 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]741 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]742 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]743 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]744
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]745 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
746 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]747}
748
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]749TEST_P(SigningOperationsTest, EcdsaSha256Success) {
750 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
751 KM_DIGEST_SHA_2_256)));
752 string message(1024, 'a');
753 string signature;
754 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
755
756 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
757 EXPECT_EQ(3, GetParam()->keymaster0_calls());
758}
759
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]760TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
761 ASSERT_EQ(KM_ERROR_OK,
762 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
763 string message(64 * 1024, 'a');
764 string signature;
765 AuthorizationSet begin_params(client_params());
766 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
767 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
768 string result;
769 size_t input_consumed;
770 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
771
772 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
773 EXPECT_EQ(2, GetParam()->keymaster0_calls());
774}
775
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]776TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) {
777 size_t len;
778 keymaster_digest_t* digest_arr;
779 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
780 KM_PURPOSE_SIGN, &digest_arr, &len));
781 vector<int> key_sizes = {224, 256, 384, 521};
782 vector<keymaster_digest_t> digests = make_vector(digest_arr, len);
783 free(digest_arr);
784
785 for (int key_size : key_sizes) {
786 for (keymaster_digest_t digest : digests) {
787 ASSERT_EQ(
788 KM_ERROR_OK,
789 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest)));
790
791 string message(1024, 'a');
792 string signature;
793 if (digest == KM_DIGEST_NONE)
794 message.resize(key_size / 8);
795 SignMessage(message, &signature, digest);
796 }
797 }
798
799 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
800 EXPECT_EQ(digests.size() * key_sizes.size() * 3,
801 static_cast<size_t>(GetParam()->keymaster0_calls()));
802}
803
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]804TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]805 ASSERT_EQ(KM_ERROR_OK,
806 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
807 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]808 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
809 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]810
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]811 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]812}
813
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]814TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]815 GenerateKey(AuthorizationSetBuilder()
816 .HmacKey(128)
817 .Digest(KM_DIGEST_SHA1)
818 .Authorization(TAG_MIN_MAC_LENGTH, 160));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]819 string message = "12345678901234567890123456789012";
820 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]821 MacMessage(message, &signature, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]822 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]823
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]824 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]825}
826
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]827TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]828 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
829 .HmacKey(128)
830 .Digest(KM_DIGEST_SHA_2_224)
831 .Authorization(TAG_MIN_MAC_LENGTH, 160)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]832 string message = "12345678901234567890123456789012";
833 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]834 MacMessage(message, &signature, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]835 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]836
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]837 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]838}
839
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]840TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]841 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
842 .HmacKey(128)
843 .Digest(KM_DIGEST_SHA_2_256)
844 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]845 string message = "12345678901234567890123456789012";
846 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]847 MacMessage(message, &signature, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]848 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]849
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]850 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]851}
852
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]853TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]854 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
855 .HmacKey(128)
856 .Digest(KM_DIGEST_SHA_2_384)
857 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]858
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]859 string message = "12345678901234567890123456789012";
860 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]861 MacMessage(message, &signature, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]862 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]863
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]864 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]865}
866
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]867TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]868 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
869 .HmacKey(128)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]870 .Digest(KM_DIGEST_SHA_2_512)
871 .Authorization(TAG_MIN_MAC_LENGTH, 512)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]872 string message = "12345678901234567890123456789012";
873 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]874 MacMessage(message, &signature, 512);
875 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]876
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]877 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]878}
879
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]880TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]881 uint8_t key_data[] = {
882 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
883 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
884 };
885 string message = "Hi There";
886 uint8_t sha_224_expected[] = {
887 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
888 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
889 };
890 uint8_t sha_256_expected[] = {
891 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
892 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
893 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
894 };
895 uint8_t sha_384_expected[] = {
896 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
897 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
898 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
899 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
900 };
901 uint8_t sha_512_expected[] = {
902 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
903 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
904 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
905 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
906 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
907 };
908
909 string key = make_string(key_data);
910
911 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
912 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
913 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
914 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]915
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]916 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]917}
918
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]919TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]920 string key = "Jefe";
921 string message = "what do ya want for nothing?";
922 uint8_t sha_224_expected[] = {
923 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
924 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
925 };
926 uint8_t sha_256_expected[] = {
927 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
928 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
929 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
930 };
931 uint8_t sha_384_expected[] = {
932 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
933 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
934 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
935 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
936 };
937 uint8_t sha_512_expected[] = {
938 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
939 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
940 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
941 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
942 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
943 };
944
945 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
946 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
947 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
948 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]949
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]950 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]951}
952
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]953TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]954 string key(20, 0xaa);
955 string message(50, 0xdd);
956 uint8_t sha_224_expected[] = {
957 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
958 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
959 };
960 uint8_t sha_256_expected[] = {
961 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
962 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
963 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
964 };
965 uint8_t sha_384_expected[] = {
966 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
967 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
968 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
969 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
970 };
971 uint8_t sha_512_expected[] = {
972 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
973 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
974 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
975 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
976 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
977 };
978
979 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
980 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
981 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
982 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]983
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]984 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]985}
986
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]987TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]988 uint8_t key_data[25] = {
989 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
990 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
991 };
992 string key = make_string(key_data);
993 string message(50, 0xcd);
994 uint8_t sha_224_expected[] = {
995 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
996 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
997 };
998 uint8_t sha_256_expected[] = {
999 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
1000 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
1001 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
1002 };
1003 uint8_t sha_384_expected[] = {
1004 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
1005 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
1006 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
1007 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
1008 };
1009 uint8_t sha_512_expected[] = {
1010 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
1011 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
1012 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
1013 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
1014 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
1015 };
1016
1017 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1018 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1019 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1020 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1021
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1022 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1023}
1024
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1025TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1026 string key(20, 0x0c);
1027 string message = "Test With Truncation";
1028
1029 uint8_t sha_224_expected[] = {
1030 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
1031 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
1032 };
1033 uint8_t sha_256_expected[] = {
1034 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
1035 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
1036 };
1037 uint8_t sha_384_expected[] = {
1038 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
1039 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
1040 };
1041 uint8_t sha_512_expected[] = {
1042 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
1043 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
1044 };
1045
1046 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1047 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1048 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1049 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1050
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1051 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1052}
1053
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1054TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1055 string key(131, 0xaa);
1056 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1057
1058 uint8_t sha_224_expected[] = {
1059 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1060 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1061 };
1062 uint8_t sha_256_expected[] = {
1063 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1064 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1065 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1066 };
1067 uint8_t sha_384_expected[] = {
1068 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1069 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1070 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1071 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1072 };
1073 uint8_t sha_512_expected[] = {
1074 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1075 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1076 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1077 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1078 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1079 };
1080
1081 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1082 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1083 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1084 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1085
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1086 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1087}
1088
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1089TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1090 string key(131, 0xaa);
1091 string message = "This is a test using a larger than block-size key and a larger than "
1092 "block-size data. The key needs to be hashed before being used by the HMAC "
1093 "algorithm.";
1094
1095 uint8_t sha_224_expected[] = {
1096 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1097 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1098 };
1099 uint8_t sha_256_expected[] = {
1100 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1101 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1102 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1103 };
1104 uint8_t sha_384_expected[] = {
1105 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1106 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1107 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1108 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1109 };
1110 uint8_t sha_512_expected[] = {
1111 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1112 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1113 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1114 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1115 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1116 };
1117
1118 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1119 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1120 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1121 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1122
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1123 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1124}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1125
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1126TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1127 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1128 .HmacKey(128)
1129 .Digest(KM_DIGEST_SHA_2_256)
1130 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1131 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1132 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1133 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1134 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1135 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1136
1137 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1138}
1139
1140TEST_P(SigningOperationsTest, HmacSha256TooSmallMacLength) {
1141 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1142 .HmacKey(128)
1143 .Digest(KM_DIGEST_SHA_2_256)
1144 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
1145 AuthorizationSet begin_params(client_params());
1146 begin_params.push_back(TAG_MAC_LENGTH, 120);
1147 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
1148 ASSERT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
1149 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1150
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1151 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1152}
1153
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1154// TODO(swillden): Add more verification failure tests.
1155
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1156typedef Keymaster1Test VerificationOperationsTest;
1157INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1158
1159TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1160 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1161 .RsaSigningKey(256, 3)
1162 .Digest(KM_DIGEST_NONE)
1163 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1164 string message = "12345678901234567890123456789012";
1165 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1166 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1167 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1168
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1169 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1170 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1171}
1172
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1173TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1174 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1175 .RsaSigningKey(512, 3)
1176 .Digest(KM_DIGEST_SHA_2_256)
1177 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1178 // Use large message, which won't work without digesting.
1179 string message(1024, 'a');
1180 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1181 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1182 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1183
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1184 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1185 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1186}
1187
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1188TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1189 GenerateKey(AuthorizationSetBuilder()
1190 .RsaSigningKey(512, 3)
1191 .Digest(KM_DIGEST_SHA_2_256)
1192 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1193 string message(1024, 'a');
1194 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1195 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1196 ++signature[signature.size() / 2];
1197
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1198 AuthorizationSet begin_params(client_params());
1199 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1200 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1201 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1202
1203 string result;
1204 size_t input_consumed;
1205 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1206 EXPECT_EQ(message.size(), input_consumed);
1207 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1208
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1209 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1210 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1211}
1212
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1213TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1214 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1215 .RsaSigningKey(512, 3)
1216 .Digest(KM_DIGEST_SHA_2_256)
1217 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1218 // Use large message, which won't work without digesting.
1219 string message(1024, 'a');
1220 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1221 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1222 ++message[message.size() / 2];
1223
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1224 AuthorizationSet begin_params(client_params());
1225 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1226 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1227 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1228
1229 string result;
1230 size_t input_consumed;
1231 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1232 EXPECT_EQ(message.size(), input_consumed);
1233 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1234
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1235 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1236 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1237}
1238
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1239TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1240 GenerateKey(AuthorizationSetBuilder()
1241 .RsaSigningKey(512, 3)
1242 .Digest(KM_DIGEST_SHA_2_256)
1243 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1244 string message(1024, 'a');
1245 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1246 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1247 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1248
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1249 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1250 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1251}
1252
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1253TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1254 GenerateKey(AuthorizationSetBuilder()
1255 .RsaSigningKey(512, 3)
1256 .Digest(KM_DIGEST_SHA_2_256)
1257 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1258 string message(1024, 'a');
1259 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1260 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1261 ++signature[signature.size() / 2];
1262
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1263 AuthorizationSet begin_params(client_params());
1264 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1265 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1266 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1267
1268 string result;
1269 size_t input_consumed;
1270 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1271 EXPECT_EQ(message.size(), input_consumed);
1272 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1273
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1274 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1275 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1276}
1277
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1278TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1279 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1280 .RsaSigningKey(512, 3)
1281 .Digest(KM_DIGEST_SHA_2_256)
1282 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1283 // Use large message, which won't work without digesting.
1284 string message(1024, 'a');
1285 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1286 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1287 ++message[message.size() / 2];
1288
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1289 AuthorizationSet begin_params(client_params());
1290 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1291 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1292 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1293
1294 string result;
1295 size_t input_consumed;
1296 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1297 EXPECT_EQ(message.size(), input_consumed);
1298 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1299
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1300 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1301 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1302}
1303
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1304TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1305 // Get all supported digests and padding modes.
1306 size_t digests_len;
1307 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1308 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1309 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1310 &digests_len));
1311
1312 size_t padding_modes_len;
1313 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1314 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1315 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1316 &padding_modes, &padding_modes_len));
1317
1318 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1319 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1320 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1321 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1322 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1323 // Digesting requires padding
1324 continue;
1325
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1326 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1327 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1328 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1329
1330 if (digest == KM_DIGEST_NONE) {
1331 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1332 switch (padding_mode) {
1333 case KM_PAD_NONE:
1334 // Match key size.
1335 message_len = key_bits / 8;
1336 break;
1337 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1338 message_len = key_bits / 8 - 11;
1339 break;
1340 case KM_PAD_RSA_PSS:
1341 // PSS requires a digest.
1342 continue;
1343 default:
1344 FAIL() << "Missing padding";
1345 break;
1346 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1347 } else {
1348 size_t digest_bits;
1349 switch (digest) {
1350 case KM_DIGEST_MD5:
1351 digest_bits = 128;
1352 break;
1353 case KM_DIGEST_SHA1:
1354 digest_bits = 160;
1355 break;
1356 case KM_DIGEST_SHA_2_224:
1357 digest_bits = 224;
1358 break;
1359 case KM_DIGEST_SHA_2_256:
1360 digest_bits = 256;
1361 break;
1362 case KM_DIGEST_SHA_2_384:
1363 digest_bits = 384;
1364 break;
1365 case KM_DIGEST_SHA_2_512:
1366 digest_bits = 512;
1367 break;
1368 default:
1369 FAIL() << "Missing digest";
1370 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1371
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1372 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1373 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1374 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1375 break;
1376 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1377 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1378 break;
1379 default:
1380 FAIL() << "Missing padding";
1381 break;
1382 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1383 }
1384
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1385 GenerateKey(AuthorizationSetBuilder()
1386 .RsaSigningKey(key_bits, 3)
1387 .Digest(digest)
1388 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1389 string message(message_len, 'a');
1390 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1391 SignMessage(message, &signature, digest, padding_mode);
1392 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1393 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1394 }
1395 }
1396
1397 free(padding_modes);
1398 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1399
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1400 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1401 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1402}
1403
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1404TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1405 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1406 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1407 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1408 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1409 SignMessage(message, &signature, KM_DIGEST_NONE);
1410 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1411
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1412 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1413 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1414}
1415
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1416TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1417 ASSERT_EQ(KM_ERROR_OK,
1418 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1419 string message = "12345678901234567890";
1420 string signature;
1421 SignMessage(message, &signature, KM_DIGEST_NONE);
1422 VerifyMessage(message, signature, KM_DIGEST_NONE);
1423
1424 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1425 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1426}
1427
1428TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1429 ASSERT_EQ(KM_ERROR_OK,
1430 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1431 string message = "1234567890123456789012345678901234";
1432 string signature;
1433
1434 AuthorizationSet begin_params(client_params());
1435 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1436 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1437 string output;
1438 size_t input_consumed;
1439 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1440
1441 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1442 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1443}
1444
1445TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1446 ASSERT_EQ(KM_ERROR_OK,
1447 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1448
1449 string message(66, 'a');
1450 string signature;
1451 SignMessage(message, &signature, KM_DIGEST_NONE);
1452 VerifyMessage(message, signature, KM_DIGEST_NONE);
1453
1454 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1455 message[65] ^= 7;
1456 VerifyMessage(message, signature, KM_DIGEST_NONE);
1457
1458 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1459 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1460}
1461
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1462TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1463 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1464 .EcdsaSigningKey(256)
1465 .Digest(KM_DIGEST_SHA_2_256)
1466 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1467 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1468 string signature;
1469 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1470 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1471
1472 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1473 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1474
1475 // Just for giggles, try verifying with the wrong digest.
1476 AuthorizationSet begin_params(client_params());
1477 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1478 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1479
1480 string result;
1481 size_t input_consumed;
1482 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1483 EXPECT_EQ(message.size(), input_consumed);
1484 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1485}
1486
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1487TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1488 GenerateKey(AuthorizationSetBuilder()
1489 .HmacKey(128)
1490 .Digest(KM_DIGEST_SHA1)
1491 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1492 string message = "123456789012345678901234567890123456789012345678";
1493 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1494 MacMessage(message, &signature, 160);
1495 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1496
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1497 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1498}
1499
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1500TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1501 GenerateKey(AuthorizationSetBuilder()
1502 .HmacKey(128)
1503 .Digest(KM_DIGEST_SHA_2_224)
1504 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1505 string message = "123456789012345678901234567890123456789012345678";
1506 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1507 MacMessage(message, &signature, 224);
1508 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1509
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1510 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1511}
1512
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1513TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1514 GenerateKey(AuthorizationSetBuilder()
1515 .HmacKey(128)
1516 .Digest(KM_DIGEST_SHA_2_256)
1517 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1518 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1519 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1520 MacMessage(message, &signature, 256);
1521 VerifyMac(message, signature);
1522
1523 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1524}
1525
1526TEST_P(VerificationOperationsTest, HmacSha256TooShortMac) {
1527 GenerateKey(AuthorizationSetBuilder()
1528 .HmacKey(128)
1529 .Digest(KM_DIGEST_SHA_2_256)
1530 .Authorization(TAG_MIN_MAC_LENGTH, 128));
1531 string message = "123456789012345678901234567890123456789012345678";
1532 string signature;
1533 MacMessage(message, &signature, 256);
1534
1535 // Shorten to 128 bits, should still work.
1536 signature.resize(128 / 8);
1537 VerifyMac(message, signature);
1538
1539 // Drop one more byte.
1540 signature.resize(signature.length() - 1);
1541
1542 AuthorizationSet begin_params(client_params());
1543 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1544 string result;
1545 size_t input_consumed;
1546 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1547 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1548
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1549 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1550}
1551
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1552TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1553 GenerateKey(AuthorizationSetBuilder()
1554 .HmacKey(128)
1555 .Digest(KM_DIGEST_SHA_2_384)
1556 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1557 string message = "123456789012345678901234567890123456789012345678";
1558 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1559 MacMessage(message, &signature, 384);
1560 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1561
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1562 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1563}
1564
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1565TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1566 GenerateKey(AuthorizationSetBuilder()
1567 .HmacKey(128)
1568 .Digest(KM_DIGEST_SHA_2_512)
1569 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1570 string message = "123456789012345678901234567890123456789012345678";
1571 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1572 MacMessage(message, &signature, 512);
1573 VerifyMac(message, signature);
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1574
1575 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1576}
1577
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1578typedef Keymaster1Test ExportKeyTest;
1579INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1580
1581TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1582 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1583 .RsaSigningKey(256, 3)
1584 .Digest(KM_DIGEST_NONE)
1585 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1586 string export_data;
1587 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1588 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1589
1590 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1591
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1592 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1593 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1594}
1595
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1596TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1597 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1598 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1599 string export_data;
1600 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1601 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1602
1603 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1604
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1605 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1606 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1607}
1608
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1609TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1610 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1611 .RsaSigningKey(256, 3)
1612 .Digest(KM_DIGEST_NONE)
1613 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1614 string export_data;
1615 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1616
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1617 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1618 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1619}
1620
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1621TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1622 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1623 .RsaSigningKey(256, 3)
1624 .Digest(KM_DIGEST_NONE)
1625 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1626 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1627 string export_data;
1628 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1629
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1630 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1631 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1632}
1633
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1634TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1635 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1636 string export_data;
1637
1638 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1639 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1640 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1641
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1642 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1643}
1644
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1645static string read_file(const string& file_name) {
1646 ifstream file_stream(file_name, std::ios::binary);
1647 istreambuf_iterator<char> file_begin(file_stream);
1648 istreambuf_iterator<char> file_end;
1649 return string(file_begin, file_end);
1650}
1651
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1652typedef Keymaster1Test ImportKeyTest;
1653INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1654
1655TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1656 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1657 ASSERT_EQ(633U, pk8_key.size());
1658
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1659 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1660 .RsaSigningKey(1024, 65537)
1661 .Digest(KM_DIGEST_NONE)
1662 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1663 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1664
1665 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1666 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1667 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1668 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1669 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1670 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1671 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1672 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1673 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1674 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1675
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1676 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1677 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1678 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1679
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1680 string message(1024 / 8, 'a');
1681 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1682 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1683 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1684
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1685 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1686 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1687}
1688
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1689TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1690 string pk8_key = read_file("rsa_privkey_pk8.der");
1691 ASSERT_EQ(633U, pk8_key.size());
1692
1693 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1694 // point softkeymaster will no longer support keymaster0 APIs anyway.
1695 uint8_t* key_blob;
1696 size_t key_blob_length;
1697 ASSERT_EQ(0,
1698 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1699 pk8_key.size(), &key_blob, &key_blob_length));
1700 set_key_blob(key_blob, key_blob_length);
1701
1702 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1703 AuthorizationSet begin_params; // Don't use client data.
1704 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1705 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1706 AuthorizationSet update_params;
1707 AuthorizationSet output_params;
1708 string signature =
1709 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1710 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1711 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1712
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1713 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1714 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1715}
1716
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1717TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1718 string pk8_key = read_file("rsa_privkey_pk8.der");
1719 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1720 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1721 ImportKey(AuthorizationSetBuilder()
1722 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1723 .Digest(KM_DIGEST_NONE)
1724 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1725 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1726
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1727 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1728}
1729
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1730TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1731 string pk8_key = read_file("rsa_privkey_pk8.der");
1732 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1733 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1734 ImportKey(AuthorizationSetBuilder()
1735 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1736 .Digest(KM_DIGEST_NONE)
1737 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1738 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1739
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1740 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1741}
1742
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1743TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1744 string pk8_key = read_file("ec_privkey_pk8.der");
1745 ASSERT_EQ(138U, pk8_key.size());
1746
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1747 ASSERT_EQ(KM_ERROR_OK,
1748 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1749 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1750
1751 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1752 EXPECT_TRUE(
1753 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1754 TAG_ALGORITHM, KM_ALGORITHM_EC));
1755 EXPECT_TRUE(
1756 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1757 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1758
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1759 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1760 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1761 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1762
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1763 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1764 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1765 SignMessage(message, &signature, KM_DIGEST_NONE);
1766 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1767
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1768 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1769 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1770}
1771
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1772TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1773 string pk8_key = read_file("ec_privkey_pk8.der");
1774 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1775
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1776 ASSERT_EQ(KM_ERROR_OK,
1777 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1778 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1779
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1780 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1781 EXPECT_TRUE(
1782 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1783 TAG_ALGORITHM, KM_ALGORITHM_EC));
1784 EXPECT_TRUE(
1785 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1786 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1787
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1788 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1789 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1790 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1791
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1792 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1793 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1794 SignMessage(message, &signature, KM_DIGEST_NONE);
1795 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1796
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1797 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1798 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1799}
1800
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1801TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1802 string pk8_key = read_file("ec_privkey_pk8.der");
1803 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1804 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1805 ImportKey(AuthorizationSetBuilder()
1806 .EcdsaSigningKey(224 /* Doesn't match key */)
1807 .Digest(KM_DIGEST_NONE),
1808 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1809
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1810 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1811}
1812
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1813TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1814 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1815 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1816 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1817 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1818 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1819 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1820
1821 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1822 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1823
1824 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1825 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1826 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1827 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1828
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1829 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1830}
1831
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1832TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1833 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1834 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1835 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1836 .HmacKey(sizeof(key_data) * 8)
1837 .Digest(KM_DIGEST_SHA_2_256)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1838 .Authorization(TAG_MIN_MAC_LENGTH, 256),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1839 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1840
1841 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1842 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1843
1844 string message = "Hello World!";
1845 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]1846 MacMessage(message, &signature, 256);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1847 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1848
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1849 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1850}
1851
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1852typedef Keymaster1Test EncryptionOperationsTest;
1853INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1854
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1855TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1856 ASSERT_EQ(KM_ERROR_OK,
1857 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1858
1859 string message = "12345678901234567890123456789012";
1860 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1861 EXPECT_EQ(256U / 8, ciphertext1.size());
1862
1863 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1864 EXPECT_EQ(256U / 8, ciphertext2.size());
1865
1866 // Unpadded RSA is deterministic
1867 EXPECT_EQ(ciphertext1, ciphertext2);
1868
1869 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1870 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1871}
1872
1873TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1874 ASSERT_EQ(KM_ERROR_OK,
1875 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1876
1877 string message = "1234567890123456789012345678901";
1878
1879 AuthorizationSet begin_params(client_params());
1880 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1881 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1882
1883 string result;
1884 size_t input_consumed;
1885 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1886 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1887 EXPECT_EQ(0U, result.size());
1888
1889 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1890 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1891}
1892
1893TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1894 ASSERT_EQ(KM_ERROR_OK,
1895 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1896
1897 string message = "123456789012345678901234567890123";
1898
1899 AuthorizationSet begin_params(client_params());
1900 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1901 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1902
1903 string result;
1904 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1905 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1906
1907 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1908 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1909}
1910
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1911TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1912 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1913 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1914 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1915 .Padding(KM_PAD_RSA_OAEP)
1916 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1917
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1918 string message = "Hello";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1919 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1920 EXPECT_EQ(key_size / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1921
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1922 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1923 EXPECT_EQ(key_size / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1924
1925 // OAEP randomizes padding so every result should be different.
1926 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1927
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1928 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1929 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1930}
1931
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1932TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1933 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1934 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1935 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1936 .Padding(KM_PAD_RSA_OAEP)
1937 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1938 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1939 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1940 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1941
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1942 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1943 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1944
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1945 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1946 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1947}
1948
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1949TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1950 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1951 .RsaEncryptionKey(512, 3)
1952 .Padding(KM_PAD_RSA_OAEP)
1953 .Digest(KM_DIGEST_NONE)));
1954 string message = "Hello World!";
1955
1956 AuthorizationSet begin_params(client_params());
1957 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1958 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1959 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1960
1961 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1962 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1963}
1964
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1965TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) {
1966 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1967 .RsaEncryptionKey(512, 3)
1968 .Padding(KM_PAD_RSA_OAEP)
1969 .Digest(KM_DIGEST_SHA_2_256)));
1970 string message = "Hello World!";
1971 // Works because encryption is a public key operation.
1972 EncryptMessage(string(message), KM_DIGEST_SHA1, KM_PAD_RSA_OAEP);
1973
1974 AuthorizationSet begin_params(client_params());
1975 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1976 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
1977 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
1978
1979 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1980 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1981}
1982
1983TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
1984 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1985 .RsaEncryptionKey(768, 3)
1986 .Padding(KM_PAD_RSA_OAEP)
1987 .Digest(KM_DIGEST_SHA_2_256)
1988 .Digest(KM_DIGEST_SHA_2_384)));
1989 string message = "Hello World!";
1990 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
1991
1992 string result;
1993 size_t input_consumed;
1994 AuthorizationSet begin_params(client_params());
1995 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1996 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
1997 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
1998 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
1999 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
2000 EXPECT_EQ(0U, result.size());
2001
2002 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2003 EXPECT_EQ(4, GetParam()->keymaster0_calls());
2004}
2005
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2006TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2007 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2008 .RsaEncryptionKey(512, 3)
2009 .Padding(KM_PAD_RSA_OAEP)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2010 .Digest(KM_DIGEST_SHA1)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2011 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2012 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2013 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2014
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2015 AuthorizationSet begin_params(client_params());
2016 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2017 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2018 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2019 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2020 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2021 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2022
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2023 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2024 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2025}
2026
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2027TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2028 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2029 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2030 .RsaEncryptionKey(768, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2031 .Padding(KM_PAD_RSA_OAEP)
2032 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2033 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2034 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2035 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2036
2037 // Corrupt the ciphertext
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2038 ciphertext[key_size / 8 / 2]++;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2039
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2040 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2041 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2042 AuthorizationSet begin_params(client_params());
2043 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2044 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2045 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2046 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2047 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2048 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2049
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2050 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2051 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2052}
2053
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2054TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2055 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2056 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2057 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2058 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2059 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2060
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2061 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2062 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2063
2064 // PKCS1 v1.5 randomizes padding so every result should be different.
2065 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2066
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2067 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2068 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2069}
2070
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2071TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2072 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2073 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2074 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2075 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2076 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2077
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2078 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2079 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2080
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2081 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2082 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2083}
2084
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2085TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2086 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2087 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]2088 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2089 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2090 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2091
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2092 AuthorizationSet begin_params(client_params());
2093 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2094 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2095 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2096 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2097 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2098
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2099 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2100 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2101}
2102
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2103TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
2104 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2105 .RsaEncryptionKey(512, 3)
2106 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
2107 .Digest(KM_DIGEST_NONE)));
2108 string message = "Hello World!";
2109 string result;
2110
2111 AuthorizationSet begin_params(client_params());
2112 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2113 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
2114 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2115
2116 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2117 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2118}
2119
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2120TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2121 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2122 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2123 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2124 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2125 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2126
2127 // Corrupt the ciphertext
2128 ciphertext[512 / 8 / 2]++;
2129
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2130 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2131 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2132 AuthorizationSet begin_params(client_params());
2133 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2134 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2135 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2136 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2137 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2138
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2139 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2140 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2141}
2142
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2143TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2144 ASSERT_EQ(KM_ERROR_OK,
2145 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2146
2147 AuthorizationSet begin_params(client_params());
2148 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2149 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2150
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2151 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2152 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2153}
2154
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2155TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2156 ASSERT_EQ(KM_ERROR_OK,
2157 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2158 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2159 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2160
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2161 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2162 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2163}
2164
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2165TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2166 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2167 .HmacKey(128)
2168 .Digest(KM_DIGEST_SHA_2_256)
2169 .Padding(KM_PAD_NONE)
2170 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2171 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2172 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2173
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2174 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2175}
2176
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2177TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2178 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2179 .AesEncryptionKey(128)
2180 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2181 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2182 // Two-block message.
2183 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2184 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2185 EXPECT_EQ(message.size(), ciphertext1.size());
2186
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2187 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2188 EXPECT_EQ(message.size(), ciphertext2.size());
2189
2190 // ECB is deterministic.
2191 EXPECT_EQ(ciphertext1, ciphertext2);
2192
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2193 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2194 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2195
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2196 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2197}
2198
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2199TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2200 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2201 .AesEncryptionKey(128)
2202 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2203 .Padding(KM_PAD_NONE)));
2204 // Two-block message.
2205 string message = "12345678901234567890123456789012";
2206 AuthorizationSet begin_params(client_params());
2207 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2208 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2209 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2210
2211 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2212}
2213
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2214TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2215 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2216 .AesEncryptionKey(128)
2217 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2218 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2219 // Message is slightly shorter than two blocks.
2220 string message = "1234567890123456789012345678901";
2221
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2222 AuthorizationSet begin_params(client_params());
2223 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2224 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2225 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2226 string ciphertext;
2227 size_t input_consumed;
2228 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2229 EXPECT_EQ(message.size(), input_consumed);
2230 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2231
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2232 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2233}
2234
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2235TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2236 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2237 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2238 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2239 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2240
2241 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2242 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2243 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2244 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2245 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2246 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2247 EXPECT_EQ(message, plaintext);
2248 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2249
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2250 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2251}
2252
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2253TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2254 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2255 .AesEncryptionKey(128)
2256 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2257 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2258
2259 // Try various message lengths; all should work.
2260 for (size_t i = 0; i < 32; ++i) {
2261 string message(i, 'a');
2262 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
2263 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
2264 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
2265 EXPECT_EQ(message, plaintext);
2266 }
2267
2268 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2269}
2270
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2271TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2272 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2273 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2274 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2275 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2276
2277 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2278 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2279 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2280 EXPECT_NE(ciphertext, message);
2281 ++ciphertext[ciphertext.size() / 2];
2282
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2283 AuthorizationSet begin_params(client_params());
2284 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2285 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2286 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2287 string plaintext;
2288 size_t input_consumed;
2289 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2290 EXPECT_EQ(ciphertext.size(), input_consumed);
2291 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2292
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2293 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2294}
2295
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2296TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2297 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2298 .AesEncryptionKey(128)
2299 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2300 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2301 string message = "123";
2302 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2303 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2304 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2305 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2306
2307 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2308 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2309 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2310 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2311
2312 // IVs should be random, so ciphertexts should differ.
2313 EXPECT_NE(iv1, iv2);
2314 EXPECT_NE(ciphertext1, ciphertext2);
2315
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2316 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2317 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2318
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2319 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2320}
2321
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2322TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2323 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2324 .AesEncryptionKey(128)
2325 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2326 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2327
2328 int increment = 15;
2329 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2330 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2331 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2332 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2333 AuthorizationSet output_params;
2334 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2335
2336 string ciphertext;
2337 size_t input_consumed;
2338 for (size_t i = 0; i < message.size(); i += increment)
2339 EXPECT_EQ(KM_ERROR_OK,
2340 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2341 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2342 EXPECT_EQ(message.size(), ciphertext.size());
2343
2344 // Move TAG_NONCE into input_params
2345 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2346 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2347 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2348 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2349 output_params.Clear();
2350
2351 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2352 string plaintext;
2353 for (size_t i = 0; i < ciphertext.size(); i += increment)
2354 EXPECT_EQ(KM_ERROR_OK,
2355 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2356 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2357 EXPECT_EQ(ciphertext.size(), plaintext.size());
2358 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2359
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2360 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2361}
2362
2363struct AesCtrSp80038aTestVector {
2364 const char* key;
2365 const char* nonce;
2366 const char* plaintext;
2367 const char* ciphertext;
2368};
2369
2370// These test vectors are taken from
2371// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2372static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2373 // AES-128
2374 {
2375 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2376 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2377 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2378 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2379 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2380 },
2381 // AES-192
2382 {
2383 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2384 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2385 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2386 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2387 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2388 },
2389 // AES-256
2390 {
2391 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2392 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2393 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2394 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2395 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2396 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2397 },
2398};
2399
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2400TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2401 for (size_t i = 0; i < 3; i++) {
2402 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2403 const string key = hex2str(test.key);
2404 const string nonce = hex2str(test.nonce);
2405 const string plaintext = hex2str(test.plaintext);
2406 const string ciphertext = hex2str(test.ciphertext);
2407 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2408 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2409
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2410 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2411}
2412
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2413TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2414 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2415 .AesEncryptionKey(128)
2416 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2417 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2418 AuthorizationSet begin_params(client_params());
2419 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2420 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2421 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2422
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2423 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2424}
2425
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2426TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2427 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2428 .AesEncryptionKey(128)
2429 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2430 .Authorization(TAG_CALLER_NONCE)
2431 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2432
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2433 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2434 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2435 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2436 input_params.push_back(TAG_NONCE, "123", 3);
2437 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2438
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2439 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2440}
2441
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2442TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2443 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2444 .AesEncryptionKey(128)
2445 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2446 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2447 // Two-block message.
2448 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2449 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2450 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2451 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2452
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2453 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2454 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2455 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2456
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2457 // IVs should be random, so ciphertexts should differ.
2458 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2459 EXPECT_NE(ciphertext1, ciphertext2);
2460
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2461 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2462 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2463
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2464 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2465}
2466
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2467TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2468 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2469 .AesEncryptionKey(128)
2470 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2471 .Authorization(TAG_CALLER_NONCE)
2472 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2473 string message = "12345678901234567890123456789012";
2474 string iv1;
2475 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2476 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2477 EXPECT_EQ(message.size(), ciphertext1.size());
2478 EXPECT_EQ(16U, iv1.size());
2479
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2480 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2481 EXPECT_EQ(message, plaintext);
2482
2483 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2484 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2485 AuthorizationSet update_params;
2486 AuthorizationSet output_params;
2487 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2488 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2489 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2490 string ciphertext2 =
2491 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2492
2493 // Decrypt with correct nonce.
2494 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2495 &output_params);
2496 EXPECT_EQ(message, plaintext);
2497
2498 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2499 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2500 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2501 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2502 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2503 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2504 &output_params);
2505 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2506
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2507 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2508}
2509
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2510TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2511 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2512 .AesEncryptionKey(128)
2513 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2514 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2515
2516 string message = "12345678901234567890123456789012";
2517 string iv1;
2518 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2519 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2520 EXPECT_EQ(message.size(), ciphertext1.size());
2521 EXPECT_EQ(16U, iv1.size());
2522
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2523 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2524 EXPECT_EQ(message, plaintext);
2525
2526 // Now specify a nonce, should fail.
2527 AuthorizationSet input_params(client_params());
2528 AuthorizationSet update_params;
2529 AuthorizationSet output_params;
2530 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2531 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2532 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2533
2534 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2535 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2536
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2537 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2538}
2539
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2540TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2541 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2542 .AesEncryptionKey(128)
2543 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2544 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2545
2546 int increment = 15;
2547 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2548 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2549 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2550 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2551 AuthorizationSet output_params;
2552 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2553
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2554 string ciphertext;
2555 size_t input_consumed;
2556 for (size_t i = 0; i < message.size(); i += increment)
2557 EXPECT_EQ(KM_ERROR_OK,
2558 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2559 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2560 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2561
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2562 // Move TAG_NONCE into input_params
2563 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2564 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2565 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2566 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2567 output_params.Clear();
2568
2569 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2570 string plaintext;
2571 for (size_t i = 0; i < ciphertext.size(); i += increment)
2572 EXPECT_EQ(KM_ERROR_OK,
2573 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2574 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2575 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2576 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2577
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2578 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2579}
2580
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2581TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2582 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2583 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2584 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2585 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2586
2587 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2588 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2589 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2590 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2591 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2592 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2593 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2594 EXPECT_EQ(message, plaintext);
2595 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2596
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2597 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2598}
2599
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2600TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2601 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2602 .AesEncryptionKey(128)
2603 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2604 .Authorization(TAG_PADDING, KM_PAD_NONE)
2605 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2606 string aad = "foobar";
2607 string message = "123456789012345678901234567890123456";
2608 AuthorizationSet begin_params(client_params());
2609 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2610 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2611 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2612
2613 AuthorizationSet update_params;
2614 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2615
2616 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2617 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2618 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2619 string ciphertext;
2620 size_t input_consumed;
2621 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2622 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2623 &input_consumed));
2624 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2625 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2626
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2627 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2628 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2629 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2630
2631 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2632 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2633 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2634 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2635 &plaintext, &input_consumed));
2636 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2637 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2638
2639 EXPECT_EQ(message, plaintext);
2640 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2641}
2642
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2643TEST_P(EncryptionOperationsTest, AesGcmTooShortTag) {
2644 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2645 .AesEncryptionKey(128)
2646 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2647 .Authorization(TAG_PADDING, KM_PAD_NONE)
2648 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2649 string aad = "foobar";
2650 string message = "123456789012345678901234567890123456";
2651 AuthorizationSet begin_params(client_params());
2652 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2653 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2654 begin_params.push_back(TAG_MAC_LENGTH, 96);
2655
2656 AuthorizationSet update_params;
2657 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2658
2659 AuthorizationSet begin_out_params;
2660 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
2661 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2662
2663 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2664}
2665
2666TEST_P(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) {
2667 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2668 .AesEncryptionKey(128)
2669 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2670 .Authorization(TAG_PADDING, KM_PAD_NONE)
2671 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2672 string aad = "foobar";
2673 string message = "123456789012345678901234567890123456";
2674 AuthorizationSet begin_params(client_params());
2675 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2676 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2677 begin_params.push_back(TAG_MAC_LENGTH, 128);
2678
2679 AuthorizationSet update_params;
2680 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2681
2682 // Encrypt
2683 AuthorizationSet begin_out_params;
2684 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2685 string ciphertext;
2686 size_t input_consumed;
2687 AuthorizationSet update_out_params;
2688 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2689 &input_consumed));
2690 EXPECT_EQ(message.size(), input_consumed);
2691 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2692
2693 // Grab nonce
2694 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2695 begin_params.Reinitialize(client_params());
2696 begin_params.push_back(begin_out_params);
2697 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2698 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2699 begin_params.push_back(TAG_MAC_LENGTH, 96);
2700
2701 // Decrypt.
2702 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2703
2704 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2705}
2706
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2707TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2708 uint8_t nonce[] = {
2709 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2710 };
2711 uint8_t ciphertext[] = {
2712 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2713 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2714 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2715 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2716 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2717 };
2718 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2719
2720 AuthorizationSet begin_params(client_params());
2721 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2722 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2723 begin_params.push_back(TAG_MAC_LENGTH, 128);
2724 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2725
2726 string plaintext;
2727 size_t input_consumed;
2728
2729 // Import correct key and decrypt
2730 uint8_t good_key[] = {
2731 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2732 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2733 };
2734 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2735 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2736 .AesEncryptionKey(128)
2737 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2738 .Authorization(TAG_PADDING, KM_PAD_NONE)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2739 .Authorization(TAG_CALLER_NONCE)
2740 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2741 KM_KEY_FORMAT_RAW, good_key_str));
2742 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2743 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2744 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2745
2746 // Import bad key and decrypt
2747 uint8_t bad_key[] = {
2748 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2749 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2750 };
2751 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2752 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2753 .AesEncryptionKey(128)
2754 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2755 .Authorization(TAG_PADDING, KM_PAD_NONE)
2756 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2757 KM_KEY_FORMAT_RAW, bad_key_str));
2758 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2759 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2760 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2761
2762 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2763}
2764
2765TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2766 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2767 .AesEncryptionKey(128)
2768 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2769 .Authorization(TAG_PADDING, KM_PAD_NONE)
2770 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2771 string aad = "123456789012345678";
2772 string empty_message;
2773 AuthorizationSet begin_params(client_params());
2774 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2775 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2776 begin_params.push_back(TAG_MAC_LENGTH, 128);
2777
2778 AuthorizationSet update_params;
2779 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2780
2781 // Encrypt
2782 AuthorizationSet begin_out_params;
2783 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2784 string ciphertext;
2785 size_t input_consumed;
2786 AuthorizationSet update_out_params;
2787 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2788 &ciphertext, &input_consumed));
2789 EXPECT_EQ(0U, input_consumed);
2790 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2791
2792 // Grab nonce
2793 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2794 begin_params.push_back(begin_out_params);
2795
2796 // Decrypt.
2797 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2798 string plaintext;
2799 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2800 &plaintext, &input_consumed));
2801 EXPECT_EQ(ciphertext.size(), input_consumed);
2802 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2803
2804 EXPECT_EQ(empty_message, plaintext);
2805 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2806}
2807
2808TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2809 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2810 .AesEncryptionKey(128)
2811 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2812 .Authorization(TAG_PADDING, KM_PAD_NONE)
2813 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2814 AuthorizationSet begin_params(client_params());
2815 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2816 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2817 begin_params.push_back(TAG_MAC_LENGTH, 128);
2818
2819 AuthorizationSet update_params;
2820 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2821
2822 // Encrypt
2823 AuthorizationSet begin_out_params;
2824 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2825 string ciphertext;
2826 size_t input_consumed;
2827 AuthorizationSet update_out_params;
2828
2829 // Send AAD, incrementally
2830 for (int i = 0; i < 1000; ++i) {
2831 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2832 &input_consumed));
2833 EXPECT_EQ(0U, input_consumed);
2834 EXPECT_EQ(0U, ciphertext.size());
2835 }
2836
2837 // Now send data, incrementally, no data.
2838 AuthorizationSet empty_params;
2839 for (int i = 0; i < 1000; ++i) {
2840 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2841 &input_consumed));
2842 EXPECT_EQ(1U, input_consumed);
2843 }
2844 EXPECT_EQ(1000U, ciphertext.size());
2845
2846 // And finish.
2847 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2848 EXPECT_EQ(1016U, ciphertext.size());
2849
2850 // Grab nonce
2851 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2852 begin_params.push_back(begin_out_params);
2853
2854 // Decrypt.
2855 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2856 string plaintext;
2857
2858 // Send AAD, incrementally, no data
2859 for (int i = 0; i < 1000; ++i) {
2860 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2861 &input_consumed));
2862 EXPECT_EQ(0U, input_consumed);
2863 EXPECT_EQ(0U, plaintext.size());
2864 }
2865
2866 // Now send data, incrementally.
2867 for (size_t i = 0; i < ciphertext.length(); ++i) {
2868 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2869 &update_out_params, &plaintext, &input_consumed));
2870 EXPECT_EQ(1U, input_consumed);
2871 }
2872 EXPECT_EQ(1000U, plaintext.size());
2873 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2874
2875 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2876}
2877
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2878TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2879 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2880 .AesEncryptionKey(128)
2881 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2882 .Authorization(TAG_PADDING, KM_PAD_NONE)
2883 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2884 string message = "123456789012345678901234567890123456";
2885 AuthorizationSet begin_params(client_params());
2886 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2887 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2888 begin_params.push_back(TAG_MAC_LENGTH, 128);
2889 AuthorizationSet begin_out_params;
2890
2891 AuthorizationSet update_params;
2892 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2893
2894 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2895
2896 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2897 string ciphertext;
2898 size_t input_consumed;
2899 AuthorizationSet update_out_params;
2900 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2901 &ciphertext, &input_consumed));
2902 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2903
2904 // AAD and data.
2905 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2906 &input_consumed));
2907 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2908 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2909
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2910 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2911 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2912 begin_params.push_back(begin_out_params);
2913
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2914 // Decrypt
2915 update_params.Clear();
2916 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2917
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2918 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2919 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2920 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2921 &plaintext, &input_consumed));
2922 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2923 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2924
2925 EXPECT_EQ(message, plaintext);
2926 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2927}
2928
2929TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2930 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2931 .AesEncryptionKey(128)
2932 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2933 .Authorization(TAG_PADDING, KM_PAD_NONE)
2934 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2935 string message = "12345678901234567890123456789012";
2936 AuthorizationSet begin_params(client_params());
2937 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2938 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2939 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2940
2941 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2942 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2943
2944 AuthorizationSet finish_params;
2945 AuthorizationSet finish_out_params;
2946
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2947 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2948 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2949 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2950 AuthorizationSet update_out_params;
2951 string ciphertext;
2952 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2953 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2954 &input_consumed));
2955 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2956 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2957
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2958 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2959 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2960 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2961
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2962 update_params.Clear();
2963 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2964
2965 // Decrypt.
2966 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2967 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2968 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2969 &plaintext, &input_consumed));
2970 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2971 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2972
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2973 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2974}
2975
2976TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2977 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2978 .AesEncryptionKey(128)
2979 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]2980 .Authorization(TAG_PADDING, KM_PAD_NONE)
2981 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2982 string message = "12345678901234567890123456789012";
2983 AuthorizationSet begin_params(client_params());
2984 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2985 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2986 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2987
2988 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2989 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2990
2991 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2992 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2993 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2994 AuthorizationSet update_out_params;
2995 string ciphertext;
2996 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2997 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2998 &input_consumed));
2999 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3000 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3001
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3002 begin_params.push_back(TAG_NONCE, "123456789012", 12);
3003
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3004 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3005 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3006 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3007 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3008 &plaintext, &input_consumed));
3009 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3010 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3011
3012 // With wrong nonce, should have gotten garbage plaintext.
3013 EXPECT_NE(message, plaintext);
3014 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3015}
3016
3017TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
3018 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3019 .AesEncryptionKey(128)
3020 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame^]3021 .Authorization(TAG_PADDING, KM_PAD_NONE)
3022 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3023 string aad = "foobar";
3024 string message = "123456789012345678901234567890123456";
3025 AuthorizationSet begin_params(client_params());
3026 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3027 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3028 begin_params.push_back(TAG_MAC_LENGTH, 128);
3029 AuthorizationSet begin_out_params;
3030
3031 AuthorizationSet update_params;
3032 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3033
3034 // Encrypt
3035 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3036 AuthorizationSet update_out_params;
3037 string ciphertext;
3038 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3039 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3040 &input_consumed));
3041 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3042 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3043
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3044 // Corrupt tag
3045 (*ciphertext.rbegin())++;
3046
3047 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3048 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3049 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3050
3051 // Decrypt.
3052 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3053 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3054 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3055 &plaintext, &input_consumed));
3056 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3057 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3058
3059 EXPECT_EQ(message, plaintext);
3060 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3061}
3062
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]3063typedef Keymaster1Test MaxOperationsTest;
3064INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
3065
3066TEST_P(MaxOperationsTest, TestLimit) {
3067 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3068 .AesEncryptionKey(128)
3069 .EcbMode()
3070 .Authorization(TAG_PADDING, KM_PAD_NONE)
3071 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3072
3073 string message = "1234567890123456";
3074 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3075 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3076 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3077
3078 // Fourth time should fail.
3079 AuthorizationSet begin_params(client_params());
3080 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3081 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3082 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3083
3084 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3085}
3086
3087TEST_P(MaxOperationsTest, TestAbort) {
3088 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3089 .AesEncryptionKey(128)
3090 .EcbMode()
3091 .Authorization(TAG_PADDING, KM_PAD_NONE)
3092 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3093
3094 string message = "1234567890123456";
3095 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3096 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3097 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3098
3099 // Fourth time should fail.
3100 AuthorizationSet begin_params(client_params());
3101 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3102 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3103 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3104
3105 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3106}
3107
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]3108typedef Keymaster1Test AddEntropyTest;
3109INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
3110
3111TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3112 // There's no obvious way to test that entropy is actually added, but we can test that the API
3113 // doesn't blow up or return an error.
3114 EXPECT_EQ(KM_ERROR_OK,
3115 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3116
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3117 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3118}
3119
3120typedef Keymaster1Test Keymaster0AdapterTest;
3121INSTANTIATE_TEST_CASE_P(
3122 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3123 ::testing::Values(
3124 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
3125 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3126
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3127TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3128 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3129 // key data.
3130 string km1_sw = read_file("km1_sw_rsa_512.blob");
3131 EXPECT_EQ(486U, km1_sw.length());
3132
3133 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3134 memcpy(key_data, km1_sw.data(), km1_sw.length());
3135 set_key_blob(key_data, km1_sw.length());
3136
3137 string message(64, 'a');
3138 string signature;
3139 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3140
3141 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3142}
3143
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]3144TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
3145 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
3146 // blobs contain OCB-encrypted key data.
3147 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
3148 EXPECT_EQ(477U, km1_sw.length());
3149
3150 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3151 memcpy(key_data, km1_sw.data(), km1_sw.length());
3152 set_key_blob(key_data, km1_sw.length());
3153
3154 string message(64, 'a');
3155 string signature;
3156 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3157
3158 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3159}
3160
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3161TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
3162 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3163 // key data.
3164 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
3165 EXPECT_EQ(270U, km1_sw.length());
3166
3167 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3168 memcpy(key_data, km1_sw.data(), km1_sw.length());
3169 set_key_blob(key_data, km1_sw.length());
3170
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]3171 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3172 string signature;
3173 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3174
3175 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3176}
3177
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3178struct Malloc_Delete {
3179 void operator()(void* p) { free(p); }
3180};
3181
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3182TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3183 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3184 string km0_sw = read_file("km0_sw_rsa_512.blob");
3185 EXPECT_EQ(333U, km0_sw.length());
3186
3187 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3188 memcpy(key_data, km0_sw.data(), km0_sw.length());
3189 set_key_blob(key_data, km0_sw.length());
3190
3191 string message(64, 'a');
3192 string signature;
3193 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3194
3195 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3196}
3197
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3198TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3199 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3200 string km0_sw = read_file("km0_sw_rsa_512.blob");
3201 EXPECT_EQ(333U, km0_sw.length());
3202
3203 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3204 memcpy(key_data, km0_sw.data(), km0_sw.length());
3205 set_key_blob(key_data, km0_sw.length());
3206
3207 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3208 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3209 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3210 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3211 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3212 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3213 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3214 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3215 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3216 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3217
3218 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3219}
3220
3221TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3222 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3223 string km0_sw = read_file("km0_sw_rsa_512.blob");
3224 EXPECT_EQ(333U, km0_sw.length());
3225
3226 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3227 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3228 EXPECT_EQ('P', km0_sw[0]);
3229 km0_sw[0] = 'Q';
3230
3231 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3232 memcpy(key_data, km0_sw.data(), km0_sw.length());
3233 set_key_blob(key_data, km0_sw.length());
3234
3235 string message(64, 'a');
3236 string signature;
3237 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3238 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3239
3240 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3241}
3242
3243TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3244 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3245 string km0_sw = read_file("km0_sw_rsa_512.blob");
3246 EXPECT_EQ(333U, km0_sw.length());
3247
3248 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3249 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3250 EXPECT_EQ('P', km0_sw[0]);
3251 km0_sw[0] = 'Q';
3252
3253 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3254 memcpy(key_data, km0_sw.data(), km0_sw.length());
3255 set_key_blob(key_data, km0_sw.length());
3256
3257 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3258 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3259 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3260 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3261 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3262 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
3263 EXPECT_EQ(5U, hw_enforced().size());
3264
3265 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3266 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3267 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3268 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3269
3270 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3271 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3272 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3273 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3274 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3275
3276 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3277}
3278
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3279} // namespace test
3280} // namespace keymaster