Blame - android_keymaster_test.cpp - fp2-dev/platform/system/keymaster

2014-08-06 12:31:33 -0600

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

17

#include <fstream>

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

18

#include <string>

19

#include <vector>

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

20

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

21

#include <hardware/keymaster0.h>

Shawn Willden

b751033

2015-02-06 19:58:29 -0700

[diff] [blame]

22

#include <keymaster/soft_keymaster_device.h>

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

23

#include <keymaster/softkeymaster.h>

Shawn Willden

98d9b92

2014-08-26 08:14:10 -0600

[diff] [blame]

24

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

25

#include "android_keymaster_test_utils.h"

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

26

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

27

using std::ifstream;

28

using std::istreambuf_iterator;

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

29

using std::string;

30

using std::vector;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

31

using std::unique_ptr;

32

33

extern "C" {

34

int __android_log_print(int prio, const char* tag, const char* fmt);

35

int __android_log_print(int prio, const char* tag, const char* fmt) {

Chad Brubaker

3e37f0a

2015-06-03 10:39:00 -0700

[diff] [blame]

36

(void)prio, (void)tag, (void)fmt;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

37

return 0;

38

}

39

} // extern "C"

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

40

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

41

namespace keymaster {

42

namespace test {

43

Shawn Willden

567a4a0

2014-12-31 12:14:46 -0700

[diff] [blame]

44

StdoutLogger logger;

45

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

46

class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {

47

public:

48

keymaster1_device_t* CreateDevice() const override {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

49

std::cerr << "Creating software-only device" << std::endl;

Shawn Willden

95dda36

2015-02-27 10:58:37 -0700

[diff] [blame]

50

SoftKeymasterDevice* device = new SoftKeymasterDevice;

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

51

return device->keymaster_device();

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

52

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

53

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

54

bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

55

int keymaster0_calls() const override { return 0; }

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

56

};

57

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

58

class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {

59

public:

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

60

Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}

61

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

62

keymaster1_device_t* CreateDevice() const {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

63

std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_

64

<< ")." << std::endl;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

65

hw_device_t* softkeymaster_device;

66

EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,

67

&softkeymaster_device));

68

// Make the software device pretend to be hardware

69

keymaster0_device_t* keymaster0_device =

70

reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

71

keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;

72

73

if (!support_ec_) {

74

// Make the software device pretend not to support EC

75

keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;

76

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

77

78

counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);

79

80

SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);

81

return keymaster->keymaster_device();

82

}

83

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

84

bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {

85

switch (algorithm) {

86

case KM_ALGORITHM_RSA:

87

return true;

88

case KM_ALGORITHM_EC:

return support_ec_;

default:

return false;

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

93

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

94

int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }

95

96

private:

97

mutable Keymaster0CountingWrapper* counting_keymaster0_device_;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

98

bool support_ec_;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

99

};

100

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

101

static auto test_params = testing::Values(

102

InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),

103

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

104

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

105

106

typedef Keymaster1Test CheckSupported;

107

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);

108

109

TEST_P(CheckSupported, SupportedAlgorithms) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

110

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

111

device()->get_supported_algorithms(device(), NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

112

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

113

size_t len;

114

keymaster_algorithm_t* algorithms;

115

EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));

Shawn Willden

a278f61

2014-12-23 11:22:21 -0700

[diff] [blame]

116

EXPECT_TRUE(ResponseContains(

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

117

{KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

118

free(algorithms);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

119

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

120

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

121

}

122

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

123

TEST_P(CheckSupported, SupportedBlockModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

124

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

125

device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

126

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

127

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

128

size_t len;

129

keymaster_block_mode_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

130

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

131

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

132

EXPECT_EQ(0U, len);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

133

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

134

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

135

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

136

device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

137

&modes, &len));

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

138

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

139

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

140

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

141

EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

142

free(modes);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

143

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

144

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

145

}

146

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

147

TEST_P(CheckSupported, SupportedPaddingModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

148

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

149

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

150

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

151

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

152

size_t len;

153

keymaster_padding_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

154

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

155

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

156

EXPECT_TRUE(

157

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

158

free(modes);

159

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

160

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

161

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

162

EXPECT_TRUE(

163

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

164

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

165

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

166

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

167

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

168

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

169

free(modes);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

170

171

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

172

device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,

173

&modes, &len));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

174

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

175

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

176

}

177

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

178

TEST_P(CheckSupported, SupportedDigests) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

179

EXPECT_EQ(

180

KM_ERROR_OUTPUT_PARAMETER_NULL,

181

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

182

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

183

size_t len;

184

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

185

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

186

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

187

EXPECT_TRUE(

188

ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,

189

KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},

190

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

191

free(digests);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

192

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

193

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

194

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

efbd7e4

2015-06-01 07:07:33 -0600

[diff] [blame]

195

EXPECT_TRUE(

196

ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,

197

KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},

198

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

199

free(digests);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

200

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

201

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

202

device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,

203

&len));

204

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

205

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

206

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

207

EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,

208

KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},

209

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

210

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

211

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

212

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

213

}

214

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

215

TEST_P(CheckSupported, SupportedImportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

216

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

217

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

218

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

219

size_t len;

220

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

221

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

222

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

223

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

224

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

225

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

226

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

227

device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));

228

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

229

free(formats);

230

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

231

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

232

device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

233

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

234

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

235

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

236

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

237

}

238

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

239

TEST_P(CheckSupported, SupportedExportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

240

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

241

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

242

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

243

size_t len;

244

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

245

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

246

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

247

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

248

free(formats);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

249

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

250

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

251

device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

252

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

253

free(formats);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

254

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

255

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

256

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

257

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

258

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

259

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

260

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

261

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

262

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

263

free(formats);

264

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

265

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

266

device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

267

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

268

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

269

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

270

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

271

}

272

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

273

class NewKeyGeneration : public Keymaster1Test {

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

274

protected:

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

275

void CheckBaseParams() {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

276

AuthorizationSet auths = sw_enforced();

277

EXPECT_GT(auths.SerializedSize(), 12U);

278

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

279

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));

280

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));

281

EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));

Shawn Willden

eb63b97

2015-03-14 08:01:12 -0600

[diff] [blame]

282

EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

283

EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

284

285

// Verify that App ID, App data and ROT are NOT included.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

286

EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));

287

EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));

288

EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

289

290

// Just for giggles, check that some unexpected tags/values are NOT present.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

291

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));

292

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));

293

EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

294

295

// Now check that unspecified, defaulted tags are correct.

Shawn Willden

0b2d333

2015-04-07 17:46:18 -0600

[diff] [blame]

296

EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

297

EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

298

}

Shawn Willden

2079ae8

2015-01-22 13:42:31 -0700

[diff] [blame]

299

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

300

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);

301

302

TEST_P(NewKeyGeneration, Rsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

303

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

304

.RsaSigningKey(256, 3)

305

.Digest(KM_DIGEST_NONE)

306

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

307

CheckBaseParams();

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

308

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

309

// Check specified tags are all present, and in the right set.

310

AuthorizationSet crypto_params;

311

AuthorizationSet non_crypto_params;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

312

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

313

EXPECT_NE(0U, hw_enforced().size());

314

EXPECT_NE(0U, sw_enforced().size());

315

crypto_params.push_back(hw_enforced());

316

non_crypto_params.push_back(sw_enforced());

317

} else {

318

EXPECT_EQ(0U, hw_enforced().size());

319

EXPECT_NE(0U, sw_enforced().size());

320

crypto_params.push_back(sw_enforced());

321

}

322

323

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

324

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

325

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));

326

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));

327

EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

328

EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

329

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

330

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

331

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

332

}

333

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

334

TEST_P(NewKeyGeneration, RsaDefaultSize) {

Shawn Willden

3b4e165

2015-02-27 13:33:01 -0700

[diff] [blame]

335

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

336

GenerateKey(AuthorizationSetBuilder()

337

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)

338

.Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)

339

.SigningKey()));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

340

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

341

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

342

}

343

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

344

TEST_P(NewKeyGeneration, Ecdsa) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

345

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

346

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

347

CheckBaseParams();

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

348

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

349

// Check specified tags are all present, and in the right set.

350

AuthorizationSet crypto_params;

351

AuthorizationSet non_crypto_params;

352

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {

353

EXPECT_NE(0U, hw_enforced().size());

354

EXPECT_NE(0U, sw_enforced().size());

355

crypto_params.push_back(hw_enforced());

356

non_crypto_params.push_back(sw_enforced());

357

} else {

358

EXPECT_EQ(0U, hw_enforced().size());

359

EXPECT_NE(0U, sw_enforced().size());

360

crypto_params.push_back(sw_enforced());

361

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

362

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

363

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

364

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

365

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));

366

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));

367

368

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

369

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

370

}

371

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

372

TEST_P(NewKeyGeneration, EcdsaDefaultSize) {

Shawn Willden

4f83b89

2015-05-26 12:52:54 -0600

[diff] [blame]

373

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

374

GenerateKey(AuthorizationSetBuilder()

375

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)

376

.SigningKey()

377

.Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

378

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

379

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

380

}

381

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

382

TEST_P(NewKeyGeneration, EcdsaInvalidSize) {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

383

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

384

ASSERT_EQ(

385

KM_ERROR_UNKNOWN_ERROR,

386

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

387

else

388

ASSERT_EQ(

389

KM_ERROR_UNSUPPORTED_KEY_SIZE,

390

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

391

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

392

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

393

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

394

}

395

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

396

TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {

Shawn Willden

8c856c8

2014-09-26 09:34:36 -0600

[diff] [blame]

397

size_t valid_sizes[] = {224, 256, 384, 521};

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

398

for (size_t size : valid_sizes) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

399

EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(

400

KM_DIGEST_NONE)))

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

401

<< "Failed to generate size: " << size;

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

402

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

403

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

404

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

405

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

406

}

407

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

408

TEST_P(NewKeyGeneration, HmacSha256) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

409

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

410

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

411

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

412

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

413

}

414

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

415

typedef Keymaster1Test GetKeyCharacteristics;

416

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);

417

418

TEST_P(GetKeyCharacteristics, SimpleRsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

419

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

420

.RsaSigningKey(256, 3)

421

.Digest(KM_DIGEST_NONE)

422

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

423

AuthorizationSet original(sw_enforced());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

424

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

425

ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());

426

EXPECT_EQ(original, sw_enforced());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

427

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

428

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

429

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

430

}

431

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

432

typedef Keymaster1Test SigningOperationsTest;

433

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);

434

435

TEST_P(SigningOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

436

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

437

.RsaSigningKey(256, 3)

438

.Digest(KM_DIGEST_NONE)

439

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

440

string message = "12345678901234567890123456789012";

441

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

442

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

443

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

444

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

445

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

446

}

447

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

448

TEST_P(SigningOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

449

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

450

.RsaSigningKey(512, 3)

451

.Digest(KM_DIGEST_SHA_2_256)

452

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

453

// Use large message, which won't work without digesting.

454

string message(1024, 'a');

455

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

456

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

457

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

458

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

459

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

460

}

461

Shawn Willden

bfd9ed7

2015-06-11 10:51:12 -0600

[diff] [blame]

462

TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {

463

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

464

.RsaSigningKey(512, 3)

465

.Digest(KM_DIGEST_NONE)

466

.Padding(KM_PAD_NONE)));

467

string message = "12345678901234567890123456789012";

468

string signature;

469

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

470

471

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

472

EXPECT_EQ(3, GetParam()->keymaster0_calls());

473

}

474

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

475

TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

476

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

477

.RsaSigningKey(512, 3)

478

.Digest(KM_DIGEST_SHA_2_256)

479

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

480

string message(1024, 'a');

481

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

482

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

483

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

484

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

485

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

486

}

487

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

488

TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

489

// Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so

490

// verify that nine bytes larger than hash won't work.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

491

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

492

.RsaSigningKey(256 + 9 * 8, 3)

493

.Digest(KM_DIGEST_SHA_2_256)

494

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

495

string message(1024, 'a');

496

string signature;

497

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

498

AuthorizationSet begin_params(client_params());

499

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

500

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

501

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

502

}

503

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

504

TEST_P(SigningOperationsTest, RsaAbort) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

505

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

506

.RsaSigningKey(256, 3)

507

.Digest(KM_DIGEST_NONE)

508

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

509

AuthorizationSet begin_params(client_params());

510

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

511

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

512

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

513

EXPECT_EQ(KM_ERROR_OK, AbortOperation());

514

// Another abort should fail

515

EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

516

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

517

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

518

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

519

}

520

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

521

TEST_P(SigningOperationsTest, RsaUnsupportedDigest) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

522

GenerateKey(AuthorizationSetBuilder()

523

.RsaSigningKey(256, 3)

524

.Digest(KM_DIGEST_MD5)

525

.Padding(KM_PAD_RSA_PSS /* supported padding */));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

526

ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

527

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

528

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

529

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

530

}

531

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

532

TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

533

GenerateKey(AuthorizationSetBuilder()

534

.RsaSigningKey(256, 3)

535

.Digest(KM_DIGEST_SHA_2_256 /* supported digest */)

536

.Padding(KM_PAD_PKCS7));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

537

AuthorizationSet begin_params(client_params());

538

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

539

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

540

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

541

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

542

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

543

}

544

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

545

TEST_P(SigningOperationsTest, RsaNoDigest) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

546

// PSS requires a digest.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

547

GenerateKey(AuthorizationSetBuilder()

548

.RsaSigningKey(256, 3)

549

.Digest(KM_DIGEST_NONE)

550

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

551

AuthorizationSet begin_params(client_params());

552

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

553

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

554

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

555

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

556

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

557

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

558

}

559

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

560

TEST_P(SigningOperationsTest, RsaNoPadding) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

561

// Padding must be specified

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

562

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(

563

KM_DIGEST_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

564

AuthorizationSet begin_params(client_params());

565

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

566

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

567

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

568

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

569

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

570

}

571

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

572

TEST_P(SigningOperationsTest, RsaTooShortMessage) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

573

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

574

.RsaSigningKey(256, 3)

575

.Digest(KM_DIGEST_NONE)

576

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

577

AuthorizationSet begin_params(client_params());

578

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

579

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

580

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

581

582

string message = "1234567890123456789012345678901";

583

string result;

584

size_t input_consumed;

585

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

586

EXPECT_EQ(0U, result.size());

587

EXPECT_EQ(31U, input_consumed);

588

589

string signature;

590

ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature));

591

EXPECT_EQ(0U, signature.length());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

592

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

593

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

594

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

595

}

596

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

597

TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

598

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

599

.RsaEncryptionKey(256, 3)

600

.Digest(KM_DIGEST_NONE)

601

.Padding(KM_PAD_NONE)));

602

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

603

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

604

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

605

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

606

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

607

}

608

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

609

TEST_P(SigningOperationsTest, EcdsaSuccess) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

610

ASSERT_EQ(KM_ERROR_OK,

611

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

612

string message(1024, 'a');

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

613

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

614

SignMessage(message, &signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

615

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

616

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

617

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

618

}

619

Shawn Willden

efbd7e4

2015-06-01 07:07:33 -0600

[diff] [blame]

620

TEST_P(SigningOperationsTest, EcdsaSha256Success) {

621

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(

622

KM_DIGEST_SHA_2_256)));

623

string message(1024, 'a');

624

string signature;

625

SignMessage(message, &signature, KM_DIGEST_SHA_2_256);

626

627

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

628

EXPECT_EQ(3, GetParam()->keymaster0_calls());

629

}

630

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

631

TEST_P(SigningOperationsTest, AesEcbSign) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

632

ASSERT_EQ(KM_ERROR_OK,

633

GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(

634

TAG_BLOCK_MODE, KM_MODE_ECB)));

635

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

636

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

637

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

638

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

639

}

640

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

641

TEST_P(SigningOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

642

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

643

string message = "12345678901234567890123456789012";

644

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

645

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

646

ASSERT_EQ(20U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

647

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

648

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

649

}

650

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

651

TEST_P(SigningOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

652

ASSERT_EQ(KM_ERROR_OK,

653

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

654

string message = "12345678901234567890123456789012";

655

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

656

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

657

ASSERT_EQ(28U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

658

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

659

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

660

}

661

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

662

TEST_P(SigningOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

663

ASSERT_EQ(KM_ERROR_OK,

664

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

665

string message = "12345678901234567890123456789012";

666

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

667

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

668

ASSERT_EQ(32U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

669

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

670

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

671

}

672

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

673

TEST_P(SigningOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

674

ASSERT_EQ(KM_ERROR_OK,

675

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));

676

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

677

string message = "12345678901234567890123456789012";

678

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

679

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

680

ASSERT_EQ(48U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

681

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

682

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

683

}

684

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

685

TEST_P(SigningOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

686

ASSERT_EQ(KM_ERROR_OK,

687

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

688

string message = "12345678901234567890123456789012";

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

689

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

690

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

691

ASSERT_EQ(64U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

692

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

693

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

694

}

695

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

696

TEST_P(SigningOperationsTest, HmacLengthInKey) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

697

// TODO(swillden): unified API should generate an error on key generation.

698

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

699

.HmacKey(128)

700

.Digest(KM_DIGEST_SHA_2_256)

701

.Authorization(TAG_MAC_LENGTH, 20)));

702

string message = "12345678901234567890123456789012";

703

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

704

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

705

// Size in key was ignored.

706

ASSERT_EQ(30U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

707

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

708

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

709

}

710

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

711

TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

712

uint8_t key_data[] = {

713

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

714

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

715

};

716

string message = "Hi There";

717

uint8_t sha_224_expected[] = {

718

0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,

719

0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,

720

};

721

uint8_t sha_256_expected[] = {

722

0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,

723

0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,

724

0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,

725

};

726

uint8_t sha_384_expected[] = {

727

0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,

728

0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,

729

0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,

730

0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,

731

};

732

uint8_t sha_512_expected[] = {

733

0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,

734

0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,

735

0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,

736

0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,

737

0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,

738

};

739

740

string key = make_string(key_data);

741

742

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

743

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

744

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

745

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

746

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

747

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

748

}

749

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

750

TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

751

string key = "Jefe";

752

string message = "what do ya want for nothing?";

753

uint8_t sha_224_expected[] = {

754

0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,

755

0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,

756

};

757

uint8_t sha_256_expected[] = {

758

0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,

759

0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,

760

0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,

761

};

762

uint8_t sha_384_expected[] = {

763

0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,

764

0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,

765

0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,

766

0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,

767

};

768

uint8_t sha_512_expected[] = {

769

0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,

770

0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,

771

0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,

772

0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,

773

0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,

774

};

775

776

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

777

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

778

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

779

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

780

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

781

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

782

}

783

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

784

TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

785

string key(20, 0xaa);

786

string message(50, 0xdd);

787

uint8_t sha_224_expected[] = {

788

0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,

789

0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,

790

};

791

uint8_t sha_256_expected[] = {

792

0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,

793

0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,

794

0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,

795

};

796

uint8_t sha_384_expected[] = {

797

0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,

798

0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,

799

0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,

800

0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,

801

};

802

uint8_t sha_512_expected[] = {

803

0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,

804

0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,

805

0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,

806

0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,

807

0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,

808

};

809

810

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

811

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

812

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

813

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

814

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

815

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

816

}

817

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

818

TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

819

uint8_t key_data[25] = {

820

0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,

821

0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,

822

};

823

string key = make_string(key_data);

824

string message(50, 0xcd);

825

uint8_t sha_224_expected[] = {

826

0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,

827

0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,

828

};

829

uint8_t sha_256_expected[] = {

830

0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,

831

0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,

832

0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,

833

};

834

uint8_t sha_384_expected[] = {

835

0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,

836

0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,

837

0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,

838

0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,

839

};

840

uint8_t sha_512_expected[] = {

841

0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,

842

0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,

843

0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,

844

0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,

845

0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,

846

};

847

848

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

849

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

850

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

851

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

852

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

853

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

854

}

855

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

856

TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

857

string key(20, 0x0c);

858

string message = "Test With Truncation";

859

860

uint8_t sha_224_expected[] = {

861

0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,

862

0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,

863

};

864

uint8_t sha_256_expected[] = {

865

0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,

866

0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,

867

};

868

uint8_t sha_384_expected[] = {

869

0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,

870

0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,

871

};

872

uint8_t sha_512_expected[] = {

873

0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,

874

0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,

875

};

876

877

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

878

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

879

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

880

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

881

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

882

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

883

}

884

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

885

TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

886

string key(131, 0xaa);

887

string message = "Test Using Larger Than Block-Size Key - Hash Key First";

888

889

uint8_t sha_224_expected[] = {

890

0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,

891

0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,

892

};

893

uint8_t sha_256_expected[] = {

894

0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,

895

0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,

896

0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,

897

};

898

uint8_t sha_384_expected[] = {

899

0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,

900

0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,

901

0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,

902

0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,

903

};

904

uint8_t sha_512_expected[] = {

905

0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,

906

0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,

907

0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,

908

0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,

909

0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,

910

};

911

912

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

913

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

914

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

915

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

916

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

917

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

918

}

919

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

920

TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

921

string key(131, 0xaa);

922

string message = "This is a test using a larger than block-size key and a larger than "

923

"block-size data. The key needs to be hashed before being used by the HMAC "

924

"algorithm.";

925

926

uint8_t sha_224_expected[] = {

927

0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,

928

0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,

929

};

930

uint8_t sha_256_expected[] = {

931

0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,

932

0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,

933

0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,

934

};

935

uint8_t sha_384_expected[] = {

936

0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,

937

0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,

938

0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,

939

0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,

940

};

941

uint8_t sha_512_expected[] = {

942

0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,

943

0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,

944

0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,

945

0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,

946

0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,

947

};

948

949

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

950

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

951

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

952

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

953

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

954

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

955

}

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

956

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

957

TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

958

ASSERT_EQ(KM_ERROR_OK,

959

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

960

AuthorizationSet begin_params(client_params());

Shawn Willden

0c60f6f

2015-04-27 23:40:10 -0600

[diff] [blame]

961

begin_params.push_back(TAG_MAC_LENGTH, 264);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

962

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

963

ASSERT_EQ(KM_ERROR_OK,

964

BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));

965

string message = "1234567890123456789012345678901";

966

string result;

967

size_t input_consumed;

968

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

969

ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

970

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

971

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

972

}

973

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

974

// TODO(swillden): Add more verification failure tests.

975

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

976

typedef Keymaster1Test VerificationOperationsTest;

977

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);

978

979

TEST_P(VerificationOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

980

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

981

.RsaSigningKey(256, 3)

982

.Digest(KM_DIGEST_NONE)

983

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

984

string message = "12345678901234567890123456789012";

985

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

986

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

987

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

988

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

989

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

990

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

991

}

992

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

993

TEST_P(VerificationOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

994

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

995

.RsaSigningKey(512, 3)

996

.Digest(KM_DIGEST_SHA_2_256)

997

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

998

// Use large message, which won't work without digesting.

999

string message(1024, 'a');

1000

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1001

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

1002

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1003

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1004

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1005

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1006

}

1007

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1008

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1009

GenerateKey(AuthorizationSetBuilder()

1010

.RsaSigningKey(512, 3)

1011

.Digest(KM_DIGEST_SHA_2_256)

1012

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1013

string message(1024, 'a');

1014

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1015

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1016

++signature[signature.size() / 2];

1017

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1018

AuthorizationSet begin_params(client_params());

1019

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1020

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1021

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1022

1023

string result;

1024

size_t input_consumed;

1025

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1026

EXPECT_EQ(message.size(), input_consumed);

1027

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1028

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1029

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1030

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1031

}

1032

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1033

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1034

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1035

.RsaSigningKey(512, 3)

1036

.Digest(KM_DIGEST_SHA_2_256)

1037

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1038

// Use large message, which won't work without digesting.

1039

string message(1024, 'a');

1040

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1041

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1042

++message[message.size() / 2];

1043

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1044

AuthorizationSet begin_params(client_params());

1045

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1046

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1047

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1048

1049

string result;

1050

size_t input_consumed;

1051

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1052

EXPECT_EQ(message.size(), input_consumed);

1053

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1054

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1055

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1056

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1057

}

1058

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1059

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1060

GenerateKey(AuthorizationSetBuilder()

1061

.RsaSigningKey(512, 3)

1062

.Digest(KM_DIGEST_SHA_2_256)

1063

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1064

string message(1024, 'a');

1065

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1066

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

1067

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1068

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1069

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1070

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1071

}

1072

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1073

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1074

GenerateKey(AuthorizationSetBuilder()

1075

.RsaSigningKey(512, 3)

1076

.Digest(KM_DIGEST_SHA_2_256)

1077

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1078

string message(1024, 'a');

1079

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1080

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1081

++signature[signature.size() / 2];

1082

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1083

AuthorizationSet begin_params(client_params());

1084

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1085

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1086

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1087

1088

string result;

1089

size_t input_consumed;

1090

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1091

EXPECT_EQ(message.size(), input_consumed);

1092

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1093

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1094

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1095

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1096

}

1097

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1098

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1099

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1100

.RsaSigningKey(512, 3)

1101

.Digest(KM_DIGEST_SHA_2_256)

1102

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1103

// Use large message, which won't work without digesting.

1104

string message(1024, 'a');

1105

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1106

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1107

++message[message.size() / 2];

1108

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1109

AuthorizationSet begin_params(client_params());

1110

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1111

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1112

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1113

1114

string result;

1115

size_t input_consumed;

1116

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1117

EXPECT_EQ(message.size(), input_consumed);

1118

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1119

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1120

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1121

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1122

}

1123

1124

template <typename T> vector<T> make_vector(const T* array, size_t len) {

1125

return vector<T>(array, array + len);

1126

}

1127

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1128

TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1129

// Get all supported digests and padding modes.

1130

size_t digests_len;

1131

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1132

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1133

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,

1134

&digests_len));

1135

1136

size_t padding_modes_len;

1137

keymaster_padding_t* padding_modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1138

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1139

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,

1140

&padding_modes, &padding_modes_len));

1141

1142

// Try them.

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1143

int trial_count = 0;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1144

for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {

1145

for (keymaster_digest_t digest : make_vector(digests, digests_len)) {

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1146

if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)

1147

// Digesting requires padding

1148

continue;

1149

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1150

// Compute key & message size that will work.

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1151

size_t key_bits = 0;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1152

size_t message_len = 1000;

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1153

1154

if (digest == KM_DIGEST_NONE) {

1155

key_bits = 256;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1156

switch (padding_mode) {

1157

case KM_PAD_NONE:

1158

// Match key size.

1159

message_len = key_bits / 8;

1160

break;

1161

case KM_PAD_RSA_PKCS1_1_5_SIGN:

1162

message_len = key_bits / 8 - 11;

1163

break;

1164

case KM_PAD_RSA_PSS:

1165

// PSS requires a digest.

1166

continue;

1167

default:

1168

FAIL() << "Missing padding";

1169

break;

1170

}

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

} else {

size_t digest_bits;

switch (digest) {

case KM_DIGEST_MD5:

digest_bits = 128;

break;

case KM_DIGEST_SHA1:

digest_bits = 160;

break;

case KM_DIGEST_SHA_2_224:

1181

digest_bits = 224;

1182

break;

1183

case KM_DIGEST_SHA_2_256:

1184

digest_bits = 256;

1185

break;

1186

case KM_DIGEST_SHA_2_384:

1187

digest_bits = 384;

1188

break;

1189

case KM_DIGEST_SHA_2_512:

digest_bits = 512;

break;

default:

FAIL() << "Missing digest";

1194

}

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1195

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1196

switch (padding_mode) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1197

case KM_PAD_RSA_PKCS1_1_5_SIGN:

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1198

key_bits = digest_bits + 8 * (11 + 19);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1199

break;

1200

case KM_PAD_RSA_PSS:

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1201

key_bits = digest_bits + 8 * 10;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1202

break;

1203

default:

1204

FAIL() << "Missing padding";

1205

break;

1206

}

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1207

}

1208

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1209

GenerateKey(AuthorizationSetBuilder()

1210

.RsaSigningKey(key_bits, 3)

1211

.Digest(digest)

1212

.Padding(padding_mode));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1213

string message(message_len, 'a');

1214

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1215

SignMessage(message, &signature, digest, padding_mode);

1216

VerifyMessage(message, signature, digest, padding_mode);

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1217

++trial_count;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

}

}

free(padding_modes);

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1223

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1224

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1225

EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1226

}

1227

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1228

TEST_P(VerificationOperationsTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1229

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1230

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1231

string message = "123456789012345678901234567890123456789012345678";

1232

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1233

SignMessage(message, &signature, KM_DIGEST_NONE);

1234

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1235

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1236

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1237

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

5ac2f8f

2014-08-18 15:33:10 -0600

[diff] [blame]

1238

}

1239

Shawn Willden

efbd7e4

2015-06-01 07:07:33 -0600

[diff] [blame]

1240

TEST_P(VerificationOperationsTest, EcdsaSha256Success) {

1241

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1242

.EcdsaSigningKey(256)

1243

.Digest(KM_DIGEST_SHA_2_256)

1244

.Digest(KM_DIGEST_NONE)));

1245

string message = "123456789012345678901234567890123456789012345678";

1246

string signature;

1247

SignMessage(message, &signature, KM_DIGEST_SHA_2_256);

1248

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

1249

1250

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1251

EXPECT_EQ(4, GetParam()->keymaster0_calls());

1252

1253

// Just for giggles, try verifying with the wrong digest.

1254

AuthorizationSet begin_params(client_params());

1255

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

1256

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

1257

1258

string result;

1259

size_t input_consumed;

1260

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1261

EXPECT_EQ(message.size(), input_consumed);

1262

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

1263

}

1264

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1265

TEST_P(VerificationOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1266

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1267

string message = "123456789012345678901234567890123456789012345678";

1268

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1269

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

1270

VerifyMessage(message, signature, KM_DIGEST_SHA1);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1271

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1272

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1273

}

1274

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1275

TEST_P(VerificationOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1276

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1277

string message = "123456789012345678901234567890123456789012345678";

1278

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1279

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

1280

VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1281

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1282

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1283

}

1284

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1285

TEST_P(VerificationOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1286

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1287

string message = "123456789012345678901234567890123456789012345678";

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1288

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1289

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

1290

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1291

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1292

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1293

}

1294

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1295

TEST_P(VerificationOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1296

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1297

string message = "123456789012345678901234567890123456789012345678";

1298

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1299

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

1300

VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1301

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1302

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1303

}

1304

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1305

TEST_P(VerificationOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1306

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1307

string message = "123456789012345678901234567890123456789012345678";

1308

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1309

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

1310

VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1311

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1312

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1313

}

1314

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1315

typedef Keymaster1Test ExportKeyTest;

1316

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);

1317

1318

TEST_P(ExportKeyTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1319

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1320

.RsaSigningKey(256, 3)

1321

.Digest(KM_DIGEST_NONE)

1322

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1323

string export_data;

1324

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1325

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1326

1327

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1328

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1329

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1330

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

ffd790c

2014-08-18 21:20:06 -0600

[diff] [blame]

1331

}

1332

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1333

TEST_P(ExportKeyTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1334

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1335

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1336

string export_data;

1337

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1338

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1339

1340

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1341

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1342

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1343

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1344

}

1345

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1346

TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1347

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1348

.RsaSigningKey(256, 3)

1349

.Digest(KM_DIGEST_NONE)

1350

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1351

string export_data;

1352

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1353

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1354

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1355

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1356

}

1357

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1358

TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1359

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1360

.RsaSigningKey(256, 3)

1361

.Digest(KM_DIGEST_NONE)

1362

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1363

corrupt_key_blob();

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1364

string export_data;

1365

ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1366

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1367

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1368

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1369

}

1370

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1371

TEST_P(ExportKeyTest, AesKeyExportFails) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1372

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1373

string export_data;

1374

1375

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));

1376

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

1377

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1378

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1379

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1380

}

1381

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1382

static string read_file(const string& file_name) {

1383

ifstream file_stream(file_name, std::ios::binary);

1384

istreambuf_iterator<char> file_begin(file_stream);

1385

istreambuf_iterator<char> file_end;

1386

return string(file_begin, file_end);

1387

}

1388

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1389

typedef Keymaster1Test ImportKeyTest;

1390

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);

1391

1392

TEST_P(ImportKeyTest, RsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1393

string pk8_key = read_file("rsa_privkey_pk8.der");

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1394

ASSERT_EQ(633U, pk8_key.size());

1395

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1396

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1397

.RsaSigningKey(1024, 65537)

1398

.Digest(KM_DIGEST_NONE)

1399

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1400

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1401

1402

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1403

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1404

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1405

TAG_ALGORITHM, KM_ALGORITHM_RSA));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1406

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1407

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1408

TAG_KEY_SIZE, 1024));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1409

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1410

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1411

TAG_RSA_PUBLIC_EXPONENT, 65537U));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1412

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1413

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1414

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1415

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1416

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1417

string message(1024 / 8, 'a');

1418

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1419

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

1420

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1421

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1422

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1423

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1424

}

1425

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1426

TEST_P(ImportKeyTest, OldApiRsaSuccess) {

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1427

string pk8_key = read_file("rsa_privkey_pk8.der");

1428

ASSERT_EQ(633U, pk8_key.size());

1429

1430

// NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that

1431

// point softkeymaster will no longer support keymaster0 APIs anyway.

1432

uint8_t* key_blob;

1433

size_t key_blob_length;

1434

ASSERT_EQ(0,

1435

device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),

1436

pk8_key.size(), &key_blob, &key_blob_length));

1437

set_key_blob(key_blob, key_blob_length);

1438

1439

string message(1024 / 8, 'a');

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1440

AuthorizationSet begin_params; // Don't use client data.

1441

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1442

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1443

AuthorizationSet update_params;

1444

AuthorizationSet output_params;

1445

string signature =

1446

ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);

1447

ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,

1448

&output_params);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1449

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1450

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1451

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1452

}

1453

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1454

TEST_P(ImportKeyTest, RsaKeySizeMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1455

string pk8_key = read_file("rsa_privkey_pk8.der");

1456

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1457

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1458

ImportKey(AuthorizationSetBuilder()

1459

.RsaSigningKey(2048 /* Doesn't match key */, 3)

1460

.Digest(KM_DIGEST_NONE)

1461

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1462

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1463

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1464

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1465

}

1466

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1467

TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1468

string pk8_key = read_file("rsa_privkey_pk8.der");

1469

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1470

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1471

ImportKey(AuthorizationSetBuilder()

1472

.RsaSigningKey(256, 3 /* Doesnt' match key */)

1473

.Digest(KM_DIGEST_NONE)

1474

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1475

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1476

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1477

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1478

}

1479

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1480

TEST_P(ImportKeyTest, EcdsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1481

string pk8_key = read_file("ec_privkey_pk8.der");

1482

ASSERT_EQ(138U, pk8_key.size());

1483

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1484

ASSERT_EQ(KM_ERROR_OK,

1485

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1486

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1487

1488

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1489

EXPECT_TRUE(

1490

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1491

TAG_ALGORITHM, KM_ALGORITHM_EC));

1492

EXPECT_TRUE(

1493

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1494

TAG_KEY_SIZE, 256));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1495

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1496

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1497

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1498

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1499

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1500

string message(1024 / 8, 'a');

1501

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1502

SignMessage(message, &signature, KM_DIGEST_NONE);

1503

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1504

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1505

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1506

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1507

}

1508

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1509

TEST_P(ImportKeyTest, EcdsaSizeSpecified) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1510

string pk8_key = read_file("ec_privkey_pk8.der");

1511

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1512

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1513

ASSERT_EQ(KM_ERROR_OK,

1514

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1515

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1516

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1517

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1518

EXPECT_TRUE(

1519

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1520

TAG_ALGORITHM, KM_ALGORITHM_EC));

1521

EXPECT_TRUE(

1522

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1523

TAG_KEY_SIZE, 256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1524

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1525

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1526

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1527

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1528

1529

string message(1024 / 8, 'a');

1530

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1531

SignMessage(message, &signature, KM_DIGEST_NONE);

1532

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1533

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1534

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1535

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1536

}

1537

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1538

TEST_P(ImportKeyTest, EcdsaSizeMismatch) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1539

string pk8_key = read_file("ec_privkey_pk8.der");

1540

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1541

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1542

ImportKey(AuthorizationSetBuilder()

1543

.EcdsaSigningKey(224 /* Doesn't match key */)

1544

.Digest(KM_DIGEST_NONE),

1545

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1546

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1547

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1548

}

1549

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1550

TEST_P(ImportKeyTest, AesKeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1551

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1552

string key(key_data, sizeof(key_data));

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1553

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

c47c88f

2015-04-07 17:23:27 -0600

[diff] [blame]

1554

ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(

1555

TAG_PADDING, KM_PAD_PKCS7),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1556

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1557

1558

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1559

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1560

1561

string message = "Hello World!";

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1562

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

1563

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1564

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1565

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1566

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1567

}

1568

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1569

TEST_P(ImportKeyTest, HmacSha256KeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1570

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1571

string key(key_data, sizeof(key_data));

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1572

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1573

.HmacKey(sizeof(key_data) * 8)

1574

.Digest(KM_DIGEST_SHA_2_256)

1575

.Authorization(TAG_MAC_LENGTH, 32),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1576

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1577

1578

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1579

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1580

1581

string message = "Hello World!";

1582

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1583

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);

1584

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1585

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1586

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1587

}

1588

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1589

typedef Keymaster1Test EncryptionOperationsTest;

1590

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);

1591

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

1592

TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {

1593

ASSERT_EQ(KM_ERROR_OK,

1594

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1595

1596

string message = "12345678901234567890123456789012";

1597

string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);

1598

EXPECT_EQ(256U / 8, ciphertext1.size());

1599

1600

string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);

1601

EXPECT_EQ(256U / 8, ciphertext2.size());

1602

1603

// Unpadded RSA is deterministic

1604

EXPECT_EQ(ciphertext1, ciphertext2);

1605

1606

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1607

EXPECT_EQ(3, GetParam()->keymaster0_calls());

1608

}

1609

1610

TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {

1611

ASSERT_EQ(KM_ERROR_OK,

1612

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1613

1614

string message = "1234567890123456789012345678901";

1615

1616

AuthorizationSet begin_params(client_params());

1617

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

1618

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1619

1620

string result;

1621

size_t input_consumed;

1622

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1623

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

1624

EXPECT_EQ(0U, result.size());

1625

1626

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1627

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1628

}

1629

1630

TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {

1631

ASSERT_EQ(KM_ERROR_OK,

1632

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1633

1634

string message = "123456789012345678901234567890123";

1635

1636

AuthorizationSet begin_params(client_params());

1637

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

1638

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1639

1640

string result;

1641

size_t input_consumed;

1642

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1643

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

1644

EXPECT_EQ(0U, result.size());

1645

1646

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1647

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1648

}

1649

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1650

TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1651

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1652

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1653

1654

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1655

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1656

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1657

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1658

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1659

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1660

1661

// OAEP randomizes padding so every result should be different.

1662

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1663

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1664

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1665

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1666

}

1667

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1668

TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1669

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1670

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1671

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1672

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1673

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1674

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1675

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_OAEP);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1676

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1677

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1678

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1679

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1680

}

1681

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1682

TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1683

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1684

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1685

string message = "12345678901234567890123";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1686

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1687

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1688

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1689

AuthorizationSet begin_params(client_params());

1690

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1691

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1692

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1693

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1694

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1695

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1696

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1697

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1698

}

1699

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1700

TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1701

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1702

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1703

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1704

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1705

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1706

1707

// Corrupt the ciphertext

1708

ciphertext[512 / 8 / 2]++;

1709

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1710

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1711

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1712

AuthorizationSet begin_params(client_params());

1713

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1714

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1715

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1716

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1717

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1718

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1719

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1720

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1721

}

1722

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1723

TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1724

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1725

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1726

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1727

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1728

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1729

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1730

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1731

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1732

1733

// PKCS1 v1.5 randomizes padding so every result should be different.

1734

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1735

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1736

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1737

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1738

}

1739

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1740

TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1741

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1742

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1743

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1744

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1745

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1746

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1747

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1748

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1749

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1750

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1751

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1752

}

1753

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1754

TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1755

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1756

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

7bae132

2015-05-26 10:16:49 -0600

[diff] [blame]

1757

string message = "123456789012345678901234567890123456789012345678901234";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1758

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1759

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1760

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1761

AuthorizationSet begin_params(client_params());

1762

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1763

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1764

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1765

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1766

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1767

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1768

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1769

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1770

}

1771

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1772

TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1773

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1774

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1775

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1776

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1777

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1778

1779

// Corrupt the ciphertext

1780

ciphertext[512 / 8 / 2]++;

1781

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1782

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1783

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1784

AuthorizationSet begin_params(client_params());

1785

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1786

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1787

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1788

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1789

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1790

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1791

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1792

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1793

}

1794

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1795

TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1796

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1797

.RsaSigningKey(256, 3)

1798

.Digest(KM_DIGEST_NONE)

1799

.Padding(KM_PAD_NONE)));

1800

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1801

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1802

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1803

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1804

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1805

}

1806

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1807

TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1808

ASSERT_EQ(KM_ERROR_OK,

1809

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

1810

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1811

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1812

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1813

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1814

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1815

}

1816

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1817

TEST_P(EncryptionOperationsTest, HmacEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

ASSERT_EQ(

KM_ERROR_OK,

GenerateKey(

AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));

1822

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1823

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1824

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1825

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1826

}

1827

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1828

TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1829

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1830

.AesEncryptionKey(128)

1831

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1832

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1833

// Two-block message.

1834

string message = "12345678901234567890123456789012";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1835

string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1836

EXPECT_EQ(message.size(), ciphertext1.size());

1837

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1838

string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1839

EXPECT_EQ(message.size(), ciphertext2.size());

1840

1841

// ECB is deterministic.

1842

EXPECT_EQ(ciphertext1, ciphertext2);

1843

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1844

string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1845

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1846

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1847

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1848

}

1849

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1850

TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1851

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1852

.AesEncryptionKey(128)

1853

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1854

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1855

// Message is slightly shorter than two blocks.

1856

string message = "1234567890123456789012345678901";

1857

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1858

AuthorizationSet begin_params(client_params());

1859

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1860

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1861

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1862

string ciphertext;

1863

size_t input_consumed;

1864

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));

1865

EXPECT_EQ(message.size(), input_consumed);

1866

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1867

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1868

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1869

}

1870

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1871

TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1872

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1873

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1874

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1875

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1876

1877

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1878

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1879

string message(i, 'a');

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1880

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1881

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1882

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1883

EXPECT_EQ(message, plaintext);

1884

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1885

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1886

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1887

}

1888

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1889

TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1890

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1891

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1892

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1893

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1894

1895

string message = "a";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1896

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1897

EXPECT_EQ(16U, ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1898

EXPECT_NE(ciphertext, message);

1899

++ciphertext[ciphertext.size() / 2];

1900

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1901

AuthorizationSet begin_params(client_params());

1902

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1903

begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1904

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1905

string plaintext;

1906

size_t input_consumed;

1907

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));

1908

EXPECT_EQ(ciphertext.size(), input_consumed);

1909

EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1910

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1911

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1912

}

1913

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1914

TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1915

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1916

.AesEncryptionKey(128)

1917

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1918

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1919

string message = "123";

1920

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1921

string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1922

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1923

EXPECT_EQ(16U, iv1.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1924

1925

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1926

string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1927

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1928

EXPECT_EQ(16U, iv2.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1929

1930

// IVs should be random, so ciphertexts should differ.

1931

EXPECT_NE(iv1, iv2);

1932

EXPECT_NE(ciphertext1, ciphertext2);

1933

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1934

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1935

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1936

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1937

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1938

}

1939

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1940

TEST_P(EncryptionOperationsTest, AesCtrIncremental) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1941

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1942

.AesEncryptionKey(128)

1943

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1944

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1945

1946

int increment = 15;

1947

string message(239, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1948

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1949

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1950

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1951

AuthorizationSet output_params;

1952

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

1953

1954

string ciphertext;

1955

size_t input_consumed;

1956

for (size_t i = 0; i < message.size(); i += increment)

1957

EXPECT_EQ(KM_ERROR_OK,

1958

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

1959

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

1960

EXPECT_EQ(message.size(), ciphertext.size());

1961

1962

// Move TAG_NONCE into input_params

1963

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1964

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1965

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1966

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1967

output_params.Clear();

1968

1969

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

1970

string plaintext;

1971

for (size_t i = 0; i < ciphertext.size(); i += increment)

1972

EXPECT_EQ(KM_ERROR_OK,

1973

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

1974

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

1975

EXPECT_EQ(ciphertext.size(), plaintext.size());

1976

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1977

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1978

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1979

}

1980

1981

struct AesCtrSp80038aTestVector {

1982

const char* key;

1983

const char* nonce;

1984

const char* plaintext;

1985

const char* ciphertext;

1986

};

1987

1988

// These test vectors are taken from

1989

// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.

1990

static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {

1991

// AES-128

1992

{

1993

"2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

1994

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

1995

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

1996

"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"

1997

"5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",

},

// AES-192

{

"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2002

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2003

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2004

"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"

2005

"1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",

},

// AES-256

{

"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",

2010

"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2011

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2012

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2013

"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"

2014

"2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",

},

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2018

TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2019

for (size_t i = 0; i < 3; i++) {

2020

const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);

2021

const string key = hex2str(test.key);

2022

const string nonce = hex2str(test.nonce);

2023

const string plaintext = hex2str(test.plaintext);

2024

const string ciphertext = hex2str(test.ciphertext);

2025

CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);

2026

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2027

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2028

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2029

}

2030

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2031

TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2032

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2033

.AesEncryptionKey(128)

2034

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

2035

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2036

AuthorizationSet begin_params(client_params());

2037

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2038

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2039

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2040

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2041

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2042

}

2043

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2044

TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2045

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2046

.AesEncryptionKey(128)

2047

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2048

.Authorization(TAG_CALLER_NONCE)

2049

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2050

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2051

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2052

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2053

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2054

input_params.push_back(TAG_NONCE, "123", 3);

2055

EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2056

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2057

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2058

}

2059

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2060

TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2061

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2062

.AesEncryptionKey(128)

2063

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2064

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2065

// Two-block message.

2066

string message = "12345678901234567890123456789012";

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2067

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2068

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2069

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2070

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2071

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2072

string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2073

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2074

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2075

// IVs should be random, so ciphertexts should differ.

2076

EXPECT_NE(iv1, iv2);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2077

EXPECT_NE(ciphertext1, ciphertext2);

2078

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2079

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2080

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2081

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2082

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2083

}

2084

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2085

TEST_P(EncryptionOperationsTest, AesCallerNonce) {

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2086

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2087

.AesEncryptionKey(128)

2088

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2089

.Authorization(TAG_CALLER_NONCE)

2090

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2091

string message = "12345678901234567890123456789012";

2092

string iv1;

2093

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2094

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2095

EXPECT_EQ(message.size(), ciphertext1.size());

2096

EXPECT_EQ(16U, iv1.size());

2097

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2098

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2099

EXPECT_EQ(message, plaintext);

2100

2101

// Now specify a nonce, should also work.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2102

AuthorizationSet input_params(client_params());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2103

AuthorizationSet update_params;

2104

AuthorizationSet output_params;

2105

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2106

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2107

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2108

string ciphertext2 =

2109

ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);

2110

2111

// Decrypt with correct nonce.

2112

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2113

&output_params);

2114

EXPECT_EQ(message, plaintext);

2115

2116

// Now try with wrong nonce.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2117

input_params.Reinitialize(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2118

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2119

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2120

input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);

2121

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2122

&output_params);

2123

EXPECT_NE(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2124

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2125

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2126

}

2127

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2128

TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2129

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2130

.AesEncryptionKey(128)

2131

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2132

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2133

2134

string message = "12345678901234567890123456789012";

2135

string iv1;

2136

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2137

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2138

EXPECT_EQ(message.size(), ciphertext1.size());

2139

EXPECT_EQ(16U, iv1.size());

2140

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2141

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2142

EXPECT_EQ(message, plaintext);

2143

2144

// Now specify a nonce, should fail.

2145

AuthorizationSet input_params(client_params());

2146

AuthorizationSet update_params;

2147

AuthorizationSet output_params;

2148

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2149

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2150

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2151

2152

EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,

2153

BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2154

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2155

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2156

}

2157

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2158

TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2159

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2160

.AesEncryptionKey(128)

2161

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2162

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2163

2164

int increment = 15;

2165

string message(240, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2166

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2167

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2168

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2169

AuthorizationSet output_params;

2170

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

2171

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2172

string ciphertext;

2173

size_t input_consumed;

2174

for (size_t i = 0; i < message.size(); i += increment)

2175

EXPECT_EQ(KM_ERROR_OK,

2176

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

2177

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2178

EXPECT_EQ(message.size(), ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2179

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2180

// Move TAG_NONCE into input_params

2181

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2182

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2183

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2184

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2185

output_params.Clear();

2186

2187

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2188

string plaintext;

2189

for (size_t i = 0; i < ciphertext.size(); i += increment)

2190

EXPECT_EQ(KM_ERROR_OK,

2191

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

2192

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2193

EXPECT_EQ(ciphertext.size(), plaintext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2194

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2195

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2196

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2197

}

2198

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2199

TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2200

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2201

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2202

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2203

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2204

2205

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

2206

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2207

string message(i, 'a');

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2208

string iv;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2209

string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2210

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2211

string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2212

EXPECT_EQ(message, plaintext);

2213

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2214

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2215

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2216

}

2217

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2218

TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {

2219

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2220

.AesEncryptionKey(128)

2221

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2222

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2223

string aad = "foobar";

2224

string message = "123456789012345678901234567890123456";

2225

AuthorizationSet begin_params(client_params());

2226

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2227

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2228

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2229

2230

AuthorizationSet update_params;

2231

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2232

2233

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2234

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2235

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2236

string ciphertext;

2237

size_t input_consumed;

2238

AuthorizationSet update_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2239

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2240

&input_consumed));

2241

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2242

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2243

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2244

// Grab nonce

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2245

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2246

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2247

2248

// Decrypt.

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2249

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2250

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2251

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2252

&plaintext, &input_consumed));

2253

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2254

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2255

2256

EXPECT_EQ(message, plaintext);

2257

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2258

}

2259

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2260

TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {

2261

uint8_t nonce[] = {

2262

0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,

2263

};

2264

uint8_t ciphertext[] = {

2265

0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,

2266

0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,

2267

0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,

2268

0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,

2269

0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,

2270

};

2271

string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));

2272

2273

AuthorizationSet begin_params(client_params());

2274

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2275

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2276

begin_params.push_back(TAG_MAC_LENGTH, 128);

2277

begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));

2278

2279

string plaintext;

2280

size_t input_consumed;

2281

2282

// Import correct key and decrypt

2283

uint8_t good_key[] = {

2284

0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,

2285

0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,

2286

};

2287

string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));

2288

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

2289

.AesEncryptionKey(128)

2290

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2291

.Authorization(TAG_PADDING, KM_PAD_NONE)

2292

.Authorization(TAG_CALLER_NONCE),

2293

KM_KEY_FORMAT_RAW, good_key_str));

2294

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2295

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));

2296

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2297

2298

// Import bad key and decrypt

2299

uint8_t bad_key[] = {

2300

0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,

2301

0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,

2302

};

2303

string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));

2304

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

2305

.AesEncryptionKey(128)

2306

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2307

.Authorization(TAG_PADDING, KM_PAD_NONE),

2308

KM_KEY_FORMAT_RAW, bad_key_str));

2309

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2310

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));

2311

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

2312

2313

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2314

}

2315

2316

TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {

2317

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2318

.AesEncryptionKey(128)

2319

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2320

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2321

string aad = "123456789012345678";

2322

string empty_message;

2323

AuthorizationSet begin_params(client_params());

2324

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2325

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2326

begin_params.push_back(TAG_MAC_LENGTH, 128);

2327

2328

AuthorizationSet update_params;

2329

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

2330

2331

// Encrypt

2332

AuthorizationSet begin_out_params;

2333

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2334

string ciphertext;

2335

size_t input_consumed;

2336

AuthorizationSet update_out_params;

2337

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,

2338

&ciphertext, &input_consumed));

2339

EXPECT_EQ(0U, input_consumed);

2340

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2341

2342

// Grab nonce

2343

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2344

begin_params.push_back(begin_out_params);

2345

2346

// Decrypt.

2347

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2348

string plaintext;

2349

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2350

&plaintext, &input_consumed));

2351

EXPECT_EQ(ciphertext.size(), input_consumed);

2352

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2353

2354

EXPECT_EQ(empty_message, plaintext);

2355

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2356

}

2357

2358

TEST_P(EncryptionOperationsTest, AesGcmIncremental) {

2359

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2360

.AesEncryptionKey(128)

2361

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2362

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2363

AuthorizationSet begin_params(client_params());

2364

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2365

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2366

begin_params.push_back(TAG_MAC_LENGTH, 128);

2367

2368

AuthorizationSet update_params;

2369

update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);

2370

2371

// Encrypt

2372

AuthorizationSet begin_out_params;

2373

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2374

string ciphertext;

2375

size_t input_consumed;

2376

AuthorizationSet update_out_params;

2377

2378

// Send AAD, incrementally

2379

for (int i = 0; i < 1000; ++i) {

2380

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,

2381

&input_consumed));

2382

EXPECT_EQ(0U, input_consumed);

2383

EXPECT_EQ(0U, ciphertext.size());

2384

}

2385

2386

// Now send data, incrementally, no data.

2387

AuthorizationSet empty_params;

2388

for (int i = 0; i < 1000; ++i) {

2389

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,

2390

&input_consumed));

2391

EXPECT_EQ(1U, input_consumed);

2392

}

2393

EXPECT_EQ(1000U, ciphertext.size());

2394

2395

// And finish.

2396

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2397

EXPECT_EQ(1016U, ciphertext.size());

2398

2399

// Grab nonce

2400

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2401

begin_params.push_back(begin_out_params);

2402

2403

// Decrypt.

2404

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2405

string plaintext;

2406

2407

// Send AAD, incrementally, no data

2408

for (int i = 0; i < 1000; ++i) {

2409

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,

2410

&input_consumed));

2411

EXPECT_EQ(0U, input_consumed);

2412

EXPECT_EQ(0U, plaintext.size());

2413

}

2414

2415

// Now send data, incrementally.

2416

for (size_t i = 0; i < ciphertext.length(); ++i) {

2417

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),

2418

&update_out_params, &plaintext, &input_consumed));

2419

EXPECT_EQ(1U, input_consumed);

2420

}

2421

EXPECT_EQ(1000U, plaintext.size());

2422

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2423

2424

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2425

}

2426

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2427

TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {

2428

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2429

.AesEncryptionKey(128)

2430

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2431

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2432

string message = "123456789012345678901234567890123456";

2433

AuthorizationSet begin_params(client_params());

2434

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2435

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2436

begin_params.push_back(TAG_MAC_LENGTH, 128);

2437

AuthorizationSet begin_out_params;

2438

2439

AuthorizationSet update_params;

2440

update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2441

2442

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2443

2444

// No data, AAD only.

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2445

string ciphertext;

2446

size_t input_consumed;

2447

AuthorizationSet update_out_params;

2448

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,

2449

&ciphertext, &input_consumed));

2450

EXPECT_EQ(0U, input_consumed);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2451

2452

// AAD and data.

2453

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2454

&input_consumed));

2455

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2456

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2457

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2458

// Grab nonce.

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2459

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2460

begin_params.push_back(begin_out_params);

2461

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2462

// Decrypt

2463

update_params.Clear();

2464

update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2465

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2466

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2467

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2468

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2469

&plaintext, &input_consumed));

2470

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2471

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2472

2473

EXPECT_EQ(message, plaintext);

2474

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2475

}

2476

2477

TEST_P(EncryptionOperationsTest, AesGcmBadAad) {

2478

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2479

.AesEncryptionKey(128)

2480

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2481

.Authorization(TAG_PADDING, KM_PAD_NONE)));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2482

string message = "12345678901234567890123456789012";

2483

AuthorizationSet begin_params(client_params());

2484

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2485

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2486

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2487

2488

AuthorizationSet update_params;

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2489

update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2490

2491

AuthorizationSet finish_params;

2492

AuthorizationSet finish_out_params;

2493

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2494

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2495

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2496

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2497

AuthorizationSet update_out_params;

2498

string ciphertext;

2499

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2500

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2501

&input_consumed));

2502

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2503

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2504

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2505

// Grab nonce

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2506

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2507

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2508

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2509

update_params.Clear();

2510

update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2511

2512

// Decrypt.

2513

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2514

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2515

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2516

&plaintext, &input_consumed));

2517

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2518

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2519

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2520

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2521

}

2522

2523

TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {

2524

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2525

.AesEncryptionKey(128)

2526

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2527

.Authorization(TAG_PADDING, KM_PAD_NONE)));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2528

string message = "12345678901234567890123456789012";

2529

AuthorizationSet begin_params(client_params());

2530

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2531

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2532

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2533

2534

AuthorizationSet update_params;

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2535

update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2536

2537

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2538

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2539

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2540

AuthorizationSet update_out_params;

2541

string ciphertext;

2542

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2543

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2544

&input_consumed));

2545

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2546

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2547

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2548

begin_params.push_back(TAG_NONCE, "123456789012", 12);

2549

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2550

// Decrypt

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2551

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2552

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2553

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2554

&plaintext, &input_consumed));

2555

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2556

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2557

2558

// With wrong nonce, should have gotten garbage plaintext.

2559

EXPECT_NE(message, plaintext);

2560

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2561

}

2562

2563

TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {

2564

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2565

.AesEncryptionKey(128)

2566

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2567

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2568

string aad = "foobar";

2569

string message = "123456789012345678901234567890123456";

2570

AuthorizationSet begin_params(client_params());

2571

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2572

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2573

begin_params.push_back(TAG_MAC_LENGTH, 128);

2574

AuthorizationSet begin_out_params;

2575

2576

AuthorizationSet update_params;

2577

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2578

2579

// Encrypt

2580

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2581

AuthorizationSet update_out_params;

2582

string ciphertext;

2583

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2584

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2585

&input_consumed));

2586

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2587

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2588

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2589

// Corrupt tag

2590

(*ciphertext.rbegin())++;

2591

2592

// Grab nonce.

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2593

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2594

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2595

2596

// Decrypt.

2597

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2598

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2599

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2600

&plaintext, &input_consumed));

2601

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame^]

2602

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2603

2604

EXPECT_EQ(message, plaintext);

2605

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2606

}

2607

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2608

typedef Keymaster1Test AddEntropyTest;

2609

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);

2610

2611

TEST_P(AddEntropyTest, AddEntropy) {

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2612

// There's no obvious way to test that entropy is actually added, but we can test that the API

2613

// doesn't blow up or return an error.

2614

EXPECT_EQ(KM_ERROR_OK,

2615

device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2616

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2617

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2618

}

2619

2620

typedef Keymaster1Test Keymaster0AdapterTest;

2621

INSTANTIATE_TEST_CASE_P(

2622

AndroidKeymasterTest, Keymaster0AdapterTest,

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2623

::testing::Values(

2624

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

2625

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2626

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2627

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2628

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2629

// key data.

2630

string km1_sw = read_file("km1_sw_rsa_512.blob");

2631

EXPECT_EQ(486U, km1_sw.length());

2632

2633

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2634

memcpy(key_data, km1_sw.data(), km1_sw.length());

2635

set_key_blob(key_data, km1_sw.length());

2636

2637

string message(64, 'a');

2638

string signature;

2639

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2640

2641

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2642

}

2643

Shawn Willden

c7fe06d

2015-06-11 15:50:04 -0600

[diff] [blame]

2644

TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {

2645

// Load and use an old-style Keymaster1 software key blob, without the version byte. These

2646

// blobs contain OCB-encrypted key data.

2647

string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");

2648

EXPECT_EQ(477U, km1_sw.length());

2649

2650

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2651

memcpy(key_data, km1_sw.data(), km1_sw.length());

2652

set_key_blob(key_data, km1_sw.length());

2653

2654

string message(64, 'a');

2655

string signature;

2656

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2657

2658

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2659

}

2660

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2661

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {

2662

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2663

// key data.

2664

string km1_sw = read_file("km1_sw_ecdsa_256.blob");

2665

EXPECT_EQ(270U, km1_sw.length());

2666

2667

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2668

memcpy(key_data, km1_sw.data(), km1_sw.length());

2669

set_key_blob(key_data, km1_sw.length());

2670

2671

string message(64, 'a');

2672

string signature;

2673

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2674

2675

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2676

}

2677

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2678

struct Malloc_Delete {

2679

void operator()(void* p) { free(p); }

2680

};

2681

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2682

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2683

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2684

string km0_sw = read_file("km0_sw_rsa_512.blob");

2685

EXPECT_EQ(333U, km0_sw.length());

2686

2687

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2688

memcpy(key_data, km0_sw.data(), km0_sw.length());

2689

set_key_blob(key_data, km0_sw.length());

2690

2691

string message(64, 'a');

2692

string signature;

2693

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2694

2695

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2696

}

2697

Shawn Willden

ccb84e9

2015-06-02 19:44:54 -0600

[diff] [blame]

2698

TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {

2699

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2700

string km0_sw = read_file("km0_sw_rsa_512.blob");

2701

EXPECT_EQ(333U, km0_sw.length());

2702

2703

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2704

memcpy(key_data, km0_sw.data(), km0_sw.length());

2705

set_key_blob(key_data, km0_sw.length());

2706

2707

EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());

2708

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2709

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));

2710

EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2711

EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2712

EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));

2713

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));

2714

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));

2715

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));

2716

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));

2717

2718

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2719

}

2720

2721

TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {

2722

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2723

string km0_sw = read_file("km0_sw_rsa_512.blob");

2724

EXPECT_EQ(333U, km0_sw.length());

2725

2726

// The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not

2727

// be recognized as a software key. Do the same here to pretend this is a hardware key.

2728

EXPECT_EQ('P', km0_sw[0]);

2729

km0_sw[0] = 'Q';

2730

2731

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2732

memcpy(key_data, km0_sw.data(), km0_sw.length());

2733

set_key_blob(key_data, km0_sw.length());

2734

2735

string message(64, 'a');

2736

string signature;

2737

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2738

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

2739

2740

EXPECT_EQ(5, GetParam()->keymaster0_calls());

2741

}

2742

2743

TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {

2744

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2745

string km0_sw = read_file("km0_sw_rsa_512.blob");

2746

EXPECT_EQ(333U, km0_sw.length());

2747

2748

// The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not

2749

// be recognized as a software key. Do the same here to pretend this is a hardware key.

2750

EXPECT_EQ('P', km0_sw[0]);

2751

km0_sw[0] = 'Q';

2752

2753

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2754

memcpy(key_data, km0_sw.data(), km0_sw.length());

2755

set_key_blob(key_data, km0_sw.length());

2756

2757

EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());

2758

EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2759

EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));

2760

EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2761

EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2762

EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));

2763

EXPECT_EQ(5U, hw_enforced().size());

2764

2765

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));

2766

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));

2767

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));

2768

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));

2769

2770

EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2771

EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));

2772

EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2773

EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2774

EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));

2775

2776

EXPECT_EQ(1, GetParam()->keymaster0_calls());

2777

}

2778

Shawn Willden