Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 5532a085818bdf27ede33c9199024b86023e5961 / . / android_keymaster_test.cpp
blob: 341183bae79238ba6b9ce58695dc9debc7384702 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]49class TestKeymasterEnforcement : public KeymasterEnforcement {
50 public:
51 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
52
53 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
54 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
55 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
56 uint32_t /* timeout */) const {
57 return false;
58 }
59 virtual uint32_t get_current_time() const { return 0; }
60 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
61};
62
63class TestKeymasterContext : public SoftKeymasterContext {
64 public:
65 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
66 : SoftKeymasterContext(keymaster0) {}
67
68 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
69
70 private:
71 TestKeymasterEnforcement test_policy_;
72};
73
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]74class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
75 public:
76 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]78 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]79 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]80 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]82 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]83 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]84};
85
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]86class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
87 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]88 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]91 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
92 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 hw_device_t* softkeymaster_device;
94 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
95 &softkeymaster_device));
96 // Make the software device pretend to be hardware
97 keymaster0_device_t* keymaster0_device =
98 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]99 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
100
101 if (!support_ec_) {
102 // Make the software device pretend not to support EC
103 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
104 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]105
106 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
107
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]108 SoftKeymasterDevice* keymaster =
109 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]110 return keymaster->keymaster_device();
111 }
112
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]113 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
114 switch (algorithm) {
115 case KM_ALGORITHM_RSA:
116 return true;
117 case KM_ALGORITHM_EC:
118 return support_ec_;
119 default:
120 return false;
121 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]122 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]123 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
124
125 private:
126 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]127 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]128};
129
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]130static auto test_params = testing::Values(
131 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
132 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
133 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]134
135typedef Keymaster1Test CheckSupported;
136INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
137
138TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]139 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
140 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]141
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]142 size_t len;
143 keymaster_algorithm_t* algorithms;
144 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]145 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]146 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]147 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]148
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]149 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]150}
151
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]152TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]153 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
154 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
155 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]156
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 size_t len;
158 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]159 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]160 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]161 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]162 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]163
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]165 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]166 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]167
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]168 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]169 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]170 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]171 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]172
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]173 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]174}
175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]176TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]177 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
178 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
179 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]180
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 size_t len;
182 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]183 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]184 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]185 EXPECT_TRUE(
186 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]187 free(modes);
188
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]189 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]190 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]191 EXPECT_TRUE(
192 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]193 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]194
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]195 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]196 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]197 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]198 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]199
200 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
201 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
202 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]203
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]204 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]205}
206
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]207TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]208 EXPECT_EQ(
209 KM_ERROR_OUTPUT_PARAMETER_NULL,
210 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]211
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 size_t len;
213 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]214 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]215 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]216 EXPECT_TRUE(
217 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
218 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
219 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]220 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]221
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]222 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]223 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]224 EXPECT_TRUE(
225 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
226 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
227 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]228 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]229
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]230 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
231 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
232 &len));
233
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]234 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]235 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]236 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
237 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
238 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]239 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]240
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]241 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242}
243
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]244TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]245 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
246 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]247
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 size_t len;
249 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]256 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
257 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
258 free(formats);
259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
262 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
263 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]264
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]265 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]266}
267
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]268TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]269 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
270 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 size_t len;
273 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]274 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]276 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]277 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]278
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]279 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]280 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]281 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]282 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]283
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]284 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]286 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]287 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]288
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]289 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]290 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]291 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]292 free(formats);
293
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]294 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]296 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]297 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]298
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]299 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]300}
301
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]302class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]303 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]304 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]305 AuthorizationSet auths = sw_enforced();
306 EXPECT_GT(auths.SerializedSize(), 12U);
307
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]308 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
309 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
310 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]312 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]313
314 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
316 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
317 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]318
319 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]320 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
321 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
322 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]323
324 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]325 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]326 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]327 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]328};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]329INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
330
331TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]332 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
333 .RsaSigningKey(256, 3)
334 .Digest(KM_DIGEST_NONE)
335 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]336 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]337
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]338 // Check specified tags are all present, and in the right set.
339 AuthorizationSet crypto_params;
340 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]342 EXPECT_NE(0U, hw_enforced().size());
343 EXPECT_NE(0U, sw_enforced().size());
344 crypto_params.push_back(hw_enforced());
345 non_crypto_params.push_back(sw_enforced());
346 } else {
347 EXPECT_EQ(0U, hw_enforced().size());
348 EXPECT_NE(0U, sw_enforced().size());
349 crypto_params.push_back(sw_enforced());
350 }
351
352 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
353 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
354 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
355 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
356 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
357 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
358
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]359 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]360 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]361}
362
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]363TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]364 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
365 GenerateKey(AuthorizationSetBuilder()
366 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
367 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
368 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]369
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]370 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]371}
372
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]373TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]374 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]375 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]376 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]377
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]378 // Check specified tags are all present, and in the right set.
379 AuthorizationSet crypto_params;
380 AuthorizationSet non_crypto_params;
381 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
382 EXPECT_NE(0U, hw_enforced().size());
383 EXPECT_NE(0U, sw_enforced().size());
384 crypto_params.push_back(hw_enforced());
385 non_crypto_params.push_back(sw_enforced());
386 } else {
387 EXPECT_EQ(0U, hw_enforced().size());
388 EXPECT_NE(0U, sw_enforced().size());
389 crypto_params.push_back(sw_enforced());
390 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
393 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
394 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
395 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
396
397 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
398 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]399}
400
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]401TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]402 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
403 GenerateKey(AuthorizationSetBuilder()
404 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
405 .SigningKey()
406 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]407
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]408 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]409}
410
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]411TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]412 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
413 ASSERT_EQ(
414 KM_ERROR_UNKNOWN_ERROR,
415 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
416 else
417 ASSERT_EQ(
418 KM_ERROR_UNSUPPORTED_KEY_SIZE,
419 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]420
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]421 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
422 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]423}
424
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]425TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]426 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]427 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]428 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
429 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]430 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]431 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]432
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]433 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
434 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]435}
436
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]437TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]438 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]439 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]440
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]441 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]442}
443
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]444typedef Keymaster1Test GetKeyCharacteristics;
445INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
446
447TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]448 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
449 .RsaSigningKey(256, 3)
450 .Digest(KM_DIGEST_NONE)
451 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]452 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]453
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]454 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
455 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]456
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]457 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]458 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]459}
460
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]461typedef Keymaster1Test SigningOperationsTest;
462INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
463
464TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]465 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
466 .RsaSigningKey(256, 3)
467 .Digest(KM_DIGEST_NONE)
468 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]469 string message = "12345678901234567890123456789012";
470 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]471 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]472
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]473 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]474 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]475}
476
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]477TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]478 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
479 .RsaSigningKey(512, 3)
480 .Digest(KM_DIGEST_SHA_2_256)
481 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]482 // Use large message, which won't work without digesting.
483 string message(1024, 'a');
484 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]485 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]486
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]487 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]488 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]489}
490
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]491TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
492 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
493 .RsaSigningKey(512, 3)
494 .Digest(KM_DIGEST_NONE)
495 .Padding(KM_PAD_NONE)));
496 string message = "12345678901234567890123456789012";
497 string signature;
498 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
499
500 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
501 EXPECT_EQ(3, GetParam()->keymaster0_calls());
502}
503
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]504TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]505 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
506 .RsaSigningKey(512, 3)
507 .Digest(KM_DIGEST_SHA_2_256)
508 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]509 string message(1024, 'a');
510 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]511 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]513 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]514 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]515}
516
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]517TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
518 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
519 .RsaSigningKey(512, 3)
520 .Digest(KM_DIGEST_NONE)
521 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
522 string message(53, 'a');
523 string signature;
524 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
525
526 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
527 EXPECT_EQ(3, GetParam()->keymaster0_calls());
528}
529
530TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
531 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
532 .RsaSigningKey(512, 3)
533 .Digest(KM_DIGEST_NONE)
534 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
535 string message(54, 'a');
536
537 AuthorizationSet begin_params(client_params());
538 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
539 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
540 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
541 string result;
542 size_t input_consumed;
543 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
544 string signature;
545 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
546
547 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
548 EXPECT_EQ(2, GetParam()->keymaster0_calls());
549}
550
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]551TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]552 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
553 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]554 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
555 .RsaSigningKey(256 + 9 * 8, 3)
556 .Digest(KM_DIGEST_SHA_2_256)
557 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]558 string message(1024, 'a');
559 string signature;
560
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]561 AuthorizationSet begin_params(client_params());
562 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]563 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]564 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]565}
566
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]567TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
568 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
569 .RsaSigningKey(256, 3)
570 .Digest(KM_DIGEST_NONE)
571 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
572 string message(64 * 1024, 'a');
573 string signature;
574 AuthorizationSet begin_params(client_params());
575 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
576 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
577 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
578 string result;
579 size_t input_consumed;
580 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
581
582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
583 EXPECT_EQ(2, GetParam()->keymaster0_calls());
584}
585
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]586TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
588 .RsaSigningKey(256, 3)
589 .Digest(KM_DIGEST_NONE)
590 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]591 AuthorizationSet begin_params(client_params());
592 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]593 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]594 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]595 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
596 // Another abort should fail
597 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]598
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]599 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]600 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]601}
602
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]603TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]604 GenerateKey(AuthorizationSetBuilder()
605 .RsaSigningKey(256, 3)
606 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
607 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]608 AuthorizationSet begin_params(client_params());
609 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
610 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]611
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]612 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]613 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]614}
615
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]616TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]617 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]618 GenerateKey(AuthorizationSetBuilder()
619 .RsaSigningKey(256, 3)
620 .Digest(KM_DIGEST_NONE)
621 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]622 AuthorizationSet begin_params(client_params());
623 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]624 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]625 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]626
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]627 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]628 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]629}
630
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]631TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]632 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]633 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
634 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]635 AuthorizationSet begin_params(client_params());
636 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
637 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]638
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]639 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]640 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]641}
642
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]643TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]644 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
645 .RsaSigningKey(256, 3)
646 .Digest(KM_DIGEST_NONE)
647 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]648 AuthorizationSet begin_params(client_params());
649 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]650 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]652
653 string message = "1234567890123456789012345678901";
654 string result;
655 size_t input_consumed;
656 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
657 EXPECT_EQ(0U, result.size());
658 EXPECT_EQ(31U, input_consumed);
659
660 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]661 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]662 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]663
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]664 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]665 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]666}
667
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]668TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]669 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
670 .RsaEncryptionKey(256, 3)
671 .Digest(KM_DIGEST_NONE)
672 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]673 AuthorizationSet begin_params(client_params());
674 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
675 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
676 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]677
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]678 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]679 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]680}
681
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]682TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]683 ASSERT_EQ(KM_ERROR_OK,
684 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]685 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]686 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]687 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]688
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]689 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
690 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]691}
692
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]693TEST_P(SigningOperationsTest, EcdsaSha256Success) {
694 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
695 KM_DIGEST_SHA_2_256)));
696 string message(1024, 'a');
697 string signature;
698 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
699
700 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
701 EXPECT_EQ(3, GetParam()->keymaster0_calls());
702}
703
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]704TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
705 ASSERT_EQ(KM_ERROR_OK,
706 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
707 string message(64 * 1024, 'a');
708 string signature;
709 AuthorizationSet begin_params(client_params());
710 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
711 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
712 string result;
713 size_t input_consumed;
714 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
715
716 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
717 EXPECT_EQ(2, GetParam()->keymaster0_calls());
718}
719
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]720TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]721 ASSERT_EQ(KM_ERROR_OK,
722 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
723 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]724 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
725 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]726
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]727 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]728}
729
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]730TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]731 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]732 string message = "12345678901234567890123456789012";
733 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]734 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]735 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]736
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]737 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]738}
739
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]740TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]741 ASSERT_EQ(KM_ERROR_OK,
742 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]743 string message = "12345678901234567890123456789012";
744 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]745 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]746 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]747
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]748 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]749}
750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]751TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]752 ASSERT_EQ(KM_ERROR_OK,
753 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]754 string message = "12345678901234567890123456789012";
755 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]756 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]757 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]758
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]759 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]760}
761
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]762TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]763 ASSERT_EQ(KM_ERROR_OK,
764 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
765
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]766 string message = "12345678901234567890123456789012";
767 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]768 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]769 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]770
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]771 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]772}
773
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]774TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]775 ASSERT_EQ(KM_ERROR_OK,
776 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]777 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]778 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]779 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]780 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]781
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]782 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]783}
784
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]785TEST_P(SigningOperationsTest, HmacAnyDigestSuccess) {
786 ASSERT_EQ(KM_ERROR_OK,
787 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
788 string message = "12345678901234567890123456789012";
789 string signature;
790
791 size_t len;
792 keymaster_digest_t* digests;
793 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
794 KM_PURPOSE_SIGN, &digests, &len));
795 for (size_t i = 0; i < len; ++i)
796 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
797 free(digests);
798
799 // Ensure that we can't actually try to do an HMAC with no digest
800 AuthorizationSet begin_params(client_params());
801 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
802 begin_params.push_back(TAG_MAC_LENGTH, 128);
803 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
804
805 EXPECT_EQ(0, GetParam()->keymaster0_calls());
806}
807
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]808TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]809 // TODO(swillden): unified API should generate an error on key generation.
810 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
811 .HmacKey(128)
812 .Digest(KM_DIGEST_SHA_2_256)
813 .Authorization(TAG_MAC_LENGTH, 20)));
814 string message = "12345678901234567890123456789012";
815 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]816 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]817 // Size in key was ignored.
818 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]819
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]820 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]821}
822
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]823TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]824 uint8_t key_data[] = {
825 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
826 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
827 };
828 string message = "Hi There";
829 uint8_t sha_224_expected[] = {
830 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
831 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
832 };
833 uint8_t sha_256_expected[] = {
834 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
835 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
836 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
837 };
838 uint8_t sha_384_expected[] = {
839 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
840 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
841 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
842 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
843 };
844 uint8_t sha_512_expected[] = {
845 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
846 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
847 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
848 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
849 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
850 };
851
852 string key = make_string(key_data);
853
854 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
855 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
856 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
857 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]858
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]859 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]860}
861
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]862TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]863 string key = "Jefe";
864 string message = "what do ya want for nothing?";
865 uint8_t sha_224_expected[] = {
866 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
867 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
868 };
869 uint8_t sha_256_expected[] = {
870 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
871 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
872 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
873 };
874 uint8_t sha_384_expected[] = {
875 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
876 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
877 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
878 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
879 };
880 uint8_t sha_512_expected[] = {
881 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
882 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
883 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
884 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
885 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
886 };
887
888 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
889 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
890 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
891 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]892
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]893 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]894}
895
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]896TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]897 string key(20, 0xaa);
898 string message(50, 0xdd);
899 uint8_t sha_224_expected[] = {
900 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
901 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
902 };
903 uint8_t sha_256_expected[] = {
904 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
905 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
906 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
907 };
908 uint8_t sha_384_expected[] = {
909 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
910 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
911 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
912 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
913 };
914 uint8_t sha_512_expected[] = {
915 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
916 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
917 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
918 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
919 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
920 };
921
922 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
923 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
924 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
925 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]926
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]927 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]928}
929
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]930TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]931 uint8_t key_data[25] = {
932 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
933 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
934 };
935 string key = make_string(key_data);
936 string message(50, 0xcd);
937 uint8_t sha_224_expected[] = {
938 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
939 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
940 };
941 uint8_t sha_256_expected[] = {
942 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
943 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
944 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
945 };
946 uint8_t sha_384_expected[] = {
947 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
948 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
949 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
950 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
951 };
952 uint8_t sha_512_expected[] = {
953 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
954 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
955 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
956 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
957 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
958 };
959
960 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
961 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
962 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
963 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]964
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]965 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]966}
967
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]968TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]969 string key(20, 0x0c);
970 string message = "Test With Truncation";
971
972 uint8_t sha_224_expected[] = {
973 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
974 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
975 };
976 uint8_t sha_256_expected[] = {
977 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
978 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
979 };
980 uint8_t sha_384_expected[] = {
981 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
982 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
983 };
984 uint8_t sha_512_expected[] = {
985 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
986 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
987 };
988
989 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
990 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
991 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
992 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]993
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]994 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]995}
996
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]997TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]998 string key(131, 0xaa);
999 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1000
1001 uint8_t sha_224_expected[] = {
1002 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1003 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1004 };
1005 uint8_t sha_256_expected[] = {
1006 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1007 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1008 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1009 };
1010 uint8_t sha_384_expected[] = {
1011 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1012 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1013 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1014 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1015 };
1016 uint8_t sha_512_expected[] = {
1017 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1018 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1019 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1020 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1021 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1022 };
1023
1024 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1025 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1026 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1027 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1028
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1029 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1030}
1031
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1032TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1033 string key(131, 0xaa);
1034 string message = "This is a test using a larger than block-size key and a larger than "
1035 "block-size data. The key needs to be hashed before being used by the HMAC "
1036 "algorithm.";
1037
1038 uint8_t sha_224_expected[] = {
1039 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1040 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1041 };
1042 uint8_t sha_256_expected[] = {
1043 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1044 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1045 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1046 };
1047 uint8_t sha_384_expected[] = {
1048 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1049 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1050 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1051 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1052 };
1053 uint8_t sha_512_expected[] = {
1054 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1055 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1056 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1057 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1058 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1059 };
1060
1061 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1062 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1063 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1064 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1065
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1066 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1067}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1068
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1069TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1070 ASSERT_EQ(KM_ERROR_OK,
1071 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
1072 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1073 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1074 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1075 ASSERT_EQ(KM_ERROR_OK,
1076 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
1077 string message = "1234567890123456789012345678901";
1078 string result;
1079 size_t input_consumed;
1080 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1081 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1082
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1083 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1084}
1085
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1086// TODO(swillden): Add more verification failure tests.
1087
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1088typedef Keymaster1Test VerificationOperationsTest;
1089INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1090
1091TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1092 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1093 .RsaSigningKey(256, 3)
1094 .Digest(KM_DIGEST_NONE)
1095 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1096 string message = "12345678901234567890123456789012";
1097 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1098 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1099 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1101 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1102 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1103}
1104
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1105TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1106 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1107 .RsaSigningKey(512, 3)
1108 .Digest(KM_DIGEST_SHA_2_256)
1109 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1110 // Use large message, which won't work without digesting.
1111 string message(1024, 'a');
1112 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1113 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1114 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1115
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1116 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1117 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1118}
1119
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1120TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1121 GenerateKey(AuthorizationSetBuilder()
1122 .RsaSigningKey(512, 3)
1123 .Digest(KM_DIGEST_SHA_2_256)
1124 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1125 string message(1024, 'a');
1126 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1127 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1128 ++signature[signature.size() / 2];
1129
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1130 AuthorizationSet begin_params(client_params());
1131 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1132 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1133 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1134
1135 string result;
1136 size_t input_consumed;
1137 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1138 EXPECT_EQ(message.size(), input_consumed);
1139 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1140
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1141 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1142 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1143}
1144
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1145TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1146 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1147 .RsaSigningKey(512, 3)
1148 .Digest(KM_DIGEST_SHA_2_256)
1149 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1150 // Use large message, which won't work without digesting.
1151 string message(1024, 'a');
1152 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1153 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1154 ++message[message.size() / 2];
1155
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1156 AuthorizationSet begin_params(client_params());
1157 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1158 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1159 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1160
1161 string result;
1162 size_t input_consumed;
1163 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1164 EXPECT_EQ(message.size(), input_consumed);
1165 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1166
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1167 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1168 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1169}
1170
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1171TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1172 GenerateKey(AuthorizationSetBuilder()
1173 .RsaSigningKey(512, 3)
1174 .Digest(KM_DIGEST_SHA_2_256)
1175 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1176 string message(1024, 'a');
1177 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1178 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1179 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1180
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1181 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1182 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1183}
1184
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1185TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1186 GenerateKey(AuthorizationSetBuilder()
1187 .RsaSigningKey(512, 3)
1188 .Digest(KM_DIGEST_SHA_2_256)
1189 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1190 string message(1024, 'a');
1191 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1192 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1193 ++signature[signature.size() / 2];
1194
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1195 AuthorizationSet begin_params(client_params());
1196 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1197 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1198 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1199
1200 string result;
1201 size_t input_consumed;
1202 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1203 EXPECT_EQ(message.size(), input_consumed);
1204 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1205
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1206 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1207 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1208}
1209
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1210TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1211 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1212 .RsaSigningKey(512, 3)
1213 .Digest(KM_DIGEST_SHA_2_256)
1214 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1215 // Use large message, which won't work without digesting.
1216 string message(1024, 'a');
1217 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1218 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1219 ++message[message.size() / 2];
1220
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1221 AuthorizationSet begin_params(client_params());
1222 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1223 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1224 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1225
1226 string result;
1227 size_t input_consumed;
1228 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1229 EXPECT_EQ(message.size(), input_consumed);
1230 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1231
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1232 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1233 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1234}
1235
1236template <typename T> vector<T> make_vector(const T* array, size_t len) {
1237 return vector<T>(array, array + len);
1238}
1239
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1240TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1241 // Get all supported digests and padding modes.
1242 size_t digests_len;
1243 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1244 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1245 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1246 &digests_len));
1247
1248 size_t padding_modes_len;
1249 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1251 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1252 &padding_modes, &padding_modes_len));
1253
1254 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1255 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1256 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1257 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1258 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1259 // Digesting requires padding
1260 continue;
1261
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1262 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1263 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1264 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1265
1266 if (digest == KM_DIGEST_NONE) {
1267 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1268 switch (padding_mode) {
1269 case KM_PAD_NONE:
1270 // Match key size.
1271 message_len = key_bits / 8;
1272 break;
1273 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1274 message_len = key_bits / 8 - 11;
1275 break;
1276 case KM_PAD_RSA_PSS:
1277 // PSS requires a digest.
1278 continue;
1279 default:
1280 FAIL() << "Missing padding";
1281 break;
1282 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1283 } else {
1284 size_t digest_bits;
1285 switch (digest) {
1286 case KM_DIGEST_MD5:
1287 digest_bits = 128;
1288 break;
1289 case KM_DIGEST_SHA1:
1290 digest_bits = 160;
1291 break;
1292 case KM_DIGEST_SHA_2_224:
1293 digest_bits = 224;
1294 break;
1295 case KM_DIGEST_SHA_2_256:
1296 digest_bits = 256;
1297 break;
1298 case KM_DIGEST_SHA_2_384:
1299 digest_bits = 384;
1300 break;
1301 case KM_DIGEST_SHA_2_512:
1302 digest_bits = 512;
1303 break;
1304 default:
1305 FAIL() << "Missing digest";
1306 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1307
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1308 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1309 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1310 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1311 break;
1312 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1313 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1314 break;
1315 default:
1316 FAIL() << "Missing padding";
1317 break;
1318 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1319 }
1320
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1321 GenerateKey(AuthorizationSetBuilder()
1322 .RsaSigningKey(key_bits, 3)
1323 .Digest(digest)
1324 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1325 string message(message_len, 'a');
1326 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1327 SignMessage(message, &signature, digest, padding_mode);
1328 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1329 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1330 }
1331 }
1332
1333 free(padding_modes);
1334 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1335
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1336 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1337 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1338}
1339
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1340TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1341 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1342 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1343 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1344 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1345 SignMessage(message, &signature, KM_DIGEST_NONE);
1346 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1347
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1348 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1349 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1350}
1351
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1352TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1353 ASSERT_EQ(KM_ERROR_OK,
1354 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1355 string message = "12345678901234567890";
1356 string signature;
1357 SignMessage(message, &signature, KM_DIGEST_NONE);
1358 VerifyMessage(message, signature, KM_DIGEST_NONE);
1359
1360 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1361 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1362}
1363
1364TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1365 ASSERT_EQ(KM_ERROR_OK,
1366 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1367 string message = "1234567890123456789012345678901234";
1368 string signature;
1369
1370 AuthorizationSet begin_params(client_params());
1371 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1372 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1373 string output;
1374 size_t input_consumed;
1375 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1376
1377 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1378 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1379}
1380
1381TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1382 ASSERT_EQ(KM_ERROR_OK,
1383 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1384
1385 string message(66, 'a');
1386 string signature;
1387 SignMessage(message, &signature, KM_DIGEST_NONE);
1388 VerifyMessage(message, signature, KM_DIGEST_NONE);
1389
1390 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1391 message[65] ^= 7;
1392 VerifyMessage(message, signature, KM_DIGEST_NONE);
1393
1394 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1395 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1396}
1397
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1398TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1399 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1400 .EcdsaSigningKey(256)
1401 .Digest(KM_DIGEST_SHA_2_256)
1402 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1403 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1404 string signature;
1405 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1406 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1407
1408 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1409 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1410
1411 // Just for giggles, try verifying with the wrong digest.
1412 AuthorizationSet begin_params(client_params());
1413 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1414 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1415
1416 string result;
1417 size_t input_consumed;
1418 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1419 EXPECT_EQ(message.size(), input_consumed);
1420 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1421}
1422
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1423TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1424 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1425 string message = "123456789012345678901234567890123456789012345678";
1426 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1427 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1428 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1429
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1430 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1431}
1432
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1433TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1434 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1435 string message = "123456789012345678901234567890123456789012345678";
1436 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1437 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1438 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1439
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1440 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1441}
1442
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1443TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1444 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1445 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1446 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1447 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1448 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1449
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1450 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1451}
1452
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1453TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1454 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1455 string message = "123456789012345678901234567890123456789012345678";
1456 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1457 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1458 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1459
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1460 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1461}
1462
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1463TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1464 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1465 string message = "123456789012345678901234567890123456789012345678";
1466 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1467 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1468 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1469
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1470 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1471}
1472
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1473TEST_P(VerificationOperationsTest, HmacAnyDigestSuccess) {
1474 ASSERT_EQ(KM_ERROR_OK,
1475 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
1476 string message = "12345678901234567890123456789012";
1477 string signature;
1478
1479 size_t len;
1480 keymaster_digest_t* digests;
1481 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
1482 KM_PURPOSE_SIGN, &digests, &len));
1483 for (size_t i = 0; i < len; ++i) {
1484 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
1485 VerifyMessage(message, signature, digests[i]);
1486 if (len > 1) {
1487 size_t wrong_digest_index = (i == 0) ? 1 : 0;
1488 AuthorizationSet begin_params(client_params());
1489 begin_params.push_back(TAG_DIGEST, digests[wrong_digest_index]);
1490 begin_params.push_back(TAG_MAC_LENGTH, 128);
1491 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1492 string output;
1493 size_t input_consumed;
1494 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &output, &input_consumed));
1495 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &output));
1496 }
1497 }
1498 free(digests);
1499
1500 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1501}
1502
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1503typedef Keymaster1Test ExportKeyTest;
1504INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1505
1506TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1507 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1508 .RsaSigningKey(256, 3)
1509 .Digest(KM_DIGEST_NONE)
1510 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1511 string export_data;
1512 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1513 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1514
1515 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1516
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1517 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1518 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1519}
1520
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1521TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1522 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1523 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1524 string export_data;
1525 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1526 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1527
1528 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1529
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1530 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1531 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1532}
1533
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1534TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1535 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1536 .RsaSigningKey(256, 3)
1537 .Digest(KM_DIGEST_NONE)
1538 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1539 string export_data;
1540 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1541
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1542 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1543 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1544}
1545
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1546TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1547 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1548 .RsaSigningKey(256, 3)
1549 .Digest(KM_DIGEST_NONE)
1550 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1551 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1552 string export_data;
1553 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1554
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1555 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1556 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1557}
1558
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1559TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1560 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1561 string export_data;
1562
1563 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1564 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1565 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1566
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1567 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1568}
1569
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1570static string read_file(const string& file_name) {
1571 ifstream file_stream(file_name, std::ios::binary);
1572 istreambuf_iterator<char> file_begin(file_stream);
1573 istreambuf_iterator<char> file_end;
1574 return string(file_begin, file_end);
1575}
1576
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1577typedef Keymaster1Test ImportKeyTest;
1578INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1579
1580TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1581 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1582 ASSERT_EQ(633U, pk8_key.size());
1583
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1584 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1585 .RsaSigningKey(1024, 65537)
1586 .Digest(KM_DIGEST_NONE)
1587 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1588 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1589
1590 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1591 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1592 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1593 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1594 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1595 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1596 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1597 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1598 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1599 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1600
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1601 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1602 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1603 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1604
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1605 string message(1024 / 8, 'a');
1606 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1607 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1608 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1609
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1610 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1611 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1612}
1613
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1614TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1615 string pk8_key = read_file("rsa_privkey_pk8.der");
1616 ASSERT_EQ(633U, pk8_key.size());
1617
1618 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1619 // point softkeymaster will no longer support keymaster0 APIs anyway.
1620 uint8_t* key_blob;
1621 size_t key_blob_length;
1622 ASSERT_EQ(0,
1623 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1624 pk8_key.size(), &key_blob, &key_blob_length));
1625 set_key_blob(key_blob, key_blob_length);
1626
1627 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1628 AuthorizationSet begin_params; // Don't use client data.
1629 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1630 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1631 AuthorizationSet update_params;
1632 AuthorizationSet output_params;
1633 string signature =
1634 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1635 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1636 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1637
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1638 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1639 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1640}
1641
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1642TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1643 string pk8_key = read_file("rsa_privkey_pk8.der");
1644 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1645 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1646 ImportKey(AuthorizationSetBuilder()
1647 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1648 .Digest(KM_DIGEST_NONE)
1649 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1650 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1651
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1652 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1653}
1654
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1655TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1656 string pk8_key = read_file("rsa_privkey_pk8.der");
1657 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1658 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1659 ImportKey(AuthorizationSetBuilder()
1660 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1661 .Digest(KM_DIGEST_NONE)
1662 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1663 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1664
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1665 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1666}
1667
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1668TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1669 string pk8_key = read_file("ec_privkey_pk8.der");
1670 ASSERT_EQ(138U, pk8_key.size());
1671
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1672 ASSERT_EQ(KM_ERROR_OK,
1673 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1674 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1675
1676 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1677 EXPECT_TRUE(
1678 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1679 TAG_ALGORITHM, KM_ALGORITHM_EC));
1680 EXPECT_TRUE(
1681 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1682 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1683
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1684 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1685 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1686 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1687
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1688 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1689 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1690 SignMessage(message, &signature, KM_DIGEST_NONE);
1691 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1692
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1693 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1694 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1695}
1696
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1697TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1698 string pk8_key = read_file("ec_privkey_pk8.der");
1699 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1700
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1701 ASSERT_EQ(KM_ERROR_OK,
1702 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1703 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1704
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1705 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1706 EXPECT_TRUE(
1707 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1708 TAG_ALGORITHM, KM_ALGORITHM_EC));
1709 EXPECT_TRUE(
1710 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1711 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1712
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1713 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1714 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1715 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1716
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1717 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1718 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1719 SignMessage(message, &signature, KM_DIGEST_NONE);
1720 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1721
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1722 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1723 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1724}
1725
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1726TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1727 string pk8_key = read_file("ec_privkey_pk8.der");
1728 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1729 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1730 ImportKey(AuthorizationSetBuilder()
1731 .EcdsaSigningKey(224 /* Doesn't match key */)
1732 .Digest(KM_DIGEST_NONE),
1733 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1734
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1735 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1736}
1737
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1738TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1739 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1740 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1741 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1742 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1743 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1744 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1745
1746 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1747 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1748
1749 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1750 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1751 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1752 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1753
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1754 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1755}
1756
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1757TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1758 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1759 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1760 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1761 .HmacKey(sizeof(key_data) * 8)
1762 .Digest(KM_DIGEST_SHA_2_256)
1763 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1764 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1765
1766 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1767 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1768
1769 string message = "Hello World!";
1770 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1771 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1772 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1773
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1774 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1775}
1776
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1777typedef Keymaster1Test EncryptionOperationsTest;
1778INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1779
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1780TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1781 ASSERT_EQ(KM_ERROR_OK,
1782 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1783
1784 string message = "12345678901234567890123456789012";
1785 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1786 EXPECT_EQ(256U / 8, ciphertext1.size());
1787
1788 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1789 EXPECT_EQ(256U / 8, ciphertext2.size());
1790
1791 // Unpadded RSA is deterministic
1792 EXPECT_EQ(ciphertext1, ciphertext2);
1793
1794 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1795 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1796}
1797
1798TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1799 ASSERT_EQ(KM_ERROR_OK,
1800 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1801
1802 string message = "1234567890123456789012345678901";
1803
1804 AuthorizationSet begin_params(client_params());
1805 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1806 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1807
1808 string result;
1809 size_t input_consumed;
1810 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1811 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1812 EXPECT_EQ(0U, result.size());
1813
1814 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1815 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1816}
1817
1818TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1819 ASSERT_EQ(KM_ERROR_OK,
1820 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1821
1822 string message = "123456789012345678901234567890123";
1823
1824 AuthorizationSet begin_params(client_params());
1825 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1826 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1827
1828 string result;
1829 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1830 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1831
1832 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1833 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1834}
1835
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1836TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1837 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1838 .RsaEncryptionKey(512, 3)
1839 .Padding(KM_PAD_RSA_OAEP)
1840 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1841
1842 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1843 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1844 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1845
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1846 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1847 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1848
1849 // OAEP randomizes padding so every result should be different.
1850 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1851
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1852 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1853 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1854}
1855
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1856TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1857 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1858 .RsaEncryptionKey(512, 3)
1859 .Padding(KM_PAD_RSA_OAEP)
1860 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1861 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1862 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1863 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1864
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1865 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1866 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1867
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1868 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1869 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1870}
1871
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1872TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1873 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1874 .RsaEncryptionKey(512, 3)
1875 .Padding(KM_PAD_RSA_OAEP)
1876 .Digest(KM_DIGEST_NONE)));
1877 string message = "Hello World!";
1878
1879 AuthorizationSet begin_params(client_params());
1880 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1881 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1882 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1883
1884 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1885 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1886}
1887
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1888TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1889 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1890 .RsaEncryptionKey(512, 3)
1891 .Padding(KM_PAD_RSA_OAEP)
1892 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1893 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1894 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1895 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1896
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1897 AuthorizationSet begin_params(client_params());
1898 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1899 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1900 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1901 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1902 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1903 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1904
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1905 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1906 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1907}
1908
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1909TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1910 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1911 .RsaEncryptionKey(512, 3)
1912 .Padding(KM_PAD_RSA_OAEP)
1913 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1914 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1915 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1916 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1917
1918 // Corrupt the ciphertext
1919 ciphertext[512 / 8 / 2]++;
1920
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1921 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1922 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1923 AuthorizationSet begin_params(client_params());
1924 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1925 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1926 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1927 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1928 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1929 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1930
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1931 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1932 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1933}
1934
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1935TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1936 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1937 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1938 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1939 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1940 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1941
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1942 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1943 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1944
1945 // PKCS1 v1.5 randomizes padding so every result should be different.
1946 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1947
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1948 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1949 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1950}
1951
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1952TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1953 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1954 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1955 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1956 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1957 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1958
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1959 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1960 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1961
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1962 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1963 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1964}
1965
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1966TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1967 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1968 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1969 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1970 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1971 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1972
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1973 AuthorizationSet begin_params(client_params());
1974 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1975 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1976 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1977 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1978 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1979
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1980 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1981 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1982}
1983
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1984TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
1985 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1986 .RsaEncryptionKey(512, 3)
1987 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
1988 .Digest(KM_DIGEST_NONE)));
1989 string message = "Hello World!";
1990 string result;
1991
1992 AuthorizationSet begin_params(client_params());
1993 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1994 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
1995 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1996
1997 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1998 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1999}
2000
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2001TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2002 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2003 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2004 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2005 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2006 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2007
2008 // Corrupt the ciphertext
2009 ciphertext[512 / 8 / 2]++;
2010
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2011 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2012 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2013 AuthorizationSet begin_params(client_params());
2014 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2015 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2016 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2017 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2018 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2019
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2020 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2021 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2022}
2023
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2024TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2025 ASSERT_EQ(KM_ERROR_OK,
2026 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2027
2028 AuthorizationSet begin_params(client_params());
2029 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2030 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2031
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2032 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2033 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2034}
2035
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2036TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2037 ASSERT_EQ(KM_ERROR_OK,
2038 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2039 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2040 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2041
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2042 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2043 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2044}
2045
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2046TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2047 ASSERT_EQ(
2048 KM_ERROR_OK,
2049 GenerateKey(
2050 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2051 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2052 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2053
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2054 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2055}
2056
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2057TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2058 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2059 .AesEncryptionKey(128)
2060 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2061 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2062 // Two-block message.
2063 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2064 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2065 EXPECT_EQ(message.size(), ciphertext1.size());
2066
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2067 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2068 EXPECT_EQ(message.size(), ciphertext2.size());
2069
2070 // ECB is deterministic.
2071 EXPECT_EQ(ciphertext1, ciphertext2);
2072
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2073 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2074 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2075
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2076 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2077}
2078
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2079TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2080 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2081 .AesEncryptionKey(128)
2082 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2083 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2084 // Message is slightly shorter than two blocks.
2085 string message = "1234567890123456789012345678901";
2086
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2087 AuthorizationSet begin_params(client_params());
2088 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2089 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2090 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2091 string ciphertext;
2092 size_t input_consumed;
2093 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2094 EXPECT_EQ(message.size(), input_consumed);
2095 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2096
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2097 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2098}
2099
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2100TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2101 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2102 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2103 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2104 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2105
2106 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2107 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2108 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2109 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2110 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2111 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2112 EXPECT_EQ(message, plaintext);
2113 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2114
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2115 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2116}
2117
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame^]2118TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2119 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2120 .AesEncryptionKey(128)
2121 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2122 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2123
2124 // Try various message lengths; all should work.
2125 for (size_t i = 0; i < 32; ++i) {
2126 string message(i, 'a');
2127 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
2128 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
2129 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
2130 EXPECT_EQ(message, plaintext);
2131 }
2132
2133 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2134}
2135
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2136TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2137 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2138 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2139 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2140 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2141
2142 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2143 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2144 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2145 EXPECT_NE(ciphertext, message);
2146 ++ciphertext[ciphertext.size() / 2];
2147
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2148 AuthorizationSet begin_params(client_params());
2149 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2150 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2151 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2152 string plaintext;
2153 size_t input_consumed;
2154 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2155 EXPECT_EQ(ciphertext.size(), input_consumed);
2156 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2157
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2158 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2159}
2160
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2161TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2162 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2163 .AesEncryptionKey(128)
2164 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2165 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2166 string message = "123";
2167 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2168 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2169 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2170 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2171
2172 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2173 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2174 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2175 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2176
2177 // IVs should be random, so ciphertexts should differ.
2178 EXPECT_NE(iv1, iv2);
2179 EXPECT_NE(ciphertext1, ciphertext2);
2180
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2181 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2182 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2183
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2184 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2185}
2186
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2187TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2188 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2189 .AesEncryptionKey(128)
2190 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2191 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2192
2193 int increment = 15;
2194 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2195 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2196 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2197 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2198 AuthorizationSet output_params;
2199 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2200
2201 string ciphertext;
2202 size_t input_consumed;
2203 for (size_t i = 0; i < message.size(); i += increment)
2204 EXPECT_EQ(KM_ERROR_OK,
2205 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2206 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2207 EXPECT_EQ(message.size(), ciphertext.size());
2208
2209 // Move TAG_NONCE into input_params
2210 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2211 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2212 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2213 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2214 output_params.Clear();
2215
2216 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2217 string plaintext;
2218 for (size_t i = 0; i < ciphertext.size(); i += increment)
2219 EXPECT_EQ(KM_ERROR_OK,
2220 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2221 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2222 EXPECT_EQ(ciphertext.size(), plaintext.size());
2223 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2224
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2225 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2226}
2227
2228struct AesCtrSp80038aTestVector {
2229 const char* key;
2230 const char* nonce;
2231 const char* plaintext;
2232 const char* ciphertext;
2233};
2234
2235// These test vectors are taken from
2236// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2237static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2238 // AES-128
2239 {
2240 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2241 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2242 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2243 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2244 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2245 },
2246 // AES-192
2247 {
2248 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2249 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2250 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2251 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2252 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2253 },
2254 // AES-256
2255 {
2256 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2257 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2258 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2259 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2260 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2261 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2262 },
2263};
2264
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2265TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2266 for (size_t i = 0; i < 3; i++) {
2267 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2268 const string key = hex2str(test.key);
2269 const string nonce = hex2str(test.nonce);
2270 const string plaintext = hex2str(test.plaintext);
2271 const string ciphertext = hex2str(test.ciphertext);
2272 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2273 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2274
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2275 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2276}
2277
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2278TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2279 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2280 .AesEncryptionKey(128)
2281 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2282 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2283 AuthorizationSet begin_params(client_params());
2284 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2285 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2286 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2287
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2288 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2289}
2290
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2291TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2292 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2293 .AesEncryptionKey(128)
2294 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2295 .Authorization(TAG_CALLER_NONCE)
2296 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2297
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2298 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2299 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2300 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2301 input_params.push_back(TAG_NONCE, "123", 3);
2302 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2303
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2304 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2305}
2306
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2307TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2308 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2309 .AesEncryptionKey(128)
2310 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2311 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2312 // Two-block message.
2313 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2314 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2315 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2316 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2317
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2318 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2319 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2320 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2321
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2322 // IVs should be random, so ciphertexts should differ.
2323 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2324 EXPECT_NE(ciphertext1, ciphertext2);
2325
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2326 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2327 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2328
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2329 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2330}
2331
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2332TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2333 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2334 .AesEncryptionKey(128)
2335 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2336 .Authorization(TAG_CALLER_NONCE)
2337 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2338 string message = "12345678901234567890123456789012";
2339 string iv1;
2340 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2341 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2342 EXPECT_EQ(message.size(), ciphertext1.size());
2343 EXPECT_EQ(16U, iv1.size());
2344
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2345 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2346 EXPECT_EQ(message, plaintext);
2347
2348 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2349 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2350 AuthorizationSet update_params;
2351 AuthorizationSet output_params;
2352 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2353 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2354 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2355 string ciphertext2 =
2356 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2357
2358 // Decrypt with correct nonce.
2359 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2360 &output_params);
2361 EXPECT_EQ(message, plaintext);
2362
2363 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2364 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2365 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2366 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2367 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2368 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2369 &output_params);
2370 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2371
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2372 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2373}
2374
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2375TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2376 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2377 .AesEncryptionKey(128)
2378 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2379 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2380
2381 string message = "12345678901234567890123456789012";
2382 string iv1;
2383 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2384 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2385 EXPECT_EQ(message.size(), ciphertext1.size());
2386 EXPECT_EQ(16U, iv1.size());
2387
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2388 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2389 EXPECT_EQ(message, plaintext);
2390
2391 // Now specify a nonce, should fail.
2392 AuthorizationSet input_params(client_params());
2393 AuthorizationSet update_params;
2394 AuthorizationSet output_params;
2395 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2396 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2397 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2398
2399 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2400 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2401
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2402 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2403}
2404
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2405TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2406 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2407 .AesEncryptionKey(128)
2408 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2409 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2410
2411 int increment = 15;
2412 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2413 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2414 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2415 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2416 AuthorizationSet output_params;
2417 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2418
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2419 string ciphertext;
2420 size_t input_consumed;
2421 for (size_t i = 0; i < message.size(); i += increment)
2422 EXPECT_EQ(KM_ERROR_OK,
2423 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2424 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2425 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2426
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2427 // Move TAG_NONCE into input_params
2428 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2429 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2430 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2431 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2432 output_params.Clear();
2433
2434 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2435 string plaintext;
2436 for (size_t i = 0; i < ciphertext.size(); i += increment)
2437 EXPECT_EQ(KM_ERROR_OK,
2438 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2439 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2440 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2441 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2442
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2443 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2444}
2445
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2446TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2447 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2448 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2449 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2450 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2451
2452 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2453 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2454 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2455 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2456 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2457 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2458 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2459 EXPECT_EQ(message, plaintext);
2460 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2461
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2462 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2463}
2464
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2465TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2466 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2467 .AesEncryptionKey(128)
2468 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2469 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2470 string aad = "foobar";
2471 string message = "123456789012345678901234567890123456";
2472 AuthorizationSet begin_params(client_params());
2473 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2474 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2475 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2476
2477 AuthorizationSet update_params;
2478 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2479
2480 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2481 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2482 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2483 string ciphertext;
2484 size_t input_consumed;
2485 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2486 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2487 &input_consumed));
2488 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2489 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2490
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2491 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2492 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2493 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2494
2495 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2496 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2497 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2498 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2499 &plaintext, &input_consumed));
2500 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2501 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2502
2503 EXPECT_EQ(message, plaintext);
2504 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2505}
2506
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2507TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2508 uint8_t nonce[] = {
2509 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2510 };
2511 uint8_t ciphertext[] = {
2512 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2513 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2514 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2515 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2516 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2517 };
2518 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2519
2520 AuthorizationSet begin_params(client_params());
2521 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2522 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2523 begin_params.push_back(TAG_MAC_LENGTH, 128);
2524 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2525
2526 string plaintext;
2527 size_t input_consumed;
2528
2529 // Import correct key and decrypt
2530 uint8_t good_key[] = {
2531 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2532 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2533 };
2534 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2535 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2536 .AesEncryptionKey(128)
2537 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2538 .Authorization(TAG_PADDING, KM_PAD_NONE)
2539 .Authorization(TAG_CALLER_NONCE),
2540 KM_KEY_FORMAT_RAW, good_key_str));
2541 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2542 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2543 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2544
2545 // Import bad key and decrypt
2546 uint8_t bad_key[] = {
2547 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2548 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2549 };
2550 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2551 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2552 .AesEncryptionKey(128)
2553 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2554 .Authorization(TAG_PADDING, KM_PAD_NONE),
2555 KM_KEY_FORMAT_RAW, bad_key_str));
2556 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2557 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2558 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2559
2560 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2561}
2562
2563TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2564 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2565 .AesEncryptionKey(128)
2566 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2567 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2568 string aad = "123456789012345678";
2569 string empty_message;
2570 AuthorizationSet begin_params(client_params());
2571 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2572 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2573 begin_params.push_back(TAG_MAC_LENGTH, 128);
2574
2575 AuthorizationSet update_params;
2576 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2577
2578 // Encrypt
2579 AuthorizationSet begin_out_params;
2580 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2581 string ciphertext;
2582 size_t input_consumed;
2583 AuthorizationSet update_out_params;
2584 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2585 &ciphertext, &input_consumed));
2586 EXPECT_EQ(0U, input_consumed);
2587 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2588
2589 // Grab nonce
2590 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2591 begin_params.push_back(begin_out_params);
2592
2593 // Decrypt.
2594 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2595 string plaintext;
2596 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2597 &plaintext, &input_consumed));
2598 EXPECT_EQ(ciphertext.size(), input_consumed);
2599 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2600
2601 EXPECT_EQ(empty_message, plaintext);
2602 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2603}
2604
2605TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2606 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2607 .AesEncryptionKey(128)
2608 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2609 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2610 AuthorizationSet begin_params(client_params());
2611 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2612 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2613 begin_params.push_back(TAG_MAC_LENGTH, 128);
2614
2615 AuthorizationSet update_params;
2616 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2617
2618 // Encrypt
2619 AuthorizationSet begin_out_params;
2620 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2621 string ciphertext;
2622 size_t input_consumed;
2623 AuthorizationSet update_out_params;
2624
2625 // Send AAD, incrementally
2626 for (int i = 0; i < 1000; ++i) {
2627 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2628 &input_consumed));
2629 EXPECT_EQ(0U, input_consumed);
2630 EXPECT_EQ(0U, ciphertext.size());
2631 }
2632
2633 // Now send data, incrementally, no data.
2634 AuthorizationSet empty_params;
2635 for (int i = 0; i < 1000; ++i) {
2636 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2637 &input_consumed));
2638 EXPECT_EQ(1U, input_consumed);
2639 }
2640 EXPECT_EQ(1000U, ciphertext.size());
2641
2642 // And finish.
2643 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2644 EXPECT_EQ(1016U, ciphertext.size());
2645
2646 // Grab nonce
2647 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2648 begin_params.push_back(begin_out_params);
2649
2650 // Decrypt.
2651 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2652 string plaintext;
2653
2654 // Send AAD, incrementally, no data
2655 for (int i = 0; i < 1000; ++i) {
2656 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2657 &input_consumed));
2658 EXPECT_EQ(0U, input_consumed);
2659 EXPECT_EQ(0U, plaintext.size());
2660 }
2661
2662 // Now send data, incrementally.
2663 for (size_t i = 0; i < ciphertext.length(); ++i) {
2664 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2665 &update_out_params, &plaintext, &input_consumed));
2666 EXPECT_EQ(1U, input_consumed);
2667 }
2668 EXPECT_EQ(1000U, plaintext.size());
2669 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2670
2671 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2672}
2673
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2674TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2675 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2676 .AesEncryptionKey(128)
2677 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2678 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2679 string message = "123456789012345678901234567890123456";
2680 AuthorizationSet begin_params(client_params());
2681 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2682 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2683 begin_params.push_back(TAG_MAC_LENGTH, 128);
2684 AuthorizationSet begin_out_params;
2685
2686 AuthorizationSet update_params;
2687 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2688
2689 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2690
2691 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2692 string ciphertext;
2693 size_t input_consumed;
2694 AuthorizationSet update_out_params;
2695 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2696 &ciphertext, &input_consumed));
2697 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2698
2699 // AAD and data.
2700 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2701 &input_consumed));
2702 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2703 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2704
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2705 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2706 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2707 begin_params.push_back(begin_out_params);
2708
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2709 // Decrypt
2710 update_params.Clear();
2711 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2712
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2713 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2714 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2715 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2716 &plaintext, &input_consumed));
2717 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2718 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2719
2720 EXPECT_EQ(message, plaintext);
2721 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2722}
2723
2724TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2725 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2726 .AesEncryptionKey(128)
2727 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2728 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2729 string message = "12345678901234567890123456789012";
2730 AuthorizationSet begin_params(client_params());
2731 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2732 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2733 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2734
2735 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2736 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2737
2738 AuthorizationSet finish_params;
2739 AuthorizationSet finish_out_params;
2740
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2741 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2742 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2743 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2744 AuthorizationSet update_out_params;
2745 string ciphertext;
2746 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2747 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2748 &input_consumed));
2749 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2750 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2751
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2752 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2753 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2754 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2755
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2756 update_params.Clear();
2757 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2758
2759 // Decrypt.
2760 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2761 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2762 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2763 &plaintext, &input_consumed));
2764 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2765 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2766
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2767 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2768}
2769
2770TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2771 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2772 .AesEncryptionKey(128)
2773 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2774 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2775 string message = "12345678901234567890123456789012";
2776 AuthorizationSet begin_params(client_params());
2777 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2778 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2779 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2780
2781 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2782 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2783
2784 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2785 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2786 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2787 AuthorizationSet update_out_params;
2788 string ciphertext;
2789 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2790 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2791 &input_consumed));
2792 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2793 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2794
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2795 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2796
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2797 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2798 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2799 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2800 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2801 &plaintext, &input_consumed));
2802 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2803 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2804
2805 // With wrong nonce, should have gotten garbage plaintext.
2806 EXPECT_NE(message, plaintext);
2807 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2808}
2809
2810TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2811 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2812 .AesEncryptionKey(128)
2813 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2814 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2815 string aad = "foobar";
2816 string message = "123456789012345678901234567890123456";
2817 AuthorizationSet begin_params(client_params());
2818 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2819 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2820 begin_params.push_back(TAG_MAC_LENGTH, 128);
2821 AuthorizationSet begin_out_params;
2822
2823 AuthorizationSet update_params;
2824 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2825
2826 // Encrypt
2827 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2828 AuthorizationSet update_out_params;
2829 string ciphertext;
2830 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2831 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2832 &input_consumed));
2833 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2834 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2835
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2836 // Corrupt tag
2837 (*ciphertext.rbegin())++;
2838
2839 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2840 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2841 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2842
2843 // Decrypt.
2844 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2845 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2846 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2847 &plaintext, &input_consumed));
2848 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2849 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2850
2851 EXPECT_EQ(message, plaintext);
2852 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2853}
2854
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2855typedef Keymaster1Test MaxOperationsTest;
2856INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
2857
2858TEST_P(MaxOperationsTest, TestLimit) {
2859 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2860 .AesEncryptionKey(128)
2861 .EcbMode()
2862 .Authorization(TAG_PADDING, KM_PAD_NONE)
2863 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2864
2865 string message = "1234567890123456";
2866 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2867 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2868 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2869
2870 // Fourth time should fail.
2871 AuthorizationSet begin_params(client_params());
2872 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2873 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2874 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2875
2876 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2877}
2878
2879TEST_P(MaxOperationsTest, TestAbort) {
2880 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2881 .AesEncryptionKey(128)
2882 .EcbMode()
2883 .Authorization(TAG_PADDING, KM_PAD_NONE)
2884 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2885
2886 string message = "1234567890123456";
2887 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2888 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2889 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2890
2891 // Fourth time should fail.
2892 AuthorizationSet begin_params(client_params());
2893 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2894 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2895 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2896
2897 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2898}
2899
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2900typedef Keymaster1Test AddEntropyTest;
2901INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2902
2903TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2904 // There's no obvious way to test that entropy is actually added, but we can test that the API
2905 // doesn't blow up or return an error.
2906 EXPECT_EQ(KM_ERROR_OK,
2907 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2908
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2909 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2910}
2911
2912typedef Keymaster1Test Keymaster0AdapterTest;
2913INSTANTIATE_TEST_CASE_P(
2914 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2915 ::testing::Values(
2916 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2917 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2918
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2919TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2920 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2921 // key data.
2922 string km1_sw = read_file("km1_sw_rsa_512.blob");
2923 EXPECT_EQ(486U, km1_sw.length());
2924
2925 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2926 memcpy(key_data, km1_sw.data(), km1_sw.length());
2927 set_key_blob(key_data, km1_sw.length());
2928
2929 string message(64, 'a');
2930 string signature;
2931 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2932
2933 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2934}
2935
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]2936TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
2937 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
2938 // blobs contain OCB-encrypted key data.
2939 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
2940 EXPECT_EQ(477U, km1_sw.length());
2941
2942 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2943 memcpy(key_data, km1_sw.data(), km1_sw.length());
2944 set_key_blob(key_data, km1_sw.length());
2945
2946 string message(64, 'a');
2947 string signature;
2948 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2949
2950 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2951}
2952
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2953TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2954 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2955 // key data.
2956 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2957 EXPECT_EQ(270U, km1_sw.length());
2958
2959 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2960 memcpy(key_data, km1_sw.data(), km1_sw.length());
2961 set_key_blob(key_data, km1_sw.length());
2962
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]2963 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2964 string signature;
2965 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2966
2967 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2968}
2969
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2970struct Malloc_Delete {
2971 void operator()(void* p) { free(p); }
2972};
2973
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2974TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2975 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2976 string km0_sw = read_file("km0_sw_rsa_512.blob");
2977 EXPECT_EQ(333U, km0_sw.length());
2978
2979 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2980 memcpy(key_data, km0_sw.data(), km0_sw.length());
2981 set_key_blob(key_data, km0_sw.length());
2982
2983 string message(64, 'a');
2984 string signature;
2985 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2986
2987 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2988}
2989
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]2990TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
2991 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2992 string km0_sw = read_file("km0_sw_rsa_512.blob");
2993 EXPECT_EQ(333U, km0_sw.length());
2994
2995 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2996 memcpy(key_data, km0_sw.data(), km0_sw.length());
2997 set_key_blob(key_data, km0_sw.length());
2998
2999 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3000 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3001 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3002 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3003 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3004 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3005 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3006 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3007 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3008 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3009
3010 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3011}
3012
3013TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3014 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3015 string km0_sw = read_file("km0_sw_rsa_512.blob");
3016 EXPECT_EQ(333U, km0_sw.length());
3017
3018 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3019 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3020 EXPECT_EQ('P', km0_sw[0]);
3021 km0_sw[0] = 'Q';
3022
3023 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3024 memcpy(key_data, km0_sw.data(), km0_sw.length());
3025 set_key_blob(key_data, km0_sw.length());
3026
3027 string message(64, 'a');
3028 string signature;
3029 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3030 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3031
3032 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3033}
3034
3035TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3036 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3037 string km0_sw = read_file("km0_sw_rsa_512.blob");
3038 EXPECT_EQ(333U, km0_sw.length());
3039
3040 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3041 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3042 EXPECT_EQ('P', km0_sw[0]);
3043 km0_sw[0] = 'Q';
3044
3045 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3046 memcpy(key_data, km0_sw.data(), km0_sw.length());
3047 set_key_blob(key_data, km0_sw.length());
3048
3049 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3050 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3051 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3052 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3053 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3054 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
3055 EXPECT_EQ(5U, hw_enforced().size());
3056
3057 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3058 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3059 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3060 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3061
3062 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3063 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3064 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3065 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3066 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3067
3068 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3069}
3070
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3071} // namespace test
3072} // namespace keymaster