Blame - google_keymaster_test.cpp - fp2-dev/platform/system/keymaster

blob: 38eb164c0198a357944338978031cd4f8c8caaac [file] [log] [blame]

Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	1	/*
				2	* Copyright (C) 2014 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	#include <gtest/gtest.h>
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	18
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	19	#include <openssl/engine.h>
				20
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	21	#include "google_keymaster_test_utils.h"
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	22	#include "google_keymaster_utils.h"
				23	#include "google_softkeymaster.h"
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	24	#include "keymaster_tags.h"
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	25
				26	int main(int argc, char** argv) {
				27	::testing::InitGoogleTest(&argc, argv);
				28	int result = RUN_ALL_TESTS();
				29	// Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
				30	CRYPTO_cleanup_all_ex_data();
				31	ERR_free_strings();
				32	return result;
				33	}
				34
				35	namespace keymaster {
				36	namespace test {
				37
				38	class KeymasterTest : public testing::Test {
				39	protected:
Shawn Willden	da8485e	2014-08-17 08:00:01 -0600	[diff] [blame]	40	KeymasterTest() : device(5) { RAND_seed("foobar", 6); }
				41	~KeymasterTest() {}
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	42
				43	GoogleSoftKeymaster device;
				44	};
				45
				46	template <keymaster_tag_t Tag, typename KeymasterEnum>
				47	bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM, Tag, KeymasterEnum> tag,
				48	KeymasterEnum val) {
				49	int pos = set.find(tag);
				50	return pos != -1 && set[pos].enumerated == val;
				51	}
				52
				53	template <keymaster_tag_t Tag, typename KeymasterEnum>
				54	bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM_REP, Tag, KeymasterEnum> tag,
				55	KeymasterEnum val) {
				56	int pos = -1;
				57	while ((pos = set.find(tag, pos)) != -1)
				58	if (set[pos].enumerated == val)
				59	return true;
				60	return false;
				61	}
				62
				63	template <keymaster_tag_t Tag>
				64	bool contains(const AuthorizationSet& set, TypedTag<KM_INT, Tag> tag, uint32_t val) {
				65	int pos = set.find(tag);
				66	return pos != -1 && set[pos].integer == val;
				67	}
				68
				69	template <keymaster_tag_t Tag>
				70	bool contains(const AuthorizationSet& set, TypedTag<KM_INT_REP, Tag> tag, uint32_t val) {
				71	int pos = -1;
				72	while ((pos = set.find(tag, pos)) != -1)
				73	if (set[pos].integer == val)
				74	return true;
				75	return false;
				76	}
				77
				78	template <keymaster_tag_t Tag>
				79	bool contains(const AuthorizationSet& set, TypedTag<KM_LONG, Tag> tag, uint64_t val) {
				80	int pos = set.find(tag);
				81	return pos != -1 && set[pos].long_integer == val;
				82	}
				83
				84	template <keymaster_tag_t Tag>
				85	bool contains(const AuthorizationSet& set, TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
				86	int pos = set.find(tag);
				87	return pos != -1 &&
				88	std::string(reinterpret_cast<const char*>(set[pos].blob.data),
				89	set[pos].blob.data_length) == val;
				90	}
				91
				92	inline bool contains(const AuthorizationSet& set, keymaster_tag_t tag) {
				93	return set.find(tag) != -1;
				94	}
				95
				96	typedef KeymasterTest CheckSupported;
				97	TEST_F(CheckSupported, SupportedAlgorithms) {
				98	// Shouldn't blow up on NULL.
				99	device.SupportedAlgorithms(NULL);
				100
				101	SupportedResponse<keymaster_algorithm_t> response;
				102	device.SupportedAlgorithms(&response);
				103	EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	104	EXPECT_EQ(3U, response.results_length);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	105	EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	106	EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	107	EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	108	}
				109
				110	TEST_F(CheckSupported, SupportedBlockModes) {
				111	// Shouldn't blow up on NULL.
				112	device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
				113
				114	SupportedResponse<keymaster_block_mode_t> response;
				115	device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
				116	EXPECT_EQ(KM_ERROR_OK, response.error);
				117	EXPECT_EQ(0U, response.results_length);
				118
				119	device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	120	EXPECT_EQ(KM_ERROR_OK, response.error);
				121	EXPECT_EQ(0U, response.results_length);
				122
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	123	device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
				124	EXPECT_EQ(KM_ERROR_OK, response.error);
				125	EXPECT_EQ(0U, response.results_length);
				126
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	127	device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	128	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				129	}
				130
				131	TEST_F(CheckSupported, SupportedPaddingModes) {
				132	// Shouldn't blow up on NULL.
				133	device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
				134
				135	SupportedResponse<keymaster_padding_t> response;
				136	device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
				137	EXPECT_EQ(KM_ERROR_OK, response.error);
				138	EXPECT_EQ(1U, response.results_length);
				139	EXPECT_EQ(KM_PAD_NONE, response.results[0]);
				140
				141	device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	142	EXPECT_EQ(KM_ERROR_OK, response.error);
				143	EXPECT_EQ(1U, response.results_length);
				144	EXPECT_EQ(KM_PAD_NONE, response.results[0]);
				145
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	146	device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
				147	EXPECT_EQ(KM_ERROR_OK, response.error);
				148	EXPECT_EQ(1U, response.results_length);
				149	EXPECT_EQ(KM_PAD_NONE, response.results[0]);
				150
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	151	device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	152	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				153	}
				154
				155	TEST_F(CheckSupported, SupportedDigests) {
				156	// Shouldn't blow up on NULL.
				157	device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
				158
				159	SupportedResponse<keymaster_digest_t> response;
				160	device.SupportedDigests(KM_ALGORITHM_RSA, &response);
				161	EXPECT_EQ(KM_ERROR_OK, response.error);
				162	EXPECT_EQ(1U, response.results_length);
				163	EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
				164
				165	device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	166	EXPECT_EQ(KM_ERROR_OK, response.error);
				167	EXPECT_EQ(1U, response.results_length);
				168	EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
				169
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	170	device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
				171	EXPECT_EQ(KM_ERROR_OK, response.error);
				172	EXPECT_EQ(1U, response.results_length);
				173	EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
				174
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	175	device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	176	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				177	}
				178
				179	TEST_F(CheckSupported, SupportedImportFormats) {
				180	// Shouldn't blow up on NULL.
				181	device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
				182
				183	SupportedResponse<keymaster_key_format_t> response;
				184	device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
				185	EXPECT_EQ(KM_ERROR_OK, response.error);
				186	EXPECT_EQ(1U, response.results_length);
				187	EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
				188
				189	device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	190	EXPECT_EQ(KM_ERROR_OK, response.error);
				191	EXPECT_EQ(1U, response.results_length);
				192	EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
				193
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	194	device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
				195	EXPECT_EQ(KM_ERROR_OK, response.error);
				196	EXPECT_EQ(1U, response.results_length);
				197	EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
				198
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	199	device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	200	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				201	}
				202
				203	TEST_F(CheckSupported, SupportedExportFormats) {
				204	// Shouldn't blow up on NULL.
				205	device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
				206
				207	SupportedResponse<keymaster_key_format_t> response;
				208	device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
				209	EXPECT_EQ(KM_ERROR_OK, response.error);
				210	EXPECT_EQ(1U, response.results_length);
				211	EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
				212
				213	device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	214	EXPECT_EQ(KM_ERROR_OK, response.error);
				215	EXPECT_EQ(1U, response.results_length);
				216	EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
				217
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	218	device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
				219	EXPECT_EQ(KM_ERROR_OK, response.error);
				220	EXPECT_EQ(1U, response.results_length);
				221	EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
				222
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	223	device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	224	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				225	}
				226
				227	typedef KeymasterTest NewKeyGeneration;
				228	TEST_F(NewKeyGeneration, Rsa) {
				229	keymaster_key_param_t params[] = {
				230	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				231	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				232	Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	233	Authorization(TAG_KEY_SIZE, 256),
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	234	Authorization(TAG_USER_ID, 7),
				235	Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	236	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				237	Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	238	Authorization(TAG_AUTH_TIMEOUT, 300),
				239	};
				240	GenerateKeyRequest req;
				241	req.key_description.Reinitialize(params, array_length(params));
				242	GenerateKeyResponse rsp;
				243
				244	device.GenerateKey(req, &rsp);
				245
				246	ASSERT_EQ(KM_ERROR_OK, rsp.error);
				247	EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden	8d336ae	2014-08-09 15:47:05 -0600	[diff] [blame]	248	EXPECT_EQ(12U, rsp.enforced.SerializedSize());
				249	EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	250
				251	// Check specified tags are all present in unenforced characteristics
				252	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
				253	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
				254
				255	EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
				256
				257	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
				258	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	259	EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	260	EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
				261
Shawn Willden	39b970b	2014-08-11 09:11:21 -0600	[diff] [blame]	262	// Verify that App ID, App data and ROT are NOT included.
				263	EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
				264	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
				265	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
				266
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	267	// Just for giggles, check that some unexpected tags/values are NOT present.
				268	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
				269	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
				270	EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
				271	EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
				272
				273	// Now check that unspecified, defaulted tags are correct.
				274	EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
				275	EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
				276	EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	277	}
				278
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	279	TEST_F(NewKeyGeneration, Dsa) {
				280	keymaster_key_param_t params[] = {
				281	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				282	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				283	Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
				284	Authorization(TAG_KEY_SIZE, 256),
				285	Authorization(TAG_USER_ID, 7),
				286	Authorization(TAG_USER_AUTH_ID, 8),
				287	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				288	Authorization(TAG_APPLICATION_DATA, "app_data", 8),
				289	Authorization(TAG_AUTH_TIMEOUT, 300),
				290	};
				291	GenerateKeyRequest req;
				292	req.key_description.Reinitialize(params, array_length(params));
				293	GenerateKeyResponse rsp;
				294
				295	device.GenerateKey(req, &rsp);
				296
				297	ASSERT_EQ(KM_ERROR_OK, rsp.error);
				298	EXPECT_EQ(0U, rsp.enforced.size());
				299	EXPECT_EQ(12U, rsp.enforced.SerializedSize());
				300	EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
				301
				302	// Check specified tags are all present in unenforced characteristics
				303	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
				304	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
				305
				306	EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
				307
				308	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
				309	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
				310	EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
				311	EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
				312
				313	// Verify that App ID, App data and ROT are NOT included.
				314	EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
				315	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
				316	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
				317
				318	// Just for giggles, check that some unexpected tags/values are NOT present.
				319	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
				320	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
				321	EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
				322	EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
				323
				324	// Now check that unspecified, defaulted tags are correct.
				325	EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
				326	EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
				327
				328	// Generator should have created DSA params.
				329	keymaster_blob_t g, p, q;
				330	EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
				331	EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
				332	EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
				333	EXPECT_EQ(64U, g.data_length);
				334	EXPECT_EQ(64U, p.data_length);
				335	EXPECT_EQ(20U, q.data_length);
				336	}
				337
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	338	TEST_F(NewKeyGeneration, Ecdsa) {
				339	keymaster_key_param_t params[] = {
				340	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				341	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				342	Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
				343	Authorization(TAG_KEY_SIZE, 256),
				344	Authorization(TAG_USER_ID, 7),
				345	Authorization(TAG_USER_AUTH_ID, 8),
				346	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				347	Authorization(TAG_APPLICATION_DATA, "app_data", 8),
				348	Authorization(TAG_AUTH_TIMEOUT, 300),
				349	};
				350	GenerateKeyRequest req;
				351	req.key_description.Reinitialize(params, array_length(params));
				352	GenerateKeyResponse rsp;
				353
				354	device.GenerateKey(req, &rsp);
				355
				356	ASSERT_EQ(KM_ERROR_OK, rsp.error);
				357	EXPECT_EQ(0U, rsp.enforced.size());
				358	EXPECT_EQ(12U, rsp.enforced.SerializedSize());
				359	EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
				360
				361	// Check specified tags are all present in unenforced characteristics
				362	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
				363	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
				364
				365	EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				366
				367	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
				368	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
				369	EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
				370	EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
				371
				372	// Verify that App ID, App data and ROT are NOT included.
				373	EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
				374	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
				375	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
				376
				377	// Just for giggles, check that some unexpected tags/values are NOT present.
				378	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
				379	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
				380	EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
				381	EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
				382
				383	// Now check that unspecified, defaulted tags are correct.
				384	EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
				385	EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
				386	}
				387
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	388	typedef KeymasterTest GetKeyCharacteristics;
				389	TEST_F(GetKeyCharacteristics, SimpleRsa) {
				390	keymaster_key_param_t params[] = {
				391	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				392	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				393	Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
				394	Authorization(TAG_KEY_SIZE, 256),
				395	Authorization(TAG_USER_ID, 7),
				396	Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	397	Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	398	Authorization(TAG_AUTH_TIMEOUT, 300),
				399	};
				400
				401	GenerateKeyRequest gen_req;
				402	gen_req.key_description.Reinitialize(params, array_length(params));
				403	GenerateKeyResponse gen_rsp;
				404
				405	device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	406	ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	407
				408	GetKeyCharacteristicsRequest req;
Shawn Willden	da8485e	2014-08-17 08:00:01 -0600	[diff] [blame]	409	req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	410	req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	411
				412	GetKeyCharacteristicsResponse rsp;
				413	device.GetKeyCharacteristics(req, &rsp);
				414	ASSERT_EQ(KM_ERROR_OK, rsp.error);
				415
				416	EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
				417	EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
				418	}
				419
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	420	/**
				421	* Test class that provides some infrastructure for generating keys and signing messages.
				422	*/
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	423	class SigningOperationsTest : public KeymasterTest {
				424	protected:
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	425	void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
				426	keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	427	keymaster_key_param_t params[] = {
				428	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				429	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	430	Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	431	Authorization(TAG_KEY_SIZE, key_size),
				432	Authorization(TAG_USER_ID, 7),
				433	Authorization(TAG_USER_AUTH_ID, 8),
				434	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				435	Authorization(TAG_AUTH_TIMEOUT, 300),
				436	};
				437	GenerateKeyRequest generate_request;
				438	generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	439	if (static_cast<int>(digest) != -1)
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	440	generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	441	if (static_cast<int>(padding) != -1)
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	442	generate_request.key_description.push_back(TAG_PADDING, padding);
				443	device.GenerateKey(generate_request, &generate_response_);
				444	EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	445	}
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	446
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	447	void SignMessage(const void* message, size_t size) {
				448	BeginOperationRequest begin_request;
				449	BeginOperationResponse begin_response;
				450	begin_request.SetKeyMaterial(generate_response_.key_blob);
				451	begin_request.purpose = KM_PURPOSE_SIGN;
				452	AddClientParams(&begin_request.additional_params);
				453
				454	device.BeginOperation(begin_request, &begin_response);
				455	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				456
				457	UpdateOperationRequest update_request;
				458	UpdateOperationResponse update_response;
				459	update_request.op_handle = begin_response.op_handle;
				460	update_request.input.Reinitialize(message, size);
				461	EXPECT_EQ(size, update_request.input.available_read());
				462
				463	device.UpdateOperation(update_request, &update_response);
				464	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				465	EXPECT_EQ(0U, update_response.output.available_read());
				466
				467	FinishOperationRequest finish_request;
				468	finish_request.op_handle = begin_response.op_handle;
				469	device.FinishOperation(finish_request, &finish_response_);
				470	ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
				471	EXPECT_GT(finish_response_.output.available_read(), 0U);
				472	}
				473
				474	void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
				475
				476	const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
				477	Buffer* signature() {
				478	if (finish_response_.error == KM_ERROR_OK)
				479	return &finish_response_.output;
				480	return NULL;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	481	}
				482
				483	private:
				484	GenerateKeyResponse generate_response_;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	485	FinishOperationResponse finish_response_;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	486	};
				487
				488	TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	489	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	490
				491	BeginOperationRequest begin_request;
				492	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	493	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	494	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	495	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	496
				497	device.BeginOperation(begin_request, &begin_response);
				498	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				499
				500	UpdateOperationRequest update_request;
				501	UpdateOperationResponse update_response;
				502	update_request.op_handle = begin_response.op_handle;
				503	update_request.input.Reinitialize("012345678901234567890123456789012", 32);
				504	EXPECT_EQ(32U, update_request.input.available_read());
				505
				506	device.UpdateOperation(update_request, &update_response);
				507	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				508	EXPECT_EQ(0U, update_response.output.available_read());
				509
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	510	FinishOperationRequest finish_request;
				511	finish_request.op_handle = begin_response.op_handle;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	512	FinishOperationResponse finish_response;
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	513	device.FinishOperation(finish_request, &finish_response);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	514	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	515	EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	516
				517	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				518	}
				519
Shawn Willden	5b41ca2	2014-08-18 14:29:14 -0600	[diff] [blame]	520	TEST_F(SigningOperationsTest, DsaSuccess) {
				521	GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
				522
				523	BeginOperationRequest begin_request;
				524	BeginOperationResponse begin_response;
				525	begin_request.SetKeyMaterial(key_blob());
				526	begin_request.purpose = KM_PURPOSE_SIGN;
				527	AddClientParams(&begin_request.additional_params);
				528
				529	device.BeginOperation(begin_request, &begin_response);
				530	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				531
				532	UpdateOperationRequest update_request;
				533	UpdateOperationResponse update_response;
				534	update_request.op_handle = begin_response.op_handle;
				535	update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
				536	EXPECT_EQ(48U, update_request.input.available_read());
				537
				538	device.UpdateOperation(update_request, &update_response);
				539	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				540	EXPECT_EQ(0U, update_response.output.available_read());
				541
				542	FinishOperationRequest finish_request;
				543	finish_request.op_handle = begin_response.op_handle;
				544	FinishOperationResponse finish_response;
				545	device.FinishOperation(finish_request, &finish_response);
				546	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				547	EXPECT_GT(finish_response.output.available_read(), 0U);
				548
				549	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				550	}
				551
Shawn Willden	5ac2f8f	2014-08-18 15:33:10 -0600	[diff] [blame^]	552	TEST_F(SigningOperationsTest, EcdsaSuccess) {
				553	GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
				554
				555	BeginOperationRequest begin_request;
				556	BeginOperationResponse begin_response;
				557	begin_request.SetKeyMaterial(key_blob());
				558	begin_request.purpose = KM_PURPOSE_SIGN;
				559	AddClientParams(&begin_request.additional_params);
				560
				561	device.BeginOperation(begin_request, &begin_response);
				562	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				563
				564	UpdateOperationRequest update_request;
				565	UpdateOperationResponse update_response;
				566	update_request.op_handle = begin_response.op_handle;
				567	update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
				568	EXPECT_EQ(48U, update_request.input.available_read());
				569
				570	device.UpdateOperation(update_request, &update_response);
				571	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				572	EXPECT_EQ(0U, update_response.output.available_read());
				573
				574	FinishOperationRequest finish_request;
				575	finish_request.op_handle = begin_response.op_handle;
				576	FinishOperationResponse finish_response;
				577	device.FinishOperation(finish_request, &finish_response);
				578	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				579	EXPECT_GT(finish_response.output.available_read(), 0U);
				580
				581	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				582	}
				583
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	584	TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	585	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	586
				587	BeginOperationRequest begin_request;
				588	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	589	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	590	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	591	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	592
				593	device.BeginOperation(begin_request, &begin_response);
				594	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				595
				596	EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
				597
				598	// Another abort should fail
				599	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				600	}
				601
				602	TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	603	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	604
				605	BeginOperationRequest begin_request;
				606	BeginOperationResponse begin_response;
				607	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	608	begin_request.SetKeyMaterial(key_blob());
				609	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	610
				611	device.BeginOperation(begin_request, &begin_response);
				612	ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
				613
				614	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				615	}
				616
				617	TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	618	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	619
				620	BeginOperationRequest begin_request;
				621	BeginOperationResponse begin_response;
				622	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	623	begin_request.SetKeyMaterial(key_blob());
				624	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	625
				626	device.BeginOperation(begin_request, &begin_response);
				627	ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
				628
				629	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				630	}
				631
				632	TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	633	GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
				634	256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	635
				636	BeginOperationRequest begin_request;
				637	BeginOperationResponse begin_response;
				638	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	639	begin_request.SetKeyMaterial(key_blob());
				640	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	641
				642	device.BeginOperation(begin_request, &begin_response);
				643	ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
				644
				645	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				646	}
				647
				648	TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	649	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
				650	256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	651
				652	BeginOperationRequest begin_request;
				653	BeginOperationResponse begin_response;
				654	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	655	begin_request.SetKeyMaterial(key_blob());
				656	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	657
				658	device.BeginOperation(begin_request, &begin_response);
				659	ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
				660
				661	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				662	}
				663
				664	TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	665	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	666
				667	BeginOperationRequest begin_request;
				668	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	669	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	670	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	671	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	672
				673	device.BeginOperation(begin_request, &begin_response);
				674	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				675
				676	UpdateOperationRequest update_request;
				677	UpdateOperationResponse update_response;
				678	update_request.op_handle = begin_response.op_handle;
				679	update_request.input.Reinitialize("01234567890123456789012345678901", 31);
				680	EXPECT_EQ(31U, update_request.input.available_read());
				681
				682	device.UpdateOperation(update_request, &update_response);
				683	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				684	EXPECT_EQ(0U, update_response.output.available_read());
				685
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	686	FinishOperationRequest finish_request;
				687	finish_request.op_handle = begin_response.op_handle;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	688	FinishOperationResponse finish_response;
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	689	device.FinishOperation(finish_request, &finish_response);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	690	ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, finish_response.error);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	691	EXPECT_EQ(0U, finish_response.output.available_read());
				692
				693	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				694	}
				695
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	696	typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	697	TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	698	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
				699	const char message[] = "12345678901234567890123456789012";
				700	SignMessage(message, array_size(message) - 1);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	701	ASSERT_TRUE(signature() != NULL);
				702
				703	BeginOperationRequest begin_request;
				704	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	705	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	706	begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	707	AddClientParams(&begin_request.additional_params);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	708
				709	device.BeginOperation(begin_request, &begin_response);
				710	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				711
				712	UpdateOperationRequest update_request;
				713	UpdateOperationResponse update_response;
				714	update_request.op_handle = begin_response.op_handle;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	715	update_request.input.Reinitialize(message, array_size(message) - 1);
				716	EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	717
				718	device.UpdateOperation(update_request, &update_response);
				719	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				720	EXPECT_EQ(0U, update_response.output.available_read());
				721
				722	FinishOperationRequest finish_request;
				723	finish_request.op_handle = begin_response.op_handle;
				724	finish_request.signature.Reinitialize(*signature());
				725	FinishOperationResponse finish_response;
				726	device.FinishOperation(finish_request, &finish_response);
				727	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	728	EXPECT_EQ(0U, finish_response.output.available_read());
				729
				730	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				731	}
				732
Shawn Willden	5b41ca2	2014-08-18 14:29:14 -0600	[diff] [blame]	733	TEST_F(VerificationOperationsTest, DsaSuccess) {
				734	GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
				735	const char message[] = "123456789012345678901234567890123456789012345678";
				736	SignMessage(message, array_size(message) - 1);
				737	ASSERT_TRUE(signature() != NULL);
				738
				739	BeginOperationRequest begin_request;
				740	BeginOperationResponse begin_response;
				741	begin_request.SetKeyMaterial(key_blob());
				742	begin_request.purpose = KM_PURPOSE_VERIFY;
				743	AddClientParams(&begin_request.additional_params);
				744
				745	device.BeginOperation(begin_request, &begin_response);
				746	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				747
				748	UpdateOperationRequest update_request;
				749	UpdateOperationResponse update_response;
				750	update_request.op_handle = begin_response.op_handle;
				751	update_request.input.Reinitialize(message, array_size(message) - 1);
				752	EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
				753
				754	device.UpdateOperation(update_request, &update_response);
				755	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				756	EXPECT_EQ(0U, update_response.output.available_read());
				757
				758	FinishOperationRequest finish_request;
				759	finish_request.op_handle = begin_response.op_handle;
				760	finish_request.signature.Reinitialize(*signature());
				761	FinishOperationResponse finish_response;
				762	device.FinishOperation(finish_request, &finish_response);
				763	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				764	EXPECT_EQ(0U, finish_response.output.available_read());
				765
				766	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				767	}
				768
Shawn Willden	5ac2f8f	2014-08-18 15:33:10 -0600	[diff] [blame^]	769	TEST_F(VerificationOperationsTest, EcdsaSuccess) {
				770	GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
				771	const char message[] = "123456789012345678901234567890123456789012345678";
				772	SignMessage(message, array_size(message) - 1);
				773	ASSERT_TRUE(signature() != NULL);
				774
				775	BeginOperationRequest begin_request;
				776	BeginOperationResponse begin_response;
				777	begin_request.SetKeyMaterial(key_blob());
				778	begin_request.purpose = KM_PURPOSE_VERIFY;
				779	AddClientParams(&begin_request.additional_params);
				780
				781	device.BeginOperation(begin_request, &begin_response);
				782	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				783
				784	UpdateOperationRequest update_request;
				785	UpdateOperationResponse update_response;
				786	update_request.op_handle = begin_response.op_handle;
				787	update_request.input.Reinitialize(message, array_size(message) - 1);
				788	EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
				789
				790	device.UpdateOperation(update_request, &update_response);
				791	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				792	EXPECT_EQ(0U, update_response.output.available_read());
				793
				794	FinishOperationRequest finish_request;
				795	finish_request.op_handle = begin_response.op_handle;
				796	finish_request.signature.Reinitialize(*signature());
				797	FinishOperationResponse finish_response;
				798	device.FinishOperation(finish_request, &finish_response);
				799	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				800	EXPECT_EQ(0U, finish_response.output.available_read());
				801
				802	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				803	}
				804
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	805	} // namespace test
				806	} // namespace keymaster