Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 5b41ca2d7f106cc49315a8ecbac2f51fb445fb57 / . / google_keymaster_test.cpp
blob: 1772c0d3d8b2e4595e89e10a9c819221083a8cac [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]18
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]19#include <openssl/engine.h>
20
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include "google_keymaster_utils.h"
23#include "google_softkeymaster.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]24#include "keymaster_tags.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]25
26int main(int argc, char** argv) {
27 ::testing::InitGoogleTest(&argc, argv);
28 int result = RUN_ALL_TESTS();
29 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
30 CRYPTO_cleanup_all_ex_data();
31 ERR_free_strings();
32 return result;
33}
34
35namespace keymaster {
36namespace test {
37
38class KeymasterTest : public testing::Test {
39 protected:
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]40 KeymasterTest() : device(5) { RAND_seed("foobar", 6); }
41 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]42
43 GoogleSoftKeymaster device;
44};
45
46template <keymaster_tag_t Tag, typename KeymasterEnum>
47bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM, Tag, KeymasterEnum> tag,
48 KeymasterEnum val) {
49 int pos = set.find(tag);
50 return pos != -1 && set[pos].enumerated == val;
51}
52
53template <keymaster_tag_t Tag, typename KeymasterEnum>
54bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM_REP, Tag, KeymasterEnum> tag,
55 KeymasterEnum val) {
56 int pos = -1;
57 while ((pos = set.find(tag, pos)) != -1)
58 if (set[pos].enumerated == val)
59 return true;
60 return false;
61}
62
63template <keymaster_tag_t Tag>
64bool contains(const AuthorizationSet& set, TypedTag<KM_INT, Tag> tag, uint32_t val) {
65 int pos = set.find(tag);
66 return pos != -1 && set[pos].integer == val;
67}
68
69template <keymaster_tag_t Tag>
70bool contains(const AuthorizationSet& set, TypedTag<KM_INT_REP, Tag> tag, uint32_t val) {
71 int pos = -1;
72 while ((pos = set.find(tag, pos)) != -1)
73 if (set[pos].integer == val)
74 return true;
75 return false;
76}
77
78template <keymaster_tag_t Tag>
79bool contains(const AuthorizationSet& set, TypedTag<KM_LONG, Tag> tag, uint64_t val) {
80 int pos = set.find(tag);
81 return pos != -1 && set[pos].long_integer == val;
82}
83
84template <keymaster_tag_t Tag>
85bool contains(const AuthorizationSet& set, TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
86 int pos = set.find(tag);
87 return pos != -1 &&
88 std::string(reinterpret_cast<const char*>(set[pos].blob.data),
89 set[pos].blob.data_length) == val;
90}
91
92inline bool contains(const AuthorizationSet& set, keymaster_tag_t tag) {
93 return set.find(tag) != -1;
94}
95
96typedef KeymasterTest CheckSupported;
97TEST_F(CheckSupported, SupportedAlgorithms) {
98 // Shouldn't blow up on NULL.
99 device.SupportedAlgorithms(NULL);
100
101 SupportedResponse<keymaster_algorithm_t> response;
102 device.SupportedAlgorithms(&response);
103 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]104 EXPECT_EQ(2U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]105 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]106 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]107}
108
109TEST_F(CheckSupported, SupportedBlockModes) {
110 // Shouldn't blow up on NULL.
111 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
112
113 SupportedResponse<keymaster_block_mode_t> response;
114 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
115 EXPECT_EQ(KM_ERROR_OK, response.error);
116 EXPECT_EQ(0U, response.results_length);
117
118 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]119 EXPECT_EQ(KM_ERROR_OK, response.error);
120 EXPECT_EQ(0U, response.results_length);
121
122 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]123 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
124}
125
126TEST_F(CheckSupported, SupportedPaddingModes) {
127 // Shouldn't blow up on NULL.
128 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
129
130 SupportedResponse<keymaster_padding_t> response;
131 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
132 EXPECT_EQ(KM_ERROR_OK, response.error);
133 EXPECT_EQ(1U, response.results_length);
134 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
135
136 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]137 EXPECT_EQ(KM_ERROR_OK, response.error);
138 EXPECT_EQ(1U, response.results_length);
139 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
140
141 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]142 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
143}
144
145TEST_F(CheckSupported, SupportedDigests) {
146 // Shouldn't blow up on NULL.
147 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
148
149 SupportedResponse<keymaster_digest_t> response;
150 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
151 EXPECT_EQ(KM_ERROR_OK, response.error);
152 EXPECT_EQ(1U, response.results_length);
153 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
154
155 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]156 EXPECT_EQ(KM_ERROR_OK, response.error);
157 EXPECT_EQ(1U, response.results_length);
158 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
159
160 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]161 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
162}
163
164TEST_F(CheckSupported, SupportedImportFormats) {
165 // Shouldn't blow up on NULL.
166 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
167
168 SupportedResponse<keymaster_key_format_t> response;
169 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
170 EXPECT_EQ(KM_ERROR_OK, response.error);
171 EXPECT_EQ(1U, response.results_length);
172 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
173
174 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]175 EXPECT_EQ(KM_ERROR_OK, response.error);
176 EXPECT_EQ(1U, response.results_length);
177 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
178
179 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]180 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
181}
182
183TEST_F(CheckSupported, SupportedExportFormats) {
184 // Shouldn't blow up on NULL.
185 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
186
187 SupportedResponse<keymaster_key_format_t> response;
188 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
189 EXPECT_EQ(KM_ERROR_OK, response.error);
190 EXPECT_EQ(1U, response.results_length);
191 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
192
193 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]194 EXPECT_EQ(KM_ERROR_OK, response.error);
195 EXPECT_EQ(1U, response.results_length);
196 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
197
198 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]199 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
200}
201
202typedef KeymasterTest NewKeyGeneration;
203TEST_F(NewKeyGeneration, Rsa) {
204 keymaster_key_param_t params[] = {
205 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
206 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
207 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]208 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]209 Authorization(TAG_USER_ID, 7),
210 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]211 Authorization(TAG_APPLICATION_ID, "app_id", 6),
212 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]213 Authorization(TAG_AUTH_TIMEOUT, 300),
214 };
215 GenerateKeyRequest req;
216 req.key_description.Reinitialize(params, array_length(params));
217 GenerateKeyResponse rsp;
218
219 device.GenerateKey(req, &rsp);
220
221 ASSERT_EQ(KM_ERROR_OK, rsp.error);
222 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]223 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
224 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225
226 // Check specified tags are all present in unenforced characteristics
227 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
228 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
229
230 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
231
232 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
233 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]234 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]235 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
236
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]237 // Verify that App ID, App data and ROT are NOT included.
238 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
239 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
240 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
241
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242 // Just for giggles, check that some unexpected tags/values are NOT present.
243 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
244 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
245 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
246 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
247
248 // Now check that unspecified, defaulted tags are correct.
249 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
250 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
251 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]252}
253
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]254TEST_F(NewKeyGeneration, Dsa) {
255 keymaster_key_param_t params[] = {
256 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
257 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
258 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
259 Authorization(TAG_KEY_SIZE, 256),
260 Authorization(TAG_USER_ID, 7),
261 Authorization(TAG_USER_AUTH_ID, 8),
262 Authorization(TAG_APPLICATION_ID, "app_id", 6),
263 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
264 Authorization(TAG_AUTH_TIMEOUT, 300),
265 };
266 GenerateKeyRequest req;
267 req.key_description.Reinitialize(params, array_length(params));
268 GenerateKeyResponse rsp;
269
270 device.GenerateKey(req, &rsp);
271
272 ASSERT_EQ(KM_ERROR_OK, rsp.error);
273 EXPECT_EQ(0U, rsp.enforced.size());
274 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
275 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
276
277 // Check specified tags are all present in unenforced characteristics
278 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
279 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
280
281 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
282
283 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
284 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
285 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
286 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
287
288 // Verify that App ID, App data and ROT are NOT included.
289 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
290 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
291 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
292
293 // Just for giggles, check that some unexpected tags/values are NOT present.
294 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
295 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
296 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
297 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
298
299 // Now check that unspecified, defaulted tags are correct.
300 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
301 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
302
303 // Generator should have created DSA params.
304 keymaster_blob_t g, p, q;
305 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
306 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
307 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
308 EXPECT_EQ(64U, g.data_length);
309 EXPECT_EQ(64U, p.data_length);
310 EXPECT_EQ(20U, q.data_length);
311}
312
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]313typedef KeymasterTest GetKeyCharacteristics;
314TEST_F(GetKeyCharacteristics, SimpleRsa) {
315 keymaster_key_param_t params[] = {
316 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
317 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
318 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
319 Authorization(TAG_KEY_SIZE, 256),
320 Authorization(TAG_USER_ID, 7),
321 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]322 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]323 Authorization(TAG_AUTH_TIMEOUT, 300),
324 };
325
326 GenerateKeyRequest gen_req;
327 gen_req.key_description.Reinitialize(params, array_length(params));
328 GenerateKeyResponse gen_rsp;
329
330 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]331 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]332
333 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]334 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]335 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]336
337 GetKeyCharacteristicsResponse rsp;
338 device.GetKeyCharacteristics(req, &rsp);
339 ASSERT_EQ(KM_ERROR_OK, rsp.error);
340
341 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
342 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
343}
344
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]345/**
346 * Test class that provides some infrastructure for generating keys and signing messages.
347 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]348class SigningOperationsTest : public KeymasterTest {
349 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]350 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
351 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]352 keymaster_key_param_t params[] = {
353 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
354 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]355 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]356 Authorization(TAG_KEY_SIZE, key_size),
357 Authorization(TAG_USER_ID, 7),
358 Authorization(TAG_USER_AUTH_ID, 8),
359 Authorization(TAG_APPLICATION_ID, "app_id", 6),
360 Authorization(TAG_AUTH_TIMEOUT, 300),
361 };
362 GenerateKeyRequest generate_request;
363 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]364 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]365 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]366 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]367 generate_request.key_description.push_back(TAG_PADDING, padding);
368 device.GenerateKey(generate_request, &generate_response_);
369 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]370 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]371
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]372 void SignMessage(const void* message, size_t size) {
373 BeginOperationRequest begin_request;
374 BeginOperationResponse begin_response;
375 begin_request.SetKeyMaterial(generate_response_.key_blob);
376 begin_request.purpose = KM_PURPOSE_SIGN;
377 AddClientParams(&begin_request.additional_params);
378
379 device.BeginOperation(begin_request, &begin_response);
380 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
381
382 UpdateOperationRequest update_request;
383 UpdateOperationResponse update_response;
384 update_request.op_handle = begin_response.op_handle;
385 update_request.input.Reinitialize(message, size);
386 EXPECT_EQ(size, update_request.input.available_read());
387
388 device.UpdateOperation(update_request, &update_response);
389 ASSERT_EQ(KM_ERROR_OK, update_response.error);
390 EXPECT_EQ(0U, update_response.output.available_read());
391
392 FinishOperationRequest finish_request;
393 finish_request.op_handle = begin_response.op_handle;
394 device.FinishOperation(finish_request, &finish_response_);
395 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
396 EXPECT_GT(finish_response_.output.available_read(), 0U);
397 }
398
399 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
400
401 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
402 Buffer* signature() {
403 if (finish_response_.error == KM_ERROR_OK)
404 return &finish_response_.output;
405 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]406 }
407
408 private:
409 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]410 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]411};
412
413TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]414 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]415
416 BeginOperationRequest begin_request;
417 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]418 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]419 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]420 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]421
422 device.BeginOperation(begin_request, &begin_response);
423 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
424
425 UpdateOperationRequest update_request;
426 UpdateOperationResponse update_response;
427 update_request.op_handle = begin_response.op_handle;
428 update_request.input.Reinitialize("012345678901234567890123456789012", 32);
429 EXPECT_EQ(32U, update_request.input.available_read());
430
431 device.UpdateOperation(update_request, &update_response);
432 ASSERT_EQ(KM_ERROR_OK, update_response.error);
433 EXPECT_EQ(0U, update_response.output.available_read());
434
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]435 FinishOperationRequest finish_request;
436 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]437 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]438 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]439 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]440 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]441
442 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
443}
444
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame^]445TEST_F(SigningOperationsTest, DsaSuccess) {
446 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
447
448 BeginOperationRequest begin_request;
449 BeginOperationResponse begin_response;
450 begin_request.SetKeyMaterial(key_blob());
451 begin_request.purpose = KM_PURPOSE_SIGN;
452 AddClientParams(&begin_request.additional_params);
453
454 device.BeginOperation(begin_request, &begin_response);
455 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
456
457 UpdateOperationRequest update_request;
458 UpdateOperationResponse update_response;
459 update_request.op_handle = begin_response.op_handle;
460 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
461 EXPECT_EQ(48U, update_request.input.available_read());
462
463 device.UpdateOperation(update_request, &update_response);
464 ASSERT_EQ(KM_ERROR_OK, update_response.error);
465 EXPECT_EQ(0U, update_response.output.available_read());
466
467 FinishOperationRequest finish_request;
468 finish_request.op_handle = begin_response.op_handle;
469 FinishOperationResponse finish_response;
470 device.FinishOperation(finish_request, &finish_response);
471 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
472 EXPECT_GT(finish_response.output.available_read(), 0U);
473
474 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
475}
476
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]477TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]478 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]479
480 BeginOperationRequest begin_request;
481 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]482 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]483 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]484 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]485
486 device.BeginOperation(begin_request, &begin_response);
487 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
488
489 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
490
491 // Another abort should fail
492 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
493}
494
495TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]496 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]497
498 BeginOperationRequest begin_request;
499 BeginOperationResponse begin_response;
500 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]501 begin_request.SetKeyMaterial(key_blob());
502 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]503
504 device.BeginOperation(begin_request, &begin_response);
505 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
506
507 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
508}
509
510TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]511 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]512
513 BeginOperationRequest begin_request;
514 BeginOperationResponse begin_response;
515 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]516 begin_request.SetKeyMaterial(key_blob());
517 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]518
519 device.BeginOperation(begin_request, &begin_response);
520 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
521
522 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
523}
524
525TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]526 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
527 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]528
529 BeginOperationRequest begin_request;
530 BeginOperationResponse begin_response;
531 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]532 begin_request.SetKeyMaterial(key_blob());
533 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]534
535 device.BeginOperation(begin_request, &begin_response);
536 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
537
538 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
539}
540
541TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]542 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
543 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]544
545 BeginOperationRequest begin_request;
546 BeginOperationResponse begin_response;
547 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]548 begin_request.SetKeyMaterial(key_blob());
549 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]550
551 device.BeginOperation(begin_request, &begin_response);
552 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
553
554 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
555}
556
557TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]558 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]559
560 BeginOperationRequest begin_request;
561 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]562 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]563 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]564 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]565
566 device.BeginOperation(begin_request, &begin_response);
567 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
568
569 UpdateOperationRequest update_request;
570 UpdateOperationResponse update_response;
571 update_request.op_handle = begin_response.op_handle;
572 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
573 EXPECT_EQ(31U, update_request.input.available_read());
574
575 device.UpdateOperation(update_request, &update_response);
576 ASSERT_EQ(KM_ERROR_OK, update_response.error);
577 EXPECT_EQ(0U, update_response.output.available_read());
578
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]579 FinishOperationRequest finish_request;
580 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]581 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]582 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]583 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]584 EXPECT_EQ(0U, finish_response.output.available_read());
585
586 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
587}
588
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]589typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]590TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]591 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
592 const char message[] = "12345678901234567890123456789012";
593 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]594 ASSERT_TRUE(signature() != NULL);
595
596 BeginOperationRequest begin_request;
597 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]598 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]599 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]600 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]601
602 device.BeginOperation(begin_request, &begin_response);
603 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
604
605 UpdateOperationRequest update_request;
606 UpdateOperationResponse update_response;
607 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]608 update_request.input.Reinitialize(message, array_size(message) - 1);
609 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]610
611 device.UpdateOperation(update_request, &update_response);
612 ASSERT_EQ(KM_ERROR_OK, update_response.error);
613 EXPECT_EQ(0U, update_response.output.available_read());
614
615 FinishOperationRequest finish_request;
616 finish_request.op_handle = begin_response.op_handle;
617 finish_request.signature.Reinitialize(*signature());
618 FinishOperationResponse finish_response;
619 device.FinishOperation(finish_request, &finish_response);
620 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]621 EXPECT_EQ(0U, finish_response.output.available_read());
622
623 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
624}
625
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame^]626TEST_F(VerificationOperationsTest, DsaSuccess) {
627 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
628 const char message[] = "123456789012345678901234567890123456789012345678";
629 SignMessage(message, array_size(message) - 1);
630 ASSERT_TRUE(signature() != NULL);
631
632 BeginOperationRequest begin_request;
633 BeginOperationResponse begin_response;
634 begin_request.SetKeyMaterial(key_blob());
635 begin_request.purpose = KM_PURPOSE_VERIFY;
636 AddClientParams(&begin_request.additional_params);
637
638 device.BeginOperation(begin_request, &begin_response);
639 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
640
641 UpdateOperationRequest update_request;
642 UpdateOperationResponse update_response;
643 update_request.op_handle = begin_response.op_handle;
644 update_request.input.Reinitialize(message, array_size(message) - 1);
645 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
646
647 device.UpdateOperation(update_request, &update_response);
648 ASSERT_EQ(KM_ERROR_OK, update_response.error);
649 EXPECT_EQ(0U, update_response.output.available_read());
650
651 FinishOperationRequest finish_request;
652 finish_request.op_handle = begin_response.op_handle;
653 finish_request.signature.Reinitialize(*signature());
654 FinishOperationResponse finish_response;
655 device.FinishOperation(finish_request, &finish_response);
656 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
657 EXPECT_EQ(0U, finish_response.output.available_read());
658
659 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
660}
661
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]662} // namespace test
663} // namespace keymaster