Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 5cf45028751471f79d9f8a390f64fe9412acd53a / . / android_keymaster_test.cpp
blob: 7a9f1aeea5cb88e2e1ebb9ecabd9cee881329a74 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]49template <typename T> vector<T> make_vector(const T* array, size_t len) {
50 return vector<T>(array, array + len);
51}
52
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]53class TestKeymasterEnforcement : public KeymasterEnforcement {
54 public:
55 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
56
57 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
58 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
59 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
60 uint32_t /* timeout */) const {
61 return false;
62 }
63 virtual uint32_t get_current_time() const { return 0; }
64 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
65};
66
67class TestKeymasterContext : public SoftKeymasterContext {
68 public:
69 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
70 : SoftKeymasterContext(keymaster0) {}
71
72 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
73
74 private:
75 TestKeymasterEnforcement test_policy_;
76};
77
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]78class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
79 public:
80 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]82 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]83 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]84 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]85
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]86 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]87 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]88};
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
91 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]92 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
93
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]95 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
96 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]97 hw_device_t* softkeymaster_device;
98 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
99 &softkeymaster_device));
100 // Make the software device pretend to be hardware
101 keymaster0_device_t* keymaster0_device =
102 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]103 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
104
105 if (!support_ec_) {
106 // Make the software device pretend not to support EC
107 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
108 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]109
110 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
111
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]112 SoftKeymasterDevice* keymaster =
113 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]114 return keymaster->keymaster_device();
115 }
116
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]117 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
118 switch (algorithm) {
119 case KM_ALGORITHM_RSA:
120 return true;
121 case KM_ALGORITHM_EC:
122 return support_ec_;
123 default:
124 return false;
125 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]126 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]127 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
128
129 private:
130 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]131 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]132};
133
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]134static auto test_params = testing::Values(
135 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
136 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
137 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]138
139typedef Keymaster1Test CheckSupported;
140INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
141
142TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]143 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
144 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]146 size_t len;
147 keymaster_algorithm_t* algorithms;
148 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]149 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]150 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]151 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]152
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]153 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]154}
155
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]156TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
158 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
159 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]160
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]161 size_t len;
162 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]163 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]165 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]166 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]167
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]168 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]169 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]170 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]171
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]172 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]173 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]174 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]175 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]176
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]177 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]178}
179
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]180TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
182 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
183 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]184
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]185 size_t len;
186 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]187 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]188 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]189 EXPECT_TRUE(
190 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]191 free(modes);
192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]194 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]197 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]198
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]199 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]200 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]201 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]202 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]203
204 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
205 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
206 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]207
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]208 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]209}
210
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]211TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 EXPECT_EQ(
213 KM_ERROR_OUTPUT_PARAMETER_NULL,
214 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]215
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 size_t len;
217 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]218 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]220 EXPECT_TRUE(
221 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
222 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
223 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]227 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]228 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
229 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
230 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]231 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]232
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]233 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
234 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
235 &len));
236
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]237 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]238 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]239 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
240 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
241 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]242 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]243
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]244 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]245}
246
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]247TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
249 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]250
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 size_t len;
252 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]253 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]254 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]255 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]257
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]258 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
260 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
261 free(formats);
262
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]263 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]264 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
265 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
266 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]267
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]268 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]269}
270
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]271TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
273 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]274
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 size_t len;
276 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]277 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]278 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]279 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]280 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]281
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]282 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]283 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]284 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]286
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]287 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]288 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]289 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]290 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]291
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]292 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]293 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]294 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 free(formats);
296
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]297 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]298 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]299 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]300 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]301
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]302 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]303}
304
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]305class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]306 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]308 AuthorizationSet auths = sw_enforced();
309 EXPECT_GT(auths.SerializedSize(), 12U);
310
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
312 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
313 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]314 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]316
317 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]318 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
319 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
320 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]321
322 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]323 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
324 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
325 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]326
327 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0e0cea32015-07-23 20:18:31 +0000[diff] [blame]328 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]329 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]330 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]331};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]332INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
333
334TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]335 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
336 .RsaSigningKey(256, 3)
337 .Digest(KM_DIGEST_NONE)
338 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]339 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]340
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]341 // Check specified tags are all present, and in the right set.
342 AuthorizationSet crypto_params;
343 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]344 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]345 EXPECT_NE(0U, hw_enforced().size());
346 EXPECT_NE(0U, sw_enforced().size());
347 crypto_params.push_back(hw_enforced());
348 non_crypto_params.push_back(sw_enforced());
349 } else {
350 EXPECT_EQ(0U, hw_enforced().size());
351 EXPECT_NE(0U, sw_enforced().size());
352 crypto_params.push_back(sw_enforced());
353 }
354
355 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
356 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
357 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
358 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
359 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
360 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
361
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]362 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]363 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]364}
365
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]366TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]367 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
368 GenerateKey(AuthorizationSetBuilder()
369 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
370 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
371 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]372
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]373 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]374}
375
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]376TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]377 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]378 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]379 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]380
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]381 // Check specified tags are all present, and in the right set.
382 AuthorizationSet crypto_params;
383 AuthorizationSet non_crypto_params;
384 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
385 EXPECT_NE(0U, hw_enforced().size());
386 EXPECT_NE(0U, sw_enforced().size());
387 crypto_params.push_back(hw_enforced());
388 non_crypto_params.push_back(sw_enforced());
389 } else {
390 EXPECT_EQ(0U, hw_enforced().size());
391 EXPECT_NE(0U, sw_enforced().size());
392 crypto_params.push_back(sw_enforced());
393 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]394
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]395 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
396 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
397 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
398 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
399
400 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
401 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]402}
403
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]404TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]405 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
406 GenerateKey(AuthorizationSetBuilder()
407 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
408 .SigningKey()
409 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]410
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]411 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]412}
413
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]414TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]415 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
416 ASSERT_EQ(
417 KM_ERROR_UNKNOWN_ERROR,
418 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
419 else
420 ASSERT_EQ(
421 KM_ERROR_UNSUPPORTED_KEY_SIZE,
422 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]423
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]424 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
425 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]426}
427
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]428TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]429 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]430 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]431 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
432 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]433 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]434 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]435
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]436 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
437 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]438}
439
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]440TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]441 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
442 .HmacKey(128)
443 .Digest(KM_DIGEST_SHA_2_256)
444 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
445
446 EXPECT_EQ(0, GetParam()->keymaster0_calls());
447}
448
449TEST_P(NewKeyGeneration, HmacMultipleDigests) {
450 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
451 GenerateKey(AuthorizationSetBuilder()
452 .HmacKey(128)
453 .Digest(KM_DIGEST_SHA1)
454 .Digest(KM_DIGEST_SHA_2_256)
455 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
456
457 EXPECT_EQ(0, GetParam()->keymaster0_calls());
458}
459
460TEST_P(NewKeyGeneration, HmacDigestNone) {
461 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
462 GenerateKey(AuthorizationSetBuilder()
463 .HmacKey(128)
464 .Digest(KM_DIGEST_NONE)
465 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
466
467 EXPECT_EQ(0, GetParam()->keymaster0_calls());
468}
469
470TEST_P(NewKeyGeneration, HmacSha256TooShortMacLength) {
471 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
472 GenerateKey(AuthorizationSetBuilder()
473 .HmacKey(128)
474 .Digest(KM_DIGEST_SHA_2_256)
475 .Authorization(TAG_MIN_MAC_LENGTH, 48)));
476
477 EXPECT_EQ(0, GetParam()->keymaster0_calls());
478}
479
480TEST_P(NewKeyGeneration, HmacSha256NonIntegralOctetMacLength) {
481 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
482 GenerateKey(AuthorizationSetBuilder()
483 .HmacKey(128)
484 .Digest(KM_DIGEST_SHA_2_256)
485 .Authorization(TAG_MIN_MAC_LENGTH, 130)));
486
487 EXPECT_EQ(0, GetParam()->keymaster0_calls());
488}
489
490TEST_P(NewKeyGeneration, HmacSha256TooLongMacLength) {
491 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
492 GenerateKey(AuthorizationSetBuilder()
493 .HmacKey(128)
494 .Digest(KM_DIGEST_SHA_2_256)
495 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]496
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]497 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]498}
499
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]500typedef Keymaster1Test GetKeyCharacteristics;
501INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
502
503TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]504 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
505 .RsaSigningKey(256, 3)
506 .Digest(KM_DIGEST_NONE)
507 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]508 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]509
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]510 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
511 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]513 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]514 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]515}
516
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]517typedef Keymaster1Test SigningOperationsTest;
518INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
519
520TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]521 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
522 .RsaSigningKey(256, 3)
523 .Digest(KM_DIGEST_NONE)
524 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]525 string message = "12345678901234567890123456789012";
526 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]527 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]528
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]529 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]530 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]531}
532
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]533TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
535 .RsaSigningKey(512, 3)
536 .Digest(KM_DIGEST_SHA_2_256)
537 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]538 // Use large message, which won't work without digesting.
539 string message(1024, 'a');
540 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]541 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]542
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]543 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]544 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]545}
546
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame^]547TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]548 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
549 .RsaSigningKey(512, 3)
550 .Digest(KM_DIGEST_NONE)
551 .Padding(KM_PAD_NONE)));
552 string message = "12345678901234567890123456789012";
553 string signature;
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]554
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame^]555 AuthorizationSet begin_params(client_params());
556 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
557 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
558 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]559}
560
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]561TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]562 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
563 .RsaSigningKey(512, 3)
564 .Digest(KM_DIGEST_SHA_2_256)
565 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]566 string message(1024, 'a');
567 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]568 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]569
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]570 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]571 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]572}
573
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]574TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
575 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
576 .RsaSigningKey(512, 3)
577 .Digest(KM_DIGEST_NONE)
578 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
579 string message(53, 'a');
580 string signature;
581 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
582
583 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
584 EXPECT_EQ(3, GetParam()->keymaster0_calls());
585}
586
587TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
588 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
589 .RsaSigningKey(512, 3)
590 .Digest(KM_DIGEST_NONE)
591 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
592 string message(54, 'a');
593
594 AuthorizationSet begin_params(client_params());
595 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
596 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
597 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
598 string result;
599 size_t input_consumed;
600 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
601 string signature;
602 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
603
604 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
605 EXPECT_EQ(2, GetParam()->keymaster0_calls());
606}
607
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]608TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]609 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
610 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]611 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
612 .RsaSigningKey(256 + 9 * 8, 3)
613 .Digest(KM_DIGEST_SHA_2_256)
614 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]615 string message(1024, 'a');
616 string signature;
617
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]618 AuthorizationSet begin_params(client_params());
619 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]620 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]621 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]622}
623
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]624TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
625 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
626 .RsaSigningKey(256, 3)
627 .Digest(KM_DIGEST_NONE)
628 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
629 string message(64 * 1024, 'a');
630 string signature;
631 AuthorizationSet begin_params(client_params());
632 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
633 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
634 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
635 string result;
636 size_t input_consumed;
637 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
638
639 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
640 EXPECT_EQ(2, GetParam()->keymaster0_calls());
641}
642
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]643TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]644 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
645 .RsaSigningKey(256, 3)
646 .Digest(KM_DIGEST_NONE)
647 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]648 AuthorizationSet begin_params(client_params());
649 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]650 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]652 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
653 // Another abort should fail
654 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]655
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]656 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]657 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]658}
659
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]660TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]661 GenerateKey(AuthorizationSetBuilder()
662 .RsaSigningKey(256, 3)
663 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
664 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]665 AuthorizationSet begin_params(client_params());
666 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
667 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]668
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]669 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]670 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]671}
672
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]673TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]674 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]675 GenerateKey(AuthorizationSetBuilder()
676 .RsaSigningKey(256, 3)
677 .Digest(KM_DIGEST_NONE)
678 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]679 AuthorizationSet begin_params(client_params());
680 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]681 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]682 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]683
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]684 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]685 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]686}
687
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]688TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]689 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]690 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
691 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]692 AuthorizationSet begin_params(client_params());
693 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
694 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]695
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]696 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]697 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]698}
699
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]700TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]701 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
702 .RsaSigningKey(256, 3)
703 .Digest(KM_DIGEST_NONE)
704 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]705 AuthorizationSet begin_params(client_params());
706 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]707 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]708 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]709
710 string message = "1234567890123456789012345678901";
711 string result;
712 size_t input_consumed;
713 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
714 EXPECT_EQ(0U, result.size());
715 EXPECT_EQ(31U, input_consumed);
716
717 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]718 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]719 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]720
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]721 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]722 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]723}
724
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]725TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]726 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
727 .RsaEncryptionKey(256, 3)
728 .Digest(KM_DIGEST_NONE)
729 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]730 AuthorizationSet begin_params(client_params());
731 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
732 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
733 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]734
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]735 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]736 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]737}
738
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]739TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]740 ASSERT_EQ(KM_ERROR_OK,
741 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]742 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]743 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]744 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]745
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]746 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
747 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]748}
749
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]750TEST_P(SigningOperationsTest, EcdsaSha256Success) {
751 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
752 KM_DIGEST_SHA_2_256)));
753 string message(1024, 'a');
754 string signature;
755 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
756
757 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
758 EXPECT_EQ(3, GetParam()->keymaster0_calls());
759}
760
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]761TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
762 ASSERT_EQ(KM_ERROR_OK,
763 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
764 string message(64 * 1024, 'a');
765 string signature;
766 AuthorizationSet begin_params(client_params());
767 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
768 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
769 string result;
770 size_t input_consumed;
771 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
772
773 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
774 EXPECT_EQ(2, GetParam()->keymaster0_calls());
775}
776
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]777TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) {
778 size_t len;
779 keymaster_digest_t* digest_arr;
780 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
781 KM_PURPOSE_SIGN, &digest_arr, &len));
782 vector<int> key_sizes = {224, 256, 384, 521};
783 vector<keymaster_digest_t> digests = make_vector(digest_arr, len);
784 free(digest_arr);
785
786 for (int key_size : key_sizes) {
787 for (keymaster_digest_t digest : digests) {
788 ASSERT_EQ(
789 KM_ERROR_OK,
790 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest)));
791
792 string message(1024, 'a');
793 string signature;
794 if (digest == KM_DIGEST_NONE)
795 message.resize(key_size / 8);
796 SignMessage(message, &signature, digest);
797 }
798 }
799
800 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
801 EXPECT_EQ(digests.size() * key_sizes.size() * 3,
802 static_cast<size_t>(GetParam()->keymaster0_calls()));
803}
804
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]805TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]806 ASSERT_EQ(KM_ERROR_OK,
807 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
808 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]809 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
810 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]811
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]812 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]813}
814
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]815TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]816 GenerateKey(AuthorizationSetBuilder()
817 .HmacKey(128)
818 .Digest(KM_DIGEST_SHA1)
819 .Authorization(TAG_MIN_MAC_LENGTH, 160));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]820 string message = "12345678901234567890123456789012";
821 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]822 MacMessage(message, &signature, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]823 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]824
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]825 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]826}
827
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]828TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]829 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
830 .HmacKey(128)
831 .Digest(KM_DIGEST_SHA_2_224)
832 .Authorization(TAG_MIN_MAC_LENGTH, 160)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]833 string message = "12345678901234567890123456789012";
834 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]835 MacMessage(message, &signature, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]836 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]837
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]838 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]839}
840
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]841TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]842 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
843 .HmacKey(128)
844 .Digest(KM_DIGEST_SHA_2_256)
845 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]846 string message = "12345678901234567890123456789012";
847 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]848 MacMessage(message, &signature, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]849 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]850
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]851 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]852}
853
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]854TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]855 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
856 .HmacKey(128)
857 .Digest(KM_DIGEST_SHA_2_384)
858 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]859
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]860 string message = "12345678901234567890123456789012";
861 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]862 MacMessage(message, &signature, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]863 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]864
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]865 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]866}
867
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]868TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]869 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
870 .HmacKey(128)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]871 .Digest(KM_DIGEST_SHA_2_512)
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame^]872 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
873 string message = "12345678901234567890123456789012";
874 string signature;
875 MacMessage(message, &signature, 512);
876 ASSERT_EQ(64U, signature.size());
877
878 EXPECT_EQ(0, GetParam()->keymaster0_calls());
879}
880
881TEST_P(SigningOperationsTest, HmacLengthInKey) {
882 // TODO(swillden): unified API should generate an error on key generation.
883 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
884 .HmacKey(128)
885 .Digest(KM_DIGEST_SHA_2_512)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]886 .Authorization(TAG_MIN_MAC_LENGTH, 512)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]887 string message = "12345678901234567890123456789012";
888 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]889 MacMessage(message, &signature, 512);
890 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]891
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]892 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]893}
894
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]895TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]896 uint8_t key_data[] = {
897 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
898 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
899 };
900 string message = "Hi There";
901 uint8_t sha_224_expected[] = {
902 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
903 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
904 };
905 uint8_t sha_256_expected[] = {
906 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
907 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
908 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
909 };
910 uint8_t sha_384_expected[] = {
911 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
912 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
913 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
914 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
915 };
916 uint8_t sha_512_expected[] = {
917 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
918 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
919 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
920 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
921 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
922 };
923
924 string key = make_string(key_data);
925
926 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
927 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
928 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
929 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]930
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]931 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]932}
933
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]934TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]935 string key = "Jefe";
936 string message = "what do ya want for nothing?";
937 uint8_t sha_224_expected[] = {
938 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
939 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
940 };
941 uint8_t sha_256_expected[] = {
942 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
943 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
944 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
945 };
946 uint8_t sha_384_expected[] = {
947 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
948 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
949 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
950 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
951 };
952 uint8_t sha_512_expected[] = {
953 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
954 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
955 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
956 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
957 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
958 };
959
960 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
961 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
962 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
963 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]964
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]965 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]966}
967
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]968TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]969 string key(20, 0xaa);
970 string message(50, 0xdd);
971 uint8_t sha_224_expected[] = {
972 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
973 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
974 };
975 uint8_t sha_256_expected[] = {
976 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
977 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
978 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
979 };
980 uint8_t sha_384_expected[] = {
981 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
982 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
983 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
984 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
985 };
986 uint8_t sha_512_expected[] = {
987 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
988 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
989 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
990 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
991 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
992 };
993
994 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
995 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
996 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
997 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]998
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]999 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1000}
1001
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1002TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1003 uint8_t key_data[25] = {
1004 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
1005 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
1006 };
1007 string key = make_string(key_data);
1008 string message(50, 0xcd);
1009 uint8_t sha_224_expected[] = {
1010 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
1011 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
1012 };
1013 uint8_t sha_256_expected[] = {
1014 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
1015 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
1016 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
1017 };
1018 uint8_t sha_384_expected[] = {
1019 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
1020 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
1021 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
1022 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
1023 };
1024 uint8_t sha_512_expected[] = {
1025 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
1026 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
1027 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
1028 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
1029 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
1030 };
1031
1032 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1033 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1034 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1035 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1036
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1037 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1038}
1039
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1040TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1041 string key(20, 0x0c);
1042 string message = "Test With Truncation";
1043
1044 uint8_t sha_224_expected[] = {
1045 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
1046 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
1047 };
1048 uint8_t sha_256_expected[] = {
1049 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
1050 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
1051 };
1052 uint8_t sha_384_expected[] = {
1053 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
1054 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
1055 };
1056 uint8_t sha_512_expected[] = {
1057 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
1058 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
1059 };
1060
1061 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1062 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1063 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1064 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1065
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1066 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1067}
1068
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1069TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1070 string key(131, 0xaa);
1071 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1072
1073 uint8_t sha_224_expected[] = {
1074 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1075 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1076 };
1077 uint8_t sha_256_expected[] = {
1078 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1079 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1080 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1081 };
1082 uint8_t sha_384_expected[] = {
1083 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1084 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1085 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1086 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1087 };
1088 uint8_t sha_512_expected[] = {
1089 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1090 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1091 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1092 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1093 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1094 };
1095
1096 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1097 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1098 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1099 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1101 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1102}
1103
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1104TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1105 string key(131, 0xaa);
1106 string message = "This is a test using a larger than block-size key and a larger than "
1107 "block-size data. The key needs to be hashed before being used by the HMAC "
1108 "algorithm.";
1109
1110 uint8_t sha_224_expected[] = {
1111 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1112 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1113 };
1114 uint8_t sha_256_expected[] = {
1115 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1116 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1117 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1118 };
1119 uint8_t sha_384_expected[] = {
1120 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1121 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1122 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1123 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1124 };
1125 uint8_t sha_512_expected[] = {
1126 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1127 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1128 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1129 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1130 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1131 };
1132
1133 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1134 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1135 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1136 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1137
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1138 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1139}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1140
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1141TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1142 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1143 .HmacKey(128)
1144 .Digest(KM_DIGEST_SHA_2_256)
1145 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1146 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1147 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1148 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1149 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1150 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1151
1152 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1153}
1154
1155TEST_P(SigningOperationsTest, HmacSha256TooSmallMacLength) {
1156 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1157 .HmacKey(128)
1158 .Digest(KM_DIGEST_SHA_2_256)
1159 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
1160 AuthorizationSet begin_params(client_params());
1161 begin_params.push_back(TAG_MAC_LENGTH, 120);
1162 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
1163 ASSERT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
1164 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1165
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1166 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1167}
1168
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1169// TODO(swillden): Add more verification failure tests.
1170
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1171typedef Keymaster1Test VerificationOperationsTest;
1172INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1173
1174TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1175 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1176 .RsaSigningKey(256, 3)
1177 .Digest(KM_DIGEST_NONE)
1178 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1179 string message = "12345678901234567890123456789012";
1180 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1181 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1182 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1183
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1184 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1185 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1186}
1187
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1188TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1189 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1190 .RsaSigningKey(512, 3)
1191 .Digest(KM_DIGEST_SHA_2_256)
1192 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1193 // Use large message, which won't work without digesting.
1194 string message(1024, 'a');
1195 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1196 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1197 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1198
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1199 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1200 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1201}
1202
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1203TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1204 GenerateKey(AuthorizationSetBuilder()
1205 .RsaSigningKey(512, 3)
1206 .Digest(KM_DIGEST_SHA_2_256)
1207 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1208 string message(1024, 'a');
1209 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1210 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1211 ++signature[signature.size() / 2];
1212
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1213 AuthorizationSet begin_params(client_params());
1214 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1215 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1216 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1217
1218 string result;
1219 size_t input_consumed;
1220 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1221 EXPECT_EQ(message.size(), input_consumed);
1222 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1223
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1224 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1225 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1226}
1227
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1228TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1229 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1230 .RsaSigningKey(512, 3)
1231 .Digest(KM_DIGEST_SHA_2_256)
1232 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1233 // Use large message, which won't work without digesting.
1234 string message(1024, 'a');
1235 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1236 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1237 ++message[message.size() / 2];
1238
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1239 AuthorizationSet begin_params(client_params());
1240 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1241 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1242 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1243
1244 string result;
1245 size_t input_consumed;
1246 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1247 EXPECT_EQ(message.size(), input_consumed);
1248 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1249
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1250 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1251 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1252}
1253
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1254TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1255 GenerateKey(AuthorizationSetBuilder()
1256 .RsaSigningKey(512, 3)
1257 .Digest(KM_DIGEST_SHA_2_256)
1258 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1259 string message(1024, 'a');
1260 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1261 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1262 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1263
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1264 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1265 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1266}
1267
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1268TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1269 GenerateKey(AuthorizationSetBuilder()
1270 .RsaSigningKey(512, 3)
1271 .Digest(KM_DIGEST_SHA_2_256)
1272 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1273 string message(1024, 'a');
1274 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1275 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1276 ++signature[signature.size() / 2];
1277
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1278 AuthorizationSet begin_params(client_params());
1279 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1280 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1281 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1282
1283 string result;
1284 size_t input_consumed;
1285 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1286 EXPECT_EQ(message.size(), input_consumed);
1287 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1288
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1289 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1290 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1291}
1292
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1293TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1294 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1295 .RsaSigningKey(512, 3)
1296 .Digest(KM_DIGEST_SHA_2_256)
1297 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1298 // Use large message, which won't work without digesting.
1299 string message(1024, 'a');
1300 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1301 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1302 ++message[message.size() / 2];
1303
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1304 AuthorizationSet begin_params(client_params());
1305 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1306 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1307 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1308
1309 string result;
1310 size_t input_consumed;
1311 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1312 EXPECT_EQ(message.size(), input_consumed);
1313 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1314
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1315 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1316 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1317}
1318
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1319TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1320 // Get all supported digests and padding modes.
1321 size_t digests_len;
1322 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1323 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1324 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1325 &digests_len));
1326
1327 size_t padding_modes_len;
1328 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1329 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1330 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1331 &padding_modes, &padding_modes_len));
1332
1333 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1334 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1335 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1336 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1337 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1338 // Digesting requires padding
1339 continue;
1340
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1341 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1342 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1343 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1344
1345 if (digest == KM_DIGEST_NONE) {
1346 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1347 switch (padding_mode) {
1348 case KM_PAD_NONE:
1349 // Match key size.
1350 message_len = key_bits / 8;
1351 break;
1352 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1353 message_len = key_bits / 8 - 11;
1354 break;
1355 case KM_PAD_RSA_PSS:
1356 // PSS requires a digest.
1357 continue;
1358 default:
1359 FAIL() << "Missing padding";
1360 break;
1361 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1362 } else {
1363 size_t digest_bits;
1364 switch (digest) {
1365 case KM_DIGEST_MD5:
1366 digest_bits = 128;
1367 break;
1368 case KM_DIGEST_SHA1:
1369 digest_bits = 160;
1370 break;
1371 case KM_DIGEST_SHA_2_224:
1372 digest_bits = 224;
1373 break;
1374 case KM_DIGEST_SHA_2_256:
1375 digest_bits = 256;
1376 break;
1377 case KM_DIGEST_SHA_2_384:
1378 digest_bits = 384;
1379 break;
1380 case KM_DIGEST_SHA_2_512:
1381 digest_bits = 512;
1382 break;
1383 default:
1384 FAIL() << "Missing digest";
1385 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1386
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1387 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1388 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1389 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1390 break;
1391 case KM_PAD_RSA_PSS:
Shawn Willden53488c62015-07-16 18:15:45 -0600[diff] [blame]1392 key_bits = digest_bits + 22 * 8;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1393 break;
1394 default:
1395 FAIL() << "Missing padding";
1396 break;
1397 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1398 }
1399
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1400 GenerateKey(AuthorizationSetBuilder()
1401 .RsaSigningKey(key_bits, 3)
1402 .Digest(digest)
1403 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1404 string message(message_len, 'a');
1405 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1406 SignMessage(message, &signature, digest, padding_mode);
1407 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1408 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1409 }
1410 }
1411
1412 free(padding_modes);
1413 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1414
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1415 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1416 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1417}
1418
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1419TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1420 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1421 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1422 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1423 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1424 SignMessage(message, &signature, KM_DIGEST_NONE);
1425 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1426
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1427 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1428 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1429}
1430
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1431TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1432 ASSERT_EQ(KM_ERROR_OK,
1433 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1434 string message = "12345678901234567890";
1435 string signature;
1436 SignMessage(message, &signature, KM_DIGEST_NONE);
1437 VerifyMessage(message, signature, KM_DIGEST_NONE);
1438
1439 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1440 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1441}
1442
1443TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1444 ASSERT_EQ(KM_ERROR_OK,
1445 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1446 string message = "1234567890123456789012345678901234";
1447 string signature;
1448
1449 AuthorizationSet begin_params(client_params());
1450 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1451 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1452 string output;
1453 size_t input_consumed;
1454 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1455
1456 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1457 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1458}
1459
1460TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1461 ASSERT_EQ(KM_ERROR_OK,
1462 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1463
1464 string message(66, 'a');
1465 string signature;
1466 SignMessage(message, &signature, KM_DIGEST_NONE);
1467 VerifyMessage(message, signature, KM_DIGEST_NONE);
1468
1469 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1470 message[65] ^= 7;
1471 VerifyMessage(message, signature, KM_DIGEST_NONE);
1472
1473 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1474 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1475}
1476
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1477TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1478 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1479 .EcdsaSigningKey(256)
1480 .Digest(KM_DIGEST_SHA_2_256)
1481 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1482 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1483 string signature;
1484 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1485 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1486
1487 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1488 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1489
1490 // Just for giggles, try verifying with the wrong digest.
1491 AuthorizationSet begin_params(client_params());
1492 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1493 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1494
1495 string result;
1496 size_t input_consumed;
1497 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1498 EXPECT_EQ(message.size(), input_consumed);
1499 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1500}
1501
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1502TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1503 GenerateKey(AuthorizationSetBuilder()
1504 .HmacKey(128)
1505 .Digest(KM_DIGEST_SHA1)
1506 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1507 string message = "123456789012345678901234567890123456789012345678";
1508 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1509 MacMessage(message, &signature, 160);
1510 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1511
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1512 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1513}
1514
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1515TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1516 GenerateKey(AuthorizationSetBuilder()
1517 .HmacKey(128)
1518 .Digest(KM_DIGEST_SHA_2_224)
1519 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1520 string message = "123456789012345678901234567890123456789012345678";
1521 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1522 MacMessage(message, &signature, 224);
1523 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1524
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1525 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1526}
1527
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1528TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1529 GenerateKey(AuthorizationSetBuilder()
1530 .HmacKey(128)
1531 .Digest(KM_DIGEST_SHA_2_256)
1532 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1533 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1534 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1535 MacMessage(message, &signature, 256);
1536 VerifyMac(message, signature);
1537
1538 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1539}
1540
1541TEST_P(VerificationOperationsTest, HmacSha256TooShortMac) {
1542 GenerateKey(AuthorizationSetBuilder()
1543 .HmacKey(128)
1544 .Digest(KM_DIGEST_SHA_2_256)
1545 .Authorization(TAG_MIN_MAC_LENGTH, 128));
1546 string message = "123456789012345678901234567890123456789012345678";
1547 string signature;
1548 MacMessage(message, &signature, 256);
1549
1550 // Shorten to 128 bits, should still work.
1551 signature.resize(128 / 8);
1552 VerifyMac(message, signature);
1553
1554 // Drop one more byte.
1555 signature.resize(signature.length() - 1);
1556
1557 AuthorizationSet begin_params(client_params());
1558 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1559 string result;
1560 size_t input_consumed;
1561 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1562 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1563
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1564 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1565}
1566
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1567TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1568 GenerateKey(AuthorizationSetBuilder()
1569 .HmacKey(128)
1570 .Digest(KM_DIGEST_SHA_2_384)
1571 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1572 string message = "123456789012345678901234567890123456789012345678";
1573 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1574 MacMessage(message, &signature, 384);
1575 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1576
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1577 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1578}
1579
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1580TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1581 GenerateKey(AuthorizationSetBuilder()
1582 .HmacKey(128)
1583 .Digest(KM_DIGEST_SHA_2_512)
1584 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1585 string message = "123456789012345678901234567890123456789012345678";
1586 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1587 MacMessage(message, &signature, 512);
1588 VerifyMac(message, signature);
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1589
1590 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1591}
1592
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1593typedef Keymaster1Test ExportKeyTest;
1594INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1595
1596TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1597 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1598 .RsaSigningKey(256, 3)
1599 .Digest(KM_DIGEST_NONE)
1600 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1601 string export_data;
1602 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1603 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1604
1605 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1606
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1607 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1608 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1609}
1610
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1611TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1612 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1613 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1614 string export_data;
1615 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1616 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1617
1618 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1619
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1620 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1621 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1622}
1623
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1624TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1625 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1626 .RsaSigningKey(256, 3)
1627 .Digest(KM_DIGEST_NONE)
1628 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1629 string export_data;
1630 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1631
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1632 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1633 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1634}
1635
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1636TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1637 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1638 .RsaSigningKey(256, 3)
1639 .Digest(KM_DIGEST_NONE)
1640 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1641 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1642 string export_data;
1643 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1644
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1645 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1646 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1647}
1648
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1649TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1650 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1651 string export_data;
1652
1653 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1654 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1655 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1656
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1657 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1658}
1659
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1660static string read_file(const string& file_name) {
1661 ifstream file_stream(file_name, std::ios::binary);
1662 istreambuf_iterator<char> file_begin(file_stream);
1663 istreambuf_iterator<char> file_end;
1664 return string(file_begin, file_end);
1665}
1666
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1667typedef Keymaster1Test ImportKeyTest;
1668INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1669
1670TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1671 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1672 ASSERT_EQ(633U, pk8_key.size());
1673
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1674 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1675 .RsaSigningKey(1024, 65537)
1676 .Digest(KM_DIGEST_NONE)
1677 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1678 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1679
1680 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1681 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1682 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1683 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1684 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1685 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1686 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1687 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1688 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1689 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1690
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1691 // And values provided by AndroidKeymaster
Shawn Willden0e0cea32015-07-23 20:18:31 +0000[diff] [blame]1692 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1693 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1694
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1695 string message(1024 / 8, 'a');
1696 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1697 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1698 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1699
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1700 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1701 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1702}
1703
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1704TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1705 string pk8_key = read_file("rsa_privkey_pk8.der");
1706 ASSERT_EQ(633U, pk8_key.size());
1707
1708 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1709 // point softkeymaster will no longer support keymaster0 APIs anyway.
1710 uint8_t* key_blob;
1711 size_t key_blob_length;
1712 ASSERT_EQ(0,
1713 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1714 pk8_key.size(), &key_blob, &key_blob_length));
1715 set_key_blob(key_blob, key_blob_length);
1716
1717 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1718 AuthorizationSet begin_params; // Don't use client data.
1719 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1720 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1721 AuthorizationSet update_params;
1722 AuthorizationSet output_params;
1723 string signature =
1724 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1725 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1726 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1727
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1728 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1729 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1730}
1731
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1732TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1733 string pk8_key = read_file("rsa_privkey_pk8.der");
1734 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1735 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1736 ImportKey(AuthorizationSetBuilder()
1737 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1738 .Digest(KM_DIGEST_NONE)
1739 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1740 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1741
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1742 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1743}
1744
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1745TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1746 string pk8_key = read_file("rsa_privkey_pk8.der");
1747 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1748 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1749 ImportKey(AuthorizationSetBuilder()
1750 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1751 .Digest(KM_DIGEST_NONE)
1752 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1753 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1754
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1755 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1756}
1757
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1758TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1759 string pk8_key = read_file("ec_privkey_pk8.der");
1760 ASSERT_EQ(138U, pk8_key.size());
1761
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1762 ASSERT_EQ(KM_ERROR_OK,
1763 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1764 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1765
1766 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1767 EXPECT_TRUE(
1768 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1769 TAG_ALGORITHM, KM_ALGORITHM_EC));
1770 EXPECT_TRUE(
1771 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1772 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1773
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1774 // And values provided by AndroidKeymaster
Shawn Willden0e0cea32015-07-23 20:18:31 +0000[diff] [blame]1775 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1776 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1777
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1778 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1779 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1780 SignMessage(message, &signature, KM_DIGEST_NONE);
1781 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1782
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1783 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1784 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1785}
1786
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1787TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1788 string pk8_key = read_file("ec_privkey_pk8.der");
1789 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1790
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1791 ASSERT_EQ(KM_ERROR_OK,
1792 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1793 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1794
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1795 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1796 EXPECT_TRUE(
1797 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1798 TAG_ALGORITHM, KM_ALGORITHM_EC));
1799 EXPECT_TRUE(
1800 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1801 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1802
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1803 // And values provided by AndroidKeymaster
Shawn Willden0e0cea32015-07-23 20:18:31 +0000[diff] [blame]1804 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1805 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1806
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1807 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1808 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1809 SignMessage(message, &signature, KM_DIGEST_NONE);
1810 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1811
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1812 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1813 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1814}
1815
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1816TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1817 string pk8_key = read_file("ec_privkey_pk8.der");
1818 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1819 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1820 ImportKey(AuthorizationSetBuilder()
1821 .EcdsaSigningKey(224 /* Doesn't match key */)
1822 .Digest(KM_DIGEST_NONE),
1823 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1824
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1825 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1826}
1827
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1828TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1829 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1830 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1831 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1832 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1833 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1834 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1835
1836 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1837 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1838
1839 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1840 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1841 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1842 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1843
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1844 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1845}
1846
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1847TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1848 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1849 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1850 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1851 .HmacKey(sizeof(key_data) * 8)
1852 .Digest(KM_DIGEST_SHA_2_256)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1853 .Authorization(TAG_MIN_MAC_LENGTH, 256),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1854 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1855
1856 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1857 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1858
1859 string message = "Hello World!";
1860 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1861 MacMessage(message, &signature, 256);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1862 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1863
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1864 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1865}
1866
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1867typedef Keymaster1Test EncryptionOperationsTest;
1868INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1869
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1870TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1871 ASSERT_EQ(KM_ERROR_OK,
1872 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1873
1874 string message = "12345678901234567890123456789012";
1875 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1876 EXPECT_EQ(256U / 8, ciphertext1.size());
1877
1878 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1879 EXPECT_EQ(256U / 8, ciphertext2.size());
1880
1881 // Unpadded RSA is deterministic
1882 EXPECT_EQ(ciphertext1, ciphertext2);
1883
1884 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1885 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1886}
1887
1888TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1889 ASSERT_EQ(KM_ERROR_OK,
1890 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1891
1892 string message = "1234567890123456789012345678901";
1893
1894 AuthorizationSet begin_params(client_params());
1895 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1896 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1897
1898 string result;
1899 size_t input_consumed;
1900 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1901 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1902 EXPECT_EQ(0U, result.size());
1903
1904 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1905 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1906}
1907
1908TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1909 ASSERT_EQ(KM_ERROR_OK,
1910 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1911
1912 string message = "123456789012345678901234567890123";
1913
1914 AuthorizationSet begin_params(client_params());
1915 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1916 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1917
1918 string result;
1919 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1920 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1921
1922 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1923 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1924}
1925
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1926TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1927 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1928 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1929 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1930 .Padding(KM_PAD_RSA_OAEP)
1931 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1932
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1933 string message = "Hello";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1934 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1935 EXPECT_EQ(key_size / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1936
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1937 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1938 EXPECT_EQ(key_size / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1939
1940 // OAEP randomizes padding so every result should be different.
1941 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1942
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1943 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1944 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1945}
1946
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1947TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1948 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1949 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1950 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1951 .Padding(KM_PAD_RSA_OAEP)
1952 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1953 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1954 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1955 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1956
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1957 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1958 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1959
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1960 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1961 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1962}
1963
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1964TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1965 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1966 .RsaEncryptionKey(512, 3)
1967 .Padding(KM_PAD_RSA_OAEP)
1968 .Digest(KM_DIGEST_NONE)));
1969 string message = "Hello World!";
1970
1971 AuthorizationSet begin_params(client_params());
1972 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1973 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1974 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1975
1976 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1977 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1978}
1979
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1980TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) {
1981 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden0e0cea32015-07-23 20:18:31 +0000[diff] [blame]1982 .RsaEncryptionKey(512, 3)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1983 .Padding(KM_PAD_RSA_OAEP)
1984 .Digest(KM_DIGEST_SHA_2_256)));
1985 string message = "Hello World!";
1986 // Works because encryption is a public key operation.
1987 EncryptMessage(string(message), KM_DIGEST_SHA1, KM_PAD_RSA_OAEP);
1988
1989 AuthorizationSet begin_params(client_params());
1990 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1991 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
1992 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
1993
1994 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1995 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1996}
1997
1998TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
1999 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2000 .RsaEncryptionKey(768, 3)
2001 .Padding(KM_PAD_RSA_OAEP)
2002 .Digest(KM_DIGEST_SHA_2_256)
2003 .Digest(KM_DIGEST_SHA_2_384)));
2004 string message = "Hello World!";
2005 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
2006
2007 string result;
2008 size_t input_consumed;
2009 AuthorizationSet begin_params(client_params());
2010 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2011 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
2012 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2013 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
2014 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
2015 EXPECT_EQ(0U, result.size());
2016
2017 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2018 EXPECT_EQ(4, GetParam()->keymaster0_calls());
2019}
2020
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2021TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2022 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2023 .RsaEncryptionKey(512, 3)
2024 .Padding(KM_PAD_RSA_OAEP)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2025 .Digest(KM_DIGEST_SHA1)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2026 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2027 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2028 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2029
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2030 AuthorizationSet begin_params(client_params());
2031 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2032 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2033 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2034 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2035 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2036 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2037
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2038 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2039 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2040}
2041
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2042TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2043 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2044 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2045 .RsaEncryptionKey(768, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2046 .Padding(KM_PAD_RSA_OAEP)
2047 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2048 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2049 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2050 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2051
2052 // Corrupt the ciphertext
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2053 ciphertext[key_size / 8 / 2]++;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2054
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2055 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2056 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2057 AuthorizationSet begin_params(client_params());
2058 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2059 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2060 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2061 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2062 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2063 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2064
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2065 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2066 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2067}
2068
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2069TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2070 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2071 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2072 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2073 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2074 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2075
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2076 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2077 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2078
2079 // PKCS1 v1.5 randomizes padding so every result should be different.
2080 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2081
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2082 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2083 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2084}
2085
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2086TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2087 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2088 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2089 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2090 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2091 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2092
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2093 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2094 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2095
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2096 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2097 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2098}
2099
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2100TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2101 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2102 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]2103 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2104 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2105 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2106
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2107 AuthorizationSet begin_params(client_params());
2108 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2109 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2110 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2111 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2112 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2113
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2114 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2115 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2116}
2117
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2118TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
2119 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2120 .RsaEncryptionKey(512, 3)
2121 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
2122 .Digest(KM_DIGEST_NONE)));
2123 string message = "Hello World!";
2124 string result;
2125
2126 AuthorizationSet begin_params(client_params());
2127 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2128 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
2129 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2130
2131 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2132 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2133}
2134
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2135TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2136 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2137 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2138 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2139 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2140 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2141
2142 // Corrupt the ciphertext
2143 ciphertext[512 / 8 / 2]++;
2144
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2145 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2146 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2147 AuthorizationSet begin_params(client_params());
2148 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2149 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2150 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2151 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2152 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2153
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2154 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2155 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2156}
2157
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2158TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2159 ASSERT_EQ(KM_ERROR_OK,
2160 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2161
2162 AuthorizationSet begin_params(client_params());
2163 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2164 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2165
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2166 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2167 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2168}
2169
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2170TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2171 ASSERT_EQ(KM_ERROR_OK,
2172 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2173 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2174 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2175
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2176 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2177 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2178}
2179
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2180TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2181 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2182 .HmacKey(128)
2183 .Digest(KM_DIGEST_SHA_2_256)
2184 .Padding(KM_PAD_NONE)
2185 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2186 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2187 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2188
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2189 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2190}
2191
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2192TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2193 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2194 .AesEncryptionKey(128)
2195 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2196 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2197 // Two-block message.
2198 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2199 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2200 EXPECT_EQ(message.size(), ciphertext1.size());
2201
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2202 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2203 EXPECT_EQ(message.size(), ciphertext2.size());
2204
2205 // ECB is deterministic.
2206 EXPECT_EQ(ciphertext1, ciphertext2);
2207
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2208 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2209 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2210
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2211 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2212}
2213
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2214TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2215 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2216 .AesEncryptionKey(128)
2217 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2218 .Padding(KM_PAD_NONE)));
2219 // Two-block message.
2220 string message = "12345678901234567890123456789012";
2221 AuthorizationSet begin_params(client_params());
2222 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2223 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2224 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2225
2226 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2227}
2228
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2229TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2230 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2231 .AesEncryptionKey(128)
2232 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2233 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2234 // Message is slightly shorter than two blocks.
2235 string message = "1234567890123456789012345678901";
2236
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2237 AuthorizationSet begin_params(client_params());
2238 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2239 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2240 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2241 string ciphertext;
2242 size_t input_consumed;
2243 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2244 EXPECT_EQ(message.size(), input_consumed);
2245 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2246
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2247 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2248}
2249
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2250TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2251 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2252 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2253 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2254 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2255
2256 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2257 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2258 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2259 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2260 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2261 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2262 EXPECT_EQ(message, plaintext);
2263 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2264
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2265 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2266}
2267
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2268TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2269 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2270 .AesEncryptionKey(128)
2271 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2272 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2273
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame^]2274 // Try various message lengths; all should fail.
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2275 for (size_t i = 0; i < 32; ++i) {
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame^]2276 AuthorizationSet begin_params(client_params());
2277 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2278 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
2279 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE,
2280 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2281 }
2282
2283 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2284}
2285
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2286TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2287 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2288 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2289 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2290 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2291
2292 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2293 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2294 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2295 EXPECT_NE(ciphertext, message);
2296 ++ciphertext[ciphertext.size() / 2];
2297
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2298 AuthorizationSet begin_params(client_params());
2299 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2300 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2301 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2302 string plaintext;
2303 size_t input_consumed;
2304 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2305 EXPECT_EQ(ciphertext.size(), input_consumed);
2306 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2307
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2308 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2309}
2310
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2311TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2312 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2313 .AesEncryptionKey(128)
2314 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2315 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2316 string message = "123";
2317 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2318 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2319 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2320 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2321
2322 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2323 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2324 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2325 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2326
2327 // IVs should be random, so ciphertexts should differ.
2328 EXPECT_NE(iv1, iv2);
2329 EXPECT_NE(ciphertext1, ciphertext2);
2330
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2331 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2332 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2333
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2334 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2335}
2336
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2337TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2338 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2339 .AesEncryptionKey(128)
2340 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2341 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2342
2343 int increment = 15;
2344 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2345 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2346 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2347 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2348 AuthorizationSet output_params;
2349 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2350
2351 string ciphertext;
2352 size_t input_consumed;
2353 for (size_t i = 0; i < message.size(); i += increment)
2354 EXPECT_EQ(KM_ERROR_OK,
2355 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2356 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2357 EXPECT_EQ(message.size(), ciphertext.size());
2358
2359 // Move TAG_NONCE into input_params
2360 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2361 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2362 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2363 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2364 output_params.Clear();
2365
2366 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2367 string plaintext;
2368 for (size_t i = 0; i < ciphertext.size(); i += increment)
2369 EXPECT_EQ(KM_ERROR_OK,
2370 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2371 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2372 EXPECT_EQ(ciphertext.size(), plaintext.size());
2373 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2374
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2375 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2376}
2377
2378struct AesCtrSp80038aTestVector {
2379 const char* key;
2380 const char* nonce;
2381 const char* plaintext;
2382 const char* ciphertext;
2383};
2384
2385// These test vectors are taken from
2386// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2387static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2388 // AES-128
2389 {
2390 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2391 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2392 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2393 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2394 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2395 },
2396 // AES-192
2397 {
2398 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2399 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2400 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2401 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2402 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2403 },
2404 // AES-256
2405 {
2406 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2407 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2408 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2409 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2410 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2411 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2412 },
2413};
2414
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2415TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2416 for (size_t i = 0; i < 3; i++) {
2417 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2418 const string key = hex2str(test.key);
2419 const string nonce = hex2str(test.nonce);
2420 const string plaintext = hex2str(test.plaintext);
2421 const string ciphertext = hex2str(test.ciphertext);
2422 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2423 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2424
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2425 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2426}
2427
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2428TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2429 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2430 .AesEncryptionKey(128)
2431 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2432 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2433 AuthorizationSet begin_params(client_params());
2434 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2435 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2436 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2437
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2438 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2439}
2440
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2441TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2442 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2443 .AesEncryptionKey(128)
2444 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2445 .Authorization(TAG_CALLER_NONCE)
2446 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2447
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2448 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2449 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2450 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2451 input_params.push_back(TAG_NONCE, "123", 3);
2452 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2453
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2454 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2455}
2456
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2457TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2458 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2459 .AesEncryptionKey(128)
2460 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2461 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2462 // Two-block message.
2463 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2464 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2465 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2466 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2467
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2468 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2469 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2470 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2471
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2472 // IVs should be random, so ciphertexts should differ.
2473 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2474 EXPECT_NE(ciphertext1, ciphertext2);
2475
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2476 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2477 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2478
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2479 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2480}
2481
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2482TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2483 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2484 .AesEncryptionKey(128)
2485 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2486 .Authorization(TAG_CALLER_NONCE)
2487 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2488 string message = "12345678901234567890123456789012";
2489 string iv1;
2490 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2491 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2492 EXPECT_EQ(message.size(), ciphertext1.size());
2493 EXPECT_EQ(16U, iv1.size());
2494
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2495 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2496 EXPECT_EQ(message, plaintext);
2497
2498 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2499 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2500 AuthorizationSet update_params;
2501 AuthorizationSet output_params;
2502 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2503 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2504 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2505 string ciphertext2 =
2506 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2507
2508 // Decrypt with correct nonce.
2509 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2510 &output_params);
2511 EXPECT_EQ(message, plaintext);
2512
2513 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2514 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2515 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2516 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2517 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2518 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2519 &output_params);
2520 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2521
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2522 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2523}
2524
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2525TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2526 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2527 .AesEncryptionKey(128)
2528 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2529 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2530
2531 string message = "12345678901234567890123456789012";
2532 string iv1;
2533 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2534 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2535 EXPECT_EQ(message.size(), ciphertext1.size());
2536 EXPECT_EQ(16U, iv1.size());
2537
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2538 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2539 EXPECT_EQ(message, plaintext);
2540
2541 // Now specify a nonce, should fail.
2542 AuthorizationSet input_params(client_params());
2543 AuthorizationSet update_params;
2544 AuthorizationSet output_params;
2545 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2546 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2547 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2548
2549 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2550 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2551
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2552 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2553}
2554
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2555TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2556 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2557 .AesEncryptionKey(128)
2558 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2559 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2560
2561 int increment = 15;
2562 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2563 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2564 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2565 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2566 AuthorizationSet output_params;
2567 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2568
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2569 string ciphertext;
2570 size_t input_consumed;
2571 for (size_t i = 0; i < message.size(); i += increment)
2572 EXPECT_EQ(KM_ERROR_OK,
2573 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2574 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2575 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2576
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2577 // Move TAG_NONCE into input_params
2578 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2579 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2580 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2581 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2582 output_params.Clear();
2583
2584 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2585 string plaintext;
2586 for (size_t i = 0; i < ciphertext.size(); i += increment)
2587 EXPECT_EQ(KM_ERROR_OK,
2588 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2589 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2590 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2591 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2592
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2593 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2594}
2595
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2596TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2597 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2598 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2599 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2600 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2601
2602 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2603 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2604 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2605 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2606 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2607 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2608 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2609 EXPECT_EQ(message, plaintext);
2610 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2611
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2612 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2613}
2614
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2615TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2616 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2617 .AesEncryptionKey(128)
2618 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2619 .Authorization(TAG_PADDING, KM_PAD_NONE)
2620 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2621 string aad = "foobar";
2622 string message = "123456789012345678901234567890123456";
2623 AuthorizationSet begin_params(client_params());
2624 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2625 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2626 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2627
2628 AuthorizationSet update_params;
2629 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2630
2631 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2632 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2633 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2634 string ciphertext;
2635 size_t input_consumed;
2636 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2637 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2638 &input_consumed));
2639 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2640 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2641
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2642 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2643 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2644 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2645
2646 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2647 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2648 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2649 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2650 &plaintext, &input_consumed));
2651 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2652 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2653
2654 EXPECT_EQ(message, plaintext);
2655 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2656}
2657
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2658TEST_P(EncryptionOperationsTest, AesGcmTooShortTag) {
2659 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2660 .AesEncryptionKey(128)
2661 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2662 .Authorization(TAG_PADDING, KM_PAD_NONE)
2663 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2664 string aad = "foobar";
2665 string message = "123456789012345678901234567890123456";
2666 AuthorizationSet begin_params(client_params());
2667 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2668 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2669 begin_params.push_back(TAG_MAC_LENGTH, 96);
2670
2671 AuthorizationSet update_params;
2672 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2673
2674 AuthorizationSet begin_out_params;
2675 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
2676 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2677
2678 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2679}
2680
2681TEST_P(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) {
2682 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2683 .AesEncryptionKey(128)
2684 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2685 .Authorization(TAG_PADDING, KM_PAD_NONE)
2686 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2687 string aad = "foobar";
2688 string message = "123456789012345678901234567890123456";
2689 AuthorizationSet begin_params(client_params());
2690 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2691 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2692 begin_params.push_back(TAG_MAC_LENGTH, 128);
2693
2694 AuthorizationSet update_params;
2695 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2696
2697 // Encrypt
2698 AuthorizationSet begin_out_params;
2699 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2700 string ciphertext;
2701 size_t input_consumed;
2702 AuthorizationSet update_out_params;
2703 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2704 &input_consumed));
2705 EXPECT_EQ(message.size(), input_consumed);
2706 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2707
2708 // Grab nonce
2709 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2710 begin_params.Reinitialize(client_params());
2711 begin_params.push_back(begin_out_params);
2712 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2713 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2714 begin_params.push_back(TAG_MAC_LENGTH, 96);
2715
2716 // Decrypt.
2717 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2718
2719 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2720}
2721
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2722TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2723 uint8_t nonce[] = {
2724 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2725 };
2726 uint8_t ciphertext[] = {
2727 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2728 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2729 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2730 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2731 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2732 };
2733 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2734
2735 AuthorizationSet begin_params(client_params());
2736 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2737 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2738 begin_params.push_back(TAG_MAC_LENGTH, 128);
2739 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2740
2741 string plaintext;
2742 size_t input_consumed;
2743
2744 // Import correct key and decrypt
2745 uint8_t good_key[] = {
2746 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2747 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2748 };
2749 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2750 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2751 .AesEncryptionKey(128)
2752 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2753 .Authorization(TAG_PADDING, KM_PAD_NONE)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2754 .Authorization(TAG_CALLER_NONCE)
2755 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2756 KM_KEY_FORMAT_RAW, good_key_str));
2757 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2758 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2759 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2760
2761 // Import bad key and decrypt
2762 uint8_t bad_key[] = {
2763 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2764 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2765 };
2766 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2767 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2768 .AesEncryptionKey(128)
2769 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2770 .Authorization(TAG_PADDING, KM_PAD_NONE)
2771 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2772 KM_KEY_FORMAT_RAW, bad_key_str));
2773 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2774 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2775 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2776
2777 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2778}
2779
2780TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2781 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2782 .AesEncryptionKey(128)
2783 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2784 .Authorization(TAG_PADDING, KM_PAD_NONE)
2785 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2786 string aad = "123456789012345678";
2787 string empty_message;
2788 AuthorizationSet begin_params(client_params());
2789 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2790 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2791 begin_params.push_back(TAG_MAC_LENGTH, 128);
2792
2793 AuthorizationSet update_params;
2794 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2795
2796 // Encrypt
2797 AuthorizationSet begin_out_params;
2798 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2799 string ciphertext;
2800 size_t input_consumed;
2801 AuthorizationSet update_out_params;
2802 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2803 &ciphertext, &input_consumed));
2804 EXPECT_EQ(0U, input_consumed);
2805 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2806
2807 // Grab nonce
2808 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2809 begin_params.push_back(begin_out_params);
2810
2811 // Decrypt.
2812 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2813 string plaintext;
2814 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2815 &plaintext, &input_consumed));
2816 EXPECT_EQ(ciphertext.size(), input_consumed);
2817 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2818
2819 EXPECT_EQ(empty_message, plaintext);
2820 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2821}
2822
2823TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2824 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2825 .AesEncryptionKey(128)
2826 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2827 .Authorization(TAG_PADDING, KM_PAD_NONE)
2828 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2829 AuthorizationSet begin_params(client_params());
2830 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2831 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2832 begin_params.push_back(TAG_MAC_LENGTH, 128);
2833
2834 AuthorizationSet update_params;
2835 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2836
2837 // Encrypt
2838 AuthorizationSet begin_out_params;
2839 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2840 string ciphertext;
2841 size_t input_consumed;
2842 AuthorizationSet update_out_params;
2843
2844 // Send AAD, incrementally
2845 for (int i = 0; i < 1000; ++i) {
2846 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2847 &input_consumed));
2848 EXPECT_EQ(0U, input_consumed);
2849 EXPECT_EQ(0U, ciphertext.size());
2850 }
2851
2852 // Now send data, incrementally, no data.
2853 AuthorizationSet empty_params;
2854 for (int i = 0; i < 1000; ++i) {
2855 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2856 &input_consumed));
2857 EXPECT_EQ(1U, input_consumed);
2858 }
2859 EXPECT_EQ(1000U, ciphertext.size());
2860
2861 // And finish.
2862 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2863 EXPECT_EQ(1016U, ciphertext.size());
2864
2865 // Grab nonce
2866 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2867 begin_params.push_back(begin_out_params);
2868
2869 // Decrypt.
2870 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2871 string plaintext;
2872
2873 // Send AAD, incrementally, no data
2874 for (int i = 0; i < 1000; ++i) {
2875 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2876 &input_consumed));
2877 EXPECT_EQ(0U, input_consumed);
2878 EXPECT_EQ(0U, plaintext.size());
2879 }
2880
2881 // Now send data, incrementally.
2882 for (size_t i = 0; i < ciphertext.length(); ++i) {
2883 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2884 &update_out_params, &plaintext, &input_consumed));
2885 EXPECT_EQ(1U, input_consumed);
2886 }
2887 EXPECT_EQ(1000U, plaintext.size());
2888 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2889
2890 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2891}
2892
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2893TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2894 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2895 .AesEncryptionKey(128)
2896 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2897 .Authorization(TAG_PADDING, KM_PAD_NONE)
2898 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2899 string message = "123456789012345678901234567890123456";
2900 AuthorizationSet begin_params(client_params());
2901 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2902 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2903 begin_params.push_back(TAG_MAC_LENGTH, 128);
2904 AuthorizationSet begin_out_params;
2905
2906 AuthorizationSet update_params;
2907 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2908
2909 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2910
2911 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2912 string ciphertext;
2913 size_t input_consumed;
2914 AuthorizationSet update_out_params;
2915 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2916 &ciphertext, &input_consumed));
2917 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2918
2919 // AAD and data.
2920 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2921 &input_consumed));
2922 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2923 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2924
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2925 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2926 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2927 begin_params.push_back(begin_out_params);
2928
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2929 // Decrypt
2930 update_params.Clear();
2931 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2932
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2933 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2934 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2935 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2936 &plaintext, &input_consumed));
2937 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2938 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2939
2940 EXPECT_EQ(message, plaintext);
2941 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2942}
2943
2944TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2945 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2946 .AesEncryptionKey(128)
2947 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2948 .Authorization(TAG_PADDING, KM_PAD_NONE)
2949 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2950 string message = "12345678901234567890123456789012";
2951 AuthorizationSet begin_params(client_params());
2952 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2953 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2954 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2955
2956 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2957 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2958
2959 AuthorizationSet finish_params;
2960 AuthorizationSet finish_out_params;
2961
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2962 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2963 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2964 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2965 AuthorizationSet update_out_params;
2966 string ciphertext;
2967 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2968 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2969 &input_consumed));
2970 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2971 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2972
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2973 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2974 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2975 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2976
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2977 update_params.Clear();
2978 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2979
2980 // Decrypt.
2981 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2982 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2983 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2984 &plaintext, &input_consumed));
2985 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2986 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2987
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2988 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2989}
2990
2991TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2992 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2993 .AesEncryptionKey(128)
2994 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2995 .Authorization(TAG_PADDING, KM_PAD_NONE)
2996 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2997 string message = "12345678901234567890123456789012";
2998 AuthorizationSet begin_params(client_params());
2999 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3000 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3001 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3002
3003 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3004 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3005
3006 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3007 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3008 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3009 AuthorizationSet update_out_params;
3010 string ciphertext;
3011 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3012 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3013 &input_consumed));
3014 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3015 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3016
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3017 begin_params.push_back(TAG_NONCE, "123456789012", 12);
3018
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3019 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3020 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3021 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3022 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3023 &plaintext, &input_consumed));
3024 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3025 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3026
3027 // With wrong nonce, should have gotten garbage plaintext.
3028 EXPECT_NE(message, plaintext);
3029 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3030}
3031
3032TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
3033 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3034 .AesEncryptionKey(128)
3035 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3036 .Authorization(TAG_PADDING, KM_PAD_NONE)
3037 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3038 string aad = "foobar";
3039 string message = "123456789012345678901234567890123456";
3040 AuthorizationSet begin_params(client_params());
3041 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3042 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3043 begin_params.push_back(TAG_MAC_LENGTH, 128);
3044 AuthorizationSet begin_out_params;
3045
3046 AuthorizationSet update_params;
3047 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3048
3049 // Encrypt
3050 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3051 AuthorizationSet update_out_params;
3052 string ciphertext;
3053 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3054 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3055 &input_consumed));
3056 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3057 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3058
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3059 // Corrupt tag
3060 (*ciphertext.rbegin())++;
3061
3062 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3063 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3064 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3065
3066 // Decrypt.
3067 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3068 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3069 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3070 &plaintext, &input_consumed));
3071 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3072 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3073
3074 EXPECT_EQ(message, plaintext);
3075 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3076}
3077
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]3078typedef Keymaster1Test MaxOperationsTest;
3079INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
3080
3081TEST_P(MaxOperationsTest, TestLimit) {
3082 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3083 .AesEncryptionKey(128)
3084 .EcbMode()
3085 .Authorization(TAG_PADDING, KM_PAD_NONE)
3086 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3087
3088 string message = "1234567890123456";
3089 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3090 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3091 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3092
3093 // Fourth time should fail.
3094 AuthorizationSet begin_params(client_params());
3095 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3096 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3097 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3098
3099 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3100}
3101
3102TEST_P(MaxOperationsTest, TestAbort) {
3103 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3104 .AesEncryptionKey(128)
3105 .EcbMode()
3106 .Authorization(TAG_PADDING, KM_PAD_NONE)
3107 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3108
3109 string message = "1234567890123456";
3110 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3111 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3112 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3113
3114 // Fourth time should fail.
3115 AuthorizationSet begin_params(client_params());
3116 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3117 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3118 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3119
3120 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3121}
3122
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]3123typedef Keymaster1Test AddEntropyTest;
3124INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
3125
3126TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3127 // There's no obvious way to test that entropy is actually added, but we can test that the API
3128 // doesn't blow up or return an error.
3129 EXPECT_EQ(KM_ERROR_OK,
3130 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3131
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3132 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3133}
3134
3135typedef Keymaster1Test Keymaster0AdapterTest;
3136INSTANTIATE_TEST_CASE_P(
3137 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3138 ::testing::Values(
3139 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
3140 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3141
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3142TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3143 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3144 // key data.
3145 string km1_sw = read_file("km1_sw_rsa_512.blob");
3146 EXPECT_EQ(486U, km1_sw.length());
3147
3148 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3149 memcpy(key_data, km1_sw.data(), km1_sw.length());
3150 set_key_blob(key_data, km1_sw.length());
3151
3152 string message(64, 'a');
3153 string signature;
3154 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3155
3156 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3157}
3158
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]3159TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
3160 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
3161 // blobs contain OCB-encrypted key data.
3162 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
3163 EXPECT_EQ(477U, km1_sw.length());
3164
3165 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3166 memcpy(key_data, km1_sw.data(), km1_sw.length());
3167 set_key_blob(key_data, km1_sw.length());
3168
3169 string message(64, 'a');
3170 string signature;
3171 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3172
3173 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3174}
3175
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3176TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
3177 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3178 // key data.
3179 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
3180 EXPECT_EQ(270U, km1_sw.length());
3181
3182 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3183 memcpy(key_data, km1_sw.data(), km1_sw.length());
3184 set_key_blob(key_data, km1_sw.length());
3185
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]3186 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3187 string signature;
3188 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3189
3190 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3191}
3192
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3193struct Malloc_Delete {
3194 void operator()(void* p) { free(p); }
3195};
3196
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3197TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3198 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3199 string km0_sw = read_file("km0_sw_rsa_512.blob");
3200 EXPECT_EQ(333U, km0_sw.length());
3201
3202 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3203 memcpy(key_data, km0_sw.data(), km0_sw.length());
3204 set_key_blob(key_data, km0_sw.length());
3205
3206 string message(64, 'a');
3207 string signature;
3208 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3209
3210 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3211}
3212
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3213TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3214 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3215 string km0_sw = read_file("km0_sw_rsa_512.blob");
3216 EXPECT_EQ(333U, km0_sw.length());
3217
3218 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3219 memcpy(key_data, km0_sw.data(), km0_sw.length());
3220 set_key_blob(key_data, km0_sw.length());
3221
3222 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3223 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3224 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3225 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3226 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3227 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3228 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3229 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3230 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3231 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3232
3233 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3234}
3235
3236TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3237 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3238 string km0_sw = read_file("km0_sw_rsa_512.blob");
3239 EXPECT_EQ(333U, km0_sw.length());
3240
3241 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3242 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3243 EXPECT_EQ('P', km0_sw[0]);
3244 km0_sw[0] = 'Q';
3245
3246 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3247 memcpy(key_data, km0_sw.data(), km0_sw.length());
3248 set_key_blob(key_data, km0_sw.length());
3249
3250 string message(64, 'a');
3251 string signature;
3252 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3253 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3254
3255 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3256}
3257
3258TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3259 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3260 string km0_sw = read_file("km0_sw_rsa_512.blob");
3261 EXPECT_EQ(333U, km0_sw.length());
3262
3263 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3264 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3265 EXPECT_EQ('P', km0_sw[0]);
3266 km0_sw[0] = 'Q';
3267
3268 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3269 memcpy(key_data, km0_sw.data(), km0_sw.length());
3270 set_key_blob(key_data, km0_sw.length());
3271
3272 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3273 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3274 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3275 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3276 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame^]3277 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_MD5));
3278 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA1));
3279 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_224));
3280 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_256));
3281 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_384));
3282 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_512));
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3283 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame^]3284 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT));
3285 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN));
3286 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_OAEP));
3287 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PSS));
3288 EXPECT_EQ(15U, hw_enforced().size());
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3289
3290 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3291 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3292 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3293 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3294
3295 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3296 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3297 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3298 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3299 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3300
3301 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3302}
3303
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3304} // namespace test
3305} // namespace keymaster