Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 658d7a69a20e9c570df0a7fb08ee98412a9bf74e / . / google_keymaster_test.cpp
blob: 27486560a46b6b4a8fc8ca46978475eef8b32d93 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <string>
18#include <fstream>
19
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]20#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include <openssl/engine.h>
23
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]24#include <keymaster/google_keymaster_utils.h>
25#include <keymaster/keymaster_tags.h>
26
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]27#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]28#include "google_softkeymaster.h"
29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::string;
31using std::ifstream;
32using std::istreambuf_iterator;
33
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]34int main(int argc, char** argv) {
35 ::testing::InitGoogleTest(&argc, argv);
36 int result = RUN_ALL_TESTS();
37 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
38 CRYPTO_cleanup_all_ex_data();
Shawn Willden7c0a82b2014-09-17 12:57:32 -0600[diff] [blame]39 ERR_remove_thread_state(NULL);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]40 ERR_free_strings();
41 return result;
42}
43
44namespace keymaster {
45namespace test {
46
47class KeymasterTest : public testing::Test {
48 protected:
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame]49 KeymasterTest() : device(5, new StdoutLogger) { RAND_seed("foobar", 6); }
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]50 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]51
52 GoogleSoftKeymaster device;
53};
54
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]55typedef KeymasterTest CheckSupported;
56TEST_F(CheckSupported, SupportedAlgorithms) {
57 // Shouldn't blow up on NULL.
58 device.SupportedAlgorithms(NULL);
59
60 SupportedResponse<keymaster_algorithm_t> response;
61 device.SupportedAlgorithms(&response);
62 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]63 EXPECT_EQ(3U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]64 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]65 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]66 EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]67}
68
69TEST_F(CheckSupported, SupportedBlockModes) {
70 // Shouldn't blow up on NULL.
71 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
72
73 SupportedResponse<keymaster_block_mode_t> response;
74 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
75 EXPECT_EQ(KM_ERROR_OK, response.error);
76 EXPECT_EQ(0U, response.results_length);
77
78 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]79 EXPECT_EQ(KM_ERROR_OK, response.error);
80 EXPECT_EQ(0U, response.results_length);
81
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]82 device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
83 EXPECT_EQ(KM_ERROR_OK, response.error);
84 EXPECT_EQ(0U, response.results_length);
85
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]86 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]87 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
88}
89
90TEST_F(CheckSupported, SupportedPaddingModes) {
91 // Shouldn't blow up on NULL.
92 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
93
94 SupportedResponse<keymaster_padding_t> response;
95 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
96 EXPECT_EQ(KM_ERROR_OK, response.error);
97 EXPECT_EQ(1U, response.results_length);
98 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
99
100 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]101 EXPECT_EQ(KM_ERROR_OK, response.error);
102 EXPECT_EQ(1U, response.results_length);
103 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
104
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]105 device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
106 EXPECT_EQ(KM_ERROR_OK, response.error);
107 EXPECT_EQ(1U, response.results_length);
108 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
109
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]110 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]111 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
112}
113
114TEST_F(CheckSupported, SupportedDigests) {
115 // Shouldn't blow up on NULL.
116 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
117
118 SupportedResponse<keymaster_digest_t> response;
119 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
120 EXPECT_EQ(KM_ERROR_OK, response.error);
121 EXPECT_EQ(1U, response.results_length);
122 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
123
124 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]125 EXPECT_EQ(KM_ERROR_OK, response.error);
126 EXPECT_EQ(1U, response.results_length);
127 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
128
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]129 device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
130 EXPECT_EQ(KM_ERROR_OK, response.error);
131 EXPECT_EQ(1U, response.results_length);
132 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
133
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]134 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]135 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
136}
137
138TEST_F(CheckSupported, SupportedImportFormats) {
139 // Shouldn't blow up on NULL.
140 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
141
142 SupportedResponse<keymaster_key_format_t> response;
143 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
144 EXPECT_EQ(KM_ERROR_OK, response.error);
145 EXPECT_EQ(1U, response.results_length);
146 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
147
148 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]149 EXPECT_EQ(KM_ERROR_OK, response.error);
150 EXPECT_EQ(1U, response.results_length);
151 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
152
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]153 device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
154 EXPECT_EQ(KM_ERROR_OK, response.error);
155 EXPECT_EQ(1U, response.results_length);
156 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
157
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]158 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]159 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
160}
161
162TEST_F(CheckSupported, SupportedExportFormats) {
163 // Shouldn't blow up on NULL.
164 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
165
166 SupportedResponse<keymaster_key_format_t> response;
167 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
168 EXPECT_EQ(KM_ERROR_OK, response.error);
169 EXPECT_EQ(1U, response.results_length);
170 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
171
172 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]173 EXPECT_EQ(KM_ERROR_OK, response.error);
174 EXPECT_EQ(1U, response.results_length);
175 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
176
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]177 device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
178 EXPECT_EQ(KM_ERROR_OK, response.error);
179 EXPECT_EQ(1U, response.results_length);
180 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
181
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]182 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]183 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
184}
185
186typedef KeymasterTest NewKeyGeneration;
187TEST_F(NewKeyGeneration, Rsa) {
188 keymaster_key_param_t params[] = {
189 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
190 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
191 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]192 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]193 Authorization(TAG_USER_ID, 7),
194 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]195 Authorization(TAG_APPLICATION_ID, "app_id", 6),
196 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]197 Authorization(TAG_AUTH_TIMEOUT, 300),
198 };
199 GenerateKeyRequest req;
200 req.key_description.Reinitialize(params, array_length(params));
201 GenerateKeyResponse rsp;
202
203 device.GenerateKey(req, &rsp);
204
205 ASSERT_EQ(KM_ERROR_OK, rsp.error);
206 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]207 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
208 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]209
210 // Check specified tags are all present in unenforced characteristics
211 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
212 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
213
214 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
215
216 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
217 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]218 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]219 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
220
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]221 // Verify that App ID, App data and ROT are NOT included.
222 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
223 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
224 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
225
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]226 // Just for giggles, check that some unexpected tags/values are NOT present.
227 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
228 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
229 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
230 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
231
232 // Now check that unspecified, defaulted tags are correct.
233 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
234 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
235 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]236}
237
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]238TEST_F(NewKeyGeneration, Dsa) {
239 keymaster_key_param_t params[] = {
240 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
241 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
242 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
243 Authorization(TAG_KEY_SIZE, 256),
244 Authorization(TAG_USER_ID, 7),
245 Authorization(TAG_USER_AUTH_ID, 8),
246 Authorization(TAG_APPLICATION_ID, "app_id", 6),
247 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
248 Authorization(TAG_AUTH_TIMEOUT, 300),
249 };
250 GenerateKeyRequest req;
251 req.key_description.Reinitialize(params, array_length(params));
252 GenerateKeyResponse rsp;
253
254 device.GenerateKey(req, &rsp);
255
256 ASSERT_EQ(KM_ERROR_OK, rsp.error);
257 EXPECT_EQ(0U, rsp.enforced.size());
258 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
259 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
260
261 // Check specified tags are all present in unenforced characteristics
262 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
263 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
264
265 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
266
267 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
268 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
269 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
270 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
271
272 // Verify that App ID, App data and ROT are NOT included.
273 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
274 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
275 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
276
277 // Just for giggles, check that some unexpected tags/values are NOT present.
278 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
279 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
280 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
281 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
282
283 // Now check that unspecified, defaulted tags are correct.
284 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
285 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
286
287 // Generator should have created DSA params.
288 keymaster_blob_t g, p, q;
289 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
290 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
291 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]292 EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]293 EXPECT_EQ(64U, p.data_length);
294 EXPECT_EQ(20U, q.data_length);
295}
296
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]297TEST_F(NewKeyGeneration, Ecdsa) {
298 keymaster_key_param_t params[] = {
299 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
300 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
301 Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
302 Authorization(TAG_KEY_SIZE, 256),
303 Authorization(TAG_USER_ID, 7),
304 Authorization(TAG_USER_AUTH_ID, 8),
305 Authorization(TAG_APPLICATION_ID, "app_id", 6),
306 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
307 Authorization(TAG_AUTH_TIMEOUT, 300),
308 };
309 GenerateKeyRequest req;
310 req.key_description.Reinitialize(params, array_length(params));
311 GenerateKeyResponse rsp;
312
313 device.GenerateKey(req, &rsp);
314
315 ASSERT_EQ(KM_ERROR_OK, rsp.error);
316 EXPECT_EQ(0U, rsp.enforced.size());
317 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
318 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
319
320 // Check specified tags are all present in unenforced characteristics
321 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
322 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
323
324 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
325
326 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
327 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
328 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
329 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
330
331 // Verify that App ID, App data and ROT are NOT included.
332 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
333 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
334 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
335
336 // Just for giggles, check that some unexpected tags/values are NOT present.
337 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
338 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
339 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
340 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
341
342 // Now check that unspecified, defaulted tags are correct.
343 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
344 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
345}
346
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]347typedef KeymasterTest GetKeyCharacteristics;
348TEST_F(GetKeyCharacteristics, SimpleRsa) {
349 keymaster_key_param_t params[] = {
350 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
351 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
352 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
353 Authorization(TAG_KEY_SIZE, 256),
354 Authorization(TAG_USER_ID, 7),
355 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]356 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]357 Authorization(TAG_AUTH_TIMEOUT, 300),
358 };
359
360 GenerateKeyRequest gen_req;
361 gen_req.key_description.Reinitialize(params, array_length(params));
362 GenerateKeyResponse gen_rsp;
363
364 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]365 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]366
367 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]368 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]369 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]370
371 GetKeyCharacteristicsResponse rsp;
372 device.GetKeyCharacteristics(req, &rsp);
373 ASSERT_EQ(KM_ERROR_OK, rsp.error);
374
375 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
376 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
377}
378
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]379/**
380 * Test class that provides some infrastructure for generating keys and signing messages.
381 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]382class SigningOperationsTest : public KeymasterTest {
383 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]384 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
385 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]386 keymaster_key_param_t params[] = {
387 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
388 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]389 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]390 Authorization(TAG_KEY_SIZE, key_size),
391 Authorization(TAG_USER_ID, 7),
392 Authorization(TAG_USER_AUTH_ID, 8),
393 Authorization(TAG_APPLICATION_ID, "app_id", 6),
394 Authorization(TAG_AUTH_TIMEOUT, 300),
395 };
396 GenerateKeyRequest generate_request;
397 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]398 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]399 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]400 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]401 generate_request.key_description.push_back(TAG_PADDING, padding);
402 device.GenerateKey(generate_request, &generate_response_);
403 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]404 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]405
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]406 void SignMessage(const void* message, size_t size) {
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]407 SignMessage(generate_response_.key_blob, message, size);
408 }
409
410 void SignMessage(const keymaster_key_blob_t& key_blob, const void* message, size_t size) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]411 BeginOperationRequest begin_request;
412 BeginOperationResponse begin_response;
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]413 begin_request.SetKeyMaterial(key_blob);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]414 begin_request.purpose = KM_PURPOSE_SIGN;
415 AddClientParams(&begin_request.additional_params);
416
417 device.BeginOperation(begin_request, &begin_response);
418 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
419
420 UpdateOperationRequest update_request;
421 UpdateOperationResponse update_response;
422 update_request.op_handle = begin_response.op_handle;
423 update_request.input.Reinitialize(message, size);
424 EXPECT_EQ(size, update_request.input.available_read());
425
426 device.UpdateOperation(update_request, &update_response);
427 ASSERT_EQ(KM_ERROR_OK, update_response.error);
428 EXPECT_EQ(0U, update_response.output.available_read());
429
430 FinishOperationRequest finish_request;
431 finish_request.op_handle = begin_response.op_handle;
432 device.FinishOperation(finish_request, &finish_response_);
433 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
434 EXPECT_GT(finish_response_.output.available_read(), 0U);
435 }
436
437 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
438
439 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]440
441 const keymaster_key_blob_t& corrupt_key_blob() {
Shawn Willden2241bf02014-08-28 09:59:53 -0600[diff] [blame]442 uint8_t* tmp = const_cast<uint8_t*>(generate_response_.key_blob.key_material);
443 ++tmp[generate_response_.key_blob.key_material_size / 2];
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]444 return generate_response_.key_blob;
445 }
446
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]447 Buffer* signature() {
448 if (finish_response_.error == KM_ERROR_OK)
449 return &finish_response_.output;
450 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]451 }
452
453 private:
454 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]455 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]456};
457
458TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]459 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]460 const char message[] = "12345678901234567890123456789012";
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]461
462 BeginOperationRequest begin_request;
463 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]464 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]465 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]466 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]467
468 device.BeginOperation(begin_request, &begin_response);
469 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
470
471 UpdateOperationRequest update_request;
472 UpdateOperationResponse update_response;
473 update_request.op_handle = begin_response.op_handle;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]474 update_request.input.Reinitialize(message, array_size(message) - 1);
475 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]476
477 device.UpdateOperation(update_request, &update_response);
478 ASSERT_EQ(KM_ERROR_OK, update_response.error);
479 EXPECT_EQ(0U, update_response.output.available_read());
480
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]481 FinishOperationRequest finish_request;
482 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]483 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]484 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]485 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]486 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]487
488 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
489}
490
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]491TEST_F(SigningOperationsTest, DsaSuccess) {
492 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
493
494 BeginOperationRequest begin_request;
495 BeginOperationResponse begin_response;
496 begin_request.SetKeyMaterial(key_blob());
497 begin_request.purpose = KM_PURPOSE_SIGN;
498 AddClientParams(&begin_request.additional_params);
499
500 device.BeginOperation(begin_request, &begin_response);
501 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
502
503 UpdateOperationRequest update_request;
504 UpdateOperationResponse update_response;
505 update_request.op_handle = begin_response.op_handle;
506 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
507 EXPECT_EQ(48U, update_request.input.available_read());
508
509 device.UpdateOperation(update_request, &update_response);
510 ASSERT_EQ(KM_ERROR_OK, update_response.error);
511 EXPECT_EQ(0U, update_response.output.available_read());
512
513 FinishOperationRequest finish_request;
514 finish_request.op_handle = begin_response.op_handle;
515 FinishOperationResponse finish_response;
516 device.FinishOperation(finish_request, &finish_response);
517 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
518 EXPECT_GT(finish_response.output.available_read(), 0U);
519
520 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
521}
522
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]523TEST_F(SigningOperationsTest, EcdsaSuccess) {
524 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
525
526 BeginOperationRequest begin_request;
527 BeginOperationResponse begin_response;
528 begin_request.SetKeyMaterial(key_blob());
529 begin_request.purpose = KM_PURPOSE_SIGN;
530 AddClientParams(&begin_request.additional_params);
531
532 device.BeginOperation(begin_request, &begin_response);
533 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
534
535 UpdateOperationRequest update_request;
536 UpdateOperationResponse update_response;
537 update_request.op_handle = begin_response.op_handle;
538 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
539 EXPECT_EQ(48U, update_request.input.available_read());
540
541 device.UpdateOperation(update_request, &update_response);
542 ASSERT_EQ(KM_ERROR_OK, update_response.error);
543 EXPECT_EQ(0U, update_response.output.available_read());
544
545 FinishOperationRequest finish_request;
546 finish_request.op_handle = begin_response.op_handle;
547 FinishOperationResponse finish_response;
548 device.FinishOperation(finish_request, &finish_response);
549 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
550 EXPECT_GT(finish_response.output.available_read(), 0U);
551
552 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
553}
554
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]555TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]556 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]557
558 BeginOperationRequest begin_request;
559 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]560 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]561 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]562 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]563
564 device.BeginOperation(begin_request, &begin_response);
565 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
566
567 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
568
569 // Another abort should fail
570 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
571}
572
573TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]574 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]575
576 BeginOperationRequest begin_request;
577 BeginOperationResponse begin_response;
578 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]579 begin_request.SetKeyMaterial(key_blob());
580 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]581
582 device.BeginOperation(begin_request, &begin_response);
583 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
584
585 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
586}
587
588TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]589 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]590
591 BeginOperationRequest begin_request;
592 BeginOperationResponse begin_response;
593 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]594 begin_request.SetKeyMaterial(key_blob());
595 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]596
597 device.BeginOperation(begin_request, &begin_response);
598 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
599
600 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
601}
602
603TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]604 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
605 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]606
607 BeginOperationRequest begin_request;
608 BeginOperationResponse begin_response;
609 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]610 begin_request.SetKeyMaterial(key_blob());
611 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]612
613 device.BeginOperation(begin_request, &begin_response);
614 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
615
616 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
617}
618
619TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]620 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
621 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]622
623 BeginOperationRequest begin_request;
624 BeginOperationResponse begin_response;
625 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]626 begin_request.SetKeyMaterial(key_blob());
627 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]628
629 device.BeginOperation(begin_request, &begin_response);
630 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
631
632 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
633}
634
635TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]636 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]637
638 BeginOperationRequest begin_request;
639 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]640 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]641 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]642 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]643
644 device.BeginOperation(begin_request, &begin_response);
645 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
646
647 UpdateOperationRequest update_request;
648 UpdateOperationResponse update_response;
649 update_request.op_handle = begin_response.op_handle;
650 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
651 EXPECT_EQ(31U, update_request.input.available_read());
652
653 device.UpdateOperation(update_request, &update_response);
654 ASSERT_EQ(KM_ERROR_OK, update_response.error);
655 EXPECT_EQ(0U, update_response.output.available_read());
656
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]657 FinishOperationRequest finish_request;
658 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]659 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]660 device.FinishOperation(finish_request, &finish_response);
Shawn Willden00aa7942014-09-10 07:57:43 -0600[diff] [blame]661 ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]662 EXPECT_EQ(0U, finish_response.output.available_read());
663
664 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
665}
666
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]667typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]668TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]669 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
670 const char message[] = "12345678901234567890123456789012";
671 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]672 ASSERT_TRUE(signature() != NULL);
673
674 BeginOperationRequest begin_request;
675 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]676 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]677 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]678 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]679
680 device.BeginOperation(begin_request, &begin_response);
681 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
682
683 UpdateOperationRequest update_request;
684 UpdateOperationResponse update_response;
685 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]686 update_request.input.Reinitialize(message, array_size(message) - 1);
687 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]688
689 device.UpdateOperation(update_request, &update_response);
690 ASSERT_EQ(KM_ERROR_OK, update_response.error);
691 EXPECT_EQ(0U, update_response.output.available_read());
692
693 FinishOperationRequest finish_request;
694 finish_request.op_handle = begin_response.op_handle;
695 finish_request.signature.Reinitialize(*signature());
696 FinishOperationResponse finish_response;
697 device.FinishOperation(finish_request, &finish_response);
698 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]699 EXPECT_EQ(0U, finish_response.output.available_read());
700
701 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
702}
703
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]704TEST_F(VerificationOperationsTest, DsaSuccess) {
705 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
706 const char message[] = "123456789012345678901234567890123456789012345678";
707 SignMessage(message, array_size(message) - 1);
708 ASSERT_TRUE(signature() != NULL);
709
710 BeginOperationRequest begin_request;
711 BeginOperationResponse begin_response;
712 begin_request.SetKeyMaterial(key_blob());
713 begin_request.purpose = KM_PURPOSE_VERIFY;
714 AddClientParams(&begin_request.additional_params);
715
716 device.BeginOperation(begin_request, &begin_response);
717 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
718
719 UpdateOperationRequest update_request;
720 UpdateOperationResponse update_response;
721 update_request.op_handle = begin_response.op_handle;
722 update_request.input.Reinitialize(message, array_size(message) - 1);
723 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
724
725 device.UpdateOperation(update_request, &update_response);
726 ASSERT_EQ(KM_ERROR_OK, update_response.error);
727 EXPECT_EQ(0U, update_response.output.available_read());
728
729 FinishOperationRequest finish_request;
730 finish_request.op_handle = begin_response.op_handle;
731 finish_request.signature.Reinitialize(*signature());
732 FinishOperationResponse finish_response;
733 device.FinishOperation(finish_request, &finish_response);
734 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
735 EXPECT_EQ(0U, finish_response.output.available_read());
736
737 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
738}
739
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]740TEST_F(VerificationOperationsTest, EcdsaSuccess) {
741 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
742 const char message[] = "123456789012345678901234567890123456789012345678";
743 SignMessage(message, array_size(message) - 1);
744 ASSERT_TRUE(signature() != NULL);
745
746 BeginOperationRequest begin_request;
747 BeginOperationResponse begin_response;
748 begin_request.SetKeyMaterial(key_blob());
749 begin_request.purpose = KM_PURPOSE_VERIFY;
750 AddClientParams(&begin_request.additional_params);
751
752 device.BeginOperation(begin_request, &begin_response);
753 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
754
755 UpdateOperationRequest update_request;
756 UpdateOperationResponse update_response;
757 update_request.op_handle = begin_response.op_handle;
758 update_request.input.Reinitialize(message, array_size(message) - 1);
759 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
760
761 device.UpdateOperation(update_request, &update_response);
762 ASSERT_EQ(KM_ERROR_OK, update_response.error);
763 EXPECT_EQ(0U, update_response.output.available_read());
764
765 FinishOperationRequest finish_request;
766 finish_request.op_handle = begin_response.op_handle;
767 finish_request.signature.Reinitialize(*signature());
768 FinishOperationResponse finish_response;
769 device.FinishOperation(finish_request, &finish_response);
770 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
771 EXPECT_EQ(0U, finish_response.output.available_read());
772
773 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
774}
775
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]776typedef SigningOperationsTest ExportKeyTest;
777TEST_F(ExportKeyTest, RsaSuccess) {
778 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]779
780 ExportKeyRequest request;
781 ExportKeyResponse response;
782 AddClientParams(&request.additional_params);
783 request.key_format = KM_KEY_FORMAT_X509;
784 request.SetKeyMaterial(key_blob());
785
786 device.ExportKey(request, &response);
787 ASSERT_EQ(KM_ERROR_OK, response.error);
788 EXPECT_TRUE(response.key_data != NULL);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]789
790 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]791}
792
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]793TEST_F(ExportKeyTest, DsaSuccess) {
794 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 1024 /* key size */);
795
796 ExportKeyRequest request;
797 ExportKeyResponse response;
798 AddClientParams(&request.additional_params);
799 request.key_format = KM_KEY_FORMAT_X509;
800 request.SetKeyMaterial(key_blob());
801
802 device.ExportKey(request, &response);
803 ASSERT_EQ(KM_ERROR_OK, response.error);
804 EXPECT_TRUE(response.key_data != NULL);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]805
806 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]807}
808
809TEST_F(ExportKeyTest, EcdsaSuccess) {
810 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
811
812 ExportKeyRequest request;
813 ExportKeyResponse response;
814 AddClientParams(&request.additional_params);
815 request.key_format = KM_KEY_FORMAT_X509;
816 request.SetKeyMaterial(key_blob());
817
818 device.ExportKey(request, &response);
819 ASSERT_EQ(KM_ERROR_OK, response.error);
820 EXPECT_TRUE(response.key_data != NULL);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]821
822 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]823}
824
825TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
826 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
827
828 ExportKeyRequest request;
829 ExportKeyResponse response;
830 AddClientParams(&request.additional_params);
831
832 /* We have no other defined export formats defined. */
833 request.key_format = KM_KEY_FORMAT_PKCS8;
834 request.SetKeyMaterial(key_blob());
835
836 device.ExportKey(request, &response);
837 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, response.error);
838 EXPECT_TRUE(response.key_data == NULL);
839}
840
841TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
842 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
843
844 ExportKeyRequest request;
845 ExportKeyResponse response;
846 AddClientParams(&request.additional_params);
847 request.key_format = KM_KEY_FORMAT_X509;
848 request.SetKeyMaterial(corrupt_key_blob());
849
850 device.ExportKey(request, &response);
851 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, response.error);
852 ASSERT_TRUE(response.key_data == NULL);
853}
854
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]855static string read_file(const string& file_name) {
856 ifstream file_stream(file_name, std::ios::binary);
857 istreambuf_iterator<char> file_begin(file_stream);
858 istreambuf_iterator<char> file_end;
859 return string(file_begin, file_end);
860}
861
862typedef SigningOperationsTest ImportKeyTest;
863TEST_F(ImportKeyTest, RsaSuccess) {
864 keymaster_key_param_t params[] = {
865 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
866 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
867 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
868 Authorization(TAG_PADDING, KM_PAD_NONE),
869 Authorization(TAG_USER_ID, 7),
870 Authorization(TAG_USER_AUTH_ID, 8),
871 Authorization(TAG_APPLICATION_ID, "app_id", 6),
872 Authorization(TAG_AUTH_TIMEOUT, 300),
873 };
874
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]875 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]876 ASSERT_EQ(633U, pk8_key.size());
877
878 ImportKeyRequest import_request;
879 import_request.key_description.Reinitialize(params, array_length(params));
880 import_request.key_format = KM_KEY_FORMAT_PKCS8;
881 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
882
883 ImportKeyResponse import_response;
884 device.ImportKey(import_request, &import_response);
885 ASSERT_EQ(KM_ERROR_OK, import_response.error);
886 EXPECT_EQ(0U, import_response.enforced.size());
887 EXPECT_GT(import_response.unenforced.size(), 0U);
888
889 // Check values derived from the key.
890 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
891 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
892 EXPECT_TRUE(contains(import_response.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537U));
893
894 // And values provided by GoogleKeymaster
895 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
896 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
897
898 size_t message_len = 1024 / 8;
899 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
900 std::fill(message.get(), message.get() + message_len, 'a');
901 SignMessage(import_response.key_blob, message.get(), message_len);
902 ASSERT_TRUE(signature() != NULL);
903
904 BeginOperationRequest begin_request;
905 BeginOperationResponse begin_response;
906 begin_request.SetKeyMaterial(import_response.key_blob);
907 begin_request.purpose = KM_PURPOSE_VERIFY;
908 AddClientParams(&begin_request.additional_params);
909
910 device.BeginOperation(begin_request, &begin_response);
911 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
912
913 UpdateOperationRequest update_request;
914 UpdateOperationResponse update_response;
915 update_request.op_handle = begin_response.op_handle;
916 update_request.input.Reinitialize(message.get(), message_len);
917 EXPECT_EQ(message_len, update_request.input.available_read());
918
919 device.UpdateOperation(update_request, &update_response);
920 ASSERT_EQ(KM_ERROR_OK, update_response.error);
921 EXPECT_EQ(0U, update_response.output.available_read());
922
923 FinishOperationRequest finish_request;
924 finish_request.op_handle = begin_response.op_handle;
925 finish_request.signature.Reinitialize(*signature());
926 FinishOperationResponse finish_response;
927 device.FinishOperation(finish_request, &finish_response);
928 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
929 EXPECT_EQ(0U, finish_response.output.available_read());
930
931 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
932}
933
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]934TEST_F(ImportKeyTest, DsaSuccess) {
935 keymaster_key_param_t params[] = {
936 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
937 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
938 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
939 Authorization(TAG_PADDING, KM_PAD_NONE),
940 Authorization(TAG_USER_ID, 7),
941 Authorization(TAG_USER_AUTH_ID, 8),
942 Authorization(TAG_APPLICATION_ID, "app_id", 6),
943 Authorization(TAG_AUTH_TIMEOUT, 300),
944 };
945
946 string pk8_key = read_file("dsa_privkey_pk8.der");
947 ASSERT_EQ(335U, pk8_key.size());
948
949 ImportKeyRequest import_request;
950 import_request.key_description.Reinitialize(params, array_length(params));
951 import_request.key_format = KM_KEY_FORMAT_PKCS8;
952 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
953
954 ImportKeyResponse import_response;
955 device.ImportKey(import_request, &import_response);
956 ASSERT_EQ(KM_ERROR_OK, import_response.error);
957 EXPECT_EQ(0U, import_response.enforced.size());
958 EXPECT_GT(import_response.unenforced.size(), 0U);
959
960 // Check values derived from the key.
961 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
962 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
963
964 // And values provided by GoogleKeymaster
965 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
966 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
967
968 size_t message_len = 48;
969 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
970 std::fill(message.get(), message.get() + message_len, 'a');
971 SignMessage(import_response.key_blob, message.get(), message_len);
972 ASSERT_TRUE(signature() != NULL);
973
974 BeginOperationRequest begin_request;
975 BeginOperationResponse begin_response;
976 begin_request.SetKeyMaterial(import_response.key_blob);
977 begin_request.purpose = KM_PURPOSE_VERIFY;
978 AddClientParams(&begin_request.additional_params);
979
980 device.BeginOperation(begin_request, &begin_response);
981 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
982
983 UpdateOperationRequest update_request;
984 UpdateOperationResponse update_response;
985 update_request.op_handle = begin_response.op_handle;
986 update_request.input.Reinitialize(message.get(), message_len);
987 EXPECT_EQ(message_len, update_request.input.available_read());
988
989 device.UpdateOperation(update_request, &update_response);
990 ASSERT_EQ(KM_ERROR_OK, update_response.error);
991 EXPECT_EQ(0U, update_response.output.available_read());
992
993 FinishOperationRequest finish_request;
994 finish_request.op_handle = begin_response.op_handle;
995 finish_request.signature.Reinitialize(*signature());
996 FinishOperationResponse finish_response;
997 device.FinishOperation(finish_request, &finish_response);
998 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
999 EXPECT_EQ(0U, finish_response.output.available_read());
1000
1001 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
1002}
1003
1004TEST_F(ImportKeyTest, EcdsaSuccess) {
1005 keymaster_key_param_t params[] = {
1006 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
1007 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
1008 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
1009 Authorization(TAG_PADDING, KM_PAD_NONE),
1010 Authorization(TAG_USER_ID, 7),
1011 Authorization(TAG_USER_AUTH_ID, 8),
1012 Authorization(TAG_APPLICATION_ID, "app_id", 6),
1013 Authorization(TAG_AUTH_TIMEOUT, 300),
1014 };
1015
1016 string pk8_key = read_file("ec_privkey_pk8.der");
1017 ASSERT_EQ(138U, pk8_key.size());
1018
1019 ImportKeyRequest import_request;
1020 import_request.key_description.Reinitialize(params, array_length(params));
1021 import_request.key_format = KM_KEY_FORMAT_PKCS8;
1022 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
1023
1024 ImportKeyResponse import_response;
1025 device.ImportKey(import_request, &import_response);
1026 ASSERT_EQ(KM_ERROR_OK, import_response.error);
1027 EXPECT_EQ(0U, import_response.enforced.size());
1028 EXPECT_GT(import_response.unenforced.size(), 0U);
1029
1030 // Check values derived from the key.
1031 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
1032 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 256));
1033
1034 // And values provided by GoogleKeymaster
1035 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1036 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
1037
1038 size_t message_len = 1024 / 8;
1039 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
1040 std::fill(message.get(), message.get() + message_len, 'a');
1041 SignMessage(import_response.key_blob, message.get(), message_len);
1042 ASSERT_TRUE(signature() != NULL);
1043
1044 BeginOperationRequest begin_request;
1045 BeginOperationResponse begin_response;
1046 begin_request.SetKeyMaterial(import_response.key_blob);
1047 begin_request.purpose = KM_PURPOSE_VERIFY;
1048 AddClientParams(&begin_request.additional_params);
1049
1050 device.BeginOperation(begin_request, &begin_response);
1051 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
1052
1053 UpdateOperationRequest update_request;
1054 UpdateOperationResponse update_response;
1055 update_request.op_handle = begin_response.op_handle;
1056 update_request.input.Reinitialize(message.get(), message_len);
1057 EXPECT_EQ(message_len, update_request.input.available_read());
1058
1059 device.UpdateOperation(update_request, &update_response);
1060 ASSERT_EQ(KM_ERROR_OK, update_response.error);
1061 EXPECT_EQ(0U, update_response.output.available_read());
1062
1063 FinishOperationRequest finish_request;
1064 finish_request.op_handle = begin_response.op_handle;
1065 finish_request.signature.Reinitialize(*signature());
1066 FinishOperationResponse finish_response;
1067 device.FinishOperation(finish_request, &finish_response);
1068 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
1069 EXPECT_EQ(0U, finish_response.output.available_read());
1070
1071 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
1072}
1073
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1074} // namespace test
1075} // namespace keymaster