Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 7d05d88dc44b18e0350f7fe8d28c20f2f643bb80 / . / android_keymaster_test.cpp
blob: c0d6bb7061f5d6f06814e425f9c53e19ee342d3f [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]49template <typename T> vector<T> make_vector(const T* array, size_t len) {
50 return vector<T>(array, array + len);
51}
52
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]53class TestKeymasterEnforcement : public KeymasterEnforcement {
54 public:
55 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
56
57 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
58 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
59 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
60 uint32_t /* timeout */) const {
61 return false;
62 }
63 virtual uint32_t get_current_time() const { return 0; }
64 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
65};
66
67class TestKeymasterContext : public SoftKeymasterContext {
68 public:
69 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
70 : SoftKeymasterContext(keymaster0) {}
71
72 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
73
74 private:
75 TestKeymasterEnforcement test_policy_;
76};
77
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]78class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
79 public:
80 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]82 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]83 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]84 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]85
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]86 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]87 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]88};
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
91 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]92 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
93
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]95 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
96 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]97 hw_device_t* softkeymaster_device;
98 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
99 &softkeymaster_device));
100 // Make the software device pretend to be hardware
101 keymaster0_device_t* keymaster0_device =
102 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]103 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
104
105 if (!support_ec_) {
106 // Make the software device pretend not to support EC
107 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
108 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]109
110 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
111
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]112 SoftKeymasterDevice* keymaster =
113 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]114 return keymaster->keymaster_device();
115 }
116
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]117 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
118 switch (algorithm) {
119 case KM_ALGORITHM_RSA:
120 return true;
121 case KM_ALGORITHM_EC:
122 return support_ec_;
123 default:
124 return false;
125 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]126 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]127 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
128
129 private:
130 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]131 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]132};
133
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]134static auto test_params = testing::Values(
135 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
136 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
137 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]138
139typedef Keymaster1Test CheckSupported;
140INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
141
142TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]143 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
144 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]146 size_t len;
147 keymaster_algorithm_t* algorithms;
148 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]149 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]150 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]151 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]152
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]153 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]154}
155
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]156TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
158 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
159 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]160
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]161 size_t len;
162 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]163 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]165 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]166 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]167
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]168 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]169 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]170 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]171
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]172 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]173 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]174 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]175 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]176
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]177 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]178}
179
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]180TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
182 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
183 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]184
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]185 size_t len;
186 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]187 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]188 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]189 EXPECT_TRUE(
190 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]191 free(modes);
192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]194 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]197 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]198
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]199 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]200 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]201 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]202 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]203
204 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
205 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
206 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]207
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]208 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]209}
210
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]211TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 EXPECT_EQ(
213 KM_ERROR_OUTPUT_PARAMETER_NULL,
214 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]215
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 size_t len;
217 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]218 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]220 EXPECT_TRUE(
221 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
222 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
223 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]227 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]228 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
229 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
230 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]231 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]232
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]233 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
234 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
235 &len));
236
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]237 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]238 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]239 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
240 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
241 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]242 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]243
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]244 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]245}
246
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]247TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
249 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]250
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 size_t len;
252 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]253 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]254 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]255 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]257
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]258 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
260 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
261 free(formats);
262
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]263 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]264 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
265 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
266 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]267
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]268 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]269}
270
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]271TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
273 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]274
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 size_t len;
276 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]277 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]278 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]279 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]280 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]281
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]282 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]283 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]284 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]286
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]287 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]288 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]289 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]290 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]291
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]292 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]293 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]294 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 free(formats);
296
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]297 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]298 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]299 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]300 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]301
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]302 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]303}
304
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]305class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]306 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]308 AuthorizationSet auths = sw_enforced();
309 EXPECT_GT(auths.SerializedSize(), 12U);
310
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
312 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
313 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]314 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]316
317 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]318 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
319 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
320 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]321
322 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]323 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
324 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
325 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]326
327 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]328 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]329 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]330 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]331};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]332INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
333
334TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]335 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
336 .RsaSigningKey(256, 3)
337 .Digest(KM_DIGEST_NONE)
338 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]339 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]340
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]341 // Check specified tags are all present, and in the right set.
342 AuthorizationSet crypto_params;
343 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]344 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]345 EXPECT_NE(0U, hw_enforced().size());
346 EXPECT_NE(0U, sw_enforced().size());
347 crypto_params.push_back(hw_enforced());
348 non_crypto_params.push_back(sw_enforced());
349 } else {
350 EXPECT_EQ(0U, hw_enforced().size());
351 EXPECT_NE(0U, sw_enforced().size());
352 crypto_params.push_back(sw_enforced());
353 }
354
355 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
356 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
357 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
358 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
359 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
360 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
361
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]362 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]363 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]364}
365
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]366TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]367 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
368 GenerateKey(AuthorizationSetBuilder()
369 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
370 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
371 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]372
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]373 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]374}
375
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]376TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]377 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]378 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]379 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]380
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]381 // Check specified tags are all present, and in the right set.
382 AuthorizationSet crypto_params;
383 AuthorizationSet non_crypto_params;
384 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
385 EXPECT_NE(0U, hw_enforced().size());
386 EXPECT_NE(0U, sw_enforced().size());
387 crypto_params.push_back(hw_enforced());
388 non_crypto_params.push_back(sw_enforced());
389 } else {
390 EXPECT_EQ(0U, hw_enforced().size());
391 EXPECT_NE(0U, sw_enforced().size());
392 crypto_params.push_back(sw_enforced());
393 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]394
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]395 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
396 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
397 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
398 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
399
400 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
401 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]402}
403
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]404TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]405 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
406 GenerateKey(AuthorizationSetBuilder()
407 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
408 .SigningKey()
409 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]410
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]411 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]412}
413
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]414TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]415 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
416 ASSERT_EQ(
417 KM_ERROR_UNKNOWN_ERROR,
418 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
419 else
420 ASSERT_EQ(
421 KM_ERROR_UNSUPPORTED_KEY_SIZE,
422 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]423
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]424 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
425 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]426}
427
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]428TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]429 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]430 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]431 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
432 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]433 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]434 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]435
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]436 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
437 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]438}
439
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]440TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]441 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]442 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]443
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]444 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]445}
446
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]447typedef Keymaster1Test GetKeyCharacteristics;
448INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
449
450TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]451 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
452 .RsaSigningKey(256, 3)
453 .Digest(KM_DIGEST_NONE)
454 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]455 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]456
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]457 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
458 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]459
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]460 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]461 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]462}
463
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]464typedef Keymaster1Test SigningOperationsTest;
465INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
466
467TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]468 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
469 .RsaSigningKey(256, 3)
470 .Digest(KM_DIGEST_NONE)
471 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]472 string message = "12345678901234567890123456789012";
473 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]474 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]475
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]476 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]477 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]478}
479
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]480TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]481 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
482 .RsaSigningKey(512, 3)
483 .Digest(KM_DIGEST_SHA_2_256)
484 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]485 // Use large message, which won't work without digesting.
486 string message(1024, 'a');
487 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]488 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]489
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]490 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]491 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]492}
493
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]494TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
495 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
496 .RsaSigningKey(512, 3)
497 .Digest(KM_DIGEST_NONE)
498 .Padding(KM_PAD_NONE)));
499 string message = "12345678901234567890123456789012";
500 string signature;
501 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
502
503 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
504 EXPECT_EQ(3, GetParam()->keymaster0_calls());
505}
506
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]507TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]508 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
509 .RsaSigningKey(512, 3)
510 .Digest(KM_DIGEST_SHA_2_256)
511 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]512 string message(1024, 'a');
513 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]514 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]515
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]516 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]517 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]518}
519
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]520TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
521 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
522 .RsaSigningKey(512, 3)
523 .Digest(KM_DIGEST_NONE)
524 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
525 string message(53, 'a');
526 string signature;
527 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
528
529 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
530 EXPECT_EQ(3, GetParam()->keymaster0_calls());
531}
532
533TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
535 .RsaSigningKey(512, 3)
536 .Digest(KM_DIGEST_NONE)
537 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
538 string message(54, 'a');
539
540 AuthorizationSet begin_params(client_params());
541 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
542 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
543 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
544 string result;
545 size_t input_consumed;
546 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
547 string signature;
548 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
549
550 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
551 EXPECT_EQ(2, GetParam()->keymaster0_calls());
552}
553
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]554TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]555 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
556 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]557 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
558 .RsaSigningKey(256 + 9 * 8, 3)
559 .Digest(KM_DIGEST_SHA_2_256)
560 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]561 string message(1024, 'a');
562 string signature;
563
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]564 AuthorizationSet begin_params(client_params());
565 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]566 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]567 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]568}
569
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]570TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
571 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
572 .RsaSigningKey(256, 3)
573 .Digest(KM_DIGEST_NONE)
574 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
575 string message(64 * 1024, 'a');
576 string signature;
577 AuthorizationSet begin_params(client_params());
578 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
579 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
580 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
581 string result;
582 size_t input_consumed;
583 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
584
585 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
586 EXPECT_EQ(2, GetParam()->keymaster0_calls());
587}
588
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]589TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]590 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
591 .RsaSigningKey(256, 3)
592 .Digest(KM_DIGEST_NONE)
593 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]594 AuthorizationSet begin_params(client_params());
595 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]596 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]597 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]598 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
599 // Another abort should fail
600 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]601
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]602 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]603 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]604}
605
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]606TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]607 GenerateKey(AuthorizationSetBuilder()
608 .RsaSigningKey(256, 3)
609 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
610 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]611 AuthorizationSet begin_params(client_params());
612 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
613 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]614
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]615 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]616 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]617}
618
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]619TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]620 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]621 GenerateKey(AuthorizationSetBuilder()
622 .RsaSigningKey(256, 3)
623 .Digest(KM_DIGEST_NONE)
624 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]625 AuthorizationSet begin_params(client_params());
626 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]627 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]628 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]629
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]630 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]631 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]632}
633
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]634TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]635 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]636 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
637 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]638 AuthorizationSet begin_params(client_params());
639 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
640 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]641
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]642 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]643 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]644}
645
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]646TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]647 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
648 .RsaSigningKey(256, 3)
649 .Digest(KM_DIGEST_NONE)
650 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 AuthorizationSet begin_params(client_params());
652 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]653 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]654 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]655
656 string message = "1234567890123456789012345678901";
657 string result;
658 size_t input_consumed;
659 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
660 EXPECT_EQ(0U, result.size());
661 EXPECT_EQ(31U, input_consumed);
662
663 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]664 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]665 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]666
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]667 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]668 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]669}
670
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]671TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]672 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
673 .RsaEncryptionKey(256, 3)
674 .Digest(KM_DIGEST_NONE)
675 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]676 AuthorizationSet begin_params(client_params());
677 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
678 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
679 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]680
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]681 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]682 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]683}
684
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]685TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]686 ASSERT_EQ(KM_ERROR_OK,
687 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]688 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]689 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]690 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]691
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]692 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
693 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]694}
695
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]696TEST_P(SigningOperationsTest, EcdsaSha256Success) {
697 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
698 KM_DIGEST_SHA_2_256)));
699 string message(1024, 'a');
700 string signature;
701 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
702
703 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
704 EXPECT_EQ(3, GetParam()->keymaster0_calls());
705}
706
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]707TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
708 ASSERT_EQ(KM_ERROR_OK,
709 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
710 string message(64 * 1024, 'a');
711 string signature;
712 AuthorizationSet begin_params(client_params());
713 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
714 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
715 string result;
716 size_t input_consumed;
717 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
718
719 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
720 EXPECT_EQ(2, GetParam()->keymaster0_calls());
721}
722
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]723TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) {
724 size_t len;
725 keymaster_digest_t* digest_arr;
726 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
727 KM_PURPOSE_SIGN, &digest_arr, &len));
728 vector<int> key_sizes = {224, 256, 384, 521};
729 vector<keymaster_digest_t> digests = make_vector(digest_arr, len);
730 free(digest_arr);
731
732 for (int key_size : key_sizes) {
733 for (keymaster_digest_t digest : digests) {
734 ASSERT_EQ(
735 KM_ERROR_OK,
736 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest)));
737
738 string message(1024, 'a');
739 string signature;
740 if (digest == KM_DIGEST_NONE)
741 message.resize(key_size / 8);
742 SignMessage(message, &signature, digest);
743 }
744 }
745
746 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
747 EXPECT_EQ(digests.size() * key_sizes.size() * 3,
748 static_cast<size_t>(GetParam()->keymaster0_calls()));
749}
750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]751TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]752 ASSERT_EQ(KM_ERROR_OK,
753 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
754 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]755 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
756 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]757
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]758 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]759}
760
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]761TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]762 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]763 string message = "12345678901234567890123456789012";
764 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]765 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]766 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]767
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]768 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]769}
770
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]771TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]772 ASSERT_EQ(KM_ERROR_OK,
773 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]774 string message = "12345678901234567890123456789012";
775 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]776 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]777 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]778
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]779 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]780}
781
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]782TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]783 ASSERT_EQ(KM_ERROR_OK,
784 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]785 string message = "12345678901234567890123456789012";
786 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]787 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]788 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]789
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]790 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]791}
792
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]793TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]794 ASSERT_EQ(KM_ERROR_OK,
795 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
796
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]797 string message = "12345678901234567890123456789012";
798 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]799 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]800 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]801
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]802 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]803}
804
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]805TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]806 ASSERT_EQ(KM_ERROR_OK,
807 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]808 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]809 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]810 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]811 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]812
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]813 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]814}
815
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]816TEST_P(SigningOperationsTest, HmacAnyDigestSuccess) {
817 ASSERT_EQ(KM_ERROR_OK,
818 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
819 string message = "12345678901234567890123456789012";
820 string signature;
821
822 size_t len;
823 keymaster_digest_t* digests;
824 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
825 KM_PURPOSE_SIGN, &digests, &len));
826 for (size_t i = 0; i < len; ++i)
827 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
828 free(digests);
829
830 // Ensure that we can't actually try to do an HMAC with no digest
831 AuthorizationSet begin_params(client_params());
832 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
833 begin_params.push_back(TAG_MAC_LENGTH, 128);
834 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
835
836 EXPECT_EQ(0, GetParam()->keymaster0_calls());
837}
838
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]839TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]840 // TODO(swillden): unified API should generate an error on key generation.
841 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
842 .HmacKey(128)
843 .Digest(KM_DIGEST_SHA_2_256)
844 .Authorization(TAG_MAC_LENGTH, 20)));
845 string message = "12345678901234567890123456789012";
846 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]847 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]848 // Size in key was ignored.
849 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]850
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]851 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]852}
853
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]854TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]855 uint8_t key_data[] = {
856 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
857 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
858 };
859 string message = "Hi There";
860 uint8_t sha_224_expected[] = {
861 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
862 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
863 };
864 uint8_t sha_256_expected[] = {
865 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
866 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
867 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
868 };
869 uint8_t sha_384_expected[] = {
870 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
871 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
872 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
873 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
874 };
875 uint8_t sha_512_expected[] = {
876 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
877 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
878 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
879 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
880 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
881 };
882
883 string key = make_string(key_data);
884
885 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
886 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
887 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
888 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]889
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]890 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]891}
892
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]893TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]894 string key = "Jefe";
895 string message = "what do ya want for nothing?";
896 uint8_t sha_224_expected[] = {
897 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
898 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
899 };
900 uint8_t sha_256_expected[] = {
901 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
902 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
903 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
904 };
905 uint8_t sha_384_expected[] = {
906 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
907 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
908 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
909 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
910 };
911 uint8_t sha_512_expected[] = {
912 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
913 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
914 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
915 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
916 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
917 };
918
919 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
920 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
921 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
922 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]923
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]924 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]925}
926
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]927TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]928 string key(20, 0xaa);
929 string message(50, 0xdd);
930 uint8_t sha_224_expected[] = {
931 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
932 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
933 };
934 uint8_t sha_256_expected[] = {
935 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
936 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
937 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
938 };
939 uint8_t sha_384_expected[] = {
940 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
941 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
942 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
943 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
944 };
945 uint8_t sha_512_expected[] = {
946 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
947 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
948 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
949 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
950 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
951 };
952
953 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
954 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
955 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
956 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]957
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]958 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]959}
960
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]961TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]962 uint8_t key_data[25] = {
963 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
964 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
965 };
966 string key = make_string(key_data);
967 string message(50, 0xcd);
968 uint8_t sha_224_expected[] = {
969 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
970 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
971 };
972 uint8_t sha_256_expected[] = {
973 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
974 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
975 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
976 };
977 uint8_t sha_384_expected[] = {
978 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
979 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
980 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
981 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
982 };
983 uint8_t sha_512_expected[] = {
984 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
985 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
986 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
987 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
988 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
989 };
990
991 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
992 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
993 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
994 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]995
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]996 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]997}
998
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]999TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1000 string key(20, 0x0c);
1001 string message = "Test With Truncation";
1002
1003 uint8_t sha_224_expected[] = {
1004 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
1005 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
1006 };
1007 uint8_t sha_256_expected[] = {
1008 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
1009 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
1010 };
1011 uint8_t sha_384_expected[] = {
1012 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
1013 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
1014 };
1015 uint8_t sha_512_expected[] = {
1016 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
1017 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
1018 };
1019
1020 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1021 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1022 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1023 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1024
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1025 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1026}
1027
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1028TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1029 string key(131, 0xaa);
1030 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1031
1032 uint8_t sha_224_expected[] = {
1033 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1034 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1035 };
1036 uint8_t sha_256_expected[] = {
1037 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1038 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1039 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1040 };
1041 uint8_t sha_384_expected[] = {
1042 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1043 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1044 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1045 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1046 };
1047 uint8_t sha_512_expected[] = {
1048 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1049 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1050 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1051 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1052 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1053 };
1054
1055 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1056 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1057 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1058 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1059
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1060 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1061}
1062
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1063TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1064 string key(131, 0xaa);
1065 string message = "This is a test using a larger than block-size key and a larger than "
1066 "block-size data. The key needs to be hashed before being used by the HMAC "
1067 "algorithm.";
1068
1069 uint8_t sha_224_expected[] = {
1070 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1071 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1072 };
1073 uint8_t sha_256_expected[] = {
1074 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1075 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1076 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1077 };
1078 uint8_t sha_384_expected[] = {
1079 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1080 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1081 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1082 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1083 };
1084 uint8_t sha_512_expected[] = {
1085 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1086 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1087 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1088 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1089 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1090 };
1091
1092 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1093 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1094 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1095 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1096
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1097 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1098}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1099
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1100TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1101 ASSERT_EQ(KM_ERROR_OK,
1102 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
1103 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1104 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1105 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1106 ASSERT_EQ(KM_ERROR_OK,
1107 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
1108 string message = "1234567890123456789012345678901";
1109 string result;
1110 size_t input_consumed;
1111 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1112 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1113
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1114 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1115}
1116
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1117// TODO(swillden): Add more verification failure tests.
1118
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1119typedef Keymaster1Test VerificationOperationsTest;
1120INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1121
1122TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1123 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1124 .RsaSigningKey(256, 3)
1125 .Digest(KM_DIGEST_NONE)
1126 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1127 string message = "12345678901234567890123456789012";
1128 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1129 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1130 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1131
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1132 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1133 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1134}
1135
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1136TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1137 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1138 .RsaSigningKey(512, 3)
1139 .Digest(KM_DIGEST_SHA_2_256)
1140 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1141 // Use large message, which won't work without digesting.
1142 string message(1024, 'a');
1143 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1144 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1145 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1146
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1147 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1148 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1149}
1150
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1151TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1152 GenerateKey(AuthorizationSetBuilder()
1153 .RsaSigningKey(512, 3)
1154 .Digest(KM_DIGEST_SHA_2_256)
1155 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1156 string message(1024, 'a');
1157 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1158 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1159 ++signature[signature.size() / 2];
1160
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1161 AuthorizationSet begin_params(client_params());
1162 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1163 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1164 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1165
1166 string result;
1167 size_t input_consumed;
1168 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1169 EXPECT_EQ(message.size(), input_consumed);
1170 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1171
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1172 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1173 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1174}
1175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1176TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1177 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1178 .RsaSigningKey(512, 3)
1179 .Digest(KM_DIGEST_SHA_2_256)
1180 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1181 // Use large message, which won't work without digesting.
1182 string message(1024, 'a');
1183 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1184 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1185 ++message[message.size() / 2];
1186
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1187 AuthorizationSet begin_params(client_params());
1188 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1189 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1190 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1191
1192 string result;
1193 size_t input_consumed;
1194 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1195 EXPECT_EQ(message.size(), input_consumed);
1196 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1197
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1198 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1199 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1200}
1201
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1202TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1203 GenerateKey(AuthorizationSetBuilder()
1204 .RsaSigningKey(512, 3)
1205 .Digest(KM_DIGEST_SHA_2_256)
1206 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1207 string message(1024, 'a');
1208 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1209 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1210 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1212 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1213 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1214}
1215
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1216TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1217 GenerateKey(AuthorizationSetBuilder()
1218 .RsaSigningKey(512, 3)
1219 .Digest(KM_DIGEST_SHA_2_256)
1220 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1221 string message(1024, 'a');
1222 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1223 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1224 ++signature[signature.size() / 2];
1225
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1226 AuthorizationSet begin_params(client_params());
1227 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1228 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1229 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1230
1231 string result;
1232 size_t input_consumed;
1233 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1234 EXPECT_EQ(message.size(), input_consumed);
1235 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1236
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1237 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1238 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1239}
1240
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1241TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1242 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1243 .RsaSigningKey(512, 3)
1244 .Digest(KM_DIGEST_SHA_2_256)
1245 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1246 // Use large message, which won't work without digesting.
1247 string message(1024, 'a');
1248 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1249 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1250 ++message[message.size() / 2];
1251
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1252 AuthorizationSet begin_params(client_params());
1253 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1254 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1255 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1256
1257 string result;
1258 size_t input_consumed;
1259 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1260 EXPECT_EQ(message.size(), input_consumed);
1261 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1262
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1263 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1264 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1265}
1266
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1267TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1268 // Get all supported digests and padding modes.
1269 size_t digests_len;
1270 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1271 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1272 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1273 &digests_len));
1274
1275 size_t padding_modes_len;
1276 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1277 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1278 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1279 &padding_modes, &padding_modes_len));
1280
1281 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1282 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1283 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1284 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1285 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1286 // Digesting requires padding
1287 continue;
1288
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1289 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1290 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1291 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1292
1293 if (digest == KM_DIGEST_NONE) {
1294 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1295 switch (padding_mode) {
1296 case KM_PAD_NONE:
1297 // Match key size.
1298 message_len = key_bits / 8;
1299 break;
1300 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1301 message_len = key_bits / 8 - 11;
1302 break;
1303 case KM_PAD_RSA_PSS:
1304 // PSS requires a digest.
1305 continue;
1306 default:
1307 FAIL() << "Missing padding";
1308 break;
1309 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1310 } else {
1311 size_t digest_bits;
1312 switch (digest) {
1313 case KM_DIGEST_MD5:
1314 digest_bits = 128;
1315 break;
1316 case KM_DIGEST_SHA1:
1317 digest_bits = 160;
1318 break;
1319 case KM_DIGEST_SHA_2_224:
1320 digest_bits = 224;
1321 break;
1322 case KM_DIGEST_SHA_2_256:
1323 digest_bits = 256;
1324 break;
1325 case KM_DIGEST_SHA_2_384:
1326 digest_bits = 384;
1327 break;
1328 case KM_DIGEST_SHA_2_512:
1329 digest_bits = 512;
1330 break;
1331 default:
1332 FAIL() << "Missing digest";
1333 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1334
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1335 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1336 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1337 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1338 break;
1339 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1340 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1341 break;
1342 default:
1343 FAIL() << "Missing padding";
1344 break;
1345 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1346 }
1347
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1348 GenerateKey(AuthorizationSetBuilder()
1349 .RsaSigningKey(key_bits, 3)
1350 .Digest(digest)
1351 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1352 string message(message_len, 'a');
1353 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1354 SignMessage(message, &signature, digest, padding_mode);
1355 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1356 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1357 }
1358 }
1359
1360 free(padding_modes);
1361 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1362
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1363 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1364 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1365}
1366
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1367TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1368 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1369 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1370 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1371 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1372 SignMessage(message, &signature, KM_DIGEST_NONE);
1373 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1374
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1375 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1376 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1377}
1378
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1379TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1380 ASSERT_EQ(KM_ERROR_OK,
1381 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1382 string message = "12345678901234567890";
1383 string signature;
1384 SignMessage(message, &signature, KM_DIGEST_NONE);
1385 VerifyMessage(message, signature, KM_DIGEST_NONE);
1386
1387 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1388 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1389}
1390
1391TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1392 ASSERT_EQ(KM_ERROR_OK,
1393 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1394 string message = "1234567890123456789012345678901234";
1395 string signature;
1396
1397 AuthorizationSet begin_params(client_params());
1398 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1399 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1400 string output;
1401 size_t input_consumed;
1402 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1403
1404 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1405 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1406}
1407
1408TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1409 ASSERT_EQ(KM_ERROR_OK,
1410 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1411
1412 string message(66, 'a');
1413 string signature;
1414 SignMessage(message, &signature, KM_DIGEST_NONE);
1415 VerifyMessage(message, signature, KM_DIGEST_NONE);
1416
1417 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1418 message[65] ^= 7;
1419 VerifyMessage(message, signature, KM_DIGEST_NONE);
1420
1421 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1422 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1423}
1424
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1425TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1426 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1427 .EcdsaSigningKey(256)
1428 .Digest(KM_DIGEST_SHA_2_256)
1429 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1430 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1431 string signature;
1432 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1433 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1434
1435 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1436 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1437
1438 // Just for giggles, try verifying with the wrong digest.
1439 AuthorizationSet begin_params(client_params());
1440 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1441 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1442
1443 string result;
1444 size_t input_consumed;
1445 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1446 EXPECT_EQ(message.size(), input_consumed);
1447 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1448}
1449
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1450TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1451 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1452 string message = "123456789012345678901234567890123456789012345678";
1453 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1454 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1455 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1456
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1457 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1458}
1459
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1460TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1461 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1462 string message = "123456789012345678901234567890123456789012345678";
1463 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1464 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1465 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1466
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1467 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1468}
1469
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1470TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1471 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1472 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1473 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1474 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1475 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1476
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1477 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1478}
1479
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1480TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1481 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1482 string message = "123456789012345678901234567890123456789012345678";
1483 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1484 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1485 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1486
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1487 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1488}
1489
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1490TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1491 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1492 string message = "123456789012345678901234567890123456789012345678";
1493 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1494 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1495 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1496
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1497 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1498}
1499
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1500TEST_P(VerificationOperationsTest, HmacAnyDigestSuccess) {
1501 ASSERT_EQ(KM_ERROR_OK,
1502 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
1503 string message = "12345678901234567890123456789012";
1504 string signature;
1505
1506 size_t len;
1507 keymaster_digest_t* digests;
1508 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
1509 KM_PURPOSE_SIGN, &digests, &len));
1510 for (size_t i = 0; i < len; ++i) {
1511 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
1512 VerifyMessage(message, signature, digests[i]);
1513 if (len > 1) {
1514 size_t wrong_digest_index = (i == 0) ? 1 : 0;
1515 AuthorizationSet begin_params(client_params());
1516 begin_params.push_back(TAG_DIGEST, digests[wrong_digest_index]);
1517 begin_params.push_back(TAG_MAC_LENGTH, 128);
1518 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1519 string output;
1520 size_t input_consumed;
1521 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &output, &input_consumed));
1522 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &output));
1523 }
1524 }
1525 free(digests);
1526
1527 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1528}
1529
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1530typedef Keymaster1Test ExportKeyTest;
1531INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1532
1533TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1535 .RsaSigningKey(256, 3)
1536 .Digest(KM_DIGEST_NONE)
1537 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1538 string export_data;
1539 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1540 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1541
1542 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1543
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1544 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1545 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1546}
1547
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1548TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1549 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1550 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1551 string export_data;
1552 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1553 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1554
1555 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1556
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1557 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1558 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1559}
1560
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1561TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1562 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1563 .RsaSigningKey(256, 3)
1564 .Digest(KM_DIGEST_NONE)
1565 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1566 string export_data;
1567 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1568
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1569 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1570 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1571}
1572
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1573TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1574 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1575 .RsaSigningKey(256, 3)
1576 .Digest(KM_DIGEST_NONE)
1577 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1578 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1579 string export_data;
1580 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1581
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1583 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1584}
1585
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1586TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1588 string export_data;
1589
1590 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1591 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1592 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1593
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1594 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1595}
1596
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1597static string read_file(const string& file_name) {
1598 ifstream file_stream(file_name, std::ios::binary);
1599 istreambuf_iterator<char> file_begin(file_stream);
1600 istreambuf_iterator<char> file_end;
1601 return string(file_begin, file_end);
1602}
1603
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1604typedef Keymaster1Test ImportKeyTest;
1605INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1606
1607TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1608 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1609 ASSERT_EQ(633U, pk8_key.size());
1610
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1611 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1612 .RsaSigningKey(1024, 65537)
1613 .Digest(KM_DIGEST_NONE)
1614 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1615 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1616
1617 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1618 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1619 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1620 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1621 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1622 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1623 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1624 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1625 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1626 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1627
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1628 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1629 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1630 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1631
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1632 string message(1024 / 8, 'a');
1633 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1634 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1635 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1636
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1637 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1638 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1639}
1640
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1641TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1642 string pk8_key = read_file("rsa_privkey_pk8.der");
1643 ASSERT_EQ(633U, pk8_key.size());
1644
1645 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1646 // point softkeymaster will no longer support keymaster0 APIs anyway.
1647 uint8_t* key_blob;
1648 size_t key_blob_length;
1649 ASSERT_EQ(0,
1650 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1651 pk8_key.size(), &key_blob, &key_blob_length));
1652 set_key_blob(key_blob, key_blob_length);
1653
1654 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1655 AuthorizationSet begin_params; // Don't use client data.
1656 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1657 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1658 AuthorizationSet update_params;
1659 AuthorizationSet output_params;
1660 string signature =
1661 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1662 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1663 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1664
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1665 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1666 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1667}
1668
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1669TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1670 string pk8_key = read_file("rsa_privkey_pk8.der");
1671 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1672 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1673 ImportKey(AuthorizationSetBuilder()
1674 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1675 .Digest(KM_DIGEST_NONE)
1676 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1677 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1678
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1679 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1680}
1681
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1682TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1683 string pk8_key = read_file("rsa_privkey_pk8.der");
1684 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1685 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1686 ImportKey(AuthorizationSetBuilder()
1687 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1688 .Digest(KM_DIGEST_NONE)
1689 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1690 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1691
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1692 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1693}
1694
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1695TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1696 string pk8_key = read_file("ec_privkey_pk8.der");
1697 ASSERT_EQ(138U, pk8_key.size());
1698
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1699 ASSERT_EQ(KM_ERROR_OK,
1700 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1701 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1702
1703 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1704 EXPECT_TRUE(
1705 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1706 TAG_ALGORITHM, KM_ALGORITHM_EC));
1707 EXPECT_TRUE(
1708 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1709 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1710
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1711 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1712 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1713 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1714
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1715 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1716 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1717 SignMessage(message, &signature, KM_DIGEST_NONE);
1718 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1719
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1720 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1721 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1722}
1723
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1724TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1725 string pk8_key = read_file("ec_privkey_pk8.der");
1726 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1727
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1728 ASSERT_EQ(KM_ERROR_OK,
1729 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1730 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1731
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1732 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1733 EXPECT_TRUE(
1734 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1735 TAG_ALGORITHM, KM_ALGORITHM_EC));
1736 EXPECT_TRUE(
1737 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1738 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1739
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1740 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1741 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1742 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1743
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1744 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1745 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1746 SignMessage(message, &signature, KM_DIGEST_NONE);
1747 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1748
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1749 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1750 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1751}
1752
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1753TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1754 string pk8_key = read_file("ec_privkey_pk8.der");
1755 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1756 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1757 ImportKey(AuthorizationSetBuilder()
1758 .EcdsaSigningKey(224 /* Doesn't match key */)
1759 .Digest(KM_DIGEST_NONE),
1760 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1761
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1762 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1763}
1764
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1765TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1766 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1767 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1768 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1769 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1770 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1771 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1772
1773 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1774 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1775
1776 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1777 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1778 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1779 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1780
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1781 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1782}
1783
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1784TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1785 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1786 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1787 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1788 .HmacKey(sizeof(key_data) * 8)
1789 .Digest(KM_DIGEST_SHA_2_256)
1790 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1791 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1792
1793 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1794 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1795
1796 string message = "Hello World!";
1797 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1798 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1799 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1800
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1801 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1802}
1803
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1804typedef Keymaster1Test EncryptionOperationsTest;
1805INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1806
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1807TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1808 ASSERT_EQ(KM_ERROR_OK,
1809 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1810
1811 string message = "12345678901234567890123456789012";
1812 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1813 EXPECT_EQ(256U / 8, ciphertext1.size());
1814
1815 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1816 EXPECT_EQ(256U / 8, ciphertext2.size());
1817
1818 // Unpadded RSA is deterministic
1819 EXPECT_EQ(ciphertext1, ciphertext2);
1820
1821 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1822 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1823}
1824
1825TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1826 ASSERT_EQ(KM_ERROR_OK,
1827 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1828
1829 string message = "1234567890123456789012345678901";
1830
1831 AuthorizationSet begin_params(client_params());
1832 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1833 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1834
1835 string result;
1836 size_t input_consumed;
1837 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1838 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1839 EXPECT_EQ(0U, result.size());
1840
1841 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1842 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1843}
1844
1845TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1846 ASSERT_EQ(KM_ERROR_OK,
1847 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1848
1849 string message = "123456789012345678901234567890123";
1850
1851 AuthorizationSet begin_params(client_params());
1852 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1853 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1854
1855 string result;
1856 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1857 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1858
1859 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1860 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1861}
1862
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1863TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1864 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1865 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1866 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1867 .Padding(KM_PAD_RSA_OAEP)
1868 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1869
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1870 string message = "Hello";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1871 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1872 EXPECT_EQ(key_size / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1873
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1874 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1875 EXPECT_EQ(key_size / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1876
1877 // OAEP randomizes padding so every result should be different.
1878 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1879
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1880 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1881 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1882}
1883
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1884TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1885 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1886 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1887 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1888 .Padding(KM_PAD_RSA_OAEP)
1889 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1890 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1891 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1892 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1893
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1894 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1895 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1896
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1897 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1898 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1899}
1900
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1901TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1902 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1903 .RsaEncryptionKey(512, 3)
1904 .Padding(KM_PAD_RSA_OAEP)
1905 .Digest(KM_DIGEST_NONE)));
1906 string message = "Hello World!";
1907
1908 AuthorizationSet begin_params(client_params());
1909 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1910 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1911 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1912
1913 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1914 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1915}
1916
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1917TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) {
1918 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1919 .RsaEncryptionKey(512, 3)
1920 .Padding(KM_PAD_RSA_OAEP)
1921 .Digest(KM_DIGEST_SHA_2_256)));
1922 string message = "Hello World!";
1923 // Works because encryption is a public key operation.
1924 EncryptMessage(string(message), KM_DIGEST_SHA1, KM_PAD_RSA_OAEP);
1925
1926 AuthorizationSet begin_params(client_params());
1927 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1928 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
1929 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
1930
1931 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1932 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1933}
1934
1935TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
1936 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1937 .RsaEncryptionKey(768, 3)
1938 .Padding(KM_PAD_RSA_OAEP)
1939 .Digest(KM_DIGEST_SHA_2_256)
1940 .Digest(KM_DIGEST_SHA_2_384)));
1941 string message = "Hello World!";
1942 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
1943
1944 string result;
1945 size_t input_consumed;
1946 AuthorizationSet begin_params(client_params());
1947 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1948 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
1949 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
1950 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
1951 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
1952 EXPECT_EQ(0U, result.size());
1953
1954 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1955 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1956}
1957
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1958TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1959 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1960 .RsaEncryptionKey(512, 3)
1961 .Padding(KM_PAD_RSA_OAEP)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1962 .Digest(KM_DIGEST_SHA1)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1963 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1964 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1965 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1966
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1967 AuthorizationSet begin_params(client_params());
1968 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1969 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1970 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1971 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1972 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1973 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1974
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1975 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1976 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1977}
1978
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1979TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1980 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1981 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1982 .RsaEncryptionKey(768, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1983 .Padding(KM_PAD_RSA_OAEP)
1984 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1985 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1986 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1987 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1988
1989 // Corrupt the ciphertext
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame^]1990 ciphertext[key_size / 8 / 2]++;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1991
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1992 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1993 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1994 AuthorizationSet begin_params(client_params());
1995 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1996 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1997 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1998 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1999 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2000 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2001
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2002 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2003 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2004}
2005
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2006TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2007 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2008 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2009 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2010 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2011 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2012
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2013 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2014 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2015
2016 // PKCS1 v1.5 randomizes padding so every result should be different.
2017 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2018
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2019 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2020 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2021}
2022
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2023TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2024 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2025 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2026 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2027 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2028 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2029
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2030 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2031 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2032
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2033 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2034 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2035}
2036
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2037TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2038 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2039 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]2040 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2041 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2042 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2043
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2044 AuthorizationSet begin_params(client_params());
2045 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2046 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2047 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2048 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2049 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2050
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2051 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2052 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2053}
2054
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2055TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
2056 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2057 .RsaEncryptionKey(512, 3)
2058 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
2059 .Digest(KM_DIGEST_NONE)));
2060 string message = "Hello World!";
2061 string result;
2062
2063 AuthorizationSet begin_params(client_params());
2064 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2065 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
2066 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2067
2068 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2069 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2070}
2071
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2072TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2073 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2074 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2075 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2076 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2077 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2078
2079 // Corrupt the ciphertext
2080 ciphertext[512 / 8 / 2]++;
2081
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2082 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2083 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2084 AuthorizationSet begin_params(client_params());
2085 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2086 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2087 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2088 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2089 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2090
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2091 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2092 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2093}
2094
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2095TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2096 ASSERT_EQ(KM_ERROR_OK,
2097 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2098
2099 AuthorizationSet begin_params(client_params());
2100 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2101 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2102
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2103 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2104 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2105}
2106
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2107TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2108 ASSERT_EQ(KM_ERROR_OK,
2109 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2110 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2111 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2112
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2113 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2114 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2115}
2116
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2117TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2118 ASSERT_EQ(
2119 KM_ERROR_OK,
2120 GenerateKey(
2121 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2122 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2123 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2124
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2125 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2126}
2127
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2128TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2129 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2130 .AesEncryptionKey(128)
2131 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2132 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2133 // Two-block message.
2134 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2135 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2136 EXPECT_EQ(message.size(), ciphertext1.size());
2137
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2138 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2139 EXPECT_EQ(message.size(), ciphertext2.size());
2140
2141 // ECB is deterministic.
2142 EXPECT_EQ(ciphertext1, ciphertext2);
2143
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2144 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2145 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2146
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2147 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2148}
2149
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2150TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2151 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2152 .AesEncryptionKey(128)
2153 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2154 .Padding(KM_PAD_NONE)));
2155 // Two-block message.
2156 string message = "12345678901234567890123456789012";
2157 AuthorizationSet begin_params(client_params());
2158 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2159 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2160 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2161
2162 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2163}
2164
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2165TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2166 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2167 .AesEncryptionKey(128)
2168 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2169 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2170 // Message is slightly shorter than two blocks.
2171 string message = "1234567890123456789012345678901";
2172
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2173 AuthorizationSet begin_params(client_params());
2174 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2175 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2176 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2177 string ciphertext;
2178 size_t input_consumed;
2179 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2180 EXPECT_EQ(message.size(), input_consumed);
2181 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2182
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2183 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2184}
2185
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2186TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2187 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2188 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2189 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2190 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2191
2192 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2193 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2194 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2195 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2196 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2197 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2198 EXPECT_EQ(message, plaintext);
2199 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2200
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2201 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2202}
2203
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2204TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2205 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2206 .AesEncryptionKey(128)
2207 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2208 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2209
2210 // Try various message lengths; all should work.
2211 for (size_t i = 0; i < 32; ++i) {
2212 string message(i, 'a');
2213 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
2214 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
2215 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
2216 EXPECT_EQ(message, plaintext);
2217 }
2218
2219 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2220}
2221
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2222TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2223 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2224 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2225 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2226 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2227
2228 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2229 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2230 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2231 EXPECT_NE(ciphertext, message);
2232 ++ciphertext[ciphertext.size() / 2];
2233
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2234 AuthorizationSet begin_params(client_params());
2235 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2236 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2237 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2238 string plaintext;
2239 size_t input_consumed;
2240 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2241 EXPECT_EQ(ciphertext.size(), input_consumed);
2242 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2243
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2244 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2245}
2246
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2247TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2248 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2249 .AesEncryptionKey(128)
2250 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2251 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2252 string message = "123";
2253 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2254 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2255 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2256 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2257
2258 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2259 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2260 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2261 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2262
2263 // IVs should be random, so ciphertexts should differ.
2264 EXPECT_NE(iv1, iv2);
2265 EXPECT_NE(ciphertext1, ciphertext2);
2266
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2267 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2268 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2269
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2270 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2271}
2272
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2273TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2274 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2275 .AesEncryptionKey(128)
2276 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2277 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2278
2279 int increment = 15;
2280 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2281 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2282 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2283 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2284 AuthorizationSet output_params;
2285 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2286
2287 string ciphertext;
2288 size_t input_consumed;
2289 for (size_t i = 0; i < message.size(); i += increment)
2290 EXPECT_EQ(KM_ERROR_OK,
2291 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2292 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2293 EXPECT_EQ(message.size(), ciphertext.size());
2294
2295 // Move TAG_NONCE into input_params
2296 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2297 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2298 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2299 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2300 output_params.Clear();
2301
2302 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2303 string plaintext;
2304 for (size_t i = 0; i < ciphertext.size(); i += increment)
2305 EXPECT_EQ(KM_ERROR_OK,
2306 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2307 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2308 EXPECT_EQ(ciphertext.size(), plaintext.size());
2309 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2310
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2311 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2312}
2313
2314struct AesCtrSp80038aTestVector {
2315 const char* key;
2316 const char* nonce;
2317 const char* plaintext;
2318 const char* ciphertext;
2319};
2320
2321// These test vectors are taken from
2322// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2323static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2324 // AES-128
2325 {
2326 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2327 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2328 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2329 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2330 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2331 },
2332 // AES-192
2333 {
2334 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2335 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2336 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2337 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2338 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2339 },
2340 // AES-256
2341 {
2342 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2343 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2344 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2345 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2346 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2347 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2348 },
2349};
2350
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2351TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2352 for (size_t i = 0; i < 3; i++) {
2353 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2354 const string key = hex2str(test.key);
2355 const string nonce = hex2str(test.nonce);
2356 const string plaintext = hex2str(test.plaintext);
2357 const string ciphertext = hex2str(test.ciphertext);
2358 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2359 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2360
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2361 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2362}
2363
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2364TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2365 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2366 .AesEncryptionKey(128)
2367 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2368 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2369 AuthorizationSet begin_params(client_params());
2370 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2371 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2372 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2373
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2374 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2375}
2376
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2377TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2378 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2379 .AesEncryptionKey(128)
2380 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2381 .Authorization(TAG_CALLER_NONCE)
2382 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2383
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2384 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2385 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2386 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2387 input_params.push_back(TAG_NONCE, "123", 3);
2388 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2389
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2390 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2391}
2392
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2393TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2394 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2395 .AesEncryptionKey(128)
2396 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2397 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2398 // Two-block message.
2399 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2400 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2401 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2402 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2403
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2404 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2405 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2406 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2407
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2408 // IVs should be random, so ciphertexts should differ.
2409 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2410 EXPECT_NE(ciphertext1, ciphertext2);
2411
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2412 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2413 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2414
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2415 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2416}
2417
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2418TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2419 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2420 .AesEncryptionKey(128)
2421 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2422 .Authorization(TAG_CALLER_NONCE)
2423 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2424 string message = "12345678901234567890123456789012";
2425 string iv1;
2426 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2427 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2428 EXPECT_EQ(message.size(), ciphertext1.size());
2429 EXPECT_EQ(16U, iv1.size());
2430
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2431 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2432 EXPECT_EQ(message, plaintext);
2433
2434 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2435 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2436 AuthorizationSet update_params;
2437 AuthorizationSet output_params;
2438 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2439 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2440 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2441 string ciphertext2 =
2442 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2443
2444 // Decrypt with correct nonce.
2445 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2446 &output_params);
2447 EXPECT_EQ(message, plaintext);
2448
2449 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2450 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2451 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2452 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2453 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2454 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2455 &output_params);
2456 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2457
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2458 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2459}
2460
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2461TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2462 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2463 .AesEncryptionKey(128)
2464 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2465 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2466
2467 string message = "12345678901234567890123456789012";
2468 string iv1;
2469 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2470 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2471 EXPECT_EQ(message.size(), ciphertext1.size());
2472 EXPECT_EQ(16U, iv1.size());
2473
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2474 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2475 EXPECT_EQ(message, plaintext);
2476
2477 // Now specify a nonce, should fail.
2478 AuthorizationSet input_params(client_params());
2479 AuthorizationSet update_params;
2480 AuthorizationSet output_params;
2481 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2482 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2483 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2484
2485 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2486 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2487
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2488 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2489}
2490
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2491TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2492 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2493 .AesEncryptionKey(128)
2494 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2495 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2496
2497 int increment = 15;
2498 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2499 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2500 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2501 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2502 AuthorizationSet output_params;
2503 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2504
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2505 string ciphertext;
2506 size_t input_consumed;
2507 for (size_t i = 0; i < message.size(); i += increment)
2508 EXPECT_EQ(KM_ERROR_OK,
2509 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2510 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2511 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2512
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2513 // Move TAG_NONCE into input_params
2514 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2515 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2516 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2517 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2518 output_params.Clear();
2519
2520 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2521 string plaintext;
2522 for (size_t i = 0; i < ciphertext.size(); i += increment)
2523 EXPECT_EQ(KM_ERROR_OK,
2524 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2525 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2526 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2527 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2528
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2529 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2530}
2531
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2532TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2533 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2534 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2535 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2536 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2537
2538 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2539 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2540 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2541 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2542 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2543 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2544 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2545 EXPECT_EQ(message, plaintext);
2546 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2547
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2548 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2549}
2550
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2551TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2552 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2553 .AesEncryptionKey(128)
2554 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2555 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2556 string aad = "foobar";
2557 string message = "123456789012345678901234567890123456";
2558 AuthorizationSet begin_params(client_params());
2559 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2560 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2561 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2562
2563 AuthorizationSet update_params;
2564 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2565
2566 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2567 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2568 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2569 string ciphertext;
2570 size_t input_consumed;
2571 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2572 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2573 &input_consumed));
2574 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2575 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2576
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2577 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2578 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2579 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2580
2581 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2582 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2583 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2584 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2585 &plaintext, &input_consumed));
2586 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2587 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2588
2589 EXPECT_EQ(message, plaintext);
2590 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2591}
2592
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2593TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2594 uint8_t nonce[] = {
2595 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2596 };
2597 uint8_t ciphertext[] = {
2598 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2599 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2600 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2601 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2602 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2603 };
2604 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2605
2606 AuthorizationSet begin_params(client_params());
2607 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2608 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2609 begin_params.push_back(TAG_MAC_LENGTH, 128);
2610 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2611
2612 string plaintext;
2613 size_t input_consumed;
2614
2615 // Import correct key and decrypt
2616 uint8_t good_key[] = {
2617 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2618 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2619 };
2620 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2621 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2622 .AesEncryptionKey(128)
2623 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2624 .Authorization(TAG_PADDING, KM_PAD_NONE)
2625 .Authorization(TAG_CALLER_NONCE),
2626 KM_KEY_FORMAT_RAW, good_key_str));
2627 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2628 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2629 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2630
2631 // Import bad key and decrypt
2632 uint8_t bad_key[] = {
2633 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2634 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2635 };
2636 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2637 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2638 .AesEncryptionKey(128)
2639 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2640 .Authorization(TAG_PADDING, KM_PAD_NONE),
2641 KM_KEY_FORMAT_RAW, bad_key_str));
2642 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2643 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2644 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2645
2646 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2647}
2648
2649TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2650 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2651 .AesEncryptionKey(128)
2652 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2653 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2654 string aad = "123456789012345678";
2655 string empty_message;
2656 AuthorizationSet begin_params(client_params());
2657 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2658 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2659 begin_params.push_back(TAG_MAC_LENGTH, 128);
2660
2661 AuthorizationSet update_params;
2662 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2663
2664 // Encrypt
2665 AuthorizationSet begin_out_params;
2666 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2667 string ciphertext;
2668 size_t input_consumed;
2669 AuthorizationSet update_out_params;
2670 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2671 &ciphertext, &input_consumed));
2672 EXPECT_EQ(0U, input_consumed);
2673 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2674
2675 // Grab nonce
2676 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2677 begin_params.push_back(begin_out_params);
2678
2679 // Decrypt.
2680 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2681 string plaintext;
2682 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2683 &plaintext, &input_consumed));
2684 EXPECT_EQ(ciphertext.size(), input_consumed);
2685 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2686
2687 EXPECT_EQ(empty_message, plaintext);
2688 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2689}
2690
2691TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2692 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2693 .AesEncryptionKey(128)
2694 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2695 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2696 AuthorizationSet begin_params(client_params());
2697 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2698 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2699 begin_params.push_back(TAG_MAC_LENGTH, 128);
2700
2701 AuthorizationSet update_params;
2702 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2703
2704 // Encrypt
2705 AuthorizationSet begin_out_params;
2706 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2707 string ciphertext;
2708 size_t input_consumed;
2709 AuthorizationSet update_out_params;
2710
2711 // Send AAD, incrementally
2712 for (int i = 0; i < 1000; ++i) {
2713 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2714 &input_consumed));
2715 EXPECT_EQ(0U, input_consumed);
2716 EXPECT_EQ(0U, ciphertext.size());
2717 }
2718
2719 // Now send data, incrementally, no data.
2720 AuthorizationSet empty_params;
2721 for (int i = 0; i < 1000; ++i) {
2722 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2723 &input_consumed));
2724 EXPECT_EQ(1U, input_consumed);
2725 }
2726 EXPECT_EQ(1000U, ciphertext.size());
2727
2728 // And finish.
2729 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2730 EXPECT_EQ(1016U, ciphertext.size());
2731
2732 // Grab nonce
2733 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2734 begin_params.push_back(begin_out_params);
2735
2736 // Decrypt.
2737 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2738 string plaintext;
2739
2740 // Send AAD, incrementally, no data
2741 for (int i = 0; i < 1000; ++i) {
2742 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2743 &input_consumed));
2744 EXPECT_EQ(0U, input_consumed);
2745 EXPECT_EQ(0U, plaintext.size());
2746 }
2747
2748 // Now send data, incrementally.
2749 for (size_t i = 0; i < ciphertext.length(); ++i) {
2750 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2751 &update_out_params, &plaintext, &input_consumed));
2752 EXPECT_EQ(1U, input_consumed);
2753 }
2754 EXPECT_EQ(1000U, plaintext.size());
2755 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2756
2757 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2758}
2759
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2760TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2761 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2762 .AesEncryptionKey(128)
2763 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2764 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2765 string message = "123456789012345678901234567890123456";
2766 AuthorizationSet begin_params(client_params());
2767 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2768 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2769 begin_params.push_back(TAG_MAC_LENGTH, 128);
2770 AuthorizationSet begin_out_params;
2771
2772 AuthorizationSet update_params;
2773 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2774
2775 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2776
2777 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2778 string ciphertext;
2779 size_t input_consumed;
2780 AuthorizationSet update_out_params;
2781 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2782 &ciphertext, &input_consumed));
2783 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2784
2785 // AAD and data.
2786 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2787 &input_consumed));
2788 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2789 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2790
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2791 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2792 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2793 begin_params.push_back(begin_out_params);
2794
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2795 // Decrypt
2796 update_params.Clear();
2797 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2798
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2799 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2800 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2801 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2802 &plaintext, &input_consumed));
2803 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2804 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2805
2806 EXPECT_EQ(message, plaintext);
2807 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2808}
2809
2810TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2811 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2812 .AesEncryptionKey(128)
2813 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2814 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2815 string message = "12345678901234567890123456789012";
2816 AuthorizationSet begin_params(client_params());
2817 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2818 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2819 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2820
2821 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2822 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2823
2824 AuthorizationSet finish_params;
2825 AuthorizationSet finish_out_params;
2826
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2827 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2828 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2829 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2830 AuthorizationSet update_out_params;
2831 string ciphertext;
2832 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2833 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2834 &input_consumed));
2835 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2836 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2837
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2838 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2839 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2840 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2841
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2842 update_params.Clear();
2843 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2844
2845 // Decrypt.
2846 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2847 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2848 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2849 &plaintext, &input_consumed));
2850 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2851 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2852
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2853 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2854}
2855
2856TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2857 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2858 .AesEncryptionKey(128)
2859 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2860 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2861 string message = "12345678901234567890123456789012";
2862 AuthorizationSet begin_params(client_params());
2863 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2864 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2865 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2866
2867 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2868 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2869
2870 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2871 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2872 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2873 AuthorizationSet update_out_params;
2874 string ciphertext;
2875 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2876 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2877 &input_consumed));
2878 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2879 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2880
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2881 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2882
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2883 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2884 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2885 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2886 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2887 &plaintext, &input_consumed));
2888 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2889 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2890
2891 // With wrong nonce, should have gotten garbage plaintext.
2892 EXPECT_NE(message, plaintext);
2893 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2894}
2895
2896TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2897 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2898 .AesEncryptionKey(128)
2899 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2900 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2901 string aad = "foobar";
2902 string message = "123456789012345678901234567890123456";
2903 AuthorizationSet begin_params(client_params());
2904 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2905 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2906 begin_params.push_back(TAG_MAC_LENGTH, 128);
2907 AuthorizationSet begin_out_params;
2908
2909 AuthorizationSet update_params;
2910 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2911
2912 // Encrypt
2913 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2914 AuthorizationSet update_out_params;
2915 string ciphertext;
2916 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2917 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2918 &input_consumed));
2919 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2920 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2921
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2922 // Corrupt tag
2923 (*ciphertext.rbegin())++;
2924
2925 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2926 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2927 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2928
2929 // Decrypt.
2930 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2931 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2932 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2933 &plaintext, &input_consumed));
2934 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2935 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2936
2937 EXPECT_EQ(message, plaintext);
2938 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2939}
2940
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2941typedef Keymaster1Test MaxOperationsTest;
2942INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
2943
2944TEST_P(MaxOperationsTest, TestLimit) {
2945 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2946 .AesEncryptionKey(128)
2947 .EcbMode()
2948 .Authorization(TAG_PADDING, KM_PAD_NONE)
2949 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2950
2951 string message = "1234567890123456";
2952 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2953 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2954 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2955
2956 // Fourth time should fail.
2957 AuthorizationSet begin_params(client_params());
2958 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2959 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2960 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2961
2962 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2963}
2964
2965TEST_P(MaxOperationsTest, TestAbort) {
2966 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2967 .AesEncryptionKey(128)
2968 .EcbMode()
2969 .Authorization(TAG_PADDING, KM_PAD_NONE)
2970 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2971
2972 string message = "1234567890123456";
2973 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2974 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2975 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2976
2977 // Fourth time should fail.
2978 AuthorizationSet begin_params(client_params());
2979 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2980 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2981 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2982
2983 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2984}
2985
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2986typedef Keymaster1Test AddEntropyTest;
2987INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2988
2989TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2990 // There's no obvious way to test that entropy is actually added, but we can test that the API
2991 // doesn't blow up or return an error.
2992 EXPECT_EQ(KM_ERROR_OK,
2993 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2994
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2995 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2996}
2997
2998typedef Keymaster1Test Keymaster0AdapterTest;
2999INSTANTIATE_TEST_CASE_P(
3000 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3001 ::testing::Values(
3002 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
3003 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3004
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3005TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3006 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3007 // key data.
3008 string km1_sw = read_file("km1_sw_rsa_512.blob");
3009 EXPECT_EQ(486U, km1_sw.length());
3010
3011 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3012 memcpy(key_data, km1_sw.data(), km1_sw.length());
3013 set_key_blob(key_data, km1_sw.length());
3014
3015 string message(64, 'a');
3016 string signature;
3017 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3018
3019 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3020}
3021
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]3022TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
3023 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
3024 // blobs contain OCB-encrypted key data.
3025 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
3026 EXPECT_EQ(477U, km1_sw.length());
3027
3028 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3029 memcpy(key_data, km1_sw.data(), km1_sw.length());
3030 set_key_blob(key_data, km1_sw.length());
3031
3032 string message(64, 'a');
3033 string signature;
3034 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3035
3036 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3037}
3038
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3039TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
3040 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3041 // key data.
3042 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
3043 EXPECT_EQ(270U, km1_sw.length());
3044
3045 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3046 memcpy(key_data, km1_sw.data(), km1_sw.length());
3047 set_key_blob(key_data, km1_sw.length());
3048
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]3049 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3050 string signature;
3051 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3052
3053 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3054}
3055
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3056struct Malloc_Delete {
3057 void operator()(void* p) { free(p); }
3058};
3059
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3060TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3061 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3062 string km0_sw = read_file("km0_sw_rsa_512.blob");
3063 EXPECT_EQ(333U, km0_sw.length());
3064
3065 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3066 memcpy(key_data, km0_sw.data(), km0_sw.length());
3067 set_key_blob(key_data, km0_sw.length());
3068
3069 string message(64, 'a');
3070 string signature;
3071 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3072
3073 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3074}
3075
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3076TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3077 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3078 string km0_sw = read_file("km0_sw_rsa_512.blob");
3079 EXPECT_EQ(333U, km0_sw.length());
3080
3081 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3082 memcpy(key_data, km0_sw.data(), km0_sw.length());
3083 set_key_blob(key_data, km0_sw.length());
3084
3085 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3086 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3087 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3088 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3089 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3090 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3091 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3092 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3093 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3094 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3095
3096 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3097}
3098
3099TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3100 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3101 string km0_sw = read_file("km0_sw_rsa_512.blob");
3102 EXPECT_EQ(333U, km0_sw.length());
3103
3104 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3105 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3106 EXPECT_EQ('P', km0_sw[0]);
3107 km0_sw[0] = 'Q';
3108
3109 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3110 memcpy(key_data, km0_sw.data(), km0_sw.length());
3111 set_key_blob(key_data, km0_sw.length());
3112
3113 string message(64, 'a');
3114 string signature;
3115 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3116 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3117
3118 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3119}
3120
3121TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3122 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3123 string km0_sw = read_file("km0_sw_rsa_512.blob");
3124 EXPECT_EQ(333U, km0_sw.length());
3125
3126 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3127 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3128 EXPECT_EQ('P', km0_sw[0]);
3129 km0_sw[0] = 'Q';
3130
3131 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3132 memcpy(key_data, km0_sw.data(), km0_sw.length());
3133 set_key_blob(key_data, km0_sw.length());
3134
3135 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3136 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3137 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3138 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3139 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3140 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
3141 EXPECT_EQ(5U, hw_enforced().size());
3142
3143 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3144 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3145 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3146 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3147
3148 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3149 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3150 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3151 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3152 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3153
3154 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3155}
3156
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3157} // namespace test
3158} // namespace keymaster