| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 17 | #include <algorithm> |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 18 | #include <fstream> |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 19 | #include <string> |
| 20 | #include <vector> |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 21 | |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 22 | #include <gtest/gtest.h> |
| Shawn Willden | 7636471 | 2014-08-11 17:48:04 -0600 | [diff] [blame] | 23 | |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 24 | #include <openssl/engine.h> |
| 25 | |
| Shawn Willden | 98d9b92 | 2014-08-26 08:14:10 -0600 | [diff] [blame] | 26 | #include <keymaster/google_keymaster_utils.h> |
| 27 | #include <keymaster/keymaster_tags.h> |
| Shawn Willden | b751033 | 2015-02-06 19:58:29 -0700 | [diff] [blame] | 28 | #include <keymaster/soft_keymaster_device.h> |
| Shawn Willden | 98d9b92 | 2014-08-26 08:14:10 -0600 | [diff] [blame] | 29 | |
| Shawn Willden | 7636471 | 2014-08-11 17:48:04 -0600 | [diff] [blame] | 30 | #include "google_keymaster_test_utils.h" |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 31 | |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 32 | using std::ifstream; |
| 33 | using std::istreambuf_iterator; |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 34 | using std::string; |
| 35 | using std::vector; |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 36 | |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 37 | int main(int argc, char** argv) { |
| Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame^] | 38 | ERR_load_crypto_strings(); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 39 | ::testing::InitGoogleTest(&argc, argv); |
| 40 | int result = RUN_ALL_TESTS(); |
| 41 | // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain. |
| 42 | CRYPTO_cleanup_all_ex_data(); |
| Shawn Willden | 7c0a82b | 2014-09-17 12:57:32 -0600 | [diff] [blame] | 43 | ERR_remove_thread_state(NULL); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 44 | ERR_free_strings(); |
| 45 | return result; |
| 46 | } |
| 47 | |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 48 | template <typename T> std::ostream& operator<<(std::ostream& os, const std::vector<T>& vec) { |
| 49 | os << "{ "; |
| 50 | bool first = true; |
| 51 | for (T t : vec) { |
| 52 | os << (first ? "" : ", ") << t; |
| 53 | if (first) |
| 54 | first = false; |
| 55 | } |
| 56 | os << " }"; |
| 57 | return os; |
| 58 | } |
| 59 | |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 60 | namespace keymaster { |
| 61 | namespace test { |
| 62 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 63 | /** |
| 64 | * Utility class to make construction of AuthorizationSets easy, and readable. Use like: |
| 65 | * |
| 66 | * ParamBuilder() |
| 67 | * .Option(TAG_ALGORITHM, KM_ALGORITHM_RSA) |
| 68 | * .Option(TAG_KEY_SIZE, 512) |
| 69 | * .Option(TAG_DIGEST, KM_DIGEST_NONE) |
| 70 | * .Option(TAG_PADDING, KM_PAD_NONE) |
| 71 | * .Option(TAG_SINGLE_USE_PER_BOOT, true) |
| 72 | * .build(); |
| 73 | * |
| 74 | * In addition there are methods that add common sets of parameters, like RsaSigningKey(). |
| 75 | */ |
| 76 | class ParamBuilder { |
| 77 | public: |
| 78 | template <typename TagType, typename ValueType> |
| 79 | ParamBuilder& Option(TagType tag, ValueType value) { |
| 80 | set.push_back(tag, value); |
| 81 | return *this; |
| 82 | } |
| 83 | |
| 84 | ParamBuilder& RsaKey(uint32_t key_size = 0, uint64_t public_exponent = 0) { |
| 85 | Option(TAG_ALGORITHM, KM_ALGORITHM_RSA); |
| 86 | if (key_size != 0) |
| 87 | Option(TAG_KEY_SIZE, key_size); |
| 88 | if (public_exponent != 0) |
| 89 | Option(TAG_RSA_PUBLIC_EXPONENT, public_exponent); |
| 90 | return *this; |
| 91 | } |
| 92 | |
| 93 | ParamBuilder& EcdsaKey(uint32_t key_size = 0) { |
| 94 | Option(TAG_ALGORITHM, KM_ALGORITHM_ECDSA); |
| 95 | if (key_size != 0) |
| 96 | Option(TAG_KEY_SIZE, key_size); |
| 97 | return *this; |
| 98 | } |
| 99 | |
| 100 | ParamBuilder& AesKey(uint32_t key_size) { |
| 101 | Option(TAG_ALGORITHM, KM_ALGORITHM_AES); |
| 102 | return Option(TAG_KEY_SIZE, key_size); |
| 103 | } |
| 104 | |
| 105 | ParamBuilder& HmacKey(uint32_t key_size, keymaster_digest_t digest, uint32_t mac_length) { |
| 106 | Option(TAG_ALGORITHM, KM_ALGORITHM_HMAC); |
| 107 | Option(TAG_KEY_SIZE, key_size); |
| 108 | SigningKey(); |
| 109 | Option(TAG_DIGEST, digest); |
| 110 | return Option(TAG_MAC_LENGTH, mac_length); |
| 111 | } |
| 112 | |
| 113 | ParamBuilder& RsaSigningKey(uint32_t key_size = 0, keymaster_digest_t digest = KM_DIGEST_NONE, |
| 114 | keymaster_padding_t padding = KM_PAD_NONE, |
| 115 | uint64_t public_exponent = 0) { |
| 116 | RsaKey(key_size, public_exponent); |
| 117 | SigningKey(); |
| 118 | Option(TAG_DIGEST, digest); |
| 119 | return Option(TAG_PADDING, padding); |
| 120 | } |
| 121 | |
| 122 | ParamBuilder& RsaEncryptionKey(uint32_t key_size = 0, |
| 123 | keymaster_padding_t padding = KM_PAD_RSA_OAEP, |
| 124 | uint64_t public_exponent = 0) { |
| 125 | RsaKey(key_size, public_exponent); |
| 126 | EncryptionKey(); |
| 127 | return Option(TAG_PADDING, padding); |
| 128 | } |
| 129 | |
| 130 | ParamBuilder& EcdsaSigningKey(uint32_t key_size = 0) { |
| 131 | EcdsaKey(key_size); |
| 132 | return SigningKey(); |
| 133 | } |
| 134 | |
| 135 | ParamBuilder& AesEncryptionKey(uint32_t key_size) { |
| 136 | AesKey(key_size); |
| 137 | return EncryptionKey(); |
| 138 | } |
| 139 | |
| 140 | ParamBuilder& SigningKey() { |
| 141 | Option(TAG_PURPOSE, KM_PURPOSE_SIGN); |
| 142 | return Option(TAG_PURPOSE, KM_PURPOSE_VERIFY); |
| 143 | } |
| 144 | |
| 145 | ParamBuilder& EncryptionKey() { |
| 146 | Option(TAG_PURPOSE, KM_PURPOSE_ENCRYPT); |
| 147 | return Option(TAG_PURPOSE, KM_PURPOSE_DECRYPT); |
| 148 | } |
| 149 | |
| 150 | ParamBuilder& NoDigestOrPadding() { |
| 151 | Option(TAG_DIGEST, KM_DIGEST_NONE); |
| 152 | return Option(TAG_PADDING, KM_PAD_NONE); |
| 153 | } |
| 154 | |
| 155 | ParamBuilder& OcbMode(uint32_t chunk_length, uint32_t mac_length) { |
| 156 | Option(TAG_BLOCK_MODE, KM_MODE_OCB); |
| 157 | Option(TAG_CHUNK_LENGTH, chunk_length); |
| 158 | return Option(TAG_MAC_LENGTH, mac_length); |
| 159 | } |
| 160 | |
| 161 | AuthorizationSet build() const { return set; } |
| 162 | |
| 163 | private: |
| 164 | AuthorizationSet set; |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 165 | }; |
| 166 | |
| Shawn Willden | 567a4a0 | 2014-12-31 12:14:46 -0700 | [diff] [blame] | 167 | StdoutLogger logger; |
| 168 | |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 169 | const uint64_t OP_HANDLE_SENTINEL = 0xFFFFFFFFFFFFFFFF; |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 170 | class KeymasterTest : public testing::Test { |
| 171 | protected: |
| Shawn Willden | 567a4a0 | 2014-12-31 12:14:46 -0700 | [diff] [blame] | 172 | KeymasterTest() : out_params_(NULL), op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) { |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 173 | blob_.key_material = NULL; |
| 174 | RAND_seed("foobar", 6); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 175 | blob_.key_material = 0; |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 176 | } |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 177 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 178 | ~KeymasterTest() { |
| 179 | FreeCharacteristics(); |
| 180 | FreeKeyBlob(); |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 181 | } |
| 182 | |
| Shawn Willden | 3025502 | 2015-02-24 14:00:21 -0700 | [diff] [blame] | 183 | keymaster1_device_t* device() { |
| 184 | return reinterpret_cast<keymaster1_device_t*>(device_.hw_device()); |
| 185 | } |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 186 | |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 187 | keymaster_error_t GenerateKey(const ParamBuilder& builder) { |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 188 | AuthorizationSet params(builder.build()); |
| 189 | params.push_back(UserAuthParams()); |
| 190 | params.push_back(ClientParams()); |
| 191 | |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 192 | FreeKeyBlob(); |
| 193 | FreeCharacteristics(); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 194 | return device()->generate_key(device(), params.data(), params.size(), &blob_, |
| 195 | &characteristics_); |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 196 | } |
| 197 | |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 198 | keymaster_error_t ImportKey(const ParamBuilder& builder, keymaster_key_format_t format, |
| 199 | const string& key_material) { |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 200 | AuthorizationSet params(builder.build()); |
| 201 | params.push_back(UserAuthParams()); |
| 202 | params.push_back(ClientParams()); |
| 203 | |
| 204 | FreeKeyBlob(); |
| 205 | FreeCharacteristics(); |
| 206 | return device()->import_key(device(), params.data(), params.size(), format, |
| 207 | reinterpret_cast<const uint8_t*>(key_material.c_str()), |
| 208 | key_material.length(), &blob_, &characteristics_); |
| 209 | } |
| 210 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 211 | AuthorizationSet UserAuthParams() { |
| 212 | AuthorizationSet set; |
| 213 | set.push_back(TAG_USER_ID, 7); |
| 214 | set.push_back(TAG_USER_AUTH_ID, 8); |
| 215 | set.push_back(TAG_AUTH_TIMEOUT, 300); |
| 216 | return set; |
| 217 | } |
| 218 | |
| 219 | AuthorizationSet ClientParams() { |
| 220 | AuthorizationSet set; |
| 221 | set.push_back(TAG_APPLICATION_ID, "app_id", 6); |
| 222 | return set; |
| 223 | } |
| 224 | |
| 225 | keymaster_error_t BeginOperation(keymaster_purpose_t purpose) { |
| 226 | return device()->begin(device(), purpose, &blob_, client_params_, |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 227 | array_length(client_params_), &out_params_, &out_params_count_, |
| 228 | &op_handle_); |
| 229 | } |
| 230 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 231 | keymaster_error_t UpdateOperation(const string& message, string* output, |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 232 | size_t* input_consumed) { |
| 233 | uint8_t* out_tmp = NULL; |
| 234 | size_t out_length; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 235 | EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL); |
| 236 | keymaster_error_t error = device()->update( |
| Shawn Willden | 6bfbff0 | 2015-02-06 19:48:24 -0700 | [diff] [blame] | 237 | device(), op_handle_, NULL /* additional_params */, 0 /* additional_params_count */, |
| 238 | reinterpret_cast<const uint8_t*>(message.c_str()), message.length(), input_consumed, |
| 239 | &out_tmp, &out_length); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 240 | if (out_tmp) |
| 241 | output->append(reinterpret_cast<char*>(out_tmp), out_length); |
| 242 | free(out_tmp); |
| 243 | return error; |
| 244 | } |
| 245 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 246 | keymaster_error_t FinishOperation(string* output) { return FinishOperation("", output); } |
| 247 | |
| 248 | keymaster_error_t FinishOperation(const string& signature, string* output) { |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 249 | uint8_t* out_tmp = NULL; |
| 250 | size_t out_length; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 251 | keymaster_error_t error = device()->finish( |
| Shawn Willden | 6bfbff0 | 2015-02-06 19:48:24 -0700 | [diff] [blame] | 252 | device(), op_handle_, NULL /* additional_params */, 0 /* additional_params_count */, |
| 253 | reinterpret_cast<const uint8_t*>(signature.c_str()), signature.length(), &out_tmp, |
| 254 | &out_length); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 255 | if (out_tmp) |
| 256 | output->append(reinterpret_cast<char*>(out_tmp), out_length); |
| 257 | free(out_tmp); |
| 258 | return error; |
| 259 | } |
| 260 | |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 261 | template <typename T> |
| 262 | bool ResponseContains(const vector<T>& expected, const T* values, size_t len) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 263 | return expected.size() == len && |
| 264 | std::is_permutation(values, values + len, expected.begin()); |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 265 | } |
| 266 | |
| 267 | template <typename T> bool ResponseContains(T expected, const T* values, size_t len) { |
| 268 | return (len == 1 && *values == expected); |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 269 | } |
| 270 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 271 | keymaster_error_t AbortOperation() { return device()->abort(device(), op_handle_); } |
| 272 | |
| 273 | string ProcessMessage(keymaster_purpose_t purpose, const string& message) { |
| 274 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose)); |
| 275 | |
| 276 | string result; |
| 277 | size_t input_consumed; |
| 278 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 279 | EXPECT_EQ(message.size(), input_consumed); |
| 280 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result)); |
| 281 | return result; |
| 282 | } |
| 283 | |
| 284 | string ProcessMessage(keymaster_purpose_t purpose, const string& message, |
| 285 | const string& signature) { |
| 286 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose)); |
| 287 | |
| 288 | string result; |
| 289 | size_t input_consumed; |
| 290 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 291 | EXPECT_EQ(message.size(), input_consumed); |
| 292 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result)); |
| 293 | return result; |
| 294 | } |
| 295 | |
| 296 | void SignMessage(const string& message, string* signature) { |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 297 | SCOPED_TRACE("SignMessage"); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 298 | *signature = ProcessMessage(KM_PURPOSE_SIGN, message); |
| 299 | EXPECT_GT(signature->size(), 0); |
| 300 | } |
| 301 | |
| 302 | void VerifyMessage(const string& message, const string& signature) { |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 303 | SCOPED_TRACE("VerifyMessage"); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 304 | ProcessMessage(KM_PURPOSE_VERIFY, message, signature); |
| 305 | } |
| 306 | |
| 307 | string EncryptMessage(const string& message) { |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 308 | SCOPED_TRACE("EncryptMessage"); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 309 | return ProcessMessage(KM_PURPOSE_ENCRYPT, message); |
| 310 | } |
| 311 | |
| 312 | string DecryptMessage(const string& ciphertext) { |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 313 | SCOPED_TRACE("DecryptMessage"); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 314 | return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext); |
| 315 | } |
| 316 | |
| 317 | keymaster_error_t GetCharacteristics() { |
| 318 | FreeCharacteristics(); |
| 319 | return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */, |
| 320 | &characteristics_); |
| 321 | } |
| 322 | |
| 323 | keymaster_error_t ExportKey(keymaster_key_format_t format, string* export_data) { |
| 324 | uint8_t* export_data_tmp; |
| 325 | size_t export_data_length; |
| 326 | |
| 327 | keymaster_error_t error = |
| 328 | device()->export_key(device(), format, &blob_, &client_id_, NULL /* app_data */, |
| 329 | &export_data_tmp, &export_data_length); |
| 330 | |
| 331 | if (error != KM_ERROR_OK) |
| 332 | return error; |
| 333 | |
| 334 | *export_data = string(reinterpret_cast<char*>(export_data_tmp), export_data_length); |
| 335 | free(export_data_tmp); |
| 336 | return error; |
| 337 | } |
| 338 | |
| 339 | keymaster_error_t GetVersion(uint8_t* major, uint8_t* minor, uint8_t* subminor) { |
| 340 | GetVersionRequest request; |
| 341 | GetVersionResponse response; |
| 342 | device_.GetVersion(request, &response); |
| 343 | if (response.error != KM_ERROR_OK) |
| 344 | return response.error; |
| 345 | *major = response.major_ver; |
| 346 | *minor = response.minor_ver; |
| 347 | *subminor = response.subminor_ver; |
| 348 | return response.error; |
| 349 | } |
| 350 | |
| 351 | AuthorizationSet hw_enforced() { |
| 352 | EXPECT_TRUE(characteristics_ != NULL); |
| 353 | return AuthorizationSet(characteristics_->hw_enforced); |
| 354 | } |
| 355 | |
| 356 | AuthorizationSet sw_enforced() { |
| 357 | EXPECT_TRUE(characteristics_ != NULL); |
| 358 | return AuthorizationSet(characteristics_->sw_enforced); |
| 359 | } |
| 360 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 361 | void FreeCharacteristics() { |
| 362 | keymaster_free_characteristics(characteristics_); |
| 363 | free(characteristics_); |
| 364 | characteristics_ = NULL; |
| 365 | } |
| 366 | |
| 367 | void FreeKeyBlob() { |
| 368 | free(const_cast<uint8_t*>(blob_.key_material)); |
| 369 | blob_.key_material = NULL; |
| 370 | } |
| 371 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 372 | void corrupt_key_blob() { |
| 373 | assert(blob_.key_material); |
| 374 | uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material); |
| 375 | ++tmp[blob_.key_material_size / 2]; |
| 376 | } |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 377 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 378 | private: |
| 379 | SoftKeymasterDevice device_; |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 380 | keymaster_blob_t client_id_ = {.data = reinterpret_cast<const uint8_t*>("app_id"), |
| 381 | .data_length = 6}; |
| 382 | keymaster_key_param_t client_params_[1] = { |
| 383 | Authorization(TAG_APPLICATION_ID, client_id_.data, client_id_.data_length)}; |
| 384 | |
| 385 | keymaster_key_param_t* out_params_; |
| 386 | size_t out_params_count_; |
| 387 | uint64_t op_handle_; |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 388 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 389 | keymaster_key_blob_t blob_; |
| 390 | keymaster_key_characteristics_t* characteristics_; |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 391 | }; |
| 392 | |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 393 | typedef KeymasterTest CheckSupported; |
| 394 | TEST_F(CheckSupported, SupportedAlgorithms) { |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 395 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 396 | device()->get_supported_algorithms(device(), NULL, NULL)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 397 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 398 | size_t len; |
| 399 | keymaster_algorithm_t* algorithms; |
| 400 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len)); |
| Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 401 | EXPECT_TRUE(ResponseContains( |
| 402 | {KM_ALGORITHM_RSA, KM_ALGORITHM_ECDSA, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, |
| 403 | len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 404 | free(algorithms); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 405 | } |
| 406 | |
| 407 | TEST_F(CheckSupported, SupportedBlockModes) { |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 408 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 409 | device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT, |
| 410 | NULL, NULL)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 411 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 412 | size_t len; |
| 413 | keymaster_block_mode_t* modes; |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 414 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, |
| 415 | KM_PURPOSE_ENCRYPT, &modes, &len)); |
| 416 | EXPECT_EQ(0, len); |
| 417 | free(modes); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 418 | |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 419 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 420 | device()->get_supported_block_modes(device(), KM_ALGORITHM_DSA, KM_PURPOSE_ENCRYPT, |
| 421 | &modes, &len)); |
| Shawn Willden | 28e4147 | 2014-08-18 13:35:22 -0600 | [diff] [blame] | 422 | |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 423 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 424 | device()->get_supported_block_modes(device(), KM_ALGORITHM_ECDSA, KM_PURPOSE_ENCRYPT, |
| 425 | &modes, &len)); |
| Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 426 | |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 427 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES, |
| 428 | KM_PURPOSE_ENCRYPT, &modes, &len)); |
| Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame^] | 429 | EXPECT_TRUE(ResponseContains({KM_MODE_OCB, KM_MODE_ECB, KM_MODE_CBC, KM_MODE_OFB, KM_MODE_CFB}, |
| 430 | modes, len)); |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 431 | free(modes); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 432 | } |
| 433 | |
| 434 | TEST_F(CheckSupported, SupportedPaddingModes) { |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 435 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 436 | device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT, |
| 437 | NULL, NULL)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 438 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 439 | size_t len; |
| 440 | keymaster_padding_t* modes; |
| 441 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, |
| 442 | KM_PURPOSE_SIGN, &modes, &len)); |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 443 | EXPECT_TRUE( |
| 444 | ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len)); |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 445 | free(modes); |
| 446 | |
| 447 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, |
| 448 | KM_PURPOSE_ENCRYPT, &modes, &len)); |
| 449 | EXPECT_TRUE(ResponseContains({KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 450 | free(modes); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 451 | |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 452 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, |
| 453 | device()->get_supported_padding_modes(device(), KM_ALGORITHM_DSA, KM_PURPOSE_SIGN, |
| 454 | &modes, &len)); |
| Shawn Willden | 28e4147 | 2014-08-18 13:35:22 -0600 | [diff] [blame] | 455 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 456 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_ECDSA, |
| 457 | KM_PURPOSE_SIGN, &modes, &len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 458 | EXPECT_EQ(0, len); |
| 459 | free(modes); |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 460 | |
| 461 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, |
| 462 | device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, |
| 463 | &modes, &len)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 464 | } |
| 465 | |
| 466 | TEST_F(CheckSupported, SupportedDigests) { |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 467 | EXPECT_EQ( |
| 468 | KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 469 | device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 470 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 471 | size_t len; |
| 472 | keymaster_digest_t* digests; |
| 473 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA, |
| 474 | KM_PURPOSE_SIGN, &digests, &len)); |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 475 | EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 476 | free(digests); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 477 | |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 478 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, |
| 479 | device()->get_supported_digests(device(), KM_ALGORITHM_DSA, KM_PURPOSE_SIGN, &digests, |
| 480 | &len)); |
| Shawn Willden | 28e4147 | 2014-08-18 13:35:22 -0600 | [diff] [blame] | 481 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 482 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_ECDSA, |
| 483 | KM_PURPOSE_SIGN, &digests, &len)); |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 484 | EXPECT_EQ(0, len); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 485 | free(digests); |
| Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 486 | |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 487 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, |
| 488 | device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests, |
| 489 | &len)); |
| 490 | |
| 491 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC, |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 492 | KM_PURPOSE_SIGN, &digests, &len)); |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 493 | EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, |
| 494 | KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1}, |
| 495 | digests, len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 496 | free(digests); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 497 | } |
| 498 | |
| 499 | TEST_F(CheckSupported, SupportedImportFormats) { |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 500 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 501 | device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 502 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 503 | size_t len; |
| 504 | keymaster_key_format_t* formats; |
| 505 | EXPECT_EQ(KM_ERROR_OK, |
| 506 | device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len)); |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 507 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 508 | free(formats); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 509 | } |
| 510 | |
| 511 | TEST_F(CheckSupported, SupportedExportFormats) { |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 512 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 513 | device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 514 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 515 | size_t len; |
| 516 | keymaster_key_format_t* formats; |
| 517 | EXPECT_EQ(KM_ERROR_OK, |
| 518 | device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len)); |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 519 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 520 | free(formats); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 521 | |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 522 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 523 | device()->get_supported_export_formats(device(), KM_ALGORITHM_DSA, &formats, &len)); |
| Shawn Willden | 28e4147 | 2014-08-18 13:35:22 -0600 | [diff] [blame] | 524 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 525 | EXPECT_EQ(KM_ERROR_OK, |
| 526 | device()->get_supported_export_formats(device(), KM_ALGORITHM_ECDSA, &formats, &len)); |
| Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 527 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len)); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 528 | free(formats); |
| Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 529 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 530 | EXPECT_EQ(KM_ERROR_OK, |
| 531 | device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len)); |
| 532 | EXPECT_EQ(0, len); |
| 533 | free(formats); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 534 | } |
| 535 | |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 536 | class NewKeyGeneration : public KeymasterTest { |
| 537 | protected: |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 538 | void CheckBaseParams() { |
| 539 | EXPECT_EQ(0U, hw_enforced().size()); |
| 540 | EXPECT_EQ(12U, hw_enforced().SerializedSize()); |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 541 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 542 | AuthorizationSet auths = sw_enforced(); |
| 543 | EXPECT_GT(auths.SerializedSize(), 12U); |
| 544 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 545 | EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN)); |
| 546 | EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY)); |
| 547 | EXPECT_TRUE(contains(auths, TAG_USER_ID, 7)); |
| 548 | EXPECT_TRUE(contains(auths, TAG_USER_AUTH_ID, 8)); |
| 549 | EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300)); |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 550 | |
| 551 | // Verify that App ID, App data and ROT are NOT included. |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 552 | EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST)); |
| 553 | EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID)); |
| 554 | EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA)); |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 555 | |
| 556 | // Just for giggles, check that some unexpected tags/values are NOT present. |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 557 | EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT)); |
| 558 | EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT)); |
| 559 | EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301)); |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 560 | |
| 561 | // Now check that unspecified, defaulted tags are correct. |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 562 | EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_SOFTWARE)); |
| 563 | EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME)); |
| Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 564 | } |
| Shawn Willden | 2079ae8 | 2015-01-22 13:42:31 -0700 | [diff] [blame] | 565 | }; |
| 566 | |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 567 | TEST_F(NewKeyGeneration, Rsa) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 568 | ASSERT_EQ(KM_ERROR_OK, |
| 569 | GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_NONE, KM_PAD_NONE, 3))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 570 | CheckBaseParams(); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 571 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 572 | // Check specified tags are all present in auths |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 573 | AuthorizationSet auths(sw_enforced()); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 574 | EXPECT_TRUE(contains(auths, TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| 575 | EXPECT_TRUE(contains(auths, TAG_KEY_SIZE, 256)); |
| 576 | EXPECT_TRUE(contains(auths, TAG_RSA_PUBLIC_EXPONENT, 3)); |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 577 | } |
| 578 | |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 579 | TEST_F(NewKeyGeneration, RsaDefaultSize) { |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 580 | // TODO(swillden): Remove support for defaulting RSA parameter size and pub exponent. |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 581 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey())); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 582 | CheckBaseParams(); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 583 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 584 | // Check specified tags are all present in unenforced characteristics |
| 585 | EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 586 | |
| 587 | // Now check that unspecified, defaulted tags are correct. |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 588 | EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 65537)); |
| 589 | EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 2048)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 590 | } |
| 591 | |
| Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 592 | TEST_F(NewKeyGeneration, Ecdsa) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 593 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(224))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 594 | CheckBaseParams(); |
| Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 595 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 596 | // Check specified tags are all present in unenforced characteristics |
| 597 | EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA)); |
| 598 | EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224)); |
| Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 599 | } |
| 600 | |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 601 | TEST_F(NewKeyGeneration, EcdsaDefaultSize) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 602 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey())); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 603 | CheckBaseParams(); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 604 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 605 | // Check specified tags are all present in unenforced characteristics |
| 606 | EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 607 | |
| 608 | // Now check that unspecified, defaulted tags are correct. |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 609 | EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 610 | } |
| 611 | |
| 612 | TEST_F(NewKeyGeneration, EcdsaInvalidSize) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 613 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, GenerateKey(ParamBuilder().EcdsaSigningKey(190))); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 614 | } |
| 615 | |
| 616 | TEST_F(NewKeyGeneration, EcdsaAllValidSizes) { |
| Shawn Willden | 8c856c8 | 2014-09-26 09:34:36 -0600 | [diff] [blame] | 617 | size_t valid_sizes[] = {224, 256, 384, 521}; |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 618 | for (size_t size : valid_sizes) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 619 | EXPECT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(size))) |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 620 | << "Failed to generate size: " << size; |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 621 | } |
| 622 | } |
| 623 | |
| Shawn Willden | 19fca88 | 2015-01-22 16:35:30 -0700 | [diff] [blame] | 624 | TEST_F(NewKeyGeneration, AesOcb) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 625 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | 19fca88 | 2015-01-22 16:35:30 -0700 | [diff] [blame] | 626 | } |
| 627 | |
| 628 | TEST_F(NewKeyGeneration, AesOcbInvalidKeySize) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 629 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(136).OcbMode(4096, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 630 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| Shawn Willden | 19fca88 | 2015-01-22 16:35:30 -0700 | [diff] [blame] | 631 | } |
| 632 | |
| 633 | TEST_F(NewKeyGeneration, AesOcbAllValidSizes) { |
| Shawn Willden | 19fca88 | 2015-01-22 16:35:30 -0700 | [diff] [blame] | 634 | size_t valid_sizes[] = {128, 192, 256}; |
| 635 | for (size_t size : valid_sizes) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 636 | EXPECT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(size))) |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 637 | << "Failed to generate size: " << size; |
| Shawn Willden | 19fca88 | 2015-01-22 16:35:30 -0700 | [diff] [blame] | 638 | } |
| 639 | } |
| 640 | |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 641 | TEST_F(NewKeyGeneration, HmacSha256) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 642 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 16))); |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 643 | } |
| 644 | |
| Shawn Willden | 7636471 | 2014-08-11 17:48:04 -0600 | [diff] [blame] | 645 | typedef KeymasterTest GetKeyCharacteristics; |
| 646 | TEST_F(GetKeyCharacteristics, SimpleRsa) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 647 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 648 | AuthorizationSet original(sw_enforced()); |
| Shawn Willden | 7636471 | 2014-08-11 17:48:04 -0600 | [diff] [blame] | 649 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 650 | ASSERT_EQ(KM_ERROR_OK, GetCharacteristics()); |
| 651 | EXPECT_EQ(original, sw_enforced()); |
| Shawn Willden | 7636471 | 2014-08-11 17:48:04 -0600 | [diff] [blame] | 652 | } |
| 653 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 654 | typedef KeymasterTest SigningOperationsTest; |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 655 | TEST_F(SigningOperationsTest, RsaSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 656 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 657 | string message = "12345678901234567890123456789012"; |
| 658 | string signature; |
| 659 | SignMessage(message, &signature); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 660 | } |
| 661 | |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 662 | TEST_F(SigningOperationsTest, RsaSha256DigestSuccess) { |
| 663 | // Note that without padding, key size must exactly match digest size. |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 664 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256))); |
| 665 | string message(1024, 'a'); |
| 666 | string signature; |
| 667 | SignMessage(message, &signature); |
| 668 | } |
| 669 | |
| 670 | TEST_F(SigningOperationsTest, RsaPssSha256Success) { |
| 671 | ASSERT_EQ(KM_ERROR_OK, |
| 672 | GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS))); |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 673 | // Use large message, which won't work without digesting. |
| 674 | string message(1024, 'a'); |
| 675 | string signature; |
| 676 | SignMessage(message, &signature); |
| 677 | } |
| 678 | |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 679 | TEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) { |
| 680 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, |
| 681 | KM_PAD_RSA_PKCS1_1_5_SIGN))); |
| 682 | string message(1024, 'a'); |
| 683 | string signature; |
| 684 | SignMessage(message, &signature); |
| 685 | } |
| 686 | |
| 687 | TEST_F(SigningOperationsTest, RsaPssSha256TooSmallKey) { |
| 688 | // Key must be at least 10 bytes larger than hash, to provide minimal random salt, so verify |
| 689 | // that 9 bytes larger than hash won't work. |
| 690 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey( |
| 691 | 256 + 9 * 8, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS))); |
| 692 | string message(1024, 'a'); |
| 693 | string signature; |
| 694 | |
| 695 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN)); |
| 696 | |
| 697 | string result; |
| 698 | size_t input_consumed; |
| 699 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 700 | EXPECT_EQ(message.size(), input_consumed); |
| 701 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, FinishOperation(signature, &result)); |
| 702 | } |
| 703 | |
| Shawn Willden | 5ac2f8f | 2014-08-18 15:33:10 -0600 | [diff] [blame] | 704 | TEST_F(SigningOperationsTest, EcdsaSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 705 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(224))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 706 | string message = "123456789012345678901234567890123456789012345678"; |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 707 | string signature; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 708 | SignMessage(message, &signature); |
| Shawn Willden | 5ac2f8f | 2014-08-18 15:33:10 -0600 | [diff] [blame] | 709 | } |
| 710 | |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 711 | TEST_F(SigningOperationsTest, RsaAbort) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 712 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 713 | ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN)); |
| 714 | EXPECT_EQ(KM_ERROR_OK, AbortOperation()); |
| 715 | // Another abort should fail |
| 716 | EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation()); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 717 | } |
| 718 | |
| 719 | TEST_F(SigningOperationsTest, RsaUnsupportedDigest) { |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 720 | GenerateKey( |
| 721 | ParamBuilder().RsaSigningKey(256, KM_DIGEST_MD5, KM_PAD_RSA_PSS /* supported padding */)); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 722 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 723 | } |
| 724 | |
| 725 | TEST_F(SigningOperationsTest, RsaUnsupportedPadding) { |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 726 | GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256 /* supported digest */, |
| 727 | KM_PAD_PKCS7)); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 728 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 729 | } |
| 730 | |
| 731 | TEST_F(SigningOperationsTest, RsaNoDigest) { |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 732 | // Digest must be specified. |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 733 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaKey(256).SigningKey().Option( |
| 734 | TAG_PADDING, KM_PAD_NONE))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 735 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 736 | // PSS requires a digest. |
| 737 | GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_NONE, KM_PAD_RSA_PSS)); |
| 738 | ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 739 | } |
| 740 | |
| 741 | TEST_F(SigningOperationsTest, RsaNoPadding) { |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 742 | // Padding must be specified |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 743 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaKey(256).SigningKey().Option( |
| 744 | TAG_DIGEST, KM_DIGEST_NONE))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 745 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 746 | } |
| 747 | |
| Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 748 | TEST_F(SigningOperationsTest, HmacSha1Success) { |
| 749 | GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA1, 20)); |
| 750 | string message = "12345678901234567890123456789012"; |
| 751 | string signature; |
| 752 | SignMessage(message, &signature); |
| 753 | ASSERT_EQ(20, signature.size()); |
| 754 | } |
| 755 | |
| Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 756 | TEST_F(SigningOperationsTest, HmacSha224Success) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 757 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_224, 28))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 758 | string message = "12345678901234567890123456789012"; |
| 759 | string signature; |
| 760 | SignMessage(message, &signature); |
| 761 | ASSERT_EQ(28, signature.size()); |
| Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 762 | } |
| 763 | |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 764 | TEST_F(SigningOperationsTest, HmacSha256Success) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 765 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 32))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 766 | string message = "12345678901234567890123456789012"; |
| 767 | string signature; |
| 768 | SignMessage(message, &signature); |
| 769 | ASSERT_EQ(32, signature.size()); |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 770 | } |
| 771 | |
| Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 772 | TEST_F(SigningOperationsTest, HmacSha384Success) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 773 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_384, 48))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 774 | string message = "12345678901234567890123456789012"; |
| 775 | string signature; |
| 776 | SignMessage(message, &signature); |
| 777 | ASSERT_EQ(48, signature.size()); |
| Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 778 | } |
| 779 | |
| 780 | TEST_F(SigningOperationsTest, HmacSha512Success) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 781 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_512, 64))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 782 | string message = "12345678901234567890123456789012"; |
| Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 783 | string signature; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 784 | SignMessage(message, &signature); |
| 785 | ASSERT_EQ(64, signature.size()); |
| Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 786 | } |
| 787 | |
| 788 | // TODO(swillden): Add HMACSHA{224|256|384|512} tests that validates against the test vectors from |
| 789 | // RFC4231. Doing that requires being able to import keys, rather than just |
| 790 | // generate them randomly. |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 791 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 792 | TEST_F(SigningOperationsTest, HmacSha256NoMacLength) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 793 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder() |
| 794 | .Option(TAG_ALGORITHM, KM_ALGORITHM_HMAC) |
| 795 | .Option(TAG_KEY_SIZE, 128) |
| 796 | .SigningKey() |
| 797 | .Option(TAG_DIGEST, KM_DIGEST_SHA_2_256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 798 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 799 | } |
| 800 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 801 | TEST_F(SigningOperationsTest, HmacSha256TooLargeMacLength) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 802 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 33))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 803 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 804 | } |
| 805 | |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 806 | TEST_F(SigningOperationsTest, RsaTooShortMessage) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 807 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 808 | ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN)); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 809 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 810 | string message = "1234567890123456789012345678901"; |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 811 | string result; |
| 812 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 813 | ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 814 | EXPECT_EQ(0U, result.size()); |
| 815 | EXPECT_EQ(31U, input_consumed); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 816 | |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 817 | string signature; |
| 818 | ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature)); |
| 819 | EXPECT_EQ(0U, signature.length()); |
| Shawn Willden | 43e999e | 2014-08-13 13:29:50 -0600 | [diff] [blame] | 820 | } |
| 821 | |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 822 | // TODO(swillden): Add more verification failure tests. |
| 823 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 824 | typedef KeymasterTest VerificationOperationsTest; |
| Shawn Willden | 43e999e | 2014-08-13 13:29:50 -0600 | [diff] [blame] | 825 | TEST_F(VerificationOperationsTest, RsaSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 826 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 827 | string message = "12345678901234567890123456789012"; |
| 828 | string signature; |
| 829 | SignMessage(message, &signature); |
| 830 | VerifyMessage(message, signature); |
| Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 831 | } |
| 832 | |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 833 | TEST_F(VerificationOperationsTest, RsaSha256DigestSuccess) { |
| 834 | // Note that without padding, key size must exactly match digest size. |
| 835 | GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256)); |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 836 | string message(1024, 'a'); |
| 837 | string signature; |
| 838 | SignMessage(message, &signature); |
| 839 | VerifyMessage(message, signature); |
| 840 | } |
| 841 | |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 842 | TEST_F(VerificationOperationsTest, RsaSha256CorruptSignature) { |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 843 | GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256)); |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 844 | string message(1024, 'a'); |
| 845 | string signature; |
| 846 | SignMessage(message, &signature); |
| 847 | ++signature[signature.size() / 2]; |
| 848 | |
| 849 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY)); |
| 850 | |
| 851 | string result; |
| 852 | size_t input_consumed; |
| 853 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 854 | EXPECT_EQ(message.size(), input_consumed); |
| 855 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
| 856 | } |
| 857 | |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 858 | TEST_F(VerificationOperationsTest, RsaPssSha256Success) { |
| 859 | ASSERT_EQ(KM_ERROR_OK, |
| 860 | GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS))); |
| 861 | // Use large message, which won't work without digesting. |
| 862 | string message(1024, 'a'); |
| 863 | string signature; |
| 864 | SignMessage(message, &signature); |
| 865 | VerifyMessage(message, signature); |
| 866 | } |
| 867 | |
| 868 | TEST_F(VerificationOperationsTest, RsaPssSha256CorruptSignature) { |
| 869 | GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS)); |
| 870 | string message(1024, 'a'); |
| 871 | string signature; |
| 872 | SignMessage(message, &signature); |
| 873 | ++signature[signature.size() / 2]; |
| 874 | |
| 875 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY)); |
| 876 | |
| 877 | string result; |
| 878 | size_t input_consumed; |
| 879 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 880 | EXPECT_EQ(message.size(), input_consumed); |
| 881 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
| 882 | } |
| 883 | |
| 884 | TEST_F(VerificationOperationsTest, RsaPssSha256CorruptInput) { |
| 885 | ASSERT_EQ(KM_ERROR_OK, |
| 886 | GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS))); |
| Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 887 | // Use large message, which won't work without digesting. |
| 888 | string message(1024, 'a'); |
| 889 | string signature; |
| 890 | SignMessage(message, &signature); |
| 891 | ++message[message.size() / 2]; |
| 892 | |
| 893 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY)); |
| 894 | |
| 895 | string result; |
| 896 | size_t input_consumed; |
| 897 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 898 | EXPECT_EQ(message.size(), input_consumed); |
| 899 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
| 900 | } |
| 901 | |
| Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 902 | TEST_F(VerificationOperationsTest, RsaPkcs1Sha256Success) { |
| 903 | GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN)); |
| 904 | string message(1024, 'a'); |
| 905 | string signature; |
| 906 | SignMessage(message, &signature); |
| 907 | VerifyMessage(message, signature); |
| 908 | } |
| 909 | |
| 910 | TEST_F(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) { |
| 911 | GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN)); |
| 912 | string message(1024, 'a'); |
| 913 | string signature; |
| 914 | SignMessage(message, &signature); |
| 915 | ++signature[signature.size() / 2]; |
| 916 | |
| 917 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY)); |
| 918 | |
| 919 | string result; |
| 920 | size_t input_consumed; |
| 921 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 922 | EXPECT_EQ(message.size(), input_consumed); |
| 923 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
| 924 | } |
| 925 | |
| 926 | TEST_F(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) { |
| 927 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, |
| 928 | KM_PAD_RSA_PKCS1_1_5_SIGN))); |
| 929 | // Use large message, which won't work without digesting. |
| 930 | string message(1024, 'a'); |
| 931 | string signature; |
| 932 | SignMessage(message, &signature); |
| 933 | ++message[message.size() / 2]; |
| 934 | |
| 935 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY)); |
| 936 | |
| 937 | string result; |
| 938 | size_t input_consumed; |
| 939 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 940 | EXPECT_EQ(message.size(), input_consumed); |
| 941 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
| 942 | } |
| 943 | |
| 944 | template <typename T> vector<T> make_vector(const T* array, size_t len) { |
| 945 | return vector<T>(array, array + len); |
| 946 | } |
| 947 | |
| 948 | TEST_F(VerificationOperationsTest, RsaAllDigestAndPadCombinations) { |
| 949 | // Get all supported digests and padding modes. |
| 950 | size_t digests_len; |
| 951 | keymaster_digest_t* digests; |
| 952 | EXPECT_EQ(KM_ERROR_OK, |
| 953 | device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests, |
| 954 | &digests_len)); |
| 955 | |
| 956 | size_t padding_modes_len; |
| 957 | keymaster_padding_t* padding_modes; |
| 958 | EXPECT_EQ(KM_ERROR_OK, |
| 959 | device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, |
| 960 | &padding_modes, &padding_modes_len)); |
| 961 | |
| 962 | // Try them. |
| 963 | for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) { |
| 964 | for (keymaster_digest_t digest : make_vector(digests, digests_len)) { |
| 965 | // Compute key & message size that will work. |
| 966 | size_t key_bits = 256; |
| 967 | size_t message_len = 1000; |
| 968 | switch (digest) { |
| 969 | case KM_DIGEST_NONE: |
| 970 | switch (padding_mode) { |
| 971 | case KM_PAD_NONE: |
| 972 | // Match key size. |
| 973 | message_len = key_bits / 8; |
| 974 | break; |
| 975 | case KM_PAD_RSA_PKCS1_1_5_SIGN: |
| 976 | message_len = key_bits / 8 - 11; |
| 977 | break; |
| 978 | case KM_PAD_RSA_PSS: |
| 979 | // PSS requires a digest. |
| 980 | continue; |
| 981 | default: |
| 982 | FAIL() << "Missing padding"; |
| 983 | break; |
| 984 | } |
| 985 | break; |
| 986 | |
| 987 | case KM_DIGEST_SHA_2_256: |
| 988 | switch (padding_mode) { |
| 989 | case KM_PAD_NONE: |
| 990 | // Key size matches digest size |
| 991 | break; |
| 992 | case KM_PAD_RSA_PKCS1_1_5_SIGN: |
| 993 | key_bits += 8 * 11; |
| 994 | break; |
| 995 | case KM_PAD_RSA_PSS: |
| 996 | key_bits += 8 * 10; |
| 997 | break; |
| 998 | default: |
| 999 | FAIL() << "Missing padding"; |
| 1000 | break; |
| 1001 | } |
| 1002 | break; |
| 1003 | default: |
| 1004 | FAIL() << "Missing digest"; |
| 1005 | } |
| 1006 | |
| 1007 | GenerateKey(ParamBuilder().RsaSigningKey(key_bits, digest, padding_mode)); |
| 1008 | string message(message_len, 'a'); |
| 1009 | string signature; |
| 1010 | SignMessage(message, &signature); |
| 1011 | VerifyMessage(message, signature); |
| 1012 | } |
| 1013 | } |
| 1014 | |
| 1015 | free(padding_modes); |
| 1016 | free(digests); |
| 1017 | } |
| 1018 | |
| Shawn Willden | 5ac2f8f | 2014-08-18 15:33:10 -0600 | [diff] [blame] | 1019 | TEST_F(VerificationOperationsTest, EcdsaSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1020 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1021 | string message = "123456789012345678901234567890123456789012345678"; |
| 1022 | string signature; |
| 1023 | SignMessage(message, &signature); |
| 1024 | VerifyMessage(message, signature); |
| Shawn Willden | 5ac2f8f | 2014-08-18 15:33:10 -0600 | [diff] [blame] | 1025 | } |
| 1026 | |
| Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1027 | TEST_F(VerificationOperationsTest, HmacSha1Success) { |
| 1028 | GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA1, 16)); |
| 1029 | string message = "123456789012345678901234567890123456789012345678"; |
| 1030 | string signature; |
| 1031 | SignMessage(message, &signature); |
| 1032 | VerifyMessage(message, signature); |
| 1033 | } |
| 1034 | |
| 1035 | TEST_F(VerificationOperationsTest, HmacSha224Success) { |
| 1036 | GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_224, 16)); |
| 1037 | string message = "123456789012345678901234567890123456789012345678"; |
| 1038 | string signature; |
| 1039 | SignMessage(message, &signature); |
| 1040 | VerifyMessage(message, signature); |
| 1041 | } |
| 1042 | |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 1043 | TEST_F(VerificationOperationsTest, HmacSha256Success) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1044 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1045 | string message = "123456789012345678901234567890123456789012345678"; |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 1046 | string signature; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1047 | SignMessage(message, &signature); |
| 1048 | VerifyMessage(message, signature); |
| Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 1049 | } |
| 1050 | |
| Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1051 | TEST_F(VerificationOperationsTest, HmacSha384Success) { |
| 1052 | GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_384, 16)); |
| 1053 | string message = "123456789012345678901234567890123456789012345678"; |
| 1054 | string signature; |
| 1055 | SignMessage(message, &signature); |
| 1056 | VerifyMessage(message, signature); |
| 1057 | } |
| 1058 | |
| 1059 | TEST_F(VerificationOperationsTest, HmacSha512Success) { |
| 1060 | GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_512, 16)); |
| 1061 | string message = "123456789012345678901234567890123456789012345678"; |
| 1062 | string signature; |
| 1063 | SignMessage(message, &signature); |
| 1064 | VerifyMessage(message, signature); |
| 1065 | } |
| 1066 | |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1067 | typedef VerificationOperationsTest ExportKeyTest; |
| Shawn Willden | ffd790c | 2014-08-18 21:20:06 -0600 | [diff] [blame] | 1068 | TEST_F(ExportKeyTest, RsaSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1069 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1070 | string export_data; |
| 1071 | ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data)); |
| 1072 | EXPECT_GT(export_data.length(), 0); |
| Shawn Willden | e46a43f | 2014-08-27 10:35:36 -0600 | [diff] [blame] | 1073 | |
| 1074 | // TODO(swillden): Verify that the exported key is actually usable to verify signatures. |
| Shawn Willden | ffd790c | 2014-08-18 21:20:06 -0600 | [diff] [blame] | 1075 | } |
| 1076 | |
| Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame] | 1077 | TEST_F(ExportKeyTest, EcdsaSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1078 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(224))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1079 | string export_data; |
| 1080 | ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data)); |
| 1081 | EXPECT_GT(export_data.length(), 0); |
| Shawn Willden | e46a43f | 2014-08-27 10:35:36 -0600 | [diff] [blame] | 1082 | |
| 1083 | // TODO(swillden): Verify that the exported key is actually usable to verify signatures. |
| Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame] | 1084 | } |
| 1085 | |
| 1086 | TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1087 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1088 | string export_data; |
| 1089 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data)); |
| Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame] | 1090 | } |
| 1091 | |
| 1092 | TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1093 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256))); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1094 | corrupt_key_blob(); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1095 | string export_data; |
| 1096 | ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data)); |
| Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame] | 1097 | } |
| 1098 | |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1099 | static string read_file(const string& file_name) { |
| 1100 | ifstream file_stream(file_name, std::ios::binary); |
| 1101 | istreambuf_iterator<char> file_begin(file_stream); |
| 1102 | istreambuf_iterator<char> file_end; |
| 1103 | return string(file_begin, file_end); |
| 1104 | } |
| 1105 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1106 | typedef VerificationOperationsTest ImportKeyTest; |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1107 | TEST_F(ImportKeyTest, RsaSuccess) { |
| Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1108 | string pk8_key = read_file("rsa_privkey_pk8.der"); |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1109 | ASSERT_EQ(633U, pk8_key.size()); |
| 1110 | |
| Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 1111 | ASSERT_EQ(KM_ERROR_OK, ImportKey(ParamBuilder().RsaSigningKey().NoDigestOrPadding(), |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1112 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1113 | |
| 1114 | // Check values derived from the key. |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1115 | EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| 1116 | EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 1024)); |
| 1117 | EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 65537U)); |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1118 | |
| 1119 | // And values provided by GoogleKeymaster |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1120 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
| 1121 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1122 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1123 | string message(1024 / 8, 'a'); |
| 1124 | string signature; |
| 1125 | SignMessage(message, &signature); |
| 1126 | VerifyMessage(message, signature); |
| Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1127 | } |
| 1128 | |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1129 | TEST_F(ImportKeyTest, RsaKeySizeMismatch) { |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1130 | string pk8_key = read_file("rsa_privkey_pk8.der"); |
| 1131 | ASSERT_EQ(633U, pk8_key.size()); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1132 | ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1133 | ImportKey(ParamBuilder() |
| Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 1134 | .RsaSigningKey(2048) // Size doesn't match key |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1135 | .NoDigestOrPadding(), |
| 1136 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1137 | } |
| 1138 | |
| 1139 | TEST_F(ImportKeyTest, RsaPublicExponenMismatch) { |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1140 | string pk8_key = read_file("rsa_privkey_pk8.der"); |
| 1141 | ASSERT_EQ(633U, pk8_key.size()); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1142 | ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1143 | ImportKey(ParamBuilder() |
| Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 1144 | .RsaSigningKey() |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1145 | .Option(TAG_RSA_PUBLIC_EXPONENT, 3) // Doesn't match key |
| 1146 | .NoDigestOrPadding(), |
| 1147 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1148 | } |
| 1149 | |
| Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1150 | TEST_F(ImportKeyTest, EcdsaSuccess) { |
| Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1151 | string pk8_key = read_file("ec_privkey_pk8.der"); |
| 1152 | ASSERT_EQ(138U, pk8_key.size()); |
| 1153 | |
| Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 1154 | ASSERT_EQ(KM_ERROR_OK, |
| 1155 | ImportKey(ParamBuilder().EcdsaSigningKey(), KM_KEY_FORMAT_PKCS8, pk8_key)); |
| Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1156 | |
| 1157 | // Check values derived from the key. |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1158 | EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA)); |
| 1159 | EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256)); |
| Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1160 | |
| 1161 | // And values provided by GoogleKeymaster |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1162 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
| 1163 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
| Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1164 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1165 | string message(1024 / 8, 'a'); |
| 1166 | string signature; |
| 1167 | SignMessage(message, &signature); |
| 1168 | VerifyMessage(message, signature); |
| Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1169 | } |
| 1170 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1171 | TEST_F(ImportKeyTest, EcdsaSizeSpecified) { |
| 1172 | string pk8_key = read_file("ec_privkey_pk8.der"); |
| 1173 | ASSERT_EQ(138U, pk8_key.size()); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1174 | |
| Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 1175 | ASSERT_EQ(KM_ERROR_OK, |
| 1176 | ImportKey(ParamBuilder().EcdsaSigningKey(256), KM_KEY_FORMAT_PKCS8, pk8_key)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1177 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1178 | // Check values derived from the key. |
| 1179 | EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA)); |
| 1180 | EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256)); |
| 1181 | |
| 1182 | // And values provided by GoogleKeymaster |
| 1183 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
| 1184 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
| 1185 | |
| 1186 | string message(1024 / 8, 'a'); |
| 1187 | string signature; |
| 1188 | SignMessage(message, &signature); |
| 1189 | VerifyMessage(message, signature); |
| 1190 | } |
| 1191 | |
| 1192 | TEST_F(ImportKeyTest, EcdsaSizeMismatch) { |
| 1193 | string pk8_key = read_file("ec_privkey_pk8.der"); |
| 1194 | ASSERT_EQ(138U, pk8_key.size()); |
| Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1195 | ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, |
| Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 1196 | ImportKey(ParamBuilder().EcdsaSigningKey(224), // Size does not match key |
| 1197 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
| Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1198 | } |
| 1199 | |
| Shawn Willden | 2665e86 | 2014-11-24 14:46:21 -0700 | [diff] [blame] | 1200 | typedef KeymasterTest VersionTest; |
| 1201 | TEST_F(VersionTest, GetVersion) { |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1202 | uint8_t major, minor, subminor; |
| 1203 | ASSERT_EQ(KM_ERROR_OK, GetVersion(&major, &minor, &subminor)); |
| 1204 | EXPECT_EQ(1, major); |
| 1205 | EXPECT_EQ(0, minor); |
| 1206 | EXPECT_EQ(0, subminor); |
| Shawn Willden | 2665e86 | 2014-11-24 14:46:21 -0700 | [diff] [blame] | 1207 | } |
| 1208 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1209 | typedef KeymasterTest EncryptionOperationsTest; |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1210 | TEST_F(EncryptionOperationsTest, RsaOaepSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1211 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1212 | |
| 1213 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1214 | string ciphertext1 = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1215 | EXPECT_EQ(512 / 8, ciphertext1.size()); |
| 1216 | |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1217 | string ciphertext2 = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1218 | EXPECT_EQ(512 / 8, ciphertext2.size()); |
| 1219 | |
| 1220 | // OAEP randomizes padding so every result should be different. |
| 1221 | EXPECT_NE(ciphertext1, ciphertext2); |
| 1222 | } |
| 1223 | |
| 1224 | TEST_F(EncryptionOperationsTest, RsaOaepRoundTrip) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1225 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1226 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1227 | string ciphertext = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1228 | EXPECT_EQ(512 / 8, ciphertext.size()); |
| 1229 | |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1230 | string plaintext = DecryptMessage(ciphertext); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1231 | EXPECT_EQ(message, plaintext); |
| 1232 | } |
| 1233 | |
| 1234 | TEST_F(EncryptionOperationsTest, RsaOaepTooLarge) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1235 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1236 | string message = "12345678901234567890123"; |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1237 | string result; |
| Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 1238 | size_t input_consumed; |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1239 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1240 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| 1241 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1242 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1243 | EXPECT_EQ(0, result.size()); |
| 1244 | } |
| 1245 | |
| 1246 | TEST_F(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1247 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1248 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1249 | string ciphertext = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1250 | EXPECT_EQ(512 / 8, ciphertext.size()); |
| 1251 | |
| 1252 | // Corrupt the ciphertext |
| 1253 | ciphertext[512 / 8 / 2]++; |
| 1254 | |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1255 | string result; |
| Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 1256 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1257 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| 1258 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1259 | EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1260 | EXPECT_EQ(0, result.size()); |
| 1261 | } |
| 1262 | |
| 1263 | TEST_F(EncryptionOperationsTest, RsaPkcs1Success) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1264 | ASSERT_EQ(KM_ERROR_OK, |
| 1265 | GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1266 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1267 | string ciphertext1 = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1268 | EXPECT_EQ(512 / 8, ciphertext1.size()); |
| 1269 | |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1270 | string ciphertext2 = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1271 | EXPECT_EQ(512 / 8, ciphertext2.size()); |
| 1272 | |
| 1273 | // PKCS1 v1.5 randomizes padding so every result should be different. |
| 1274 | EXPECT_NE(ciphertext1, ciphertext2); |
| 1275 | } |
| 1276 | |
| 1277 | TEST_F(EncryptionOperationsTest, RsaPkcs1RoundTrip) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1278 | ASSERT_EQ(KM_ERROR_OK, |
| 1279 | GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1280 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1281 | string ciphertext = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1282 | EXPECT_EQ(512 / 8, ciphertext.size()); |
| 1283 | |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1284 | string plaintext = DecryptMessage(ciphertext); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1285 | EXPECT_EQ(message, plaintext); |
| 1286 | } |
| 1287 | |
| 1288 | TEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1289 | ASSERT_EQ(KM_ERROR_OK, |
| 1290 | GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1291 | string message = "12345678901234567890123456789012345678901234567890123"; |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1292 | string result; |
| Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 1293 | size_t input_consumed; |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1294 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1295 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| 1296 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1297 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1298 | EXPECT_EQ(0, result.size()); |
| 1299 | } |
| 1300 | |
| 1301 | TEST_F(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1302 | ASSERT_EQ(KM_ERROR_OK, |
| 1303 | GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1304 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1305 | string ciphertext = EncryptMessage(string(message)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1306 | EXPECT_EQ(512 / 8, ciphertext.size()); |
| 1307 | |
| 1308 | // Corrupt the ciphertext |
| 1309 | ciphertext[512 / 8 / 2]++; |
| 1310 | |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1311 | string result; |
| Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 1312 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1313 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| 1314 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1315 | EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result)); |
| Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 1316 | EXPECT_EQ(0, result.size()); |
| 1317 | } |
| 1318 | |
| Shawn Willden | 907c301 | 2014-12-08 15:51:55 -0700 | [diff] [blame] | 1319 | TEST_F(EncryptionOperationsTest, AesOcbSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1320 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1321 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1322 | string ciphertext1 = EncryptMessage(string(message)); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1323 | EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext1.size()); |
| Shawn Willden | 907c301 | 2014-12-08 15:51:55 -0700 | [diff] [blame] | 1324 | |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1325 | string ciphertext2 = EncryptMessage(string(message)); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1326 | EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext2.size()); |
| Shawn Willden | 907c301 | 2014-12-08 15:51:55 -0700 | [diff] [blame] | 1327 | |
| 1328 | // OCB uses a random nonce, so every output should be different |
| 1329 | EXPECT_NE(ciphertext1, ciphertext2); |
| 1330 | } |
| 1331 | |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1332 | TEST_F(EncryptionOperationsTest, AesOcbRoundTripSuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1333 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1334 | string message = "Hello World!"; |
| 1335 | string ciphertext = EncryptMessage(message); |
| 1336 | EXPECT_EQ(12 /* nonce */ + message.length() + 16 /* tag */, ciphertext.size()); |
| 1337 | |
| 1338 | string plaintext = DecryptMessage(ciphertext); |
| 1339 | EXPECT_EQ(message, plaintext); |
| 1340 | } |
| 1341 | |
| 1342 | TEST_F(EncryptionOperationsTest, AesOcbRoundTripCorrupted) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1343 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1344 | string message = "Hello World!"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1345 | string ciphertext = EncryptMessage(string(message)); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1346 | EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext.size()); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1347 | |
| 1348 | ciphertext[ciphertext.size() / 2]++; |
| 1349 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1350 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1351 | |
| 1352 | string result; |
| 1353 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1354 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1355 | EXPECT_EQ(ciphertext.length(), input_consumed); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1356 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&result)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1357 | } |
| 1358 | |
| 1359 | TEST_F(EncryptionOperationsTest, AesDecryptGarbage) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1360 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1361 | string ciphertext(128, 'a'); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1362 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1363 | |
| 1364 | string result; |
| 1365 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1366 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1367 | EXPECT_EQ(ciphertext.length(), input_consumed); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1368 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&result)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1369 | } |
| 1370 | |
| 1371 | TEST_F(EncryptionOperationsTest, AesDecryptTooShort) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1372 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1373 | |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1374 | // Try decrypting garbage ciphertext that is too short to be valid (< nonce + tag). |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1375 | string ciphertext(12 + 15, 'a'); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1376 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1377 | |
| 1378 | string result; |
| 1379 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1380 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1381 | EXPECT_EQ(ciphertext.length(), input_consumed); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1382 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1383 | } |
| 1384 | |
| 1385 | TEST_F(EncryptionOperationsTest, AesOcbRoundTripEmptySuccess) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1386 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1387 | string message = ""; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1388 | string ciphertext = EncryptMessage(string(message)); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1389 | EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext.size()); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1390 | |
| 1391 | string plaintext = DecryptMessage(ciphertext); |
| 1392 | EXPECT_EQ(message, plaintext); |
| 1393 | } |
| 1394 | |
| 1395 | TEST_F(EncryptionOperationsTest, AesOcbRoundTripEmptyCorrupted) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1396 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1397 | string message = ""; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1398 | string ciphertext = EncryptMessage(string(message)); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1399 | EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext.size()); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1400 | |
| 1401 | ciphertext[ciphertext.size() / 2]++; |
| 1402 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1403 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1404 | |
| 1405 | string result; |
| 1406 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1407 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1408 | EXPECT_EQ(ciphertext.length(), input_consumed); |
| Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 1409 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&result)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1410 | } |
| 1411 | |
| 1412 | TEST_F(EncryptionOperationsTest, AesOcbFullChunk) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1413 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1414 | string message(4096, 'a'); |
| 1415 | string ciphertext = EncryptMessage(message); |
| 1416 | EXPECT_EQ(12 /* nonce */ + message.length() + 16 /* tag */, ciphertext.size()); |
| 1417 | |
| 1418 | string plaintext = DecryptMessage(ciphertext); |
| 1419 | EXPECT_EQ(message, plaintext); |
| 1420 | } |
| 1421 | |
| 1422 | TEST_F(EncryptionOperationsTest, AesOcbVariousChunkLengths) { |
| 1423 | for (unsigned chunk_length = 1; chunk_length <= 128; ++chunk_length) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1424 | ASSERT_EQ(KM_ERROR_OK, |
| 1425 | GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(chunk_length, 16))); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1426 | string message(128, 'a'); |
| 1427 | string ciphertext = EncryptMessage(message); |
| 1428 | int expected_tag_count = (message.length() + chunk_length - 1) / chunk_length; |
| 1429 | EXPECT_EQ(12 /* nonce */ + message.length() + 16 * expected_tag_count, ciphertext.size()) |
| 1430 | << "Unexpected ciphertext size for chunk length " << chunk_length |
| 1431 | << " expected tag count was " << expected_tag_count |
| 1432 | << " but actual tag count was probably " |
| 1433 | << (ciphertext.size() - message.length() - 12) / 16; |
| 1434 | |
| 1435 | string plaintext = DecryptMessage(ciphertext); |
| 1436 | EXPECT_EQ(message, plaintext); |
| 1437 | } |
| 1438 | } |
| 1439 | |
| 1440 | TEST_F(EncryptionOperationsTest, AesOcbAbort) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1441 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1442 | string message = "Hello"; |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1443 | |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1444 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1445 | |
| 1446 | string result; |
| 1447 | size_t input_consumed; |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1448 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1449 | EXPECT_EQ(message.length(), input_consumed); |
| 1450 | EXPECT_EQ(KM_ERROR_OK, AbortOperation()); |
| Shawn Willden | 6dde87c | 2014-12-11 14:08:48 -0700 | [diff] [blame] | 1451 | } |
| 1452 | |
| Shawn Willden | be4a2a3 | 2014-12-15 14:51:10 -0700 | [diff] [blame] | 1453 | TEST_F(EncryptionOperationsTest, AesOcbNoChunkLength) { |
| Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1454 | EXPECT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder() |
| 1455 | .AesEncryptionKey(128) |
| 1456 | .Option(TAG_BLOCK_MODE, KM_MODE_OCB) |
| 1457 | .Option(TAG_MAC_LENGTH, 16))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1458 | EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| Shawn Willden | be4a2a3 | 2014-12-15 14:51:10 -0700 | [diff] [blame] | 1459 | } |
| 1460 | |
| Shawn Willden | be4a2a3 | 2014-12-15 14:51:10 -0700 | [diff] [blame] | 1461 | TEST_F(EncryptionOperationsTest, AesOcbPaddingUnsupported) { |
| Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame^] | 1462 | ASSERT_EQ(KM_ERROR_OK, |
| 1463 | GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16).Option( |
| 1464 | TAG_PADDING, KM_PAD_ZERO))); |
| Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1465 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| Shawn Willden | be4a2a3 | 2014-12-15 14:51:10 -0700 | [diff] [blame] | 1466 | } |
| 1467 | |
| 1468 | TEST_F(EncryptionOperationsTest, AesOcbInvalidMacLength) { |
| Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 1469 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 17))); |
| 1470 | EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| Shawn Willden | be4a2a3 | 2014-12-15 14:51:10 -0700 | [diff] [blame] | 1471 | } |
| 1472 | |
| Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame^] | 1473 | TEST_F(EncryptionOperationsTest, AesEcbRoundTripSuccess) { |
| 1474 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, |
| 1475 | KM_MODE_ECB))); |
| 1476 | // Two-block message. |
| 1477 | string message = "12345678901234567890123456789012"; |
| 1478 | string ciphertext1 = EncryptMessage(message); |
| 1479 | EXPECT_EQ(message.size(), ciphertext1.size()); |
| 1480 | |
| 1481 | string ciphertext2 = EncryptMessage(string(message)); |
| 1482 | EXPECT_EQ(message.size(), ciphertext2.size()); |
| 1483 | |
| 1484 | // ECB is deterministic. |
| 1485 | EXPECT_EQ(ciphertext1, ciphertext2); |
| 1486 | |
| 1487 | string plaintext = DecryptMessage(ciphertext1); |
| 1488 | EXPECT_EQ(message, plaintext); |
| 1489 | } |
| 1490 | |
| 1491 | TEST_F(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) { |
| 1492 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, |
| 1493 | KM_MODE_ECB))); |
| 1494 | // Message is slightly shorter than two blocks. |
| 1495 | string message = "1234567890123456789012345678901"; |
| 1496 | |
| 1497 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| 1498 | string ciphertext; |
| 1499 | size_t input_consumed; |
| 1500 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed)); |
| 1501 | EXPECT_EQ(message.size(), input_consumed); |
| 1502 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext)); |
| 1503 | } |
| 1504 | |
| 1505 | TEST_F(EncryptionOperationsTest, AesEcbPkcs7Padding) { |
| 1506 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder() |
| 1507 | .AesEncryptionKey(128) |
| 1508 | .Option(TAG_BLOCK_MODE, KM_MODE_ECB) |
| 1509 | .Option(TAG_PADDING, KM_PAD_PKCS7))); |
| 1510 | |
| 1511 | // Try various message lengths; all should work. |
| 1512 | for (int i = 0; i < 32; ++i) { |
| 1513 | string message(i, 'a'); |
| 1514 | string ciphertext = EncryptMessage(message); |
| 1515 | EXPECT_EQ(i + 16 - (i % 16), ciphertext.size()); |
| 1516 | string plaintext = DecryptMessage(ciphertext); |
| 1517 | EXPECT_EQ(message, plaintext); |
| 1518 | } |
| 1519 | } |
| 1520 | |
| 1521 | TEST_F(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) { |
| 1522 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder() |
| 1523 | .AesEncryptionKey(128) |
| 1524 | .Option(TAG_BLOCK_MODE, KM_MODE_ECB) |
| 1525 | .Option(TAG_PADDING, KM_PAD_PKCS7))); |
| 1526 | |
| 1527 | string message = "a"; |
| 1528 | string ciphertext = EncryptMessage(message); |
| 1529 | EXPECT_EQ(16, ciphertext.size()); |
| 1530 | EXPECT_NE(ciphertext, message); |
| 1531 | ++ciphertext[ciphertext.size() / 2]; |
| 1532 | |
| 1533 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| 1534 | string plaintext; |
| 1535 | size_t input_consumed; |
| 1536 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed)); |
| 1537 | EXPECT_EQ(ciphertext.size(), input_consumed); |
| 1538 | EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext)); |
| 1539 | } |
| 1540 | |
| 1541 | TEST_F(EncryptionOperationsTest, AesCbcRoundTripSuccess) { |
| 1542 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, |
| 1543 | KM_MODE_CBC))); |
| 1544 | // Two-block message. |
| 1545 | string message = "12345678901234567890123456789012"; |
| 1546 | string ciphertext1 = EncryptMessage(message); |
| 1547 | EXPECT_EQ(message.size() + 16, ciphertext1.size()); |
| 1548 | |
| 1549 | string ciphertext2 = EncryptMessage(string(message)); |
| 1550 | EXPECT_EQ(message.size() + 16, ciphertext2.size()); |
| 1551 | |
| 1552 | // CBC uses random IVs, so ciphertexts shouldn't match. |
| 1553 | EXPECT_NE(ciphertext1, ciphertext2); |
| 1554 | |
| 1555 | string plaintext = DecryptMessage(ciphertext1); |
| 1556 | EXPECT_EQ(message, plaintext); |
| 1557 | } |
| 1558 | |
| 1559 | TEST_F(EncryptionOperationsTest, AesCbcIncrementalNoPadding) { |
| 1560 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, |
| 1561 | KM_MODE_CBC))); |
| 1562 | |
| 1563 | int increment = 15; |
| 1564 | string message(240, 'a'); |
| 1565 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| 1566 | string ciphertext; |
| 1567 | size_t input_consumed; |
| 1568 | for (size_t i = 0; i < message.size(); i += increment) |
| 1569 | EXPECT_EQ(KM_ERROR_OK, |
| 1570 | UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed)); |
| 1571 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
| 1572 | EXPECT_EQ(message.size() + 16, ciphertext.size()); |
| 1573 | |
| 1574 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| 1575 | string plaintext; |
| 1576 | for (size_t i = 0; i < ciphertext.size(); i += increment) |
| 1577 | EXPECT_EQ(KM_ERROR_OK, |
| 1578 | UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed)); |
| 1579 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
| 1580 | EXPECT_EQ(ciphertext.size() - 16, plaintext.size()); |
| 1581 | EXPECT_EQ(message, plaintext); |
| 1582 | } |
| 1583 | |
| 1584 | TEST_F(EncryptionOperationsTest, AesCbcPkcs7Padding) { |
| 1585 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder() |
| 1586 | .AesEncryptionKey(128) |
| 1587 | .Option(TAG_BLOCK_MODE, KM_MODE_CBC) |
| 1588 | .Option(TAG_PADDING, KM_PAD_PKCS7))); |
| 1589 | |
| 1590 | // Try various message lengths; all should work. |
| 1591 | for (int i = 0; i < 32; ++i) { |
| 1592 | string message(i, 'a'); |
| 1593 | string ciphertext = EncryptMessage(message); |
| 1594 | EXPECT_EQ(i + 32 - (i % 16), ciphertext.size()); |
| 1595 | string plaintext = DecryptMessage(ciphertext); |
| 1596 | EXPECT_EQ(message, plaintext); |
| 1597 | } |
| 1598 | } |
| 1599 | |
| 1600 | TEST_F(EncryptionOperationsTest, AesCfbRoundTripSuccess) { |
| 1601 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, |
| 1602 | KM_MODE_CFB))); |
| 1603 | // Two-block message. |
| 1604 | string message = "12345678901234567890123456789012"; |
| 1605 | string ciphertext1 = EncryptMessage(message); |
| 1606 | EXPECT_EQ(message.size() + 16, ciphertext1.size()); |
| 1607 | |
| 1608 | string ciphertext2 = EncryptMessage(string(message)); |
| 1609 | EXPECT_EQ(message.size() + 16, ciphertext2.size()); |
| 1610 | |
| 1611 | // CBC uses random IVs, so ciphertexts shouldn't match. |
| 1612 | EXPECT_NE(ciphertext1, ciphertext2); |
| 1613 | |
| 1614 | string plaintext = DecryptMessage(ciphertext1); |
| 1615 | EXPECT_EQ(message, plaintext); |
| 1616 | } |
| 1617 | |
| 1618 | TEST_F(EncryptionOperationsTest, AesCfbIncrementalNoPadding) { |
| 1619 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder() |
| 1620 | .AesEncryptionKey(128) |
| 1621 | .Option(TAG_BLOCK_MODE, KM_MODE_CFB) |
| 1622 | .Option(TAG_PADDING, KM_PAD_PKCS7))); |
| 1623 | |
| 1624 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, |
| 1625 | KM_MODE_CBC))); |
| 1626 | |
| 1627 | int increment = 15; |
| 1628 | string message(240, 'a'); |
| 1629 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| 1630 | string ciphertext; |
| 1631 | size_t input_consumed; |
| 1632 | for (size_t i = 0; i < message.size(); i += increment) |
| 1633 | EXPECT_EQ(KM_ERROR_OK, |
| 1634 | UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed)); |
| 1635 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
| 1636 | EXPECT_EQ(message.size() + 16, ciphertext.size()); |
| 1637 | |
| 1638 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT)); |
| 1639 | string plaintext; |
| 1640 | for (size_t i = 0; i < ciphertext.size(); i += increment) |
| 1641 | EXPECT_EQ(KM_ERROR_OK, |
| 1642 | UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed)); |
| 1643 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
| 1644 | EXPECT_EQ(ciphertext.size() - 16, plaintext.size()); |
| 1645 | EXPECT_EQ(message, plaintext); |
| 1646 | } |
| 1647 | |
| 1648 | TEST_F(EncryptionOperationsTest, AesCfbPkcs7Padding) { |
| 1649 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, |
| 1650 | KM_MODE_CFB))); |
| 1651 | |
| 1652 | // Try various message lengths; all should work. |
| 1653 | for (int i = 0; i < 32; ++i) { |
| 1654 | string message(i, 'a'); |
| 1655 | string ciphertext = EncryptMessage(message); |
| 1656 | EXPECT_EQ(i + 16, ciphertext.size()); |
| 1657 | string plaintext = DecryptMessage(ciphertext); |
| 1658 | EXPECT_EQ(message, plaintext); |
| 1659 | } |
| 1660 | } |
| 1661 | |
| Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 1662 | } // namespace test |
| 1663 | } // namespace keymaster |