Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 407d41282d6b0a7f2d6e2826d44a58b016a5d844 / . / google_keymaster_test.cpp
blob: 1b2e22b61291fff3fb420b01892993befb23f150 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <string>
18#include <fstream>
19
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]20#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include <openssl/engine.h>
23
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]24#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]25#include "google_keymaster_utils.h"
26#include "google_softkeymaster.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]27#include "keymaster_tags.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]28
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]29using std::string;
30using std::ifstream;
31using std::istreambuf_iterator;
32
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]33int main(int argc, char** argv) {
34 ::testing::InitGoogleTest(&argc, argv);
35 int result = RUN_ALL_TESTS();
36 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
37 CRYPTO_cleanup_all_ex_data();
38 ERR_free_strings();
39 return result;
40}
41
42namespace keymaster {
43namespace test {
44
45class KeymasterTest : public testing::Test {
46 protected:
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame]47 KeymasterTest() : device(5, new StdoutLogger) { RAND_seed("foobar", 6); }
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]48 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]49
50 GoogleSoftKeymaster device;
51};
52
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]53typedef KeymasterTest CheckSupported;
54TEST_F(CheckSupported, SupportedAlgorithms) {
55 // Shouldn't blow up on NULL.
56 device.SupportedAlgorithms(NULL);
57
58 SupportedResponse<keymaster_algorithm_t> response;
59 device.SupportedAlgorithms(&response);
60 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]61 EXPECT_EQ(3U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]62 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]63 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]64 EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]65}
66
67TEST_F(CheckSupported, SupportedBlockModes) {
68 // Shouldn't blow up on NULL.
69 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
70
71 SupportedResponse<keymaster_block_mode_t> response;
72 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
73 EXPECT_EQ(KM_ERROR_OK, response.error);
74 EXPECT_EQ(0U, response.results_length);
75
76 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]77 EXPECT_EQ(KM_ERROR_OK, response.error);
78 EXPECT_EQ(0U, response.results_length);
79
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]80 device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
81 EXPECT_EQ(KM_ERROR_OK, response.error);
82 EXPECT_EQ(0U, response.results_length);
83
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]84 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]85 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
86}
87
88TEST_F(CheckSupported, SupportedPaddingModes) {
89 // Shouldn't blow up on NULL.
90 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
91
92 SupportedResponse<keymaster_padding_t> response;
93 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
94 EXPECT_EQ(KM_ERROR_OK, response.error);
95 EXPECT_EQ(1U, response.results_length);
96 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
97
98 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]99 EXPECT_EQ(KM_ERROR_OK, response.error);
100 EXPECT_EQ(1U, response.results_length);
101 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
102
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]103 device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
104 EXPECT_EQ(KM_ERROR_OK, response.error);
105 EXPECT_EQ(1U, response.results_length);
106 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
107
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]108 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]109 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
110}
111
112TEST_F(CheckSupported, SupportedDigests) {
113 // Shouldn't blow up on NULL.
114 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
115
116 SupportedResponse<keymaster_digest_t> response;
117 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
118 EXPECT_EQ(KM_ERROR_OK, response.error);
119 EXPECT_EQ(1U, response.results_length);
120 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
121
122 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]123 EXPECT_EQ(KM_ERROR_OK, response.error);
124 EXPECT_EQ(1U, response.results_length);
125 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
126
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]127 device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
128 EXPECT_EQ(KM_ERROR_OK, response.error);
129 EXPECT_EQ(1U, response.results_length);
130 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
131
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]132 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]133 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
134}
135
136TEST_F(CheckSupported, SupportedImportFormats) {
137 // Shouldn't blow up on NULL.
138 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
139
140 SupportedResponse<keymaster_key_format_t> response;
141 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
142 EXPECT_EQ(KM_ERROR_OK, response.error);
143 EXPECT_EQ(1U, response.results_length);
144 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
145
146 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]147 EXPECT_EQ(KM_ERROR_OK, response.error);
148 EXPECT_EQ(1U, response.results_length);
149 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
150
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]151 device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
152 EXPECT_EQ(KM_ERROR_OK, response.error);
153 EXPECT_EQ(1U, response.results_length);
154 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
155
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]156 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]157 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
158}
159
160TEST_F(CheckSupported, SupportedExportFormats) {
161 // Shouldn't blow up on NULL.
162 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
163
164 SupportedResponse<keymaster_key_format_t> response;
165 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
166 EXPECT_EQ(KM_ERROR_OK, response.error);
167 EXPECT_EQ(1U, response.results_length);
168 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
169
170 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]171 EXPECT_EQ(KM_ERROR_OK, response.error);
172 EXPECT_EQ(1U, response.results_length);
173 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
174
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]175 device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
176 EXPECT_EQ(KM_ERROR_OK, response.error);
177 EXPECT_EQ(1U, response.results_length);
178 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
179
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]180 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]181 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
182}
183
184typedef KeymasterTest NewKeyGeneration;
185TEST_F(NewKeyGeneration, Rsa) {
186 keymaster_key_param_t params[] = {
187 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
188 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
189 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]190 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]191 Authorization(TAG_USER_ID, 7),
192 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]193 Authorization(TAG_APPLICATION_ID, "app_id", 6),
194 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]195 Authorization(TAG_AUTH_TIMEOUT, 300),
196 };
197 GenerateKeyRequest req;
198 req.key_description.Reinitialize(params, array_length(params));
199 GenerateKeyResponse rsp;
200
201 device.GenerateKey(req, &rsp);
202
203 ASSERT_EQ(KM_ERROR_OK, rsp.error);
204 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]205 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
206 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]207
208 // Check specified tags are all present in unenforced characteristics
209 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
210 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
211
212 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
213
214 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
215 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]216 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]217 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
218
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]219 // Verify that App ID, App data and ROT are NOT included.
220 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
221 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
222 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
223
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]224 // Just for giggles, check that some unexpected tags/values are NOT present.
225 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
226 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
227 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
228 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
229
230 // Now check that unspecified, defaulted tags are correct.
231 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
232 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
233 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]234}
235
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]236TEST_F(NewKeyGeneration, Dsa) {
237 keymaster_key_param_t params[] = {
238 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
239 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
240 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
241 Authorization(TAG_KEY_SIZE, 256),
242 Authorization(TAG_USER_ID, 7),
243 Authorization(TAG_USER_AUTH_ID, 8),
244 Authorization(TAG_APPLICATION_ID, "app_id", 6),
245 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
246 Authorization(TAG_AUTH_TIMEOUT, 300),
247 };
248 GenerateKeyRequest req;
249 req.key_description.Reinitialize(params, array_length(params));
250 GenerateKeyResponse rsp;
251
252 device.GenerateKey(req, &rsp);
253
254 ASSERT_EQ(KM_ERROR_OK, rsp.error);
255 EXPECT_EQ(0U, rsp.enforced.size());
256 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
257 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
258
259 // Check specified tags are all present in unenforced characteristics
260 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
261 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
262
263 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
264
265 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
266 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
267 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
268 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
269
270 // Verify that App ID, App data and ROT are NOT included.
271 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
272 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
273 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
274
275 // Just for giggles, check that some unexpected tags/values are NOT present.
276 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
277 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
278 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
279 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
280
281 // Now check that unspecified, defaulted tags are correct.
282 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
283 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
284
285 // Generator should have created DSA params.
286 keymaster_blob_t g, p, q;
287 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
288 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
289 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]290 EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]291 EXPECT_EQ(64U, p.data_length);
292 EXPECT_EQ(20U, q.data_length);
293}
294
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]295TEST_F(NewKeyGeneration, Ecdsa) {
296 keymaster_key_param_t params[] = {
297 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
298 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
299 Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
300 Authorization(TAG_KEY_SIZE, 256),
301 Authorization(TAG_USER_ID, 7),
302 Authorization(TAG_USER_AUTH_ID, 8),
303 Authorization(TAG_APPLICATION_ID, "app_id", 6),
304 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
305 Authorization(TAG_AUTH_TIMEOUT, 300),
306 };
307 GenerateKeyRequest req;
308 req.key_description.Reinitialize(params, array_length(params));
309 GenerateKeyResponse rsp;
310
311 device.GenerateKey(req, &rsp);
312
313 ASSERT_EQ(KM_ERROR_OK, rsp.error);
314 EXPECT_EQ(0U, rsp.enforced.size());
315 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
316 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
317
318 // Check specified tags are all present in unenforced characteristics
319 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
320 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
321
322 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
323
324 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
325 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
326 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
327 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
328
329 // Verify that App ID, App data and ROT are NOT included.
330 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
331 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
332 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
333
334 // Just for giggles, check that some unexpected tags/values are NOT present.
335 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
336 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
337 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
338 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
339
340 // Now check that unspecified, defaulted tags are correct.
341 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
342 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
343}
344
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]345typedef KeymasterTest GetKeyCharacteristics;
346TEST_F(GetKeyCharacteristics, SimpleRsa) {
347 keymaster_key_param_t params[] = {
348 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
349 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
350 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
351 Authorization(TAG_KEY_SIZE, 256),
352 Authorization(TAG_USER_ID, 7),
353 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]354 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]355 Authorization(TAG_AUTH_TIMEOUT, 300),
356 };
357
358 GenerateKeyRequest gen_req;
359 gen_req.key_description.Reinitialize(params, array_length(params));
360 GenerateKeyResponse gen_rsp;
361
362 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]363 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]364
365 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]366 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]367 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]368
369 GetKeyCharacteristicsResponse rsp;
370 device.GetKeyCharacteristics(req, &rsp);
371 ASSERT_EQ(KM_ERROR_OK, rsp.error);
372
373 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
374 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
375}
376
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]377/**
378 * Test class that provides some infrastructure for generating keys and signing messages.
379 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]380class SigningOperationsTest : public KeymasterTest {
381 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]382 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
383 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]384 keymaster_key_param_t params[] = {
385 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
386 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]387 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]388 Authorization(TAG_KEY_SIZE, key_size),
389 Authorization(TAG_USER_ID, 7),
390 Authorization(TAG_USER_AUTH_ID, 8),
391 Authorization(TAG_APPLICATION_ID, "app_id", 6),
392 Authorization(TAG_AUTH_TIMEOUT, 300),
393 };
394 GenerateKeyRequest generate_request;
395 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]396 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]397 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]398 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]399 generate_request.key_description.push_back(TAG_PADDING, padding);
400 device.GenerateKey(generate_request, &generate_response_);
401 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]402 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]403
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]404 void SignMessage(const void* message, size_t size) {
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]405 SignMessage(generate_response_.key_blob, message, size);
406 }
407
408 void SignMessage(const keymaster_key_blob_t& key_blob, const void* message, size_t size) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]409 BeginOperationRequest begin_request;
410 BeginOperationResponse begin_response;
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]411 begin_request.SetKeyMaterial(key_blob);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]412 begin_request.purpose = KM_PURPOSE_SIGN;
413 AddClientParams(&begin_request.additional_params);
414
415 device.BeginOperation(begin_request, &begin_response);
416 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
417
418 UpdateOperationRequest update_request;
419 UpdateOperationResponse update_response;
420 update_request.op_handle = begin_response.op_handle;
421 update_request.input.Reinitialize(message, size);
422 EXPECT_EQ(size, update_request.input.available_read());
423
424 device.UpdateOperation(update_request, &update_response);
425 ASSERT_EQ(KM_ERROR_OK, update_response.error);
426 EXPECT_EQ(0U, update_response.output.available_read());
427
428 FinishOperationRequest finish_request;
429 finish_request.op_handle = begin_response.op_handle;
430 device.FinishOperation(finish_request, &finish_response_);
431 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
432 EXPECT_GT(finish_response_.output.available_read(), 0U);
433 }
434
435 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
436
437 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]438
439 const keymaster_key_blob_t& corrupt_key_blob() {
440 ++generate_response_.key_blob
441 .key_material[generate_response_.key_blob.key_material_size / 2];
442 return generate_response_.key_blob;
443 }
444
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]445 Buffer* signature() {
446 if (finish_response_.error == KM_ERROR_OK)
447 return &finish_response_.output;
448 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]449 }
450
451 private:
452 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]453 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]454};
455
456TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]457 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]458 const char message[] = "12345678901234567890123456789012";
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]459
460 BeginOperationRequest begin_request;
461 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]462 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]463 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]464 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]465
466 device.BeginOperation(begin_request, &begin_response);
467 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
468
469 UpdateOperationRequest update_request;
470 UpdateOperationResponse update_response;
471 update_request.op_handle = begin_response.op_handle;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]472 update_request.input.Reinitialize(message, array_size(message) - 1);
473 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]474
475 device.UpdateOperation(update_request, &update_response);
476 ASSERT_EQ(KM_ERROR_OK, update_response.error);
477 EXPECT_EQ(0U, update_response.output.available_read());
478
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]479 FinishOperationRequest finish_request;
480 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]481 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]482 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]483 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]484 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]485
486 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
487}
488
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]489TEST_F(SigningOperationsTest, DsaSuccess) {
490 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
491
492 BeginOperationRequest begin_request;
493 BeginOperationResponse begin_response;
494 begin_request.SetKeyMaterial(key_blob());
495 begin_request.purpose = KM_PURPOSE_SIGN;
496 AddClientParams(&begin_request.additional_params);
497
498 device.BeginOperation(begin_request, &begin_response);
499 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
500
501 UpdateOperationRequest update_request;
502 UpdateOperationResponse update_response;
503 update_request.op_handle = begin_response.op_handle;
504 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
505 EXPECT_EQ(48U, update_request.input.available_read());
506
507 device.UpdateOperation(update_request, &update_response);
508 ASSERT_EQ(KM_ERROR_OK, update_response.error);
509 EXPECT_EQ(0U, update_response.output.available_read());
510
511 FinishOperationRequest finish_request;
512 finish_request.op_handle = begin_response.op_handle;
513 FinishOperationResponse finish_response;
514 device.FinishOperation(finish_request, &finish_response);
515 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
516 EXPECT_GT(finish_response.output.available_read(), 0U);
517
518 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
519}
520
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]521TEST_F(SigningOperationsTest, EcdsaSuccess) {
522 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
523
524 BeginOperationRequest begin_request;
525 BeginOperationResponse begin_response;
526 begin_request.SetKeyMaterial(key_blob());
527 begin_request.purpose = KM_PURPOSE_SIGN;
528 AddClientParams(&begin_request.additional_params);
529
530 device.BeginOperation(begin_request, &begin_response);
531 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
532
533 UpdateOperationRequest update_request;
534 UpdateOperationResponse update_response;
535 update_request.op_handle = begin_response.op_handle;
536 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
537 EXPECT_EQ(48U, update_request.input.available_read());
538
539 device.UpdateOperation(update_request, &update_response);
540 ASSERT_EQ(KM_ERROR_OK, update_response.error);
541 EXPECT_EQ(0U, update_response.output.available_read());
542
543 FinishOperationRequest finish_request;
544 finish_request.op_handle = begin_response.op_handle;
545 FinishOperationResponse finish_response;
546 device.FinishOperation(finish_request, &finish_response);
547 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
548 EXPECT_GT(finish_response.output.available_read(), 0U);
549
550 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
551}
552
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]553TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]554 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]555
556 BeginOperationRequest begin_request;
557 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]558 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]559 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]560 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]561
562 device.BeginOperation(begin_request, &begin_response);
563 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
564
565 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
566
567 // Another abort should fail
568 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
569}
570
571TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]572 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]573
574 BeginOperationRequest begin_request;
575 BeginOperationResponse begin_response;
576 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]577 begin_request.SetKeyMaterial(key_blob());
578 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]579
580 device.BeginOperation(begin_request, &begin_response);
581 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
582
583 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
584}
585
586TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]587 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]588
589 BeginOperationRequest begin_request;
590 BeginOperationResponse begin_response;
591 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]592 begin_request.SetKeyMaterial(key_blob());
593 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]594
595 device.BeginOperation(begin_request, &begin_response);
596 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
597
598 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
599}
600
601TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]602 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
603 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]604
605 BeginOperationRequest begin_request;
606 BeginOperationResponse begin_response;
607 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]608 begin_request.SetKeyMaterial(key_blob());
609 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]610
611 device.BeginOperation(begin_request, &begin_response);
612 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
613
614 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
615}
616
617TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]618 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
619 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]620
621 BeginOperationRequest begin_request;
622 BeginOperationResponse begin_response;
623 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]624 begin_request.SetKeyMaterial(key_blob());
625 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]626
627 device.BeginOperation(begin_request, &begin_response);
628 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
629
630 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
631}
632
633TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]634 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]635
636 BeginOperationRequest begin_request;
637 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]638 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]639 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]640 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]641
642 device.BeginOperation(begin_request, &begin_response);
643 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
644
645 UpdateOperationRequest update_request;
646 UpdateOperationResponse update_response;
647 update_request.op_handle = begin_response.op_handle;
648 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
649 EXPECT_EQ(31U, update_request.input.available_read());
650
651 device.UpdateOperation(update_request, &update_response);
652 ASSERT_EQ(KM_ERROR_OK, update_response.error);
653 EXPECT_EQ(0U, update_response.output.available_read());
654
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]655 FinishOperationRequest finish_request;
656 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]657 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]658 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]659 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]660 EXPECT_EQ(0U, finish_response.output.available_read());
661
662 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
663}
664
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]665typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]666TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]667 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
668 const char message[] = "12345678901234567890123456789012";
669 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]670 ASSERT_TRUE(signature() != NULL);
671
672 BeginOperationRequest begin_request;
673 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]674 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]675 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]676 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]677
678 device.BeginOperation(begin_request, &begin_response);
679 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
680
681 UpdateOperationRequest update_request;
682 UpdateOperationResponse update_response;
683 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]684 update_request.input.Reinitialize(message, array_size(message) - 1);
685 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]686
687 device.UpdateOperation(update_request, &update_response);
688 ASSERT_EQ(KM_ERROR_OK, update_response.error);
689 EXPECT_EQ(0U, update_response.output.available_read());
690
691 FinishOperationRequest finish_request;
692 finish_request.op_handle = begin_response.op_handle;
693 finish_request.signature.Reinitialize(*signature());
694 FinishOperationResponse finish_response;
695 device.FinishOperation(finish_request, &finish_response);
696 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]697 EXPECT_EQ(0U, finish_response.output.available_read());
698
699 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
700}
701
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]702TEST_F(VerificationOperationsTest, DsaSuccess) {
703 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
704 const char message[] = "123456789012345678901234567890123456789012345678";
705 SignMessage(message, array_size(message) - 1);
706 ASSERT_TRUE(signature() != NULL);
707
708 BeginOperationRequest begin_request;
709 BeginOperationResponse begin_response;
710 begin_request.SetKeyMaterial(key_blob());
711 begin_request.purpose = KM_PURPOSE_VERIFY;
712 AddClientParams(&begin_request.additional_params);
713
714 device.BeginOperation(begin_request, &begin_response);
715 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
716
717 UpdateOperationRequest update_request;
718 UpdateOperationResponse update_response;
719 update_request.op_handle = begin_response.op_handle;
720 update_request.input.Reinitialize(message, array_size(message) - 1);
721 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
722
723 device.UpdateOperation(update_request, &update_response);
724 ASSERT_EQ(KM_ERROR_OK, update_response.error);
725 EXPECT_EQ(0U, update_response.output.available_read());
726
727 FinishOperationRequest finish_request;
728 finish_request.op_handle = begin_response.op_handle;
729 finish_request.signature.Reinitialize(*signature());
730 FinishOperationResponse finish_response;
731 device.FinishOperation(finish_request, &finish_response);
732 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
733 EXPECT_EQ(0U, finish_response.output.available_read());
734
735 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
736}
737
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]738TEST_F(VerificationOperationsTest, EcdsaSuccess) {
739 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
740 const char message[] = "123456789012345678901234567890123456789012345678";
741 SignMessage(message, array_size(message) - 1);
742 ASSERT_TRUE(signature() != NULL);
743
744 BeginOperationRequest begin_request;
745 BeginOperationResponse begin_response;
746 begin_request.SetKeyMaterial(key_blob());
747 begin_request.purpose = KM_PURPOSE_VERIFY;
748 AddClientParams(&begin_request.additional_params);
749
750 device.BeginOperation(begin_request, &begin_response);
751 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
752
753 UpdateOperationRequest update_request;
754 UpdateOperationResponse update_response;
755 update_request.op_handle = begin_response.op_handle;
756 update_request.input.Reinitialize(message, array_size(message) - 1);
757 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
758
759 device.UpdateOperation(update_request, &update_response);
760 ASSERT_EQ(KM_ERROR_OK, update_response.error);
761 EXPECT_EQ(0U, update_response.output.available_read());
762
763 FinishOperationRequest finish_request;
764 finish_request.op_handle = begin_response.op_handle;
765 finish_request.signature.Reinitialize(*signature());
766 FinishOperationResponse finish_response;
767 device.FinishOperation(finish_request, &finish_response);
768 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
769 EXPECT_EQ(0U, finish_response.output.available_read());
770
771 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
772}
773
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]774typedef SigningOperationsTest ExportKeyTest;
775TEST_F(ExportKeyTest, RsaSuccess) {
776 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]777
778 ExportKeyRequest request;
779 ExportKeyResponse response;
780 AddClientParams(&request.additional_params);
781 request.key_format = KM_KEY_FORMAT_X509;
782 request.SetKeyMaterial(key_blob());
783
784 device.ExportKey(request, &response);
785 ASSERT_EQ(KM_ERROR_OK, response.error);
786 EXPECT_TRUE(response.key_data != NULL);
787}
788
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]789TEST_F(ExportKeyTest, DsaSuccess) {
790 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 1024 /* key size */);
791
792 ExportKeyRequest request;
793 ExportKeyResponse response;
794 AddClientParams(&request.additional_params);
795 request.key_format = KM_KEY_FORMAT_X509;
796 request.SetKeyMaterial(key_blob());
797
798 device.ExportKey(request, &response);
799 ASSERT_EQ(KM_ERROR_OK, response.error);
800 EXPECT_TRUE(response.key_data != NULL);
801}
802
803TEST_F(ExportKeyTest, EcdsaSuccess) {
804 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
805
806 ExportKeyRequest request;
807 ExportKeyResponse response;
808 AddClientParams(&request.additional_params);
809 request.key_format = KM_KEY_FORMAT_X509;
810 request.SetKeyMaterial(key_blob());
811
812 device.ExportKey(request, &response);
813 ASSERT_EQ(KM_ERROR_OK, response.error);
814 EXPECT_TRUE(response.key_data != NULL);
815}
816
817TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
818 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
819
820 ExportKeyRequest request;
821 ExportKeyResponse response;
822 AddClientParams(&request.additional_params);
823
824 /* We have no other defined export formats defined. */
825 request.key_format = KM_KEY_FORMAT_PKCS8;
826 request.SetKeyMaterial(key_blob());
827
828 device.ExportKey(request, &response);
829 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, response.error);
830 EXPECT_TRUE(response.key_data == NULL);
831}
832
833TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
834 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
835
836 ExportKeyRequest request;
837 ExportKeyResponse response;
838 AddClientParams(&request.additional_params);
839 request.key_format = KM_KEY_FORMAT_X509;
840 request.SetKeyMaterial(corrupt_key_blob());
841
842 device.ExportKey(request, &response);
843 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, response.error);
844 ASSERT_TRUE(response.key_data == NULL);
845}
846
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]847static string read_file(const string& file_name) {
848 ifstream file_stream(file_name, std::ios::binary);
849 istreambuf_iterator<char> file_begin(file_stream);
850 istreambuf_iterator<char> file_end;
851 return string(file_begin, file_end);
852}
853
854typedef SigningOperationsTest ImportKeyTest;
855TEST_F(ImportKeyTest, RsaSuccess) {
856 keymaster_key_param_t params[] = {
857 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
858 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
859 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
860 Authorization(TAG_PADDING, KM_PAD_NONE),
861 Authorization(TAG_USER_ID, 7),
862 Authorization(TAG_USER_AUTH_ID, 8),
863 Authorization(TAG_APPLICATION_ID, "app_id", 6),
864 Authorization(TAG_AUTH_TIMEOUT, 300),
865 };
866
867 string pk8_key = read_file("privkey_pk8.der");
868 ASSERT_EQ(633U, pk8_key.size());
869
870 ImportKeyRequest import_request;
871 import_request.key_description.Reinitialize(params, array_length(params));
872 import_request.key_format = KM_KEY_FORMAT_PKCS8;
873 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
874
875 ImportKeyResponse import_response;
876 device.ImportKey(import_request, &import_response);
877 ASSERT_EQ(KM_ERROR_OK, import_response.error);
878 EXPECT_EQ(0U, import_response.enforced.size());
879 EXPECT_GT(import_response.unenforced.size(), 0U);
880
881 // Check values derived from the key.
882 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
883 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
884 EXPECT_TRUE(contains(import_response.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537U));
885
886 // And values provided by GoogleKeymaster
887 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
888 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
889
890 size_t message_len = 1024 / 8;
891 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
892 std::fill(message.get(), message.get() + message_len, 'a');
893 SignMessage(import_response.key_blob, message.get(), message_len);
894 ASSERT_TRUE(signature() != NULL);
895
896 BeginOperationRequest begin_request;
897 BeginOperationResponse begin_response;
898 begin_request.SetKeyMaterial(import_response.key_blob);
899 begin_request.purpose = KM_PURPOSE_VERIFY;
900 AddClientParams(&begin_request.additional_params);
901
902 device.BeginOperation(begin_request, &begin_response);
903 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
904
905 UpdateOperationRequest update_request;
906 UpdateOperationResponse update_response;
907 update_request.op_handle = begin_response.op_handle;
908 update_request.input.Reinitialize(message.get(), message_len);
909 EXPECT_EQ(message_len, update_request.input.available_read());
910
911 device.UpdateOperation(update_request, &update_response);
912 ASSERT_EQ(KM_ERROR_OK, update_response.error);
913 EXPECT_EQ(0U, update_response.output.available_read());
914
915 FinishOperationRequest finish_request;
916 finish_request.op_handle = begin_response.op_handle;
917 finish_request.signature.Reinitialize(*signature());
918 FinishOperationResponse finish_response;
919 device.FinishOperation(finish_request, &finish_response);
920 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
921 EXPECT_EQ(0U, finish_response.output.available_read());
922
923 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
924}
925
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]926} // namespace test
927} // namespace keymaster