Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 98d9b92547a9a7553b99e3e941a4175926f95b62 / . / google_keymaster_test.cpp
blob: 3ed012901391c3aa124c221a84046b329165e8c9 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <string>
18#include <fstream>
19
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]20#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include <openssl/engine.h>
23
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame^]24#include <keymaster/google_keymaster_utils.h>
25#include <keymaster/keymaster_tags.h>
26
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]27#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]28#include "google_softkeymaster.h"
29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::string;
31using std::ifstream;
32using std::istreambuf_iterator;
33
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]34int main(int argc, char** argv) {
35 ::testing::InitGoogleTest(&argc, argv);
36 int result = RUN_ALL_TESTS();
37 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
38 CRYPTO_cleanup_all_ex_data();
39 ERR_free_strings();
40 return result;
41}
42
43namespace keymaster {
44namespace test {
45
46class KeymasterTest : public testing::Test {
47 protected:
Shawn Willden2f3be362014-08-25 11:31:39 -0600[diff] [blame]48 KeymasterTest() : device(5, new StdoutLogger) { RAND_seed("foobar", 6); }
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]49 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]50
51 GoogleSoftKeymaster device;
52};
53
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]54typedef KeymasterTest CheckSupported;
55TEST_F(CheckSupported, SupportedAlgorithms) {
56 // Shouldn't blow up on NULL.
57 device.SupportedAlgorithms(NULL);
58
59 SupportedResponse<keymaster_algorithm_t> response;
60 device.SupportedAlgorithms(&response);
61 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]62 EXPECT_EQ(3U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]63 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]64 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]65 EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]66}
67
68TEST_F(CheckSupported, SupportedBlockModes) {
69 // Shouldn't blow up on NULL.
70 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
71
72 SupportedResponse<keymaster_block_mode_t> response;
73 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
74 EXPECT_EQ(KM_ERROR_OK, response.error);
75 EXPECT_EQ(0U, response.results_length);
76
77 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]78 EXPECT_EQ(KM_ERROR_OK, response.error);
79 EXPECT_EQ(0U, response.results_length);
80
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]81 device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
82 EXPECT_EQ(KM_ERROR_OK, response.error);
83 EXPECT_EQ(0U, response.results_length);
84
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]85 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]86 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
87}
88
89TEST_F(CheckSupported, SupportedPaddingModes) {
90 // Shouldn't blow up on NULL.
91 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
92
93 SupportedResponse<keymaster_padding_t> response;
94 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
95 EXPECT_EQ(KM_ERROR_OK, response.error);
96 EXPECT_EQ(1U, response.results_length);
97 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
98
99 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]100 EXPECT_EQ(KM_ERROR_OK, response.error);
101 EXPECT_EQ(1U, response.results_length);
102 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
103
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]104 device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
105 EXPECT_EQ(KM_ERROR_OK, response.error);
106 EXPECT_EQ(1U, response.results_length);
107 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
108
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]109 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]110 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
111}
112
113TEST_F(CheckSupported, SupportedDigests) {
114 // Shouldn't blow up on NULL.
115 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
116
117 SupportedResponse<keymaster_digest_t> response;
118 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
119 EXPECT_EQ(KM_ERROR_OK, response.error);
120 EXPECT_EQ(1U, response.results_length);
121 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
122
123 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]124 EXPECT_EQ(KM_ERROR_OK, response.error);
125 EXPECT_EQ(1U, response.results_length);
126 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
127
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]128 device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
129 EXPECT_EQ(KM_ERROR_OK, response.error);
130 EXPECT_EQ(1U, response.results_length);
131 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
132
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]133 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]134 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
135}
136
137TEST_F(CheckSupported, SupportedImportFormats) {
138 // Shouldn't blow up on NULL.
139 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
140
141 SupportedResponse<keymaster_key_format_t> response;
142 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
143 EXPECT_EQ(KM_ERROR_OK, response.error);
144 EXPECT_EQ(1U, response.results_length);
145 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
146
147 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]148 EXPECT_EQ(KM_ERROR_OK, response.error);
149 EXPECT_EQ(1U, response.results_length);
150 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
151
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]152 device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
153 EXPECT_EQ(KM_ERROR_OK, response.error);
154 EXPECT_EQ(1U, response.results_length);
155 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
156
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]157 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]158 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
159}
160
161TEST_F(CheckSupported, SupportedExportFormats) {
162 // Shouldn't blow up on NULL.
163 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
164
165 SupportedResponse<keymaster_key_format_t> response;
166 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
167 EXPECT_EQ(KM_ERROR_OK, response.error);
168 EXPECT_EQ(1U, response.results_length);
169 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
170
171 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]172 EXPECT_EQ(KM_ERROR_OK, response.error);
173 EXPECT_EQ(1U, response.results_length);
174 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
175
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]176 device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
177 EXPECT_EQ(KM_ERROR_OK, response.error);
178 EXPECT_EQ(1U, response.results_length);
179 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
180
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]181 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]182 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
183}
184
185typedef KeymasterTest NewKeyGeneration;
186TEST_F(NewKeyGeneration, Rsa) {
187 keymaster_key_param_t params[] = {
188 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
189 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
190 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]191 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]192 Authorization(TAG_USER_ID, 7),
193 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]194 Authorization(TAG_APPLICATION_ID, "app_id", 6),
195 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]196 Authorization(TAG_AUTH_TIMEOUT, 300),
197 };
198 GenerateKeyRequest req;
199 req.key_description.Reinitialize(params, array_length(params));
200 GenerateKeyResponse rsp;
201
202 device.GenerateKey(req, &rsp);
203
204 ASSERT_EQ(KM_ERROR_OK, rsp.error);
205 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]206 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
207 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]208
209 // Check specified tags are all present in unenforced characteristics
210 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
211 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
212
213 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
214
215 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
216 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]217 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]218 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
219
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]220 // Verify that App ID, App data and ROT are NOT included.
221 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
222 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
223 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
224
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225 // Just for giggles, check that some unexpected tags/values are NOT present.
226 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
227 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
228 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
229 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
230
231 // Now check that unspecified, defaulted tags are correct.
232 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
233 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
234 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]235}
236
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]237TEST_F(NewKeyGeneration, Dsa) {
238 keymaster_key_param_t params[] = {
239 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
240 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
241 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
242 Authorization(TAG_KEY_SIZE, 256),
243 Authorization(TAG_USER_ID, 7),
244 Authorization(TAG_USER_AUTH_ID, 8),
245 Authorization(TAG_APPLICATION_ID, "app_id", 6),
246 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
247 Authorization(TAG_AUTH_TIMEOUT, 300),
248 };
249 GenerateKeyRequest req;
250 req.key_description.Reinitialize(params, array_length(params));
251 GenerateKeyResponse rsp;
252
253 device.GenerateKey(req, &rsp);
254
255 ASSERT_EQ(KM_ERROR_OK, rsp.error);
256 EXPECT_EQ(0U, rsp.enforced.size());
257 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
258 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
259
260 // Check specified tags are all present in unenforced characteristics
261 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
262 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
263
264 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
265
266 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
267 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
268 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
269 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
270
271 // Verify that App ID, App data and ROT are NOT included.
272 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
273 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
274 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
275
276 // Just for giggles, check that some unexpected tags/values are NOT present.
277 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
278 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
279 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
280 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
281
282 // Now check that unspecified, defaulted tags are correct.
283 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
284 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
285
286 // Generator should have created DSA params.
287 keymaster_blob_t g, p, q;
288 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
289 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
290 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]291 EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]292 EXPECT_EQ(64U, p.data_length);
293 EXPECT_EQ(20U, q.data_length);
294}
295
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]296TEST_F(NewKeyGeneration, Ecdsa) {
297 keymaster_key_param_t params[] = {
298 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
299 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
300 Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
301 Authorization(TAG_KEY_SIZE, 256),
302 Authorization(TAG_USER_ID, 7),
303 Authorization(TAG_USER_AUTH_ID, 8),
304 Authorization(TAG_APPLICATION_ID, "app_id", 6),
305 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
306 Authorization(TAG_AUTH_TIMEOUT, 300),
307 };
308 GenerateKeyRequest req;
309 req.key_description.Reinitialize(params, array_length(params));
310 GenerateKeyResponse rsp;
311
312 device.GenerateKey(req, &rsp);
313
314 ASSERT_EQ(KM_ERROR_OK, rsp.error);
315 EXPECT_EQ(0U, rsp.enforced.size());
316 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
317 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
318
319 // Check specified tags are all present in unenforced characteristics
320 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
321 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
322
323 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
324
325 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
326 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
327 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
328 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
329
330 // Verify that App ID, App data and ROT are NOT included.
331 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
332 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
333 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
334
335 // Just for giggles, check that some unexpected tags/values are NOT present.
336 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
337 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
338 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
339 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
340
341 // Now check that unspecified, defaulted tags are correct.
342 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
343 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
344}
345
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]346typedef KeymasterTest GetKeyCharacteristics;
347TEST_F(GetKeyCharacteristics, SimpleRsa) {
348 keymaster_key_param_t params[] = {
349 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
350 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
351 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
352 Authorization(TAG_KEY_SIZE, 256),
353 Authorization(TAG_USER_ID, 7),
354 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]355 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]356 Authorization(TAG_AUTH_TIMEOUT, 300),
357 };
358
359 GenerateKeyRequest gen_req;
360 gen_req.key_description.Reinitialize(params, array_length(params));
361 GenerateKeyResponse gen_rsp;
362
363 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]364 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]365
366 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]367 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]368 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]369
370 GetKeyCharacteristicsResponse rsp;
371 device.GetKeyCharacteristics(req, &rsp);
372 ASSERT_EQ(KM_ERROR_OK, rsp.error);
373
374 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
375 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
376}
377
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]378/**
379 * Test class that provides some infrastructure for generating keys and signing messages.
380 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]381class SigningOperationsTest : public KeymasterTest {
382 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]383 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
384 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]385 keymaster_key_param_t params[] = {
386 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
387 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]388 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]389 Authorization(TAG_KEY_SIZE, key_size),
390 Authorization(TAG_USER_ID, 7),
391 Authorization(TAG_USER_AUTH_ID, 8),
392 Authorization(TAG_APPLICATION_ID, "app_id", 6),
393 Authorization(TAG_AUTH_TIMEOUT, 300),
394 };
395 GenerateKeyRequest generate_request;
396 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]397 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]398 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]399 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]400 generate_request.key_description.push_back(TAG_PADDING, padding);
401 device.GenerateKey(generate_request, &generate_response_);
402 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]403 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]404
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]405 void SignMessage(const void* message, size_t size) {
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]406 SignMessage(generate_response_.key_blob, message, size);
407 }
408
409 void SignMessage(const keymaster_key_blob_t& key_blob, const void* message, size_t size) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]410 BeginOperationRequest begin_request;
411 BeginOperationResponse begin_response;
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]412 begin_request.SetKeyMaterial(key_blob);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]413 begin_request.purpose = KM_PURPOSE_SIGN;
414 AddClientParams(&begin_request.additional_params);
415
416 device.BeginOperation(begin_request, &begin_response);
417 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
418
419 UpdateOperationRequest update_request;
420 UpdateOperationResponse update_response;
421 update_request.op_handle = begin_response.op_handle;
422 update_request.input.Reinitialize(message, size);
423 EXPECT_EQ(size, update_request.input.available_read());
424
425 device.UpdateOperation(update_request, &update_response);
426 ASSERT_EQ(KM_ERROR_OK, update_response.error);
427 EXPECT_EQ(0U, update_response.output.available_read());
428
429 FinishOperationRequest finish_request;
430 finish_request.op_handle = begin_response.op_handle;
431 device.FinishOperation(finish_request, &finish_response_);
432 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
433 EXPECT_GT(finish_response_.output.available_read(), 0U);
434 }
435
436 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
437
438 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]439
440 const keymaster_key_blob_t& corrupt_key_blob() {
441 ++generate_response_.key_blob
442 .key_material[generate_response_.key_blob.key_material_size / 2];
443 return generate_response_.key_blob;
444 }
445
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]446 Buffer* signature() {
447 if (finish_response_.error == KM_ERROR_OK)
448 return &finish_response_.output;
449 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]450 }
451
452 private:
453 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]454 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]455};
456
457TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]458 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]459 const char message[] = "12345678901234567890123456789012";
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]460
461 BeginOperationRequest begin_request;
462 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]463 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]464 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]465 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]466
467 device.BeginOperation(begin_request, &begin_response);
468 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
469
470 UpdateOperationRequest update_request;
471 UpdateOperationResponse update_response;
472 update_request.op_handle = begin_response.op_handle;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]473 update_request.input.Reinitialize(message, array_size(message) - 1);
474 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]475
476 device.UpdateOperation(update_request, &update_response);
477 ASSERT_EQ(KM_ERROR_OK, update_response.error);
478 EXPECT_EQ(0U, update_response.output.available_read());
479
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]480 FinishOperationRequest finish_request;
481 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]482 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]483 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]484 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]485 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]486
487 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
488}
489
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]490TEST_F(SigningOperationsTest, DsaSuccess) {
491 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
492
493 BeginOperationRequest begin_request;
494 BeginOperationResponse begin_response;
495 begin_request.SetKeyMaterial(key_blob());
496 begin_request.purpose = KM_PURPOSE_SIGN;
497 AddClientParams(&begin_request.additional_params);
498
499 device.BeginOperation(begin_request, &begin_response);
500 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
501
502 UpdateOperationRequest update_request;
503 UpdateOperationResponse update_response;
504 update_request.op_handle = begin_response.op_handle;
505 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
506 EXPECT_EQ(48U, update_request.input.available_read());
507
508 device.UpdateOperation(update_request, &update_response);
509 ASSERT_EQ(KM_ERROR_OK, update_response.error);
510 EXPECT_EQ(0U, update_response.output.available_read());
511
512 FinishOperationRequest finish_request;
513 finish_request.op_handle = begin_response.op_handle;
514 FinishOperationResponse finish_response;
515 device.FinishOperation(finish_request, &finish_response);
516 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
517 EXPECT_GT(finish_response.output.available_read(), 0U);
518
519 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
520}
521
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]522TEST_F(SigningOperationsTest, EcdsaSuccess) {
523 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
524
525 BeginOperationRequest begin_request;
526 BeginOperationResponse begin_response;
527 begin_request.SetKeyMaterial(key_blob());
528 begin_request.purpose = KM_PURPOSE_SIGN;
529 AddClientParams(&begin_request.additional_params);
530
531 device.BeginOperation(begin_request, &begin_response);
532 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
533
534 UpdateOperationRequest update_request;
535 UpdateOperationResponse update_response;
536 update_request.op_handle = begin_response.op_handle;
537 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
538 EXPECT_EQ(48U, update_request.input.available_read());
539
540 device.UpdateOperation(update_request, &update_response);
541 ASSERT_EQ(KM_ERROR_OK, update_response.error);
542 EXPECT_EQ(0U, update_response.output.available_read());
543
544 FinishOperationRequest finish_request;
545 finish_request.op_handle = begin_response.op_handle;
546 FinishOperationResponse finish_response;
547 device.FinishOperation(finish_request, &finish_response);
548 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
549 EXPECT_GT(finish_response.output.available_read(), 0U);
550
551 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
552}
553
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]554TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]555 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]556
557 BeginOperationRequest begin_request;
558 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]559 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]560 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]561 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]562
563 device.BeginOperation(begin_request, &begin_response);
564 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
565
566 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
567
568 // Another abort should fail
569 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
570}
571
572TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]573 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]574
575 BeginOperationRequest begin_request;
576 BeginOperationResponse begin_response;
577 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]578 begin_request.SetKeyMaterial(key_blob());
579 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]580
581 device.BeginOperation(begin_request, &begin_response);
582 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
583
584 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
585}
586
587TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]588 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]589
590 BeginOperationRequest begin_request;
591 BeginOperationResponse begin_response;
592 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]593 begin_request.SetKeyMaterial(key_blob());
594 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]595
596 device.BeginOperation(begin_request, &begin_response);
597 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
598
599 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
600}
601
602TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]603 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
604 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]605
606 BeginOperationRequest begin_request;
607 BeginOperationResponse begin_response;
608 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]609 begin_request.SetKeyMaterial(key_blob());
610 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]611
612 device.BeginOperation(begin_request, &begin_response);
613 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
614
615 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
616}
617
618TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]619 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
620 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]621
622 BeginOperationRequest begin_request;
623 BeginOperationResponse begin_response;
624 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]625 begin_request.SetKeyMaterial(key_blob());
626 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]627
628 device.BeginOperation(begin_request, &begin_response);
629 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
630
631 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
632}
633
634TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]635 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]636
637 BeginOperationRequest begin_request;
638 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]639 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]640 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]641 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]642
643 device.BeginOperation(begin_request, &begin_response);
644 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
645
646 UpdateOperationRequest update_request;
647 UpdateOperationResponse update_response;
648 update_request.op_handle = begin_response.op_handle;
649 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
650 EXPECT_EQ(31U, update_request.input.available_read());
651
652 device.UpdateOperation(update_request, &update_response);
653 ASSERT_EQ(KM_ERROR_OK, update_response.error);
654 EXPECT_EQ(0U, update_response.output.available_read());
655
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]656 FinishOperationRequest finish_request;
657 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]658 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]659 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]660 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]661 EXPECT_EQ(0U, finish_response.output.available_read());
662
663 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
664}
665
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]666typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]667TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]668 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
669 const char message[] = "12345678901234567890123456789012";
670 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]671 ASSERT_TRUE(signature() != NULL);
672
673 BeginOperationRequest begin_request;
674 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]675 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]676 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]677 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]678
679 device.BeginOperation(begin_request, &begin_response);
680 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
681
682 UpdateOperationRequest update_request;
683 UpdateOperationResponse update_response;
684 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]685 update_request.input.Reinitialize(message, array_size(message) - 1);
686 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]687
688 device.UpdateOperation(update_request, &update_response);
689 ASSERT_EQ(KM_ERROR_OK, update_response.error);
690 EXPECT_EQ(0U, update_response.output.available_read());
691
692 FinishOperationRequest finish_request;
693 finish_request.op_handle = begin_response.op_handle;
694 finish_request.signature.Reinitialize(*signature());
695 FinishOperationResponse finish_response;
696 device.FinishOperation(finish_request, &finish_response);
697 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]698 EXPECT_EQ(0U, finish_response.output.available_read());
699
700 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
701}
702
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]703TEST_F(VerificationOperationsTest, DsaSuccess) {
704 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
705 const char message[] = "123456789012345678901234567890123456789012345678";
706 SignMessage(message, array_size(message) - 1);
707 ASSERT_TRUE(signature() != NULL);
708
709 BeginOperationRequest begin_request;
710 BeginOperationResponse begin_response;
711 begin_request.SetKeyMaterial(key_blob());
712 begin_request.purpose = KM_PURPOSE_VERIFY;
713 AddClientParams(&begin_request.additional_params);
714
715 device.BeginOperation(begin_request, &begin_response);
716 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
717
718 UpdateOperationRequest update_request;
719 UpdateOperationResponse update_response;
720 update_request.op_handle = begin_response.op_handle;
721 update_request.input.Reinitialize(message, array_size(message) - 1);
722 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
723
724 device.UpdateOperation(update_request, &update_response);
725 ASSERT_EQ(KM_ERROR_OK, update_response.error);
726 EXPECT_EQ(0U, update_response.output.available_read());
727
728 FinishOperationRequest finish_request;
729 finish_request.op_handle = begin_response.op_handle;
730 finish_request.signature.Reinitialize(*signature());
731 FinishOperationResponse finish_response;
732 device.FinishOperation(finish_request, &finish_response);
733 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
734 EXPECT_EQ(0U, finish_response.output.available_read());
735
736 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
737}
738
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]739TEST_F(VerificationOperationsTest, EcdsaSuccess) {
740 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
741 const char message[] = "123456789012345678901234567890123456789012345678";
742 SignMessage(message, array_size(message) - 1);
743 ASSERT_TRUE(signature() != NULL);
744
745 BeginOperationRequest begin_request;
746 BeginOperationResponse begin_response;
747 begin_request.SetKeyMaterial(key_blob());
748 begin_request.purpose = KM_PURPOSE_VERIFY;
749 AddClientParams(&begin_request.additional_params);
750
751 device.BeginOperation(begin_request, &begin_response);
752 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
753
754 UpdateOperationRequest update_request;
755 UpdateOperationResponse update_response;
756 update_request.op_handle = begin_response.op_handle;
757 update_request.input.Reinitialize(message, array_size(message) - 1);
758 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
759
760 device.UpdateOperation(update_request, &update_response);
761 ASSERT_EQ(KM_ERROR_OK, update_response.error);
762 EXPECT_EQ(0U, update_response.output.available_read());
763
764 FinishOperationRequest finish_request;
765 finish_request.op_handle = begin_response.op_handle;
766 finish_request.signature.Reinitialize(*signature());
767 FinishOperationResponse finish_response;
768 device.FinishOperation(finish_request, &finish_response);
769 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
770 EXPECT_EQ(0U, finish_response.output.available_read());
771
772 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
773}
774
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]775typedef SigningOperationsTest ExportKeyTest;
776TEST_F(ExportKeyTest, RsaSuccess) {
777 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]778
779 ExportKeyRequest request;
780 ExportKeyResponse response;
781 AddClientParams(&request.additional_params);
782 request.key_format = KM_KEY_FORMAT_X509;
783 request.SetKeyMaterial(key_blob());
784
785 device.ExportKey(request, &response);
786 ASSERT_EQ(KM_ERROR_OK, response.error);
787 EXPECT_TRUE(response.key_data != NULL);
788}
789
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]790TEST_F(ExportKeyTest, DsaSuccess) {
791 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 1024 /* key size */);
792
793 ExportKeyRequest request;
794 ExportKeyResponse response;
795 AddClientParams(&request.additional_params);
796 request.key_format = KM_KEY_FORMAT_X509;
797 request.SetKeyMaterial(key_blob());
798
799 device.ExportKey(request, &response);
800 ASSERT_EQ(KM_ERROR_OK, response.error);
801 EXPECT_TRUE(response.key_data != NULL);
802}
803
804TEST_F(ExportKeyTest, EcdsaSuccess) {
805 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
806
807 ExportKeyRequest request;
808 ExportKeyResponse response;
809 AddClientParams(&request.additional_params);
810 request.key_format = KM_KEY_FORMAT_X509;
811 request.SetKeyMaterial(key_blob());
812
813 device.ExportKey(request, &response);
814 ASSERT_EQ(KM_ERROR_OK, response.error);
815 EXPECT_TRUE(response.key_data != NULL);
816}
817
818TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
819 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
820
821 ExportKeyRequest request;
822 ExportKeyResponse response;
823 AddClientParams(&request.additional_params);
824
825 /* We have no other defined export formats defined. */
826 request.key_format = KM_KEY_FORMAT_PKCS8;
827 request.SetKeyMaterial(key_blob());
828
829 device.ExportKey(request, &response);
830 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, response.error);
831 EXPECT_TRUE(response.key_data == NULL);
832}
833
834TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
835 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
836
837 ExportKeyRequest request;
838 ExportKeyResponse response;
839 AddClientParams(&request.additional_params);
840 request.key_format = KM_KEY_FORMAT_X509;
841 request.SetKeyMaterial(corrupt_key_blob());
842
843 device.ExportKey(request, &response);
844 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, response.error);
845 ASSERT_TRUE(response.key_data == NULL);
846}
847
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]848static string read_file(const string& file_name) {
849 ifstream file_stream(file_name, std::ios::binary);
850 istreambuf_iterator<char> file_begin(file_stream);
851 istreambuf_iterator<char> file_end;
852 return string(file_begin, file_end);
853}
854
855typedef SigningOperationsTest ImportKeyTest;
856TEST_F(ImportKeyTest, RsaSuccess) {
857 keymaster_key_param_t params[] = {
858 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
859 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
860 Authorization(TAG_DIGEST, KM_DIGEST_NONE),
861 Authorization(TAG_PADDING, KM_PAD_NONE),
862 Authorization(TAG_USER_ID, 7),
863 Authorization(TAG_USER_AUTH_ID, 8),
864 Authorization(TAG_APPLICATION_ID, "app_id", 6),
865 Authorization(TAG_AUTH_TIMEOUT, 300),
866 };
867
868 string pk8_key = read_file("privkey_pk8.der");
869 ASSERT_EQ(633U, pk8_key.size());
870
871 ImportKeyRequest import_request;
872 import_request.key_description.Reinitialize(params, array_length(params));
873 import_request.key_format = KM_KEY_FORMAT_PKCS8;
874 import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
875
876 ImportKeyResponse import_response;
877 device.ImportKey(import_request, &import_response);
878 ASSERT_EQ(KM_ERROR_OK, import_response.error);
879 EXPECT_EQ(0U, import_response.enforced.size());
880 EXPECT_GT(import_response.unenforced.size(), 0U);
881
882 // Check values derived from the key.
883 EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
884 EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
885 EXPECT_TRUE(contains(import_response.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537U));
886
887 // And values provided by GoogleKeymaster
888 EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
889 EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
890
891 size_t message_len = 1024 / 8;
892 UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
893 std::fill(message.get(), message.get() + message_len, 'a');
894 SignMessage(import_response.key_blob, message.get(), message_len);
895 ASSERT_TRUE(signature() != NULL);
896
897 BeginOperationRequest begin_request;
898 BeginOperationResponse begin_response;
899 begin_request.SetKeyMaterial(import_response.key_blob);
900 begin_request.purpose = KM_PURPOSE_VERIFY;
901 AddClientParams(&begin_request.additional_params);
902
903 device.BeginOperation(begin_request, &begin_response);
904 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
905
906 UpdateOperationRequest update_request;
907 UpdateOperationResponse update_response;
908 update_request.op_handle = begin_response.op_handle;
909 update_request.input.Reinitialize(message.get(), message_len);
910 EXPECT_EQ(message_len, update_request.input.available_read());
911
912 device.UpdateOperation(update_request, &update_response);
913 ASSERT_EQ(KM_ERROR_OK, update_response.error);
914 EXPECT_EQ(0U, update_response.output.available_read());
915
916 FinishOperationRequest finish_request;
917 finish_request.op_handle = begin_response.op_handle;
918 finish_request.signature.Reinitialize(*signature());
919 FinishOperationResponse finish_response;
920 device.FinishOperation(finish_request, &finish_response);
921 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
922 EXPECT_EQ(0U, finish_response.output.available_read());
923
924 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
925}
926
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]927} // namespace test
928} // namespace keymaster