Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / ada4850659d484dd5ece26dde73072bef16c1517 / . / android_keymaster_test.cpp
blob: d2ef08dc4374abba665f12168861291443e779e9 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]49class TestKeymasterEnforcement : public KeymasterEnforcement {
50 public:
51 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
52
53 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
54 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
55 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
56 uint32_t /* timeout */) const {
57 return false;
58 }
59 virtual uint32_t get_current_time() const { return 0; }
60 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
61};
62
63class TestKeymasterContext : public SoftKeymasterContext {
64 public:
65 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
66 : SoftKeymasterContext(keymaster0) {}
67
68 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
69
70 private:
71 TestKeymasterEnforcement test_policy_;
72};
73
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]74class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
75 public:
76 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]78 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]79 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]80 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]82 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]83 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]84};
85
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]86class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
87 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]88 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]91 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
92 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 hw_device_t* softkeymaster_device;
94 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
95 &softkeymaster_device));
96 // Make the software device pretend to be hardware
97 keymaster0_device_t* keymaster0_device =
98 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]99 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
100
101 if (!support_ec_) {
102 // Make the software device pretend not to support EC
103 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
104 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]105
106 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
107
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]108 SoftKeymasterDevice* keymaster =
109 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]110 return keymaster->keymaster_device();
111 }
112
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]113 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
114 switch (algorithm) {
115 case KM_ALGORITHM_RSA:
116 return true;
117 case KM_ALGORITHM_EC:
118 return support_ec_;
119 default:
120 return false;
121 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]122 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]123 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
124
125 private:
126 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]127 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]128};
129
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]130static auto test_params = testing::Values(
131 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
132 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
133 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]134
135typedef Keymaster1Test CheckSupported;
136INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
137
138TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]139 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
140 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]141
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]142 size_t len;
143 keymaster_algorithm_t* algorithms;
144 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]145 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]146 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]147 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]148
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]149 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]150}
151
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]152TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]153 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
154 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
155 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]156
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 size_t len;
158 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]159 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]160 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]161 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]162 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]163
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]165 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]166 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]167
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]168 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]169 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]170 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]171 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]172
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]173 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]174}
175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]176TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]177 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
178 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
179 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]180
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 size_t len;
182 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]183 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]184 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]185 EXPECT_TRUE(
186 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]187 free(modes);
188
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]189 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]190 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]191 EXPECT_TRUE(
192 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]193 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]194
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]195 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]196 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]197 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]198 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]199
200 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
201 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
202 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]203
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]204 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]205}
206
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]207TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]208 EXPECT_EQ(
209 KM_ERROR_OUTPUT_PARAMETER_NULL,
210 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]211
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 size_t len;
213 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]214 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]215 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]216 EXPECT_TRUE(
217 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
218 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
219 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]220 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]221
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]222 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]223 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]224 EXPECT_TRUE(
225 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
226 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
227 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]228 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]229
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]230 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
231 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
232 &len));
233
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]234 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]235 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]236 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
237 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
238 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]239 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]240
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]241 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242}
243
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]244TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]245 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
246 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]247
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 size_t len;
249 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]256 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
257 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
258 free(formats);
259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
262 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
263 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]264
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]265 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]266}
267
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]268TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]269 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
270 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 size_t len;
273 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]274 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]276 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]277 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]278
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]279 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]280 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]281 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]282 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]283
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]284 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]286 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]287 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]288
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]289 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]290 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]291 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]292 free(formats);
293
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]294 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]296 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]297 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]298
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]299 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]300}
301
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]302class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]303 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]304 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]305 AuthorizationSet auths = sw_enforced();
306 EXPECT_GT(auths.SerializedSize(), 12U);
307
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]308 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
309 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
310 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]312 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]313
314 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
316 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
317 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]318
319 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]320 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
321 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
322 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]323
324 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]325 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]326 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]327 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]328};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]329INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
330
331TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]332 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
333 .RsaSigningKey(256, 3)
334 .Digest(KM_DIGEST_NONE)
335 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]336 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]337
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]338 // Check specified tags are all present, and in the right set.
339 AuthorizationSet crypto_params;
340 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]342 EXPECT_NE(0U, hw_enforced().size());
343 EXPECT_NE(0U, sw_enforced().size());
344 crypto_params.push_back(hw_enforced());
345 non_crypto_params.push_back(sw_enforced());
346 } else {
347 EXPECT_EQ(0U, hw_enforced().size());
348 EXPECT_NE(0U, sw_enforced().size());
349 crypto_params.push_back(sw_enforced());
350 }
351
352 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
353 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
354 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
355 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
356 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
357 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
358
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]359 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]360 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]361}
362
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]363TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]364 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
365 GenerateKey(AuthorizationSetBuilder()
366 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
367 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
368 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]369
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]370 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]371}
372
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]373TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]374 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]375 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]376 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]377
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]378 // Check specified tags are all present, and in the right set.
379 AuthorizationSet crypto_params;
380 AuthorizationSet non_crypto_params;
381 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
382 EXPECT_NE(0U, hw_enforced().size());
383 EXPECT_NE(0U, sw_enforced().size());
384 crypto_params.push_back(hw_enforced());
385 non_crypto_params.push_back(sw_enforced());
386 } else {
387 EXPECT_EQ(0U, hw_enforced().size());
388 EXPECT_NE(0U, sw_enforced().size());
389 crypto_params.push_back(sw_enforced());
390 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
393 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
394 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
395 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
396
397 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
398 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]399}
400
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]401TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]402 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
403 GenerateKey(AuthorizationSetBuilder()
404 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
405 .SigningKey()
406 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]407
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]408 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]409}
410
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]411TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]412 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
413 ASSERT_EQ(
414 KM_ERROR_UNKNOWN_ERROR,
415 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
416 else
417 ASSERT_EQ(
418 KM_ERROR_UNSUPPORTED_KEY_SIZE,
419 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]420
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]421 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
422 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]423}
424
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]425TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]426 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]427 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]428 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
429 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]430 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]431 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]432
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]433 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
434 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]435}
436
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]437TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]438 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]439 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]440
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]441 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]442}
443
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]444typedef Keymaster1Test GetKeyCharacteristics;
445INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
446
447TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]448 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
449 .RsaSigningKey(256, 3)
450 .Digest(KM_DIGEST_NONE)
451 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]452 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]453
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]454 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
455 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]456
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]457 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]458 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]459}
460
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]461typedef Keymaster1Test SigningOperationsTest;
462INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
463
464TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]465 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
466 .RsaSigningKey(256, 3)
467 .Digest(KM_DIGEST_NONE)
468 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]469 string message = "12345678901234567890123456789012";
470 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]471 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]472
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]473 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]474 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]475}
476
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]477TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]478 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
479 .RsaSigningKey(512, 3)
480 .Digest(KM_DIGEST_SHA_2_256)
481 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]482 // Use large message, which won't work without digesting.
483 string message(1024, 'a');
484 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]485 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]486
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]487 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]488 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]489}
490
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]491TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
492 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
493 .RsaSigningKey(512, 3)
494 .Digest(KM_DIGEST_NONE)
495 .Padding(KM_PAD_NONE)));
496 string message = "12345678901234567890123456789012";
497 string signature;
498 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
499
500 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
501 EXPECT_EQ(3, GetParam()->keymaster0_calls());
502}
503
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]504TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]505 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
506 .RsaSigningKey(512, 3)
507 .Digest(KM_DIGEST_SHA_2_256)
508 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]509 string message(1024, 'a');
510 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]511 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]513 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]514 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]515}
516
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]517TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
518 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
519 .RsaSigningKey(512, 3)
520 .Digest(KM_DIGEST_NONE)
521 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
522 string message(53, 'a');
523 string signature;
524 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
525
526 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
527 EXPECT_EQ(3, GetParam()->keymaster0_calls());
528}
529
530TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
531 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
532 .RsaSigningKey(512, 3)
533 .Digest(KM_DIGEST_NONE)
534 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
535 string message(54, 'a');
536
537 AuthorizationSet begin_params(client_params());
538 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
539 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
540 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
541 string result;
542 size_t input_consumed;
543 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
544 string signature;
545 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
546
547 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
548 EXPECT_EQ(2, GetParam()->keymaster0_calls());
549}
550
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]551TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]552 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
553 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]554 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
555 .RsaSigningKey(256 + 9 * 8, 3)
556 .Digest(KM_DIGEST_SHA_2_256)
557 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]558 string message(1024, 'a');
559 string signature;
560
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]561 AuthorizationSet begin_params(client_params());
562 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]563 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]564 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]565}
566
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]567TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
568 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
569 .RsaSigningKey(256, 3)
570 .Digest(KM_DIGEST_NONE)
571 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
572 string message(64 * 1024, 'a');
573 string signature;
574 AuthorizationSet begin_params(client_params());
575 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
576 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
577 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
578 string result;
579 size_t input_consumed;
580 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
581
582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
583 EXPECT_EQ(2, GetParam()->keymaster0_calls());
584}
585
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]586TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
588 .RsaSigningKey(256, 3)
589 .Digest(KM_DIGEST_NONE)
590 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]591 AuthorizationSet begin_params(client_params());
592 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]593 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]594 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]595 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
596 // Another abort should fail
597 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]598
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]599 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]600 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]601}
602
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]603TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]604 GenerateKey(AuthorizationSetBuilder()
605 .RsaSigningKey(256, 3)
606 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
607 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]608 AuthorizationSet begin_params(client_params());
609 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
610 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]611
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]612 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]613 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]614}
615
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]616TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]617 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]618 GenerateKey(AuthorizationSetBuilder()
619 .RsaSigningKey(256, 3)
620 .Digest(KM_DIGEST_NONE)
621 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]622 AuthorizationSet begin_params(client_params());
623 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]624 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]625 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]626
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]627 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]628 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]629}
630
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]631TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]632 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]633 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
634 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]635 AuthorizationSet begin_params(client_params());
636 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
637 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]638
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]639 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]640 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]641}
642
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]643TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]644 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
645 .RsaSigningKey(256, 3)
646 .Digest(KM_DIGEST_NONE)
647 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]648 AuthorizationSet begin_params(client_params());
649 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]650 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]652
653 string message = "1234567890123456789012345678901";
654 string result;
655 size_t input_consumed;
656 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
657 EXPECT_EQ(0U, result.size());
658 EXPECT_EQ(31U, input_consumed);
659
660 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]661 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]662 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]663
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]664 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]665 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]666}
667
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]668TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]669 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
670 .RsaEncryptionKey(256, 3)
671 .Digest(KM_DIGEST_NONE)
672 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]673 AuthorizationSet begin_params(client_params());
674 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
675 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
676 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]677
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]678 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]679 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]680}
681
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]682TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]683 ASSERT_EQ(KM_ERROR_OK,
684 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]685 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]686 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]687 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]688
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]689 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
690 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]691}
692
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]693TEST_P(SigningOperationsTest, EcdsaSha256Success) {
694 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
695 KM_DIGEST_SHA_2_256)));
696 string message(1024, 'a');
697 string signature;
698 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
699
700 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
701 EXPECT_EQ(3, GetParam()->keymaster0_calls());
702}
703
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]704TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
705 ASSERT_EQ(KM_ERROR_OK,
706 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
707 string message(64 * 1024, 'a');
708 string signature;
709 AuthorizationSet begin_params(client_params());
710 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
711 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
712 string result;
713 size_t input_consumed;
714 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
715
716 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
717 EXPECT_EQ(2, GetParam()->keymaster0_calls());
718}
719
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]720TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]721 ASSERT_EQ(KM_ERROR_OK,
722 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
723 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]724 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
725 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]726
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]727 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]728}
729
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]730TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]731 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]732 string message = "12345678901234567890123456789012";
733 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]734 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]735 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]736
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]737 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]738}
739
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]740TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]741 ASSERT_EQ(KM_ERROR_OK,
742 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]743 string message = "12345678901234567890123456789012";
744 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]745 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]746 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]747
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]748 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]749}
750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]751TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]752 ASSERT_EQ(KM_ERROR_OK,
753 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]754 string message = "12345678901234567890123456789012";
755 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]756 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]757 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]758
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]759 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]760}
761
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]762TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]763 ASSERT_EQ(KM_ERROR_OK,
764 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
765
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]766 string message = "12345678901234567890123456789012";
767 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]768 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]769 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]770
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]771 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]772}
773
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]774TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]775 ASSERT_EQ(KM_ERROR_OK,
776 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]777 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]778 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]779 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]780 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]781
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]782 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]783}
784
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]785TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]786 // TODO(swillden): unified API should generate an error on key generation.
787 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
788 .HmacKey(128)
789 .Digest(KM_DIGEST_SHA_2_256)
790 .Authorization(TAG_MAC_LENGTH, 20)));
791 string message = "12345678901234567890123456789012";
792 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]793 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]794 // Size in key was ignored.
795 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]796
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]797 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]798}
799
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]800TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]801 uint8_t key_data[] = {
802 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
803 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
804 };
805 string message = "Hi There";
806 uint8_t sha_224_expected[] = {
807 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
808 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
809 };
810 uint8_t sha_256_expected[] = {
811 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
812 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
813 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
814 };
815 uint8_t sha_384_expected[] = {
816 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
817 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
818 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
819 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
820 };
821 uint8_t sha_512_expected[] = {
822 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
823 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
824 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
825 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
826 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
827 };
828
829 string key = make_string(key_data);
830
831 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
832 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
833 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
834 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]835
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]836 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]837}
838
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]839TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]840 string key = "Jefe";
841 string message = "what do ya want for nothing?";
842 uint8_t sha_224_expected[] = {
843 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
844 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
845 };
846 uint8_t sha_256_expected[] = {
847 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
848 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
849 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
850 };
851 uint8_t sha_384_expected[] = {
852 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
853 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
854 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
855 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
856 };
857 uint8_t sha_512_expected[] = {
858 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
859 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
860 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
861 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
862 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
863 };
864
865 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
866 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
867 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
868 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]869
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]870 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]871}
872
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]873TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]874 string key(20, 0xaa);
875 string message(50, 0xdd);
876 uint8_t sha_224_expected[] = {
877 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
878 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
879 };
880 uint8_t sha_256_expected[] = {
881 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
882 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
883 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
884 };
885 uint8_t sha_384_expected[] = {
886 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
887 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
888 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
889 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
890 };
891 uint8_t sha_512_expected[] = {
892 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
893 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
894 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
895 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
896 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
897 };
898
899 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
900 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
901 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
902 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]903
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]904 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]905}
906
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]907TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]908 uint8_t key_data[25] = {
909 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
910 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
911 };
912 string key = make_string(key_data);
913 string message(50, 0xcd);
914 uint8_t sha_224_expected[] = {
915 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
916 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
917 };
918 uint8_t sha_256_expected[] = {
919 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
920 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
921 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
922 };
923 uint8_t sha_384_expected[] = {
924 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
925 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
926 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
927 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
928 };
929 uint8_t sha_512_expected[] = {
930 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
931 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
932 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
933 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
934 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
935 };
936
937 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
938 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
939 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
940 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]941
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]942 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]943}
944
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]945TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]946 string key(20, 0x0c);
947 string message = "Test With Truncation";
948
949 uint8_t sha_224_expected[] = {
950 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
951 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
952 };
953 uint8_t sha_256_expected[] = {
954 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
955 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
956 };
957 uint8_t sha_384_expected[] = {
958 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
959 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
960 };
961 uint8_t sha_512_expected[] = {
962 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
963 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
964 };
965
966 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
967 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
968 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
969 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]970
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]971 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]972}
973
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]974TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]975 string key(131, 0xaa);
976 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
977
978 uint8_t sha_224_expected[] = {
979 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
980 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
981 };
982 uint8_t sha_256_expected[] = {
983 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
984 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
985 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
986 };
987 uint8_t sha_384_expected[] = {
988 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
989 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
990 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
991 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
992 };
993 uint8_t sha_512_expected[] = {
994 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
995 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
996 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
997 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
998 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
999 };
1000
1001 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1002 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1003 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1004 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1005
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1006 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1007}
1008
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1009TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1010 string key(131, 0xaa);
1011 string message = "This is a test using a larger than block-size key and a larger than "
1012 "block-size data. The key needs to be hashed before being used by the HMAC "
1013 "algorithm.";
1014
1015 uint8_t sha_224_expected[] = {
1016 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1017 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1018 };
1019 uint8_t sha_256_expected[] = {
1020 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1021 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1022 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1023 };
1024 uint8_t sha_384_expected[] = {
1025 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1026 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1027 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1028 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1029 };
1030 uint8_t sha_512_expected[] = {
1031 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1032 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1033 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1034 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1035 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1036 };
1037
1038 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1039 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1040 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1041 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1042
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1043 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1044}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1045
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1046TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1047 ASSERT_EQ(KM_ERROR_OK,
1048 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
1049 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1050 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1051 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1052 ASSERT_EQ(KM_ERROR_OK,
1053 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
1054 string message = "1234567890123456789012345678901";
1055 string result;
1056 size_t input_consumed;
1057 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1058 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1059
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1060 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1061}
1062
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1063// TODO(swillden): Add more verification failure tests.
1064
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1065typedef Keymaster1Test VerificationOperationsTest;
1066INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1067
1068TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1069 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1070 .RsaSigningKey(256, 3)
1071 .Digest(KM_DIGEST_NONE)
1072 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1073 string message = "12345678901234567890123456789012";
1074 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1075 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1076 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1077
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1078 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1079 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1080}
1081
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1082TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1083 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1084 .RsaSigningKey(512, 3)
1085 .Digest(KM_DIGEST_SHA_2_256)
1086 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1087 // Use large message, which won't work without digesting.
1088 string message(1024, 'a');
1089 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1090 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1091 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1092
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1093 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1094 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1095}
1096
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1097TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1098 GenerateKey(AuthorizationSetBuilder()
1099 .RsaSigningKey(512, 3)
1100 .Digest(KM_DIGEST_SHA_2_256)
1101 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1102 string message(1024, 'a');
1103 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1104 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1105 ++signature[signature.size() / 2];
1106
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1107 AuthorizationSet begin_params(client_params());
1108 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1109 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1110 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1111
1112 string result;
1113 size_t input_consumed;
1114 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1115 EXPECT_EQ(message.size(), input_consumed);
1116 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1117
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1118 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1119 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1120}
1121
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1122TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1123 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1124 .RsaSigningKey(512, 3)
1125 .Digest(KM_DIGEST_SHA_2_256)
1126 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1127 // Use large message, which won't work without digesting.
1128 string message(1024, 'a');
1129 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1130 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1131 ++message[message.size() / 2];
1132
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1133 AuthorizationSet begin_params(client_params());
1134 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1135 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1136 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1137
1138 string result;
1139 size_t input_consumed;
1140 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1141 EXPECT_EQ(message.size(), input_consumed);
1142 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1143
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1144 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1145 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1146}
1147
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1148TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1149 GenerateKey(AuthorizationSetBuilder()
1150 .RsaSigningKey(512, 3)
1151 .Digest(KM_DIGEST_SHA_2_256)
1152 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1153 string message(1024, 'a');
1154 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1155 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1156 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1157
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1158 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1159 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1160}
1161
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1162TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1163 GenerateKey(AuthorizationSetBuilder()
1164 .RsaSigningKey(512, 3)
1165 .Digest(KM_DIGEST_SHA_2_256)
1166 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1167 string message(1024, 'a');
1168 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1169 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1170 ++signature[signature.size() / 2];
1171
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1172 AuthorizationSet begin_params(client_params());
1173 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1174 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1175 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1176
1177 string result;
1178 size_t input_consumed;
1179 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1180 EXPECT_EQ(message.size(), input_consumed);
1181 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1182
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1183 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1184 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1185}
1186
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1187TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1188 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1189 .RsaSigningKey(512, 3)
1190 .Digest(KM_DIGEST_SHA_2_256)
1191 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1192 // Use large message, which won't work without digesting.
1193 string message(1024, 'a');
1194 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1195 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1196 ++message[message.size() / 2];
1197
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1198 AuthorizationSet begin_params(client_params());
1199 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1200 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1201 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1202
1203 string result;
1204 size_t input_consumed;
1205 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1206 EXPECT_EQ(message.size(), input_consumed);
1207 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1208
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1209 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1210 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1211}
1212
1213template <typename T> vector<T> make_vector(const T* array, size_t len) {
1214 return vector<T>(array, array + len);
1215}
1216
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1217TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1218 // Get all supported digests and padding modes.
1219 size_t digests_len;
1220 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1221 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1222 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1223 &digests_len));
1224
1225 size_t padding_modes_len;
1226 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1227 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1228 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1229 &padding_modes, &padding_modes_len));
1230
1231 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1232 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1233 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1234 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1235 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1236 // Digesting requires padding
1237 continue;
1238
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1239 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1240 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1241 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1242
1243 if (digest == KM_DIGEST_NONE) {
1244 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1245 switch (padding_mode) {
1246 case KM_PAD_NONE:
1247 // Match key size.
1248 message_len = key_bits / 8;
1249 break;
1250 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1251 message_len = key_bits / 8 - 11;
1252 break;
1253 case KM_PAD_RSA_PSS:
1254 // PSS requires a digest.
1255 continue;
1256 default:
1257 FAIL() << "Missing padding";
1258 break;
1259 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1260 } else {
1261 size_t digest_bits;
1262 switch (digest) {
1263 case KM_DIGEST_MD5:
1264 digest_bits = 128;
1265 break;
1266 case KM_DIGEST_SHA1:
1267 digest_bits = 160;
1268 break;
1269 case KM_DIGEST_SHA_2_224:
1270 digest_bits = 224;
1271 break;
1272 case KM_DIGEST_SHA_2_256:
1273 digest_bits = 256;
1274 break;
1275 case KM_DIGEST_SHA_2_384:
1276 digest_bits = 384;
1277 break;
1278 case KM_DIGEST_SHA_2_512:
1279 digest_bits = 512;
1280 break;
1281 default:
1282 FAIL() << "Missing digest";
1283 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1284
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1285 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1286 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1287 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1288 break;
1289 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1290 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1291 break;
1292 default:
1293 FAIL() << "Missing padding";
1294 break;
1295 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1296 }
1297
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1298 GenerateKey(AuthorizationSetBuilder()
1299 .RsaSigningKey(key_bits, 3)
1300 .Digest(digest)
1301 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1302 string message(message_len, 'a');
1303 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1304 SignMessage(message, &signature, digest, padding_mode);
1305 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1306 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1307 }
1308 }
1309
1310 free(padding_modes);
1311 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1312
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1313 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1314 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1315}
1316
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1317TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1318 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1319 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1320 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1321 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1322 SignMessage(message, &signature, KM_DIGEST_NONE);
1323 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1324
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1325 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1326 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1327}
1328
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1329TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1330 ASSERT_EQ(KM_ERROR_OK,
1331 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1332 string message = "12345678901234567890";
1333 string signature;
1334 SignMessage(message, &signature, KM_DIGEST_NONE);
1335 VerifyMessage(message, signature, KM_DIGEST_NONE);
1336
1337 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1338 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1339}
1340
1341TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1342 ASSERT_EQ(KM_ERROR_OK,
1343 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1344 string message = "1234567890123456789012345678901234";
1345 string signature;
1346
1347 AuthorizationSet begin_params(client_params());
1348 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1349 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1350 string output;
1351 size_t input_consumed;
1352 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1353
1354 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1355 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1356}
1357
1358TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1359 ASSERT_EQ(KM_ERROR_OK,
1360 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1361
1362 string message(66, 'a');
1363 string signature;
1364 SignMessage(message, &signature, KM_DIGEST_NONE);
1365 VerifyMessage(message, signature, KM_DIGEST_NONE);
1366
1367 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1368 message[65] ^= 7;
1369 VerifyMessage(message, signature, KM_DIGEST_NONE);
1370
1371 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1372 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1373}
1374
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1375TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1376 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1377 .EcdsaSigningKey(256)
1378 .Digest(KM_DIGEST_SHA_2_256)
1379 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1380 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1381 string signature;
1382 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1383 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1384
1385 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1386 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1387
1388 // Just for giggles, try verifying with the wrong digest.
1389 AuthorizationSet begin_params(client_params());
1390 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1391 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1392
1393 string result;
1394 size_t input_consumed;
1395 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1396 EXPECT_EQ(message.size(), input_consumed);
1397 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1398}
1399
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1400TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1401 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1402 string message = "123456789012345678901234567890123456789012345678";
1403 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1404 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1405 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1406
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1407 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1408}
1409
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1410TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1411 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1412 string message = "123456789012345678901234567890123456789012345678";
1413 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1414 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1415 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1416
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1417 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1418}
1419
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1420TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1421 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1422 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1423 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1424 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1425 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1426
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1427 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1428}
1429
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1430TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1431 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1432 string message = "123456789012345678901234567890123456789012345678";
1433 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1434 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1435 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1436
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1437 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1438}
1439
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1440TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1441 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1442 string message = "123456789012345678901234567890123456789012345678";
1443 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1444 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1445 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1446
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1447 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1448}
1449
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1450typedef Keymaster1Test ExportKeyTest;
1451INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1452
1453TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1454 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1455 .RsaSigningKey(256, 3)
1456 .Digest(KM_DIGEST_NONE)
1457 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1458 string export_data;
1459 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1460 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1461
1462 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1463
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1464 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1465 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1466}
1467
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1468TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1469 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1470 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1471 string export_data;
1472 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1473 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1474
1475 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1476
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1477 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1478 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1479}
1480
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1481TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1482 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1483 .RsaSigningKey(256, 3)
1484 .Digest(KM_DIGEST_NONE)
1485 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1486 string export_data;
1487 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1488
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1489 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1490 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1491}
1492
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1493TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1494 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1495 .RsaSigningKey(256, 3)
1496 .Digest(KM_DIGEST_NONE)
1497 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1498 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1499 string export_data;
1500 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1501
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1502 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1503 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1504}
1505
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1506TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1507 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1508 string export_data;
1509
1510 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1511 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1512 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1513
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1514 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1515}
1516
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1517static string read_file(const string& file_name) {
1518 ifstream file_stream(file_name, std::ios::binary);
1519 istreambuf_iterator<char> file_begin(file_stream);
1520 istreambuf_iterator<char> file_end;
1521 return string(file_begin, file_end);
1522}
1523
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1524typedef Keymaster1Test ImportKeyTest;
1525INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1526
1527TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1528 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1529 ASSERT_EQ(633U, pk8_key.size());
1530
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1531 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1532 .RsaSigningKey(1024, 65537)
1533 .Digest(KM_DIGEST_NONE)
1534 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1535 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1536
1537 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1538 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1539 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1540 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1541 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1542 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1543 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1544 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1545 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1546 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1547
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1548 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1549 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1550 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1551
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1552 string message(1024 / 8, 'a');
1553 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1554 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1555 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1556
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1557 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1558 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1559}
1560
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1561TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1562 string pk8_key = read_file("rsa_privkey_pk8.der");
1563 ASSERT_EQ(633U, pk8_key.size());
1564
1565 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1566 // point softkeymaster will no longer support keymaster0 APIs anyway.
1567 uint8_t* key_blob;
1568 size_t key_blob_length;
1569 ASSERT_EQ(0,
1570 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1571 pk8_key.size(), &key_blob, &key_blob_length));
1572 set_key_blob(key_blob, key_blob_length);
1573
1574 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1575 AuthorizationSet begin_params; // Don't use client data.
1576 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1577 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1578 AuthorizationSet update_params;
1579 AuthorizationSet output_params;
1580 string signature =
1581 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1582 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1583 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1584
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1585 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1586 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1587}
1588
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1589TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1590 string pk8_key = read_file("rsa_privkey_pk8.der");
1591 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1592 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1593 ImportKey(AuthorizationSetBuilder()
1594 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1595 .Digest(KM_DIGEST_NONE)
1596 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1597 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1598
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1599 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1600}
1601
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1602TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1603 string pk8_key = read_file("rsa_privkey_pk8.der");
1604 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1605 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1606 ImportKey(AuthorizationSetBuilder()
1607 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1608 .Digest(KM_DIGEST_NONE)
1609 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1610 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1611
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1612 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1613}
1614
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1615TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1616 string pk8_key = read_file("ec_privkey_pk8.der");
1617 ASSERT_EQ(138U, pk8_key.size());
1618
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1619 ASSERT_EQ(KM_ERROR_OK,
1620 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1621 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1622
1623 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1624 EXPECT_TRUE(
1625 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1626 TAG_ALGORITHM, KM_ALGORITHM_EC));
1627 EXPECT_TRUE(
1628 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1629 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1630
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1631 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1632 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1633 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1634
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1635 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1636 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1637 SignMessage(message, &signature, KM_DIGEST_NONE);
1638 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1639
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1640 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1641 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1642}
1643
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1644TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1645 string pk8_key = read_file("ec_privkey_pk8.der");
1646 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1647
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1648 ASSERT_EQ(KM_ERROR_OK,
1649 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1650 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1651
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1652 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1653 EXPECT_TRUE(
1654 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1655 TAG_ALGORITHM, KM_ALGORITHM_EC));
1656 EXPECT_TRUE(
1657 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1658 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1659
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1660 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1661 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1662 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1663
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1664 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1665 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1666 SignMessage(message, &signature, KM_DIGEST_NONE);
1667 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1668
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1669 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1670 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1671}
1672
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1673TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1674 string pk8_key = read_file("ec_privkey_pk8.der");
1675 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1676 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1677 ImportKey(AuthorizationSetBuilder()
1678 .EcdsaSigningKey(224 /* Doesn't match key */)
1679 .Digest(KM_DIGEST_NONE),
1680 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1681
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1682 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1683}
1684
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1685TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1686 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1687 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1688 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1689 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1690 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1691 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1692
1693 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1694 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1695
1696 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1697 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1698 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1699 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1700
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1701 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1702}
1703
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1704TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1705 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1706 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1707 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1708 .HmacKey(sizeof(key_data) * 8)
1709 .Digest(KM_DIGEST_SHA_2_256)
1710 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1711 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1712
1713 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1714 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1715
1716 string message = "Hello World!";
1717 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1718 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1719 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1720
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1721 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1722}
1723
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1724typedef Keymaster1Test EncryptionOperationsTest;
1725INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1726
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1727TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1728 ASSERT_EQ(KM_ERROR_OK,
1729 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1730
1731 string message = "12345678901234567890123456789012";
1732 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1733 EXPECT_EQ(256U / 8, ciphertext1.size());
1734
1735 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1736 EXPECT_EQ(256U / 8, ciphertext2.size());
1737
1738 // Unpadded RSA is deterministic
1739 EXPECT_EQ(ciphertext1, ciphertext2);
1740
1741 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1742 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1743}
1744
1745TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1746 ASSERT_EQ(KM_ERROR_OK,
1747 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1748
1749 string message = "1234567890123456789012345678901";
1750
1751 AuthorizationSet begin_params(client_params());
1752 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1753 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1754
1755 string result;
1756 size_t input_consumed;
1757 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1758 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1759 EXPECT_EQ(0U, result.size());
1760
1761 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1762 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1763}
1764
1765TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1766 ASSERT_EQ(KM_ERROR_OK,
1767 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1768
1769 string message = "123456789012345678901234567890123";
1770
1771 AuthorizationSet begin_params(client_params());
1772 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1773 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1774
1775 string result;
1776 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1777 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1778
1779 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1780 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1781}
1782
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1783TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1784 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1785 .RsaEncryptionKey(512, 3)
1786 .Padding(KM_PAD_RSA_OAEP)
1787 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1788
1789 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1790 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1791 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1792
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1793 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1794 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1795
1796 // OAEP randomizes padding so every result should be different.
1797 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1798
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1799 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1800 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1801}
1802
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1803TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1804 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1805 .RsaEncryptionKey(512, 3)
1806 .Padding(KM_PAD_RSA_OAEP)
1807 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1808 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1809 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1810 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1811
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1812 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1813 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1814
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1815 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1816 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1817}
1818
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1819TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1820 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1821 .RsaEncryptionKey(512, 3)
1822 .Padding(KM_PAD_RSA_OAEP)
1823 .Digest(KM_DIGEST_NONE)));
1824 string message = "Hello World!";
1825
1826 AuthorizationSet begin_params(client_params());
1827 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1828 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1829 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1830
1831 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1832 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1833}
1834
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1835TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1836 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1837 .RsaEncryptionKey(512, 3)
1838 .Padding(KM_PAD_RSA_OAEP)
1839 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1840 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1841 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1842 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1843
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1844 AuthorizationSet begin_params(client_params());
1845 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1846 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1847 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1848 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1849 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1850 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1851
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1852 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1853 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1854}
1855
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1856TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1857 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1858 .RsaEncryptionKey(512, 3)
1859 .Padding(KM_PAD_RSA_OAEP)
1860 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1861 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1862 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1863 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1864
1865 // Corrupt the ciphertext
1866 ciphertext[512 / 8 / 2]++;
1867
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1868 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1869 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1870 AuthorizationSet begin_params(client_params());
1871 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1872 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1873 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1874 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1875 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1876 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1877
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1878 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1879 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1880}
1881
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1882TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1883 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1884 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1885 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1886 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1887 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1888
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1889 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1890 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1891
1892 // PKCS1 v1.5 randomizes padding so every result should be different.
1893 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1894
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1895 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1896 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1897}
1898
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1899TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1900 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1901 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1902 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1903 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1904 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1905
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1906 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1907 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1908
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1909 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1910 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1911}
1912
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1913TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1914 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1915 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1916 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1917 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1918 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1919
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1920 AuthorizationSet begin_params(client_params());
1921 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1922 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1923 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1924 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1925 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1926
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1927 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1928 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1929}
1930
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1931TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
1932 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1933 .RsaEncryptionKey(512, 3)
1934 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
1935 .Digest(KM_DIGEST_NONE)));
1936 string message = "Hello World!";
1937 string result;
1938
1939 AuthorizationSet begin_params(client_params());
1940 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1941 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
1942 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1943
1944 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1945 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1946}
1947
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1948TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1949 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1950 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1951 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1952 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1953 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1954
1955 // Corrupt the ciphertext
1956 ciphertext[512 / 8 / 2]++;
1957
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1958 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1959 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1960 AuthorizationSet begin_params(client_params());
1961 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1962 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1963 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1964 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1965 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1966
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1967 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1968 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1969}
1970
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1971TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1972 ASSERT_EQ(KM_ERROR_OK,
1973 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]1974
1975 AuthorizationSet begin_params(client_params());
1976 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1977 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1978
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1979 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]1980 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1981}
1982
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1983TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1984 ASSERT_EQ(KM_ERROR_OK,
1985 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]1986 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1987 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1988
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1989 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1990 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1991}
1992
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1993TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1994 ASSERT_EQ(
1995 KM_ERROR_OK,
1996 GenerateKey(
1997 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]1998 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1999 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2000
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2001 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2002}
2003
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2004TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2005 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2006 .AesEncryptionKey(128)
2007 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2008 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2009 // Two-block message.
2010 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2011 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2012 EXPECT_EQ(message.size(), ciphertext1.size());
2013
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2014 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2015 EXPECT_EQ(message.size(), ciphertext2.size());
2016
2017 // ECB is deterministic.
2018 EXPECT_EQ(ciphertext1, ciphertext2);
2019
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2020 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2021 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2022
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2023 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2024}
2025
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2026TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2027 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2028 .AesEncryptionKey(128)
2029 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2030 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2031 // Message is slightly shorter than two blocks.
2032 string message = "1234567890123456789012345678901";
2033
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2034 AuthorizationSet begin_params(client_params());
2035 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2036 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2037 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2038 string ciphertext;
2039 size_t input_consumed;
2040 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2041 EXPECT_EQ(message.size(), input_consumed);
2042 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2043
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2044 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2045}
2046
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2047TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2048 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2049 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2050 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2051 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2052
2053 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2054 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2055 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2056 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2057 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2058 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2059 EXPECT_EQ(message, plaintext);
2060 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2061
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2062 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2063}
2064
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2065TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2066 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2067 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2068 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2069 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2070
2071 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2072 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2073 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2074 EXPECT_NE(ciphertext, message);
2075 ++ciphertext[ciphertext.size() / 2];
2076
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2077 AuthorizationSet begin_params(client_params());
2078 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2079 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2080 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2081 string plaintext;
2082 size_t input_consumed;
2083 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2084 EXPECT_EQ(ciphertext.size(), input_consumed);
2085 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2086
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2087 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2088}
2089
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2090TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2091 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2092 .AesEncryptionKey(128)
2093 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2094 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2095 string message = "123";
2096 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2097 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2098 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2099 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2100
2101 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2102 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2103 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2104 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2105
2106 // IVs should be random, so ciphertexts should differ.
2107 EXPECT_NE(iv1, iv2);
2108 EXPECT_NE(ciphertext1, ciphertext2);
2109
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2110 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2111 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2112
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2113 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2114}
2115
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2116TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2117 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2118 .AesEncryptionKey(128)
2119 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2120 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2121
2122 int increment = 15;
2123 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2124 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2125 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2126 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2127 AuthorizationSet output_params;
2128 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2129
2130 string ciphertext;
2131 size_t input_consumed;
2132 for (size_t i = 0; i < message.size(); i += increment)
2133 EXPECT_EQ(KM_ERROR_OK,
2134 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2135 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2136 EXPECT_EQ(message.size(), ciphertext.size());
2137
2138 // Move TAG_NONCE into input_params
2139 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2140 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2141 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2142 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2143 output_params.Clear();
2144
2145 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2146 string plaintext;
2147 for (size_t i = 0; i < ciphertext.size(); i += increment)
2148 EXPECT_EQ(KM_ERROR_OK,
2149 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2150 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2151 EXPECT_EQ(ciphertext.size(), plaintext.size());
2152 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2153
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2154 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2155}
2156
2157struct AesCtrSp80038aTestVector {
2158 const char* key;
2159 const char* nonce;
2160 const char* plaintext;
2161 const char* ciphertext;
2162};
2163
2164// These test vectors are taken from
2165// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2166static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2167 // AES-128
2168 {
2169 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2170 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2171 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2172 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2173 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2174 },
2175 // AES-192
2176 {
2177 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2178 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2179 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2180 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2181 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2182 },
2183 // AES-256
2184 {
2185 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2186 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2187 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2188 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2189 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2190 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2191 },
2192};
2193
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2194TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2195 for (size_t i = 0; i < 3; i++) {
2196 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2197 const string key = hex2str(test.key);
2198 const string nonce = hex2str(test.nonce);
2199 const string plaintext = hex2str(test.plaintext);
2200 const string ciphertext = hex2str(test.ciphertext);
2201 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2202 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2203
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2204 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2205}
2206
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2207TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2208 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2209 .AesEncryptionKey(128)
2210 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2211 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2212 AuthorizationSet begin_params(client_params());
2213 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2214 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2215 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2216
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2217 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2218}
2219
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2220TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2221 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2222 .AesEncryptionKey(128)
2223 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2224 .Authorization(TAG_CALLER_NONCE)
2225 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2226
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2227 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2228 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2229 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2230 input_params.push_back(TAG_NONCE, "123", 3);
2231 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2232
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2233 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2234}
2235
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2236TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2237 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2238 .AesEncryptionKey(128)
2239 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2240 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2241 // Two-block message.
2242 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2243 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2244 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2245 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2246
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2247 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2248 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2249 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2250
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2251 // IVs should be random, so ciphertexts should differ.
2252 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2253 EXPECT_NE(ciphertext1, ciphertext2);
2254
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2255 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2256 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2257
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2258 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2259}
2260
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2261TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2262 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2263 .AesEncryptionKey(128)
2264 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2265 .Authorization(TAG_CALLER_NONCE)
2266 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2267 string message = "12345678901234567890123456789012";
2268 string iv1;
2269 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2270 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2271 EXPECT_EQ(message.size(), ciphertext1.size());
2272 EXPECT_EQ(16U, iv1.size());
2273
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2274 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2275 EXPECT_EQ(message, plaintext);
2276
2277 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2278 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2279 AuthorizationSet update_params;
2280 AuthorizationSet output_params;
2281 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2282 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2283 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2284 string ciphertext2 =
2285 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2286
2287 // Decrypt with correct nonce.
2288 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2289 &output_params);
2290 EXPECT_EQ(message, plaintext);
2291
2292 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2293 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2294 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2295 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2296 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2297 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2298 &output_params);
2299 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2300
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2301 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2302}
2303
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2304TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2305 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2306 .AesEncryptionKey(128)
2307 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2308 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2309
2310 string message = "12345678901234567890123456789012";
2311 string iv1;
2312 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2313 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2314 EXPECT_EQ(message.size(), ciphertext1.size());
2315 EXPECT_EQ(16U, iv1.size());
2316
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2317 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2318 EXPECT_EQ(message, plaintext);
2319
2320 // Now specify a nonce, should fail.
2321 AuthorizationSet input_params(client_params());
2322 AuthorizationSet update_params;
2323 AuthorizationSet output_params;
2324 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2325 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2326 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2327
2328 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2329 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2330
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2331 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2332}
2333
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2334TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2335 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2336 .AesEncryptionKey(128)
2337 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2338 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2339
2340 int increment = 15;
2341 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2342 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2343 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2344 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2345 AuthorizationSet output_params;
2346 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2347
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2348 string ciphertext;
2349 size_t input_consumed;
2350 for (size_t i = 0; i < message.size(); i += increment)
2351 EXPECT_EQ(KM_ERROR_OK,
2352 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2353 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2354 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2355
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2356 // Move TAG_NONCE into input_params
2357 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2358 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2359 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2360 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2361 output_params.Clear();
2362
2363 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2364 string plaintext;
2365 for (size_t i = 0; i < ciphertext.size(); i += increment)
2366 EXPECT_EQ(KM_ERROR_OK,
2367 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2368 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2369 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2370 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2371
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2372 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2373}
2374
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2375TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2376 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2377 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2378 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2379 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2380
2381 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2382 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2383 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2384 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2385 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2386 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2387 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2388 EXPECT_EQ(message, plaintext);
2389 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2390
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2391 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2392}
2393
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2394TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2395 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2396 .AesEncryptionKey(128)
2397 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2398 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2399 string aad = "foobar";
2400 string message = "123456789012345678901234567890123456";
2401 AuthorizationSet begin_params(client_params());
2402 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2403 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2404 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2405
2406 AuthorizationSet update_params;
2407 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2408
2409 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2410 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2411 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2412 string ciphertext;
2413 size_t input_consumed;
2414 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2415 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2416 &input_consumed));
2417 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2418 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2419
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2420 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2421 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2422 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2423
2424 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2425 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2426 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2427 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2428 &plaintext, &input_consumed));
2429 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2430 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2431
2432 EXPECT_EQ(message, plaintext);
2433 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2434}
2435
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2436TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2437 uint8_t nonce[] = {
2438 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2439 };
2440 uint8_t ciphertext[] = {
2441 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2442 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2443 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2444 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2445 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2446 };
2447 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2448
2449 AuthorizationSet begin_params(client_params());
2450 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2451 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2452 begin_params.push_back(TAG_MAC_LENGTH, 128);
2453 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2454
2455 string plaintext;
2456 size_t input_consumed;
2457
2458 // Import correct key and decrypt
2459 uint8_t good_key[] = {
2460 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2461 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2462 };
2463 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2464 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2465 .AesEncryptionKey(128)
2466 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2467 .Authorization(TAG_PADDING, KM_PAD_NONE)
2468 .Authorization(TAG_CALLER_NONCE),
2469 KM_KEY_FORMAT_RAW, good_key_str));
2470 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2471 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2472 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2473
2474 // Import bad key and decrypt
2475 uint8_t bad_key[] = {
2476 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2477 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2478 };
2479 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2480 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2481 .AesEncryptionKey(128)
2482 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2483 .Authorization(TAG_PADDING, KM_PAD_NONE),
2484 KM_KEY_FORMAT_RAW, bad_key_str));
2485 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2486 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2487 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2488
2489 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2490}
2491
2492TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2493 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2494 .AesEncryptionKey(128)
2495 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2496 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2497 string aad = "123456789012345678";
2498 string empty_message;
2499 AuthorizationSet begin_params(client_params());
2500 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2501 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2502 begin_params.push_back(TAG_MAC_LENGTH, 128);
2503
2504 AuthorizationSet update_params;
2505 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2506
2507 // Encrypt
2508 AuthorizationSet begin_out_params;
2509 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2510 string ciphertext;
2511 size_t input_consumed;
2512 AuthorizationSet update_out_params;
2513 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2514 &ciphertext, &input_consumed));
2515 EXPECT_EQ(0U, input_consumed);
2516 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2517
2518 // Grab nonce
2519 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2520 begin_params.push_back(begin_out_params);
2521
2522 // Decrypt.
2523 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2524 string plaintext;
2525 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2526 &plaintext, &input_consumed));
2527 EXPECT_EQ(ciphertext.size(), input_consumed);
2528 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2529
2530 EXPECT_EQ(empty_message, plaintext);
2531 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2532}
2533
2534TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2535 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2536 .AesEncryptionKey(128)
2537 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2538 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2539 AuthorizationSet begin_params(client_params());
2540 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2541 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2542 begin_params.push_back(TAG_MAC_LENGTH, 128);
2543
2544 AuthorizationSet update_params;
2545 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2546
2547 // Encrypt
2548 AuthorizationSet begin_out_params;
2549 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2550 string ciphertext;
2551 size_t input_consumed;
2552 AuthorizationSet update_out_params;
2553
2554 // Send AAD, incrementally
2555 for (int i = 0; i < 1000; ++i) {
2556 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2557 &input_consumed));
2558 EXPECT_EQ(0U, input_consumed);
2559 EXPECT_EQ(0U, ciphertext.size());
2560 }
2561
2562 // Now send data, incrementally, no data.
2563 AuthorizationSet empty_params;
2564 for (int i = 0; i < 1000; ++i) {
2565 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2566 &input_consumed));
2567 EXPECT_EQ(1U, input_consumed);
2568 }
2569 EXPECT_EQ(1000U, ciphertext.size());
2570
2571 // And finish.
2572 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2573 EXPECT_EQ(1016U, ciphertext.size());
2574
2575 // Grab nonce
2576 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2577 begin_params.push_back(begin_out_params);
2578
2579 // Decrypt.
2580 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2581 string plaintext;
2582
2583 // Send AAD, incrementally, no data
2584 for (int i = 0; i < 1000; ++i) {
2585 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2586 &input_consumed));
2587 EXPECT_EQ(0U, input_consumed);
2588 EXPECT_EQ(0U, plaintext.size());
2589 }
2590
2591 // Now send data, incrementally.
2592 for (size_t i = 0; i < ciphertext.length(); ++i) {
2593 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2594 &update_out_params, &plaintext, &input_consumed));
2595 EXPECT_EQ(1U, input_consumed);
2596 }
2597 EXPECT_EQ(1000U, plaintext.size());
2598 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2599
2600 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2601}
2602
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2603TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2604 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2605 .AesEncryptionKey(128)
2606 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2607 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2608 string message = "123456789012345678901234567890123456";
2609 AuthorizationSet begin_params(client_params());
2610 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2611 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2612 begin_params.push_back(TAG_MAC_LENGTH, 128);
2613 AuthorizationSet begin_out_params;
2614
2615 AuthorizationSet update_params;
2616 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2617
2618 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2619
2620 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2621 string ciphertext;
2622 size_t input_consumed;
2623 AuthorizationSet update_out_params;
2624 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2625 &ciphertext, &input_consumed));
2626 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2627
2628 // AAD and data.
2629 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2630 &input_consumed));
2631 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2632 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2633
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2634 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2635 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2636 begin_params.push_back(begin_out_params);
2637
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2638 // Decrypt
2639 update_params.Clear();
2640 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2641
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2642 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2643 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2644 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2645 &plaintext, &input_consumed));
2646 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2647 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2648
2649 EXPECT_EQ(message, plaintext);
2650 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2651}
2652
2653TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2654 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2655 .AesEncryptionKey(128)
2656 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2657 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2658 string message = "12345678901234567890123456789012";
2659 AuthorizationSet begin_params(client_params());
2660 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2661 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2662 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2663
2664 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2665 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2666
2667 AuthorizationSet finish_params;
2668 AuthorizationSet finish_out_params;
2669
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2670 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2671 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2672 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2673 AuthorizationSet update_out_params;
2674 string ciphertext;
2675 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2676 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2677 &input_consumed));
2678 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2679 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2680
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2681 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2682 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2683 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2684
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2685 update_params.Clear();
2686 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2687
2688 // Decrypt.
2689 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2690 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2691 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2692 &plaintext, &input_consumed));
2693 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2694 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2695
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2696 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2697}
2698
2699TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2700 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2701 .AesEncryptionKey(128)
2702 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2703 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2704 string message = "12345678901234567890123456789012";
2705 AuthorizationSet begin_params(client_params());
2706 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2707 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2708 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2709
2710 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2711 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2712
2713 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2714 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2715 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2716 AuthorizationSet update_out_params;
2717 string ciphertext;
2718 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2719 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2720 &input_consumed));
2721 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2722 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2723
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2724 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2725
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2726 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2727 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2728 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2729 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2730 &plaintext, &input_consumed));
2731 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2732 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2733
2734 // With wrong nonce, should have gotten garbage plaintext.
2735 EXPECT_NE(message, plaintext);
2736 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2737}
2738
2739TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2740 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2741 .AesEncryptionKey(128)
2742 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2743 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2744 string aad = "foobar";
2745 string message = "123456789012345678901234567890123456";
2746 AuthorizationSet begin_params(client_params());
2747 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2748 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2749 begin_params.push_back(TAG_MAC_LENGTH, 128);
2750 AuthorizationSet begin_out_params;
2751
2752 AuthorizationSet update_params;
2753 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2754
2755 // Encrypt
2756 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2757 AuthorizationSet update_out_params;
2758 string ciphertext;
2759 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2760 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2761 &input_consumed));
2762 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2763 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2764
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2765 // Corrupt tag
2766 (*ciphertext.rbegin())++;
2767
2768 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2769 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2770 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2771
2772 // Decrypt.
2773 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2774 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2775 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2776 &plaintext, &input_consumed));
2777 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2778 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2779
2780 EXPECT_EQ(message, plaintext);
2781 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2782}
2783
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame^]2784typedef Keymaster1Test MaxOperationsTest;
2785INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
2786
2787TEST_P(MaxOperationsTest, TestLimit) {
2788 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2789 .AesEncryptionKey(128)
2790 .EcbMode()
2791 .Authorization(TAG_PADDING, KM_PAD_NONE)
2792 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2793
2794 string message = "1234567890123456";
2795 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2796 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2797 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2798
2799 // Fourth time should fail.
2800 AuthorizationSet begin_params(client_params());
2801 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2802 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2803 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2804
2805 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2806}
2807
2808TEST_P(MaxOperationsTest, TestAbort) {
2809 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2810 .AesEncryptionKey(128)
2811 .EcbMode()
2812 .Authorization(TAG_PADDING, KM_PAD_NONE)
2813 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2814
2815 string message = "1234567890123456";
2816 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2817 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2818 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2819
2820 // Fourth time should fail.
2821 AuthorizationSet begin_params(client_params());
2822 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2823 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2824 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2825
2826 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2827}
2828
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2829typedef Keymaster1Test AddEntropyTest;
2830INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2831
2832TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2833 // There's no obvious way to test that entropy is actually added, but we can test that the API
2834 // doesn't blow up or return an error.
2835 EXPECT_EQ(KM_ERROR_OK,
2836 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2837
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2838 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2839}
2840
2841typedef Keymaster1Test Keymaster0AdapterTest;
2842INSTANTIATE_TEST_CASE_P(
2843 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2844 ::testing::Values(
2845 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2846 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2847
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2848TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2849 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2850 // key data.
2851 string km1_sw = read_file("km1_sw_rsa_512.blob");
2852 EXPECT_EQ(486U, km1_sw.length());
2853
2854 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2855 memcpy(key_data, km1_sw.data(), km1_sw.length());
2856 set_key_blob(key_data, km1_sw.length());
2857
2858 string message(64, 'a');
2859 string signature;
2860 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2861
2862 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2863}
2864
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]2865TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
2866 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
2867 // blobs contain OCB-encrypted key data.
2868 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
2869 EXPECT_EQ(477U, km1_sw.length());
2870
2871 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2872 memcpy(key_data, km1_sw.data(), km1_sw.length());
2873 set_key_blob(key_data, km1_sw.length());
2874
2875 string message(64, 'a');
2876 string signature;
2877 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2878
2879 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2880}
2881
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2882TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2883 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2884 // key data.
2885 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2886 EXPECT_EQ(270U, km1_sw.length());
2887
2888 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2889 memcpy(key_data, km1_sw.data(), km1_sw.length());
2890 set_key_blob(key_data, km1_sw.length());
2891
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]2892 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2893 string signature;
2894 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2895
2896 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2897}
2898
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2899struct Malloc_Delete {
2900 void operator()(void* p) { free(p); }
2901};
2902
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2903TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2904 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2905 string km0_sw = read_file("km0_sw_rsa_512.blob");
2906 EXPECT_EQ(333U, km0_sw.length());
2907
2908 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2909 memcpy(key_data, km0_sw.data(), km0_sw.length());
2910 set_key_blob(key_data, km0_sw.length());
2911
2912 string message(64, 'a');
2913 string signature;
2914 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2915
2916 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2917}
2918
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]2919TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
2920 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2921 string km0_sw = read_file("km0_sw_rsa_512.blob");
2922 EXPECT_EQ(333U, km0_sw.length());
2923
2924 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2925 memcpy(key_data, km0_sw.data(), km0_sw.length());
2926 set_key_blob(key_data, km0_sw.length());
2927
2928 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2929 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2930 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2931 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2932 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2933 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2934 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2935 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2936 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2937 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2938
2939 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2940}
2941
2942TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
2943 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2944 string km0_sw = read_file("km0_sw_rsa_512.blob");
2945 EXPECT_EQ(333U, km0_sw.length());
2946
2947 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2948 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2949 EXPECT_EQ('P', km0_sw[0]);
2950 km0_sw[0] = 'Q';
2951
2952 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2953 memcpy(key_data, km0_sw.data(), km0_sw.length());
2954 set_key_blob(key_data, km0_sw.length());
2955
2956 string message(64, 'a');
2957 string signature;
2958 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2959 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
2960
2961 EXPECT_EQ(5, GetParam()->keymaster0_calls());
2962}
2963
2964TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
2965 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2966 string km0_sw = read_file("km0_sw_rsa_512.blob");
2967 EXPECT_EQ(333U, km0_sw.length());
2968
2969 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2970 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2971 EXPECT_EQ('P', km0_sw[0]);
2972 km0_sw[0] = 'Q';
2973
2974 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2975 memcpy(key_data, km0_sw.data(), km0_sw.length());
2976 set_key_blob(key_data, km0_sw.length());
2977
2978 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2979 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2980 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
2981 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2982 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2983 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
2984 EXPECT_EQ(5U, hw_enforced().size());
2985
2986 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2987 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2988 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2989 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2990
2991 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2992 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2993 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2994 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2995 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2996
2997 EXPECT_EQ(1, GetParam()->keymaster0_calls());
2998}
2999
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3000} // namespace test
3001} // namespace keymaster