Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / bfd9ed7f5c50cdfa310cb0f21c7706e99b780738 / . / android_keymaster_test.cpp
blob: 2b4f5dbb4d584d4b50ef0bed4a3c128bd699ed52 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]22#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]23#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]24
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]25#include "android_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]26
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]27using std::ifstream;
28using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]29using std::string;
30using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]31using std::unique_ptr;
32
33extern "C" {
34int __android_log_print(int prio, const char* tag, const char* fmt);
35int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]36 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]37 return 0;
38}
39} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]40
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]41namespace keymaster {
42namespace test {
43
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]44StdoutLogger logger;
45
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]46class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
47 public:
48 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]49 std::cerr << "Creating software-only device" << std::endl;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]50 SoftKeymasterDevice* device = new SoftKeymasterDevice;
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]51 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]52 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]53
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]54 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]55 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]56};
57
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]58class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
59 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]60 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
61
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]62 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]63 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
64 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]65 hw_device_t* softkeymaster_device;
66 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
67 &softkeymaster_device));
68 // Make the software device pretend to be hardware
69 keymaster0_device_t* keymaster0_device =
70 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]71 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
72
73 if (!support_ec_) {
74 // Make the software device pretend not to support EC
75 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
76 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77
78 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
79
80 SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);
81 return keymaster->keymaster_device();
82 }
83
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]84 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
85 switch (algorithm) {
86 case KM_ALGORITHM_RSA:
87 return true;
88 case KM_ALGORITHM_EC:
89 return support_ec_;
90 default:
91 return false;
92 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
95
96 private:
97 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]98 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]99};
100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]101static auto test_params = testing::Values(
102 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
103 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
104 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]105
106typedef Keymaster1Test CheckSupported;
107INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
108
109TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]110 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
111 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]112
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]113 size_t len;
114 keymaster_algorithm_t* algorithms;
115 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]116 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]117 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]118 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]119
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]120 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]121}
122
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]123TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]124 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
125 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
126 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]127
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]128 size_t len;
129 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]130 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]131 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]132 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]133 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]134
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]135 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]136 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]137 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]138
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]139 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]140 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]141 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]142 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]143
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]144 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145}
146
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]147TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]148 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
149 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
150 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]151
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]152 size_t len;
153 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]154 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]155 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]156 EXPECT_TRUE(
157 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]158 free(modes);
159
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]160 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]161 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]162 EXPECT_TRUE(
163 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]164 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]165
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]166 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]167 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]168 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]169 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]170
171 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
172 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
173 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]174
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]175 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]176}
177
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]178TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]179 EXPECT_EQ(
180 KM_ERROR_OUTPUT_PARAMETER_NULL,
181 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]182
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]183 size_t len;
184 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]185 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]186 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]187 EXPECT_TRUE(
188 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
189 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
190 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]191 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]194 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
197 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
198 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]199 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]200
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]201 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
202 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
203 &len));
204
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]205 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]206 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]207 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
208 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
209 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]210 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]212 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]213}
214
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]215TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
217 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]218
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 size_t len;
220 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]221 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]222 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]223 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]227 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
228 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
229 free(formats);
230
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]231 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]232 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
233 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
234 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]235
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]236 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]237}
238
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]239TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]240 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
241 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]243 size_t len;
244 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]245 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]246 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]247 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]249
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]251 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]257 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]258 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]262 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]263 free(formats);
264
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]265 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]266 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]267 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]268 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]269
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]270 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271}
272
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]273class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]274 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]275 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]276 AuthorizationSet auths = sw_enforced();
277 EXPECT_GT(auths.SerializedSize(), 12U);
278
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]279 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
280 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
281 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]282 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]283 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]284
285 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]286 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
287 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
288 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]289
290 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]291 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
292 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
293 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]294
295 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]296 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]297 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]298 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]299};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]300INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
301
302TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]303 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
304 .RsaSigningKey(256, 3)
305 .Digest(KM_DIGEST_NONE)
306 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]308
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]309 // Check specified tags are all present, and in the right set.
310 AuthorizationSet crypto_params;
311 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]312 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]313 EXPECT_NE(0U, hw_enforced().size());
314 EXPECT_NE(0U, sw_enforced().size());
315 crypto_params.push_back(hw_enforced());
316 non_crypto_params.push_back(sw_enforced());
317 } else {
318 EXPECT_EQ(0U, hw_enforced().size());
319 EXPECT_NE(0U, sw_enforced().size());
320 crypto_params.push_back(sw_enforced());
321 }
322
323 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
324 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
325 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
326 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
327 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
328 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
329
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]330 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]331 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]332}
333
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]334TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]335 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
336 GenerateKey(AuthorizationSetBuilder()
337 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
338 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
339 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]340
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]342}
343
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]344TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]345 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]346 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]347 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]348
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]349 // Check specified tags are all present, and in the right set.
350 AuthorizationSet crypto_params;
351 AuthorizationSet non_crypto_params;
352 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
353 EXPECT_NE(0U, hw_enforced().size());
354 EXPECT_NE(0U, sw_enforced().size());
355 crypto_params.push_back(hw_enforced());
356 non_crypto_params.push_back(sw_enforced());
357 } else {
358 EXPECT_EQ(0U, hw_enforced().size());
359 EXPECT_NE(0U, sw_enforced().size());
360 crypto_params.push_back(sw_enforced());
361 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]362
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]363 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
364 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
365 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
366 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
367
368 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
369 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]370}
371
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]372TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]373 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
374 GenerateKey(AuthorizationSetBuilder()
375 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
376 .SigningKey()
377 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]378
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]379 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]380}
381
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]382TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]383 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
384 ASSERT_EQ(
385 KM_ERROR_UNKNOWN_ERROR,
386 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
387 else
388 ASSERT_EQ(
389 KM_ERROR_UNSUPPORTED_KEY_SIZE,
390 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
393 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]394}
395
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]396TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]397 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]398 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]399 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
400 KM_DIGEST_NONE)))
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]401 << "Failed to generate size: "
402 << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]403 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]404
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]405 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
406 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]407}
408
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]409TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]410 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]411 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]412
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]413 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]414}
415
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]416typedef Keymaster1Test GetKeyCharacteristics;
417INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
418
419TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]420 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
421 .RsaSigningKey(256, 3)
422 .Digest(KM_DIGEST_NONE)
423 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]424 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]425
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]426 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
427 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]428
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]429 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]430 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]431}
432
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]433typedef Keymaster1Test SigningOperationsTest;
434INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
435
436TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]437 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
438 .RsaSigningKey(256, 3)
439 .Digest(KM_DIGEST_NONE)
440 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]441 string message = "12345678901234567890123456789012";
442 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]443 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]444
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]445 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]446 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]447}
448
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]449TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]450 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
451 .RsaSigningKey(512, 3)
452 .Digest(KM_DIGEST_SHA_2_256)
453 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]454 // Use large message, which won't work without digesting.
455 string message(1024, 'a');
456 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]457 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]458
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]459 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]460 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]461}
462
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame^]463TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
464 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
465 .RsaSigningKey(512, 3)
466 .Digest(KM_DIGEST_NONE)
467 .Padding(KM_PAD_NONE)));
468 string message = "12345678901234567890123456789012";
469 string signature;
470 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
471
472 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
473 EXPECT_EQ(3, GetParam()->keymaster0_calls());
474}
475
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]476TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]477 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
478 .RsaSigningKey(512, 3)
479 .Digest(KM_DIGEST_SHA_2_256)
480 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]481 string message(1024, 'a');
482 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]483 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]484
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]485 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]486 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]487}
488
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]489TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]490 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
491 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]492 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
493 .RsaSigningKey(256 + 9 * 8, 3)
494 .Digest(KM_DIGEST_SHA_2_256)
495 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]496 string message(1024, 'a');
497 string signature;
498
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]499 AuthorizationSet begin_params(client_params());
500 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]501 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]502 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]503}
504
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]505TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]506 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
507 .RsaSigningKey(256, 3)
508 .Digest(KM_DIGEST_NONE)
509 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]510 AuthorizationSet begin_params(client_params());
511 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]512 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]513 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]514 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
515 // Another abort should fail
516 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]517
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]518 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]519 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]520}
521
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]522TEST_P(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]523 GenerateKey(AuthorizationSetBuilder()
524 .RsaSigningKey(256, 3)
525 .Digest(KM_DIGEST_MD5)
526 .Padding(KM_PAD_RSA_PSS /* supported padding */));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]527 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]528
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]529 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]530 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]531}
532
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]533TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]534 GenerateKey(AuthorizationSetBuilder()
535 .RsaSigningKey(256, 3)
536 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
537 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]538 AuthorizationSet begin_params(client_params());
539 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
540 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]541
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]542 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]543 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]544}
545
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]546TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]547 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]548 GenerateKey(AuthorizationSetBuilder()
549 .RsaSigningKey(256, 3)
550 .Digest(KM_DIGEST_NONE)
551 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]552 AuthorizationSet begin_params(client_params());
553 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]554 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]555 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]556
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]557 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]558 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]559}
560
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]561TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]562 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]563 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
564 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]565 AuthorizationSet begin_params(client_params());
566 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
567 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]568
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]569 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]570 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]571}
572
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]573TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]574 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
575 .RsaSigningKey(256, 3)
576 .Digest(KM_DIGEST_NONE)
577 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]578 AuthorizationSet begin_params(client_params());
579 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]580 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]581 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]582
583 string message = "1234567890123456789012345678901";
584 string result;
585 size_t input_consumed;
586 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
587 EXPECT_EQ(0U, result.size());
588 EXPECT_EQ(31U, input_consumed);
589
590 string signature;
591 ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature));
592 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]593
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]594 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]595 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]596}
597
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]598TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]599 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
600 .RsaEncryptionKey(256, 3)
601 .Digest(KM_DIGEST_NONE)
602 .Padding(KM_PAD_NONE)));
603 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
604 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]605
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]606 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]607 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]608}
609
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]610TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]611 ASSERT_EQ(KM_ERROR_OK,
612 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]613 string message(1024, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]614 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]615 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]616
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]617 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
618 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]619}
620
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]621TEST_P(SigningOperationsTest, EcdsaSha256Success) {
622 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
623 KM_DIGEST_SHA_2_256)));
624 string message(1024, 'a');
625 string signature;
626 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
627
628 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
629 EXPECT_EQ(3, GetParam()->keymaster0_calls());
630}
631
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]632TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]633 ASSERT_EQ(KM_ERROR_OK,
634 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
635 TAG_BLOCK_MODE, KM_MODE_ECB)));
636 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
637 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]638
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]639 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]640}
641
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]642TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]643 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]644 string message = "12345678901234567890123456789012";
645 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]646 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]647 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]648
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]649 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]650}
651
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]652TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]653 ASSERT_EQ(KM_ERROR_OK,
654 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]655 string message = "12345678901234567890123456789012";
656 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]657 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]658 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]659
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]660 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]661}
662
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]663TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]664 ASSERT_EQ(KM_ERROR_OK,
665 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]666 string message = "12345678901234567890123456789012";
667 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]668 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]669 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]670
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]671 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]672}
673
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]674TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]675 ASSERT_EQ(KM_ERROR_OK,
676 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
677
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]678 string message = "12345678901234567890123456789012";
679 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]680 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]681 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]682
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]683 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]684}
685
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]686TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]687 ASSERT_EQ(KM_ERROR_OK,
688 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]689 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]690 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]691 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]692 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]693
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]694 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]695}
696
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]697TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]698 // TODO(swillden): unified API should generate an error on key generation.
699 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
700 .HmacKey(128)
701 .Digest(KM_DIGEST_SHA_2_256)
702 .Authorization(TAG_MAC_LENGTH, 20)));
703 string message = "12345678901234567890123456789012";
704 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]705 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]706 // Size in key was ignored.
707 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]708
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]709 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]710}
711
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]712TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]713 uint8_t key_data[] = {
714 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
715 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
716 };
717 string message = "Hi There";
718 uint8_t sha_224_expected[] = {
719 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
720 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
721 };
722 uint8_t sha_256_expected[] = {
723 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
724 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
725 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
726 };
727 uint8_t sha_384_expected[] = {
728 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
729 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
730 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
731 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
732 };
733 uint8_t sha_512_expected[] = {
734 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
735 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
736 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
737 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
738 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
739 };
740
741 string key = make_string(key_data);
742
743 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
744 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
745 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
746 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]747
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]748 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]749}
750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]751TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]752 string key = "Jefe";
753 string message = "what do ya want for nothing?";
754 uint8_t sha_224_expected[] = {
755 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
756 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
757 };
758 uint8_t sha_256_expected[] = {
759 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
760 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
761 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
762 };
763 uint8_t sha_384_expected[] = {
764 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
765 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
766 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
767 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
768 };
769 uint8_t sha_512_expected[] = {
770 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
771 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
772 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
773 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
774 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
775 };
776
777 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
778 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
779 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
780 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]781
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]782 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]783}
784
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]785TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]786 string key(20, 0xaa);
787 string message(50, 0xdd);
788 uint8_t sha_224_expected[] = {
789 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
790 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
791 };
792 uint8_t sha_256_expected[] = {
793 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
794 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
795 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
796 };
797 uint8_t sha_384_expected[] = {
798 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
799 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
800 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
801 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
802 };
803 uint8_t sha_512_expected[] = {
804 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
805 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
806 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
807 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
808 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
809 };
810
811 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
812 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
813 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
814 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]815
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]816 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]817}
818
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]819TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]820 uint8_t key_data[25] = {
821 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
822 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
823 };
824 string key = make_string(key_data);
825 string message(50, 0xcd);
826 uint8_t sha_224_expected[] = {
827 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
828 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
829 };
830 uint8_t sha_256_expected[] = {
831 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
832 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
833 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
834 };
835 uint8_t sha_384_expected[] = {
836 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
837 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
838 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
839 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
840 };
841 uint8_t sha_512_expected[] = {
842 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
843 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
844 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
845 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
846 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
847 };
848
849 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
850 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
851 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
852 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]853
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]854 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]855}
856
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]857TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]858 string key(20, 0x0c);
859 string message = "Test With Truncation";
860
861 uint8_t sha_224_expected[] = {
862 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
863 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
864 };
865 uint8_t sha_256_expected[] = {
866 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
867 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
868 };
869 uint8_t sha_384_expected[] = {
870 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
871 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
872 };
873 uint8_t sha_512_expected[] = {
874 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
875 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
876 };
877
878 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
879 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
880 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
881 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]882
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]883 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]884}
885
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]886TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]887 string key(131, 0xaa);
888 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
889
890 uint8_t sha_224_expected[] = {
891 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
892 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
893 };
894 uint8_t sha_256_expected[] = {
895 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
896 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
897 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
898 };
899 uint8_t sha_384_expected[] = {
900 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
901 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
902 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
903 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
904 };
905 uint8_t sha_512_expected[] = {
906 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
907 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
908 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
909 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
910 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
911 };
912
913 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
914 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
915 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
916 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]917
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]918 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]919}
920
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]921TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]922 string key(131, 0xaa);
923 string message = "This is a test using a larger than block-size key and a larger than "
924 "block-size data. The key needs to be hashed before being used by the HMAC "
925 "algorithm.";
926
927 uint8_t sha_224_expected[] = {
928 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
929 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
930 };
931 uint8_t sha_256_expected[] = {
932 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
933 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
934 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
935 };
936 uint8_t sha_384_expected[] = {
937 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
938 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
939 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
940 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
941 };
942 uint8_t sha_512_expected[] = {
943 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
944 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
945 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
946 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
947 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
948 };
949
950 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
951 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
952 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
953 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]954
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]955 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]956}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]957
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]958TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]959 ASSERT_EQ(KM_ERROR_OK,
960 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
961 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]962 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]963 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]964 ASSERT_EQ(KM_ERROR_OK,
965 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
966 string message = "1234567890123456789012345678901";
967 string result;
968 size_t input_consumed;
969 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
970 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]971
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]972 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]973}
974
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]975// TODO(swillden): Add more verification failure tests.
976
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]977typedef Keymaster1Test VerificationOperationsTest;
978INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
979
980TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]981 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
982 .RsaSigningKey(256, 3)
983 .Digest(KM_DIGEST_NONE)
984 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]985 string message = "12345678901234567890123456789012";
986 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]987 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
988 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]989
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]990 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]991 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]992}
993
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]994TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]995 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
996 .RsaSigningKey(512, 3)
997 .Digest(KM_DIGEST_SHA_2_256)
998 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]999 // Use large message, which won't work without digesting.
1000 string message(1024, 'a');
1001 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1002 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1003 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1004
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1005 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1006 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1007}
1008
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1009TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1010 GenerateKey(AuthorizationSetBuilder()
1011 .RsaSigningKey(512, 3)
1012 .Digest(KM_DIGEST_SHA_2_256)
1013 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1014 string message(1024, 'a');
1015 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1016 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1017 ++signature[signature.size() / 2];
1018
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1019 AuthorizationSet begin_params(client_params());
1020 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1021 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1022 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1023
1024 string result;
1025 size_t input_consumed;
1026 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1027 EXPECT_EQ(message.size(), input_consumed);
1028 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1029
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1030 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1031 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1032}
1033
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1034TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1035 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1036 .RsaSigningKey(512, 3)
1037 .Digest(KM_DIGEST_SHA_2_256)
1038 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1039 // Use large message, which won't work without digesting.
1040 string message(1024, 'a');
1041 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1042 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1043 ++message[message.size() / 2];
1044
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1045 AuthorizationSet begin_params(client_params());
1046 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1047 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1048 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1049
1050 string result;
1051 size_t input_consumed;
1052 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1053 EXPECT_EQ(message.size(), input_consumed);
1054 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1055
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1056 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1057 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1058}
1059
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1060TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1061 GenerateKey(AuthorizationSetBuilder()
1062 .RsaSigningKey(512, 3)
1063 .Digest(KM_DIGEST_SHA_2_256)
1064 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1065 string message(1024, 'a');
1066 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1067 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1068 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1069
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1070 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1071 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1072}
1073
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1074TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1075 GenerateKey(AuthorizationSetBuilder()
1076 .RsaSigningKey(512, 3)
1077 .Digest(KM_DIGEST_SHA_2_256)
1078 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1079 string message(1024, 'a');
1080 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1081 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1082 ++signature[signature.size() / 2];
1083
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1084 AuthorizationSet begin_params(client_params());
1085 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1086 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1087 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1088
1089 string result;
1090 size_t input_consumed;
1091 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1092 EXPECT_EQ(message.size(), input_consumed);
1093 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1094
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1095 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1096 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1097}
1098
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1099TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1100 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1101 .RsaSigningKey(512, 3)
1102 .Digest(KM_DIGEST_SHA_2_256)
1103 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1104 // Use large message, which won't work without digesting.
1105 string message(1024, 'a');
1106 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1107 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1108 ++message[message.size() / 2];
1109
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1110 AuthorizationSet begin_params(client_params());
1111 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1112 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1113 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1114
1115 string result;
1116 size_t input_consumed;
1117 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1118 EXPECT_EQ(message.size(), input_consumed);
1119 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1120
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1121 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1122 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1123}
1124
1125template <typename T> vector<T> make_vector(const T* array, size_t len) {
1126 return vector<T>(array, array + len);
1127}
1128
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1129TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1130 // Get all supported digests and padding modes.
1131 size_t digests_len;
1132 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1133 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1134 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1135 &digests_len));
1136
1137 size_t padding_modes_len;
1138 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1139 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1140 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1141 &padding_modes, &padding_modes_len));
1142
1143 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1144 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1145 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1146 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1147 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1148 // Digesting requires padding
1149 continue;
1150
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1151 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1152 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1153 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1154
1155 if (digest == KM_DIGEST_NONE) {
1156 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1157 switch (padding_mode) {
1158 case KM_PAD_NONE:
1159 // Match key size.
1160 message_len = key_bits / 8;
1161 break;
1162 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1163 message_len = key_bits / 8 - 11;
1164 break;
1165 case KM_PAD_RSA_PSS:
1166 // PSS requires a digest.
1167 continue;
1168 default:
1169 FAIL() << "Missing padding";
1170 break;
1171 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1172 } else {
1173 size_t digest_bits;
1174 switch (digest) {
1175 case KM_DIGEST_MD5:
1176 digest_bits = 128;
1177 break;
1178 case KM_DIGEST_SHA1:
1179 digest_bits = 160;
1180 break;
1181 case KM_DIGEST_SHA_2_224:
1182 digest_bits = 224;
1183 break;
1184 case KM_DIGEST_SHA_2_256:
1185 digest_bits = 256;
1186 break;
1187 case KM_DIGEST_SHA_2_384:
1188 digest_bits = 384;
1189 break;
1190 case KM_DIGEST_SHA_2_512:
1191 digest_bits = 512;
1192 break;
1193 default:
1194 FAIL() << "Missing digest";
1195 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1196
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1197 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1198 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1199 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1200 break;
1201 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1202 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1203 break;
1204 default:
1205 FAIL() << "Missing padding";
1206 break;
1207 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1208 }
1209
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1210 GenerateKey(AuthorizationSetBuilder()
1211 .RsaSigningKey(key_bits, 3)
1212 .Digest(digest)
1213 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1214 string message(message_len, 'a');
1215 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1216 SignMessage(message, &signature, digest, padding_mode);
1217 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1218 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1219 }
1220 }
1221
1222 free(padding_modes);
1223 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1224
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1225 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1226 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1227}
1228
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1229TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1230 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1231 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1232 string message = "123456789012345678901234567890123456789012345678";
1233 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1234 SignMessage(message, &signature, KM_DIGEST_NONE);
1235 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1236
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1237 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1238 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1239}
1240
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1241TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1242 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1243 .EcdsaSigningKey(256)
1244 .Digest(KM_DIGEST_SHA_2_256)
1245 .Digest(KM_DIGEST_NONE)));
1246 string message = "123456789012345678901234567890123456789012345678";
1247 string signature;
1248 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1249 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1250
1251 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1252 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1253
1254 // Just for giggles, try verifying with the wrong digest.
1255 AuthorizationSet begin_params(client_params());
1256 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1257 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1258
1259 string result;
1260 size_t input_consumed;
1261 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1262 EXPECT_EQ(message.size(), input_consumed);
1263 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1264}
1265
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1266TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1267 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1268 string message = "123456789012345678901234567890123456789012345678";
1269 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1270 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1271 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1272
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1273 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1274}
1275
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1276TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1277 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1278 string message = "123456789012345678901234567890123456789012345678";
1279 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1280 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1281 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1282
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1283 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1284}
1285
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1286TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1287 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1288 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1289 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1290 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1291 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1292
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1293 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1294}
1295
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1296TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1297 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1298 string message = "123456789012345678901234567890123456789012345678";
1299 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1300 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1301 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1302
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1303 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1304}
1305
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1306TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1307 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1308 string message = "123456789012345678901234567890123456789012345678";
1309 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1310 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1311 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1312
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1313 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1314}
1315
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1316typedef Keymaster1Test ExportKeyTest;
1317INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1318
1319TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1320 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1321 .RsaSigningKey(256, 3)
1322 .Digest(KM_DIGEST_NONE)
1323 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1324 string export_data;
1325 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1326 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1327
1328 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1329
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1330 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1331 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1332}
1333
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1334TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1335 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1336 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1337 string export_data;
1338 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1339 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1340
1341 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1342
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1343 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1344 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1345}
1346
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1347TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1348 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1349 .RsaSigningKey(256, 3)
1350 .Digest(KM_DIGEST_NONE)
1351 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1352 string export_data;
1353 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1354
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1355 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1356 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1357}
1358
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1359TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1360 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1361 .RsaSigningKey(256, 3)
1362 .Digest(KM_DIGEST_NONE)
1363 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1364 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1365 string export_data;
1366 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1367
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1368 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1369 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1370}
1371
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1372TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1373 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1374 string export_data;
1375
1376 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1377 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1378 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1379
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1380 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1381}
1382
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1383static string read_file(const string& file_name) {
1384 ifstream file_stream(file_name, std::ios::binary);
1385 istreambuf_iterator<char> file_begin(file_stream);
1386 istreambuf_iterator<char> file_end;
1387 return string(file_begin, file_end);
1388}
1389
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1390typedef Keymaster1Test ImportKeyTest;
1391INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1392
1393TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1394 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1395 ASSERT_EQ(633U, pk8_key.size());
1396
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1397 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1398 .RsaSigningKey(1024, 65537)
1399 .Digest(KM_DIGEST_NONE)
1400 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1401 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1402
1403 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1404 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1405 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1406 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1407 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1408 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1409 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1410 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1411 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1412 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1413
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1414 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1415 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1416 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1417
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1418 string message(1024 / 8, 'a');
1419 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1420 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1421 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1422
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1423 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1424 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1425}
1426
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1427TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1428 string pk8_key = read_file("rsa_privkey_pk8.der");
1429 ASSERT_EQ(633U, pk8_key.size());
1430
1431 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1432 // point softkeymaster will no longer support keymaster0 APIs anyway.
1433 uint8_t* key_blob;
1434 size_t key_blob_length;
1435 ASSERT_EQ(0,
1436 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1437 pk8_key.size(), &key_blob, &key_blob_length));
1438 set_key_blob(key_blob, key_blob_length);
1439
1440 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1441 AuthorizationSet begin_params; // Don't use client data.
1442 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1443 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1444 AuthorizationSet update_params;
1445 AuthorizationSet output_params;
1446 string signature =
1447 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1448 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1449 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1450
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1451 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1452 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1453}
1454
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1455TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1456 string pk8_key = read_file("rsa_privkey_pk8.der");
1457 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1458 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1459 ImportKey(AuthorizationSetBuilder()
1460 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1461 .Digest(KM_DIGEST_NONE)
1462 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1463 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1464
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1465 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1466}
1467
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1468TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1469 string pk8_key = read_file("rsa_privkey_pk8.der");
1470 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1471 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1472 ImportKey(AuthorizationSetBuilder()
1473 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1474 .Digest(KM_DIGEST_NONE)
1475 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1476 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1477
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1478 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1479}
1480
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1481TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1482 string pk8_key = read_file("ec_privkey_pk8.der");
1483 ASSERT_EQ(138U, pk8_key.size());
1484
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1485 ASSERT_EQ(KM_ERROR_OK,
1486 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1487 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1488
1489 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1490 EXPECT_TRUE(
1491 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1492 TAG_ALGORITHM, KM_ALGORITHM_EC));
1493 EXPECT_TRUE(
1494 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1495 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1496
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1497 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1498 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1499 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1500
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1501 string message(1024 / 8, 'a');
1502 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1503 SignMessage(message, &signature, KM_DIGEST_NONE);
1504 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1505
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1506 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1507 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1508}
1509
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1510TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1511 string pk8_key = read_file("ec_privkey_pk8.der");
1512 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1513
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1514 ASSERT_EQ(KM_ERROR_OK,
1515 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1516 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1517
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1518 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1519 EXPECT_TRUE(
1520 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1521 TAG_ALGORITHM, KM_ALGORITHM_EC));
1522 EXPECT_TRUE(
1523 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1524 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1525
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1526 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1527 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1528 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1529
1530 string message(1024 / 8, 'a');
1531 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1532 SignMessage(message, &signature, KM_DIGEST_NONE);
1533 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1534
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1535 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1536 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1537}
1538
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1539TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1540 string pk8_key = read_file("ec_privkey_pk8.der");
1541 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1542 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1543 ImportKey(AuthorizationSetBuilder()
1544 .EcdsaSigningKey(224 /* Doesn't match key */)
1545 .Digest(KM_DIGEST_NONE),
1546 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1547
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1548 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1549}
1550
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1551TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1552 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1553 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1554 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1555 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1556 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1557 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1558
1559 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1560 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1561
1562 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1563 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1564 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1565 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1566
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1567 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1568}
1569
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1570TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1571 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1572 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1573 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1574 .HmacKey(sizeof(key_data) * 8)
1575 .Digest(KM_DIGEST_SHA_2_256)
1576 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1577 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1578
1579 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1580 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1581
1582 string message = "Hello World!";
1583 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1584 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1585 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1586
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1587 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1588}
1589
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1590typedef Keymaster1Test EncryptionOperationsTest;
1591INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1592
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1593TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1594 ASSERT_EQ(KM_ERROR_OK,
1595 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1596
1597 string message = "12345678901234567890123456789012";
1598 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1599 EXPECT_EQ(256U / 8, ciphertext1.size());
1600
1601 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1602 EXPECT_EQ(256U / 8, ciphertext2.size());
1603
1604 // Unpadded RSA is deterministic
1605 EXPECT_EQ(ciphertext1, ciphertext2);
1606
1607 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1608 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1609}
1610
1611TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1612 ASSERT_EQ(KM_ERROR_OK,
1613 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1614
1615 string message = "1234567890123456789012345678901";
1616
1617 AuthorizationSet begin_params(client_params());
1618 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1619 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1620
1621 string result;
1622 size_t input_consumed;
1623 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1624 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1625 EXPECT_EQ(0U, result.size());
1626
1627 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1628 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1629}
1630
1631TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1632 ASSERT_EQ(KM_ERROR_OK,
1633 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1634
1635 string message = "123456789012345678901234567890123";
1636
1637 AuthorizationSet begin_params(client_params());
1638 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1639 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1640
1641 string result;
1642 size_t input_consumed;
1643 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1644 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1645 EXPECT_EQ(0U, result.size());
1646
1647 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1648 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1649}
1650
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1651TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1652 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1653 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1654
1655 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1656 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1657 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1658
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1659 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1660 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1661
1662 // OAEP randomizes padding so every result should be different.
1663 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1664
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1665 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1666 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1667}
1668
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1669TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1670 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1671 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1672 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1673 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1674 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1675
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1676 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1677 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1678
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1679 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1680 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1681}
1682
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1683TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1684 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1685 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1686 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1687 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1688 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1689
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1690 AuthorizationSet begin_params(client_params());
1691 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1692 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1693 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1694 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1695 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1696
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1697 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1698 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1699}
1700
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1701TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1702 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1703 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1704 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1705 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1706 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1707
1708 // Corrupt the ciphertext
1709 ciphertext[512 / 8 / 2]++;
1710
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1711 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1712 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1713 AuthorizationSet begin_params(client_params());
1714 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1715 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1716 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1717 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1718 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1719
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1720 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1721 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1722}
1723
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1724TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1725 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1726 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1727 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1728 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1729 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1730
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1731 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1732 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1733
1734 // PKCS1 v1.5 randomizes padding so every result should be different.
1735 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1736
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1737 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1738 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1739}
1740
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1741TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1742 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1743 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1744 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1745 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1746 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1747
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1748 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1749 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1750
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1751 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1752 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1753}
1754
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1755TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1756 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1757 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1758 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1759 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1760 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1761
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1762 AuthorizationSet begin_params(client_params());
1763 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1764 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1765 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1766 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1767 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1768
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1769 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1770 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1771}
1772
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1773TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1774 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1775 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1776 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1777 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1778 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1779
1780 // Corrupt the ciphertext
1781 ciphertext[512 / 8 / 2]++;
1782
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1783 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1784 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1785 AuthorizationSet begin_params(client_params());
1786 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1787 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1788 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1789 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1790 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1791
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1792 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1793 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1794}
1795
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1796TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1797 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1798 .RsaSigningKey(256, 3)
1799 .Digest(KM_DIGEST_NONE)
1800 .Padding(KM_PAD_NONE)));
1801 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1802 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1803
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1804 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1805 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1806}
1807
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1808TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1809 ASSERT_EQ(KM_ERROR_OK,
1810 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
1811 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1812 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1813
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1814 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1815 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1816}
1817
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1818TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1819 ASSERT_EQ(
1820 KM_ERROR_OK,
1821 GenerateKey(
1822 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
1823 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1824 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1825
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1826 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1827}
1828
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1829TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1830 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1831 .AesEncryptionKey(128)
1832 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1833 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1834 // Two-block message.
1835 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1836 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1837 EXPECT_EQ(message.size(), ciphertext1.size());
1838
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1839 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1840 EXPECT_EQ(message.size(), ciphertext2.size());
1841
1842 // ECB is deterministic.
1843 EXPECT_EQ(ciphertext1, ciphertext2);
1844
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1845 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1846 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1847
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1848 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1849}
1850
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1851TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1852 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1853 .AesEncryptionKey(128)
1854 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1855 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1856 // Message is slightly shorter than two blocks.
1857 string message = "1234567890123456789012345678901";
1858
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1859 AuthorizationSet begin_params(client_params());
1860 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1861 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1862 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1863 string ciphertext;
1864 size_t input_consumed;
1865 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
1866 EXPECT_EQ(message.size(), input_consumed);
1867 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1868
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1869 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1870}
1871
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1872TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1873 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1874 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1875 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1876 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1877
1878 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1879 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1880 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1881 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1882 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1883 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1884 EXPECT_EQ(message, plaintext);
1885 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1886
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1887 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1888}
1889
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1890TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1891 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1892 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1893 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1894 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1895
1896 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1897 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1898 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1899 EXPECT_NE(ciphertext, message);
1900 ++ciphertext[ciphertext.size() / 2];
1901
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1902 AuthorizationSet begin_params(client_params());
1903 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1904 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1905 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1906 string plaintext;
1907 size_t input_consumed;
1908 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
1909 EXPECT_EQ(ciphertext.size(), input_consumed);
1910 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1911
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1912 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1913}
1914
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1915TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1916 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1917 .AesEncryptionKey(128)
1918 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
1919 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1920 string message = "123";
1921 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1922 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1923 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]1924 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1925
1926 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1927 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1928 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]1929 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1930
1931 // IVs should be random, so ciphertexts should differ.
1932 EXPECT_NE(iv1, iv2);
1933 EXPECT_NE(ciphertext1, ciphertext2);
1934
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1935 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1936 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1937
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1938 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1939}
1940
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1941TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1942 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1943 .AesEncryptionKey(128)
1944 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
1945 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1946
1947 int increment = 15;
1948 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1949 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1950 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1951 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1952 AuthorizationSet output_params;
1953 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
1954
1955 string ciphertext;
1956 size_t input_consumed;
1957 for (size_t i = 0; i < message.size(); i += increment)
1958 EXPECT_EQ(KM_ERROR_OK,
1959 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
1960 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
1961 EXPECT_EQ(message.size(), ciphertext.size());
1962
1963 // Move TAG_NONCE into input_params
1964 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1965 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1966 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1967 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1968 output_params.Clear();
1969
1970 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
1971 string plaintext;
1972 for (size_t i = 0; i < ciphertext.size(); i += increment)
1973 EXPECT_EQ(KM_ERROR_OK,
1974 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
1975 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
1976 EXPECT_EQ(ciphertext.size(), plaintext.size());
1977 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1978
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1979 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1980}
1981
1982struct AesCtrSp80038aTestVector {
1983 const char* key;
1984 const char* nonce;
1985 const char* plaintext;
1986 const char* ciphertext;
1987};
1988
1989// These test vectors are taken from
1990// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
1991static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
1992 // AES-128
1993 {
1994 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1995 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
1996 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
1997 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
1998 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
1999 },
2000 // AES-192
2001 {
2002 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2003 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2004 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2005 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2006 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2007 },
2008 // AES-256
2009 {
2010 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2011 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2012 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2013 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2014 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2015 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2016 },
2017};
2018
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2019TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2020 for (size_t i = 0; i < 3; i++) {
2021 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2022 const string key = hex2str(test.key);
2023 const string nonce = hex2str(test.nonce);
2024 const string plaintext = hex2str(test.plaintext);
2025 const string ciphertext = hex2str(test.ciphertext);
2026 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2027 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2028
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2029 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2030}
2031
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2032TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2033 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2034 .AesEncryptionKey(128)
2035 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2036 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2037 AuthorizationSet begin_params(client_params());
2038 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2039 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2040 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2041
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2042 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2043}
2044
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2045TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2046 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2047 .AesEncryptionKey(128)
2048 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2049 .Authorization(TAG_CALLER_NONCE)
2050 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2051
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2052 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2053 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2054 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2055 input_params.push_back(TAG_NONCE, "123", 3);
2056 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2057
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2058 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2059}
2060
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2061TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2062 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2063 .AesEncryptionKey(128)
2064 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2065 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2066 // Two-block message.
2067 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2068 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2069 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2070 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2071
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2072 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2073 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2074 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2075
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2076 // IVs should be random, so ciphertexts should differ.
2077 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2078 EXPECT_NE(ciphertext1, ciphertext2);
2079
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2080 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2081 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2082
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2083 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2084}
2085
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2086TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2087 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2088 .AesEncryptionKey(128)
2089 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2090 .Authorization(TAG_CALLER_NONCE)
2091 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2092 string message = "12345678901234567890123456789012";
2093 string iv1;
2094 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2095 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2096 EXPECT_EQ(message.size(), ciphertext1.size());
2097 EXPECT_EQ(16U, iv1.size());
2098
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2099 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2100 EXPECT_EQ(message, plaintext);
2101
2102 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2103 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2104 AuthorizationSet update_params;
2105 AuthorizationSet output_params;
2106 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2107 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2108 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2109 string ciphertext2 =
2110 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2111
2112 // Decrypt with correct nonce.
2113 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2114 &output_params);
2115 EXPECT_EQ(message, plaintext);
2116
2117 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2118 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2119 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2120 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2121 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2122 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2123 &output_params);
2124 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2125
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2126 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2127}
2128
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2129TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2130 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2131 .AesEncryptionKey(128)
2132 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2133 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2134
2135 string message = "12345678901234567890123456789012";
2136 string iv1;
2137 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2138 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2139 EXPECT_EQ(message.size(), ciphertext1.size());
2140 EXPECT_EQ(16U, iv1.size());
2141
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2142 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2143 EXPECT_EQ(message, plaintext);
2144
2145 // Now specify a nonce, should fail.
2146 AuthorizationSet input_params(client_params());
2147 AuthorizationSet update_params;
2148 AuthorizationSet output_params;
2149 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2150 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2151 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2152
2153 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2154 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2155
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2156 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2157}
2158
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2159TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2160 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2161 .AesEncryptionKey(128)
2162 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2163 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2164
2165 int increment = 15;
2166 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2167 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2168 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2169 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2170 AuthorizationSet output_params;
2171 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2172
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2173 string ciphertext;
2174 size_t input_consumed;
2175 for (size_t i = 0; i < message.size(); i += increment)
2176 EXPECT_EQ(KM_ERROR_OK,
2177 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2178 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2179 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2180
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2181 // Move TAG_NONCE into input_params
2182 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2183 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2184 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2185 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2186 output_params.Clear();
2187
2188 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2189 string plaintext;
2190 for (size_t i = 0; i < ciphertext.size(); i += increment)
2191 EXPECT_EQ(KM_ERROR_OK,
2192 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2193 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2194 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2195 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2196
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2197 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2198}
2199
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2200TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2201 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2202 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2203 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2204 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2205
2206 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2207 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2208 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2209 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2210 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2211 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2212 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2213 EXPECT_EQ(message, plaintext);
2214 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2215
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2216 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2217}
2218
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2219TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2220 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2221 .AesEncryptionKey(128)
2222 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2223 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2224 string aad = "foobar";
2225 string message = "123456789012345678901234567890123456";
2226 AuthorizationSet begin_params(client_params());
2227 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2228 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2229 begin_params.push_back(TAG_MAC_LENGTH, 128);
2230 AuthorizationSet begin_out_params;
2231
2232 AuthorizationSet update_params;
2233 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2234 AuthorizationSet update_out_params;
2235
2236 AuthorizationSet finish_params;
2237 AuthorizationSet finish_out_params;
2238
2239 string ciphertext;
2240 string discard;
2241 string plaintext;
2242
2243 size_t input_consumed;
2244
2245 // Encrypt
2246 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2247 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2248 &input_consumed));
2249 EXPECT_EQ(message.size(), input_consumed);
2250 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2251
2252 // Grab nonce & tag.
2253 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2254 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2255 begin_params.push_back(begin_out_params);
2256 update_params.push_back(finish_out_params);
2257
2258 // Decrypt.
2259 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2260 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2261 &plaintext, &input_consumed));
2262 EXPECT_EQ(ciphertext.size(), input_consumed);
2263 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&discard));
2264
2265 EXPECT_EQ(message, plaintext);
2266 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2267}
2268
2269TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2270 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2271 .AesEncryptionKey(128)
2272 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2273 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2274 string message = "123456789012345678901234567890123456";
2275 AuthorizationSet begin_params(client_params());
2276 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2277 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2278 begin_params.push_back(TAG_MAC_LENGTH, 128);
2279 AuthorizationSet begin_out_params;
2280
2281 AuthorizationSet update_params;
2282 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
2283 AuthorizationSet update_out_params;
2284
2285 AuthorizationSet finish_params;
2286 AuthorizationSet finish_out_params;
2287
2288 string ciphertext;
2289 string discard;
2290 string plaintext;
2291
2292 size_t input_consumed;
2293
2294 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2295
2296 // No data, AAD only.
2297 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2298 &input_consumed));
2299
2300 // AAD and data.
2301 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2302 &input_consumed));
2303 EXPECT_EQ(message.size(), input_consumed);
2304 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2305
2306 // Grab nonce & tag.
2307 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2308 begin_params.push_back(begin_out_params);
2309
2310 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2311 update_params.push_back(finish_out_params);
2312
2313 // All of the AAD in one.
2314
2315 // Decrypt.
2316 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2317 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2318 &input_consumed));
2319 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2320 &plaintext, &input_consumed));
2321 EXPECT_EQ(ciphertext.size(), input_consumed);
2322 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&discard));
2323
2324 EXPECT_EQ(message, plaintext);
2325 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2326}
2327
2328TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2329 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2330 .AesEncryptionKey(128)
2331 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2332 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2333 string aad = "foobar";
2334 string message = "12345678901234567890123456789012";
2335 AuthorizationSet begin_params(client_params());
2336 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2337 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2338 begin_params.push_back(TAG_MAC_LENGTH, 128);
2339 AuthorizationSet begin_out_params;
2340
2341 AuthorizationSet update_params;
2342 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2343 AuthorizationSet update_out_params;
2344
2345 AuthorizationSet finish_params;
2346 AuthorizationSet finish_out_params;
2347
2348 string ciphertext;
2349 string discard;
2350 string plaintext;
2351
2352 size_t input_consumed;
2353
2354 // Encrypt
2355 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2356 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2357 &input_consumed));
2358 EXPECT_EQ(message.size(), input_consumed);
2359 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2360
2361 // Grab nonce & tag.
2362 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2363 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2364 begin_params.push_back(begin_out_params);
2365 update_params.Clear();
2366 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
2367 update_params.push_back(finish_out_params);
2368
2369 // Decrypt.
2370 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2371 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2372 &plaintext, &input_consumed));
2373 EXPECT_EQ(ciphertext.size(), input_consumed);
2374 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&discard));
2375
2376 EXPECT_EQ(message, plaintext);
2377 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2378}
2379
2380TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2381 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2382 .AesEncryptionKey(128)
2383 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2384 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2385 string aad = "foobar";
2386 string message = "12345678901234567890123456789012";
2387 AuthorizationSet begin_params(client_params());
2388 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2389 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2390 begin_params.push_back(TAG_MAC_LENGTH, 128);
2391 AuthorizationSet begin_out_params;
2392
2393 AuthorizationSet update_params;
2394 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2395 AuthorizationSet update_out_params;
2396
2397 AuthorizationSet finish_params;
2398 AuthorizationSet finish_out_params;
2399
2400 string ciphertext;
2401 string discard;
2402 string plaintext;
2403
2404 size_t input_consumed;
2405
2406 // Encrypt
2407 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2408 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2409 &input_consumed));
2410 EXPECT_EQ(message.size(), input_consumed);
2411 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2412
2413 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2414 update_params.push_back(finish_out_params);
2415 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2416
2417 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2418 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2419 &plaintext, &input_consumed));
2420 EXPECT_EQ(ciphertext.size(), input_consumed);
2421 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&discard));
2422
2423 // With wrong nonce, should have gotten garbage plaintext.
2424 EXPECT_NE(message, plaintext);
2425 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2426}
2427
2428TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2429 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2430 .AesEncryptionKey(128)
2431 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2432 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2433 string aad = "foobar";
2434 string message = "123456789012345678901234567890123456";
2435 AuthorizationSet begin_params(client_params());
2436 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2437 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2438 begin_params.push_back(TAG_MAC_LENGTH, 128);
2439 AuthorizationSet begin_out_params;
2440
2441 AuthorizationSet update_params;
2442 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2443 AuthorizationSet update_out_params;
2444
2445 AuthorizationSet finish_params;
2446 AuthorizationSet finish_out_params;
2447
2448 string ciphertext;
2449 string discard;
2450 string plaintext;
2451
2452 size_t input_consumed;
2453
2454 // Encrypt
2455 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2456 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2457 &input_consumed));
2458 EXPECT_EQ(message.size(), input_consumed);
2459 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2460
2461 // Grab nonce & tag; corrupt tag.
2462 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2463 begin_params.push_back(begin_out_params);
2464 keymaster_blob_t tag;
2465 EXPECT_TRUE(finish_out_params.GetTagValue(TAG_AEAD_TAG, &tag));
2466 const_cast<uint8_t*>(tag.data)[tag.data_length / 2]++;
2467 update_params.push_back(TAG_AEAD_TAG, tag);
2468
2469 // Decrypt.
2470 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2471 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2472 &plaintext, &input_consumed));
2473 EXPECT_EQ(ciphertext.size(), input_consumed);
2474 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&discard));
2475
2476 EXPECT_EQ(message, plaintext);
2477 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2478}
2479
2480TEST_P(EncryptionOperationsTest, AesGcmShortTag) {
2481 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2482 .AesEncryptionKey(128)
2483 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2484 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2485 string aad = "foobar";
2486 string message = "123456789012345678901234567890123456";
2487 AuthorizationSet begin_params(client_params());
2488 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2489 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2490 begin_params.push_back(TAG_MAC_LENGTH, 128);
2491 AuthorizationSet begin_out_params;
2492
2493 AuthorizationSet update_params;
2494 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2495 AuthorizationSet update_out_params;
2496
2497 AuthorizationSet finish_params;
2498 AuthorizationSet finish_out_params;
2499
2500 string ciphertext;
2501 string discard;
2502 string plaintext;
2503
2504 size_t input_consumed;
2505
2506 // Encrypt
2507 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2508 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2509 &input_consumed));
2510 EXPECT_EQ(message.size(), input_consumed);
2511 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2512
2513 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2514 begin_params.push_back(begin_out_params);
2515 keymaster_blob_t tag;
2516 EXPECT_TRUE(finish_out_params.GetTagValue(TAG_AEAD_TAG, &tag));
2517 tag.data_length = 11;
2518 update_params.push_back(TAG_AEAD_TAG, tag);
2519
2520 // Decrypt.
2521 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2522 EXPECT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
2523 UpdateOperation(update_params, ciphertext, &update_out_params, &plaintext,
2524 &input_consumed));
2525
2526 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2527}
2528
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2529typedef Keymaster1Test AddEntropyTest;
2530INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2531
2532TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2533 // There's no obvious way to test that entropy is actually added, but we can test that the API
2534 // doesn't blow up or return an error.
2535 EXPECT_EQ(KM_ERROR_OK,
2536 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2537
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2538 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2539}
2540
2541typedef Keymaster1Test Keymaster0AdapterTest;
2542INSTANTIATE_TEST_CASE_P(
2543 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2544 ::testing::Values(
2545 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2546 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2547
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2548TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2549 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2550 // key data.
2551 string km1_sw = read_file("km1_sw_rsa_512.blob");
2552 EXPECT_EQ(486U, km1_sw.length());
2553
2554 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2555 memcpy(key_data, km1_sw.data(), km1_sw.length());
2556 set_key_blob(key_data, km1_sw.length());
2557
2558 string message(64, 'a');
2559 string signature;
2560 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2561
2562 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2563}
2564
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2565TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2566 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2567 // key data.
2568 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2569 EXPECT_EQ(270U, km1_sw.length());
2570
2571 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2572 memcpy(key_data, km1_sw.data(), km1_sw.length());
2573 set_key_blob(key_data, km1_sw.length());
2574
2575 string message(64, 'a');
2576 string signature;
2577 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2578
2579 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2580}
2581
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2582struct Malloc_Delete {
2583 void operator()(void* p) { free(p); }
2584};
2585
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2586TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2587 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2588 string km0_sw = read_file("km0_sw_rsa_512.blob");
2589 EXPECT_EQ(333U, km0_sw.length());
2590
2591 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2592 memcpy(key_data, km0_sw.data(), km0_sw.length());
2593 set_key_blob(key_data, km0_sw.length());
2594
2595 string message(64, 'a');
2596 string signature;
2597 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2598
2599 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2600}
2601
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]2602TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
2603 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2604 string km0_sw = read_file("km0_sw_rsa_512.blob");
2605 EXPECT_EQ(333U, km0_sw.length());
2606
2607 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2608 memcpy(key_data, km0_sw.data(), km0_sw.length());
2609 set_key_blob(key_data, km0_sw.length());
2610
2611 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2612 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2613 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2614 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2615 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2616 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2617 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2618 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2619 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2620 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2621
2622 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2623}
2624
2625TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
2626 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2627 string km0_sw = read_file("km0_sw_rsa_512.blob");
2628 EXPECT_EQ(333U, km0_sw.length());
2629
2630 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2631 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2632 EXPECT_EQ('P', km0_sw[0]);
2633 km0_sw[0] = 'Q';
2634
2635 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2636 memcpy(key_data, km0_sw.data(), km0_sw.length());
2637 set_key_blob(key_data, km0_sw.length());
2638
2639 string message(64, 'a');
2640 string signature;
2641 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2642 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
2643
2644 EXPECT_EQ(5, GetParam()->keymaster0_calls());
2645}
2646
2647TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
2648 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2649 string km0_sw = read_file("km0_sw_rsa_512.blob");
2650 EXPECT_EQ(333U, km0_sw.length());
2651
2652 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2653 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2654 EXPECT_EQ('P', km0_sw[0]);
2655 km0_sw[0] = 'Q';
2656
2657 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2658 memcpy(key_data, km0_sw.data(), km0_sw.length());
2659 set_key_blob(key_data, km0_sw.length());
2660
2661 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2662 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2663 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
2664 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2665 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2666 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
2667 EXPECT_EQ(5U, hw_enforced().size());
2668
2669 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2670 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2671 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2672 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2673
2674 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2675 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2676 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2677 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2678 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2679
2680 EXPECT_EQ(1, GetParam()->keymaster0_calls());
2681}
2682
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]2683} // namespace test
2684} // namespace keymaster