Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / df5eec89e97846edd3bda871e55dc03266476b62 / . / android_keymaster_test.cpp
blob: 479a2e65560b2c8a1e03482e0d5351382c21ae07 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]49template <typename T> vector<T> make_vector(const T* array, size_t len) {
50 return vector<T>(array, array + len);
51}
52
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]53class TestKeymasterEnforcement : public KeymasterEnforcement {
54 public:
55 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
56
57 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
58 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
59 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
60 uint32_t /* timeout */) const {
61 return false;
62 }
63 virtual uint32_t get_current_time() const { return 0; }
64 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
65};
66
67class TestKeymasterContext : public SoftKeymasterContext {
68 public:
69 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
70 : SoftKeymasterContext(keymaster0) {}
71
72 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
73
74 private:
75 TestKeymasterEnforcement test_policy_;
76};
77
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]78class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
79 public:
80 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]82 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]83 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]84 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]85
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]86 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]87 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]88};
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
91 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]92 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
93
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]95 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
96 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]97 hw_device_t* softkeymaster_device;
98 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
99 &softkeymaster_device));
100 // Make the software device pretend to be hardware
101 keymaster0_device_t* keymaster0_device =
102 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]103 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
104
105 if (!support_ec_) {
106 // Make the software device pretend not to support EC
107 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
108 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]109
110 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
111
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]112 SoftKeymasterDevice* keymaster =
113 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]114 return keymaster->keymaster_device();
115 }
116
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]117 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
118 switch (algorithm) {
119 case KM_ALGORITHM_RSA:
120 return true;
121 case KM_ALGORITHM_EC:
122 return support_ec_;
123 default:
124 return false;
125 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]126 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]127 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
128
129 private:
130 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]131 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]132};
133
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]134static auto test_params = testing::Values(
135 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
136 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
137 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]138
139typedef Keymaster1Test CheckSupported;
140INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
141
142TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]143 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
144 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]146 size_t len;
147 keymaster_algorithm_t* algorithms;
148 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]149 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]150 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]151 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]152
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]153 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]154}
155
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]156TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
158 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
159 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]160
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]161 size_t len;
162 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]163 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]165 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]166 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]167
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]168 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]169 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]170 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]171
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]172 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]173 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]174 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]175 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]176
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]177 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]178}
179
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]180TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
182 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
183 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]184
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]185 size_t len;
186 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]187 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]188 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]189 EXPECT_TRUE(
190 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]191 free(modes);
192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]194 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]197 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]198
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]199 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]200 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]201 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]202 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]203
204 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
205 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
206 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]207
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]208 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]209}
210
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]211TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 EXPECT_EQ(
213 KM_ERROR_OUTPUT_PARAMETER_NULL,
214 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]215
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 size_t len;
217 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]218 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]220 EXPECT_TRUE(
221 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
222 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
223 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]227 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]228 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
229 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
230 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]231 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]232
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]233 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
234 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
235 &len));
236
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]237 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]238 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]239 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
240 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
241 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]242 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]243
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]244 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]245}
246
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]247TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
249 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]250
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 size_t len;
252 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]253 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]254 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]255 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]257
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]258 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
260 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
261 free(formats);
262
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]263 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]264 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
265 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
266 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]267
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]268 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]269}
270
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]271TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
273 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]274
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 size_t len;
276 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]277 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]278 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]279 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]280 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]281
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]282 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]283 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]284 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]286
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]287 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]288 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]289 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]290 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]291
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]292 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]293 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]294 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 free(formats);
296
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]297 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]298 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]299 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]300 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]301
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]302 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]303}
304
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]305class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]306 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]308 AuthorizationSet auths = sw_enforced();
309 EXPECT_GT(auths.SerializedSize(), 12U);
310
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
312 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
313 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]314 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]316
317 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]318 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
319 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
320 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]321
322 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]323 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
324 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
325 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]326
327 // Now check that unspecified, defaulted tags are correct.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]328 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]329 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]330};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]331INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
332
333TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]334 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
335 .RsaSigningKey(256, 3)
336 .Digest(KM_DIGEST_NONE)
337 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]338 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]339
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]340 // Check specified tags are all present, and in the right set.
341 AuthorizationSet crypto_params;
342 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]343 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]344 EXPECT_NE(0U, hw_enforced().size());
345 EXPECT_NE(0U, sw_enforced().size());
346 crypto_params.push_back(hw_enforced());
347 non_crypto_params.push_back(sw_enforced());
348 } else {
349 EXPECT_EQ(0U, hw_enforced().size());
350 EXPECT_NE(0U, sw_enforced().size());
351 crypto_params.push_back(sw_enforced());
352 }
353
354 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
355 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
356 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
357 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
358 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
359 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
360
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]361 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]362 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]363}
364
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]365TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]366 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
367 GenerateKey(AuthorizationSetBuilder()
368 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
369 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
370 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]371
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]372 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]373}
374
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]375TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]376 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]377 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]378 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]379
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]380 // Check specified tags are all present, and in the right set.
381 AuthorizationSet crypto_params;
382 AuthorizationSet non_crypto_params;
383 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
384 EXPECT_NE(0U, hw_enforced().size());
385 EXPECT_NE(0U, sw_enforced().size());
386 crypto_params.push_back(hw_enforced());
387 non_crypto_params.push_back(sw_enforced());
388 } else {
389 EXPECT_EQ(0U, hw_enforced().size());
390 EXPECT_NE(0U, sw_enforced().size());
391 crypto_params.push_back(sw_enforced());
392 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]393
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]394 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
395 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
396 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
397 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
398
399 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
400 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]401}
402
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]403TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]404 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
405 GenerateKey(AuthorizationSetBuilder()
406 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
407 .SigningKey()
408 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]409
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]410 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]411}
412
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]413TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]414 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
415 ASSERT_EQ(
416 KM_ERROR_UNKNOWN_ERROR,
417 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
418 else
419 ASSERT_EQ(
420 KM_ERROR_UNSUPPORTED_KEY_SIZE,
421 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]422
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]423 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
424 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]425}
426
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]427TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]428 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]429 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]430 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
431 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]432 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]433 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]434
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]435 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
436 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]437}
438
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]439TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]440 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
441 .HmacKey(128)
442 .Digest(KM_DIGEST_SHA_2_256)
443 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
444
445 EXPECT_EQ(0, GetParam()->keymaster0_calls());
446}
447
448TEST_P(NewKeyGeneration, HmacMultipleDigests) {
449 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
450 GenerateKey(AuthorizationSetBuilder()
451 .HmacKey(128)
452 .Digest(KM_DIGEST_SHA1)
453 .Digest(KM_DIGEST_SHA_2_256)
454 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
455
456 EXPECT_EQ(0, GetParam()->keymaster0_calls());
457}
458
459TEST_P(NewKeyGeneration, HmacDigestNone) {
460 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
461 GenerateKey(AuthorizationSetBuilder()
462 .HmacKey(128)
463 .Digest(KM_DIGEST_NONE)
464 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
465
466 EXPECT_EQ(0, GetParam()->keymaster0_calls());
467}
468
469TEST_P(NewKeyGeneration, HmacSha256TooShortMacLength) {
470 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
471 GenerateKey(AuthorizationSetBuilder()
472 .HmacKey(128)
473 .Digest(KM_DIGEST_SHA_2_256)
474 .Authorization(TAG_MIN_MAC_LENGTH, 48)));
475
476 EXPECT_EQ(0, GetParam()->keymaster0_calls());
477}
478
479TEST_P(NewKeyGeneration, HmacSha256NonIntegralOctetMacLength) {
480 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
481 GenerateKey(AuthorizationSetBuilder()
482 .HmacKey(128)
483 .Digest(KM_DIGEST_SHA_2_256)
484 .Authorization(TAG_MIN_MAC_LENGTH, 130)));
485
486 EXPECT_EQ(0, GetParam()->keymaster0_calls());
487}
488
489TEST_P(NewKeyGeneration, HmacSha256TooLongMacLength) {
490 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
491 GenerateKey(AuthorizationSetBuilder()
492 .HmacKey(128)
493 .Digest(KM_DIGEST_SHA_2_256)
494 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]495
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]496 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]497}
498
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]499typedef Keymaster1Test GetKeyCharacteristics;
500INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
501
502TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]503 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
504 .RsaSigningKey(256, 3)
505 .Digest(KM_DIGEST_NONE)
506 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]507 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]508
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]509 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
510 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]511
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]512 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]513 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]514}
515
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]516typedef Keymaster1Test SigningOperationsTest;
517INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
518
519TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]520 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
521 .RsaSigningKey(256, 3)
522 .Digest(KM_DIGEST_NONE)
523 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]524 string message = "12345678901234567890123456789012";
525 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]526 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]527
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]528 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]529 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]530}
531
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]532TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]533 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
534 .RsaSigningKey(512, 3)
535 .Digest(KM_DIGEST_SHA_2_256)
536 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]537 // Use large message, which won't work without digesting.
538 string message(1024, 'a');
539 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]540 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]541
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]542 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]543 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]544}
545
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]546TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]547 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
548 .RsaSigningKey(512, 3)
549 .Digest(KM_DIGEST_NONE)
550 .Padding(KM_PAD_NONE)));
551 string message = "12345678901234567890123456789012";
552 string signature;
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]553
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]554 AuthorizationSet begin_params(client_params());
555 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
556 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
557 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]558}
559
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]560TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]561 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
562 .RsaSigningKey(512, 3)
563 .Digest(KM_DIGEST_SHA_2_256)
564 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]565 string message(1024, 'a');
566 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]567 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]568
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]569 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]570 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]571}
572
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]573TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
574 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
575 .RsaSigningKey(512, 3)
576 .Digest(KM_DIGEST_NONE)
577 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
578 string message(53, 'a');
579 string signature;
580 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
581
582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
583 EXPECT_EQ(3, GetParam()->keymaster0_calls());
584}
585
586TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
588 .RsaSigningKey(512, 3)
589 .Digest(KM_DIGEST_NONE)
590 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
591 string message(54, 'a');
592
593 AuthorizationSet begin_params(client_params());
594 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
595 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
596 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
597 string result;
598 size_t input_consumed;
599 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
600 string signature;
601 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
602
603 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
604 EXPECT_EQ(2, GetParam()->keymaster0_calls());
605}
606
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]607TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]608 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
609 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]610 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
611 .RsaSigningKey(256 + 9 * 8, 3)
612 .Digest(KM_DIGEST_SHA_2_256)
613 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]614 string message(1024, 'a');
615 string signature;
616
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]617 AuthorizationSet begin_params(client_params());
618 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]619 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]620 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]621}
622
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]623TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
624 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
625 .RsaSigningKey(256, 3)
626 .Digest(KM_DIGEST_NONE)
627 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
628 string message(64 * 1024, 'a');
629 string signature;
630 AuthorizationSet begin_params(client_params());
631 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
632 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
633 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
634 string result;
635 size_t input_consumed;
636 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
637
638 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
639 EXPECT_EQ(2, GetParam()->keymaster0_calls());
640}
641
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]642TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]643 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
644 .RsaSigningKey(256, 3)
645 .Digest(KM_DIGEST_NONE)
646 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]647 AuthorizationSet begin_params(client_params());
648 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]649 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]650 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]651 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
652 // Another abort should fail
653 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]654
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]655 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]656 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]657}
658
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]659TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]660 GenerateKey(AuthorizationSetBuilder()
661 .RsaSigningKey(256, 3)
662 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
663 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]664 AuthorizationSet begin_params(client_params());
665 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
666 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]667
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]668 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]669 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]670}
671
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]672TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]673 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]674 GenerateKey(AuthorizationSetBuilder()
675 .RsaSigningKey(256, 3)
676 .Digest(KM_DIGEST_NONE)
677 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]678 AuthorizationSet begin_params(client_params());
679 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]680 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]681 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]682
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]683 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]684 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]685}
686
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]687TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]688 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]689 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
690 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]691 AuthorizationSet begin_params(client_params());
692 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
693 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]694
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]695 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]696 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]697}
698
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]699TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]700 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
701 .RsaSigningKey(256, 3)
702 .Digest(KM_DIGEST_NONE)
703 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]704 AuthorizationSet begin_params(client_params());
705 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]706 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]707 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]708
709 string message = "1234567890123456789012345678901";
710 string result;
711 size_t input_consumed;
712 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
713 EXPECT_EQ(0U, result.size());
714 EXPECT_EQ(31U, input_consumed);
715
716 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]717 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]718 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]719
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]720 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]721 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]722}
723
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]724TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]725 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
726 .RsaEncryptionKey(256, 3)
727 .Digest(KM_DIGEST_NONE)
728 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]729 AuthorizationSet begin_params(client_params());
730 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
731 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
732 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]733
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]734 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]735 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]736}
737
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]738TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]739 ASSERT_EQ(KM_ERROR_OK,
740 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]741 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]742 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]743 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]744
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]745 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
746 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]747}
748
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]749TEST_P(SigningOperationsTest, EcdsaSha256Success) {
750 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
751 KM_DIGEST_SHA_2_256)));
752 string message(1024, 'a');
753 string signature;
754 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
755
756 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
757 EXPECT_EQ(3, GetParam()->keymaster0_calls());
758}
759
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]760TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
761 ASSERT_EQ(KM_ERROR_OK,
762 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
763 string message(64 * 1024, 'a');
764 string signature;
765 AuthorizationSet begin_params(client_params());
766 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
767 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
768 string result;
769 size_t input_consumed;
770 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
771
772 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
773 EXPECT_EQ(2, GetParam()->keymaster0_calls());
774}
775
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]776TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) {
777 size_t len;
778 keymaster_digest_t* digest_arr;
779 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
780 KM_PURPOSE_SIGN, &digest_arr, &len));
781 vector<int> key_sizes = {224, 256, 384, 521};
782 vector<keymaster_digest_t> digests = make_vector(digest_arr, len);
783 free(digest_arr);
784
785 for (int key_size : key_sizes) {
786 for (keymaster_digest_t digest : digests) {
787 ASSERT_EQ(
788 KM_ERROR_OK,
789 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest)));
790
791 string message(1024, 'a');
792 string signature;
793 if (digest == KM_DIGEST_NONE)
794 message.resize(key_size / 8);
795 SignMessage(message, &signature, digest);
796 }
797 }
798
799 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
800 EXPECT_EQ(digests.size() * key_sizes.size() * 3,
801 static_cast<size_t>(GetParam()->keymaster0_calls()));
802}
803
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]804TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]805 ASSERT_EQ(KM_ERROR_OK,
806 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
807 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]808 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
809 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]810
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]811 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]812}
813
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]814TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]815 GenerateKey(AuthorizationSetBuilder()
816 .HmacKey(128)
817 .Digest(KM_DIGEST_SHA1)
818 .Authorization(TAG_MIN_MAC_LENGTH, 160));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]819 string message = "12345678901234567890123456789012";
820 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]821 MacMessage(message, &signature, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]822 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]823
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]824 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]825}
826
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]827TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]828 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
829 .HmacKey(128)
830 .Digest(KM_DIGEST_SHA_2_224)
831 .Authorization(TAG_MIN_MAC_LENGTH, 160)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]832 string message = "12345678901234567890123456789012";
833 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]834 MacMessage(message, &signature, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]835 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]836
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]837 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]838}
839
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]840TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]841 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
842 .HmacKey(128)
843 .Digest(KM_DIGEST_SHA_2_256)
844 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]845 string message = "12345678901234567890123456789012";
846 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]847 MacMessage(message, &signature, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]848 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]849
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]850 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]851}
852
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]853TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]854 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
855 .HmacKey(128)
856 .Digest(KM_DIGEST_SHA_2_384)
857 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]858
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]859 string message = "12345678901234567890123456789012";
860 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]861 MacMessage(message, &signature, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]862 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]863
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]864 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]865}
866
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]867TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]868 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
869 .HmacKey(128)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]870 .Digest(KM_DIGEST_SHA_2_512)
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]871 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
872 string message = "12345678901234567890123456789012";
873 string signature;
874 MacMessage(message, &signature, 512);
875 ASSERT_EQ(64U, signature.size());
876
877 EXPECT_EQ(0, GetParam()->keymaster0_calls());
878}
879
880TEST_P(SigningOperationsTest, HmacLengthInKey) {
881 // TODO(swillden): unified API should generate an error on key generation.
882 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
883 .HmacKey(128)
884 .Digest(KM_DIGEST_SHA_2_512)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]885 .Authorization(TAG_MIN_MAC_LENGTH, 512)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]886 string message = "12345678901234567890123456789012";
887 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]888 MacMessage(message, &signature, 512);
889 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]890
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]891 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]892}
893
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]894TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]895 uint8_t key_data[] = {
896 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
897 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
898 };
899 string message = "Hi There";
900 uint8_t sha_224_expected[] = {
901 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
902 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
903 };
904 uint8_t sha_256_expected[] = {
905 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
906 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
907 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
908 };
909 uint8_t sha_384_expected[] = {
910 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
911 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
912 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
913 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
914 };
915 uint8_t sha_512_expected[] = {
916 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
917 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
918 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
919 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
920 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
921 };
922
923 string key = make_string(key_data);
924
925 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
926 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
927 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
928 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]929
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]930 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]931}
932
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]933TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]934 string key = "Jefe";
935 string message = "what do ya want for nothing?";
936 uint8_t sha_224_expected[] = {
937 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
938 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
939 };
940 uint8_t sha_256_expected[] = {
941 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
942 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
943 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
944 };
945 uint8_t sha_384_expected[] = {
946 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
947 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
948 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
949 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
950 };
951 uint8_t sha_512_expected[] = {
952 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
953 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
954 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
955 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
956 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
957 };
958
959 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
960 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
961 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
962 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]963
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]964 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]965}
966
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]967TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]968 string key(20, 0xaa);
969 string message(50, 0xdd);
970 uint8_t sha_224_expected[] = {
971 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
972 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
973 };
974 uint8_t sha_256_expected[] = {
975 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
976 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
977 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
978 };
979 uint8_t sha_384_expected[] = {
980 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
981 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
982 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
983 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
984 };
985 uint8_t sha_512_expected[] = {
986 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
987 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
988 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
989 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
990 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
991 };
992
993 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
994 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
995 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
996 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]997
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]998 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]999}
1000
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1001TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1002 uint8_t key_data[25] = {
1003 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
1004 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
1005 };
1006 string key = make_string(key_data);
1007 string message(50, 0xcd);
1008 uint8_t sha_224_expected[] = {
1009 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
1010 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
1011 };
1012 uint8_t sha_256_expected[] = {
1013 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
1014 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
1015 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
1016 };
1017 uint8_t sha_384_expected[] = {
1018 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
1019 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
1020 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
1021 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
1022 };
1023 uint8_t sha_512_expected[] = {
1024 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
1025 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
1026 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
1027 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
1028 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
1029 };
1030
1031 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1032 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1033 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1034 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1035
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1036 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1037}
1038
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1039TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1040 string key(20, 0x0c);
1041 string message = "Test With Truncation";
1042
1043 uint8_t sha_224_expected[] = {
1044 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
1045 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
1046 };
1047 uint8_t sha_256_expected[] = {
1048 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
1049 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
1050 };
1051 uint8_t sha_384_expected[] = {
1052 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
1053 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
1054 };
1055 uint8_t sha_512_expected[] = {
1056 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
1057 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
1058 };
1059
1060 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1061 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1062 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1063 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1064
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1065 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1066}
1067
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1068TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1069 string key(131, 0xaa);
1070 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1071
1072 uint8_t sha_224_expected[] = {
1073 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1074 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1075 };
1076 uint8_t sha_256_expected[] = {
1077 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1078 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1079 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1080 };
1081 uint8_t sha_384_expected[] = {
1082 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1083 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1084 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1085 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1086 };
1087 uint8_t sha_512_expected[] = {
1088 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1089 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1090 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1091 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1092 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1093 };
1094
1095 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1096 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1097 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1098 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1099
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1100 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1101}
1102
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1103TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1104 string key(131, 0xaa);
1105 string message = "This is a test using a larger than block-size key and a larger than "
1106 "block-size data. The key needs to be hashed before being used by the HMAC "
1107 "algorithm.";
1108
1109 uint8_t sha_224_expected[] = {
1110 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1111 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1112 };
1113 uint8_t sha_256_expected[] = {
1114 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1115 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1116 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1117 };
1118 uint8_t sha_384_expected[] = {
1119 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1120 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1121 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1122 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1123 };
1124 uint8_t sha_512_expected[] = {
1125 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1126 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1127 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1128 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1129 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1130 };
1131
1132 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1133 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1134 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1135 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1136
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1137 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1138}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1139
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1140TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1141 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1142 .HmacKey(128)
1143 .Digest(KM_DIGEST_SHA_2_256)
1144 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1145 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1146 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1147 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1148 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1149 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1150
1151 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1152}
1153
1154TEST_P(SigningOperationsTest, HmacSha256TooSmallMacLength) {
1155 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1156 .HmacKey(128)
1157 .Digest(KM_DIGEST_SHA_2_256)
1158 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
1159 AuthorizationSet begin_params(client_params());
1160 begin_params.push_back(TAG_MAC_LENGTH, 120);
1161 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
1162 ASSERT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
1163 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1164
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1165 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1166}
1167
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1168// TODO(swillden): Add more verification failure tests.
1169
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1170typedef Keymaster1Test VerificationOperationsTest;
1171INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1172
1173TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1174 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1175 .RsaSigningKey(256, 3)
1176 .Digest(KM_DIGEST_NONE)
1177 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1178 string message = "12345678901234567890123456789012";
1179 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1180 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1181 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1182
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1183 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1184 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1185}
1186
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1187TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1188 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1189 .RsaSigningKey(512, 3)
1190 .Digest(KM_DIGEST_SHA_2_256)
1191 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1192 // Use large message, which won't work without digesting.
1193 string message(1024, 'a');
1194 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1195 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1196 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1197
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1198 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1199 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1200}
1201
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1202TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1203 GenerateKey(AuthorizationSetBuilder()
1204 .RsaSigningKey(512, 3)
1205 .Digest(KM_DIGEST_SHA_2_256)
1206 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1207 string message(1024, 'a');
1208 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1209 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1210 ++signature[signature.size() / 2];
1211
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1212 AuthorizationSet begin_params(client_params());
1213 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1214 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1215 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1216
1217 string result;
1218 size_t input_consumed;
1219 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1220 EXPECT_EQ(message.size(), input_consumed);
1221 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1222
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1223 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1224 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1225}
1226
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1227TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1228 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1229 .RsaSigningKey(512, 3)
1230 .Digest(KM_DIGEST_SHA_2_256)
1231 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1232 // Use large message, which won't work without digesting.
1233 string message(1024, 'a');
1234 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1235 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1236 ++message[message.size() / 2];
1237
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1238 AuthorizationSet begin_params(client_params());
1239 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1240 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1241 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1242
1243 string result;
1244 size_t input_consumed;
1245 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1246 EXPECT_EQ(message.size(), input_consumed);
1247 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1248
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1249 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1250 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1251}
1252
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1253TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1254 GenerateKey(AuthorizationSetBuilder()
1255 .RsaSigningKey(512, 3)
1256 .Digest(KM_DIGEST_SHA_2_256)
1257 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1258 string message(1024, 'a');
1259 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1260 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1261 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1262
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1263 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1264 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1265}
1266
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1267TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1268 GenerateKey(AuthorizationSetBuilder()
1269 .RsaSigningKey(512, 3)
1270 .Digest(KM_DIGEST_SHA_2_256)
1271 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1272 string message(1024, 'a');
1273 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1274 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1275 ++signature[signature.size() / 2];
1276
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1277 AuthorizationSet begin_params(client_params());
1278 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1279 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1280 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1281
1282 string result;
1283 size_t input_consumed;
1284 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1285 EXPECT_EQ(message.size(), input_consumed);
1286 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1287
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1288 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1289 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1290}
1291
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1292TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1293 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1294 .RsaSigningKey(512, 3)
1295 .Digest(KM_DIGEST_SHA_2_256)
1296 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1297 // Use large message, which won't work without digesting.
1298 string message(1024, 'a');
1299 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1300 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1301 ++message[message.size() / 2];
1302
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1303 AuthorizationSet begin_params(client_params());
1304 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1305 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1306 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1307
1308 string result;
1309 size_t input_consumed;
1310 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1311 EXPECT_EQ(message.size(), input_consumed);
1312 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1313
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1314 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1315 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1316}
1317
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1318TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1319 // Get all supported digests and padding modes.
1320 size_t digests_len;
1321 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1322 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1323 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1324 &digests_len));
1325
1326 size_t padding_modes_len;
1327 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1328 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1329 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1330 &padding_modes, &padding_modes_len));
1331
1332 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1333 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1334 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1335 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1336 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1337 // Digesting requires padding
1338 continue;
1339
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1340 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1341 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1342 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1343
1344 if (digest == KM_DIGEST_NONE) {
1345 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1346 switch (padding_mode) {
1347 case KM_PAD_NONE:
1348 // Match key size.
1349 message_len = key_bits / 8;
1350 break;
1351 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1352 message_len = key_bits / 8 - 11;
1353 break;
1354 case KM_PAD_RSA_PSS:
1355 // PSS requires a digest.
1356 continue;
1357 default:
1358 FAIL() << "Missing padding";
1359 break;
1360 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1361 } else {
1362 size_t digest_bits;
1363 switch (digest) {
1364 case KM_DIGEST_MD5:
1365 digest_bits = 128;
1366 break;
1367 case KM_DIGEST_SHA1:
1368 digest_bits = 160;
1369 break;
1370 case KM_DIGEST_SHA_2_224:
1371 digest_bits = 224;
1372 break;
1373 case KM_DIGEST_SHA_2_256:
1374 digest_bits = 256;
1375 break;
1376 case KM_DIGEST_SHA_2_384:
1377 digest_bits = 384;
1378 break;
1379 case KM_DIGEST_SHA_2_512:
1380 digest_bits = 512;
1381 break;
1382 default:
1383 FAIL() << "Missing digest";
1384 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1385
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1386 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1387 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1388 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1389 break;
1390 case KM_PAD_RSA_PSS:
Shawn Willden53488c62015-07-16 18:15:45 -0600[diff] [blame]1391 key_bits = digest_bits + 22 * 8;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1392 break;
1393 default:
1394 FAIL() << "Missing padding";
1395 break;
1396 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1397 }
1398
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1399 GenerateKey(AuthorizationSetBuilder()
1400 .RsaSigningKey(key_bits, 3)
1401 .Digest(digest)
1402 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1403 string message(message_len, 'a');
1404 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1405 SignMessage(message, &signature, digest, padding_mode);
1406 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1407 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1408 }
1409 }
1410
1411 free(padding_modes);
1412 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1413
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1414 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1415 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1416}
1417
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1418TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1419 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1420 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1421 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1422 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1423 SignMessage(message, &signature, KM_DIGEST_NONE);
1424 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1425
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1426 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1427 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1428}
1429
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1430TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1431 ASSERT_EQ(KM_ERROR_OK,
1432 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1433 string message = "12345678901234567890";
1434 string signature;
1435 SignMessage(message, &signature, KM_DIGEST_NONE);
1436 VerifyMessage(message, signature, KM_DIGEST_NONE);
1437
1438 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1439 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1440}
1441
1442TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1443 ASSERT_EQ(KM_ERROR_OK,
1444 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1445 string message = "1234567890123456789012345678901234";
1446 string signature;
1447
1448 AuthorizationSet begin_params(client_params());
1449 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1450 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1451 string output;
1452 size_t input_consumed;
1453 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1454
1455 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1456 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1457}
1458
1459TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1460 ASSERT_EQ(KM_ERROR_OK,
1461 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1462
1463 string message(66, 'a');
1464 string signature;
1465 SignMessage(message, &signature, KM_DIGEST_NONE);
1466 VerifyMessage(message, signature, KM_DIGEST_NONE);
1467
1468 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1469 message[65] ^= 7;
1470 VerifyMessage(message, signature, KM_DIGEST_NONE);
1471
1472 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1473 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1474}
1475
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1476TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1477 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1478 .EcdsaSigningKey(256)
1479 .Digest(KM_DIGEST_SHA_2_256)
1480 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1481 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1482 string signature;
1483 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1484 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1485
1486 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1487 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1488
1489 // Just for giggles, try verifying with the wrong digest.
1490 AuthorizationSet begin_params(client_params());
1491 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1492 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1493
1494 string result;
1495 size_t input_consumed;
1496 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1497 EXPECT_EQ(message.size(), input_consumed);
1498 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1499}
1500
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1501TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1502 GenerateKey(AuthorizationSetBuilder()
1503 .HmacKey(128)
1504 .Digest(KM_DIGEST_SHA1)
1505 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1506 string message = "123456789012345678901234567890123456789012345678";
1507 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1508 MacMessage(message, &signature, 160);
1509 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1510
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1511 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1512}
1513
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1514TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1515 GenerateKey(AuthorizationSetBuilder()
1516 .HmacKey(128)
1517 .Digest(KM_DIGEST_SHA_2_224)
1518 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1519 string message = "123456789012345678901234567890123456789012345678";
1520 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1521 MacMessage(message, &signature, 224);
1522 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1523
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1524 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1525}
1526
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1527TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1528 GenerateKey(AuthorizationSetBuilder()
1529 .HmacKey(128)
1530 .Digest(KM_DIGEST_SHA_2_256)
1531 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1532 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1533 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1534 MacMessage(message, &signature, 256);
1535 VerifyMac(message, signature);
1536
1537 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1538}
1539
1540TEST_P(VerificationOperationsTest, HmacSha256TooShortMac) {
1541 GenerateKey(AuthorizationSetBuilder()
1542 .HmacKey(128)
1543 .Digest(KM_DIGEST_SHA_2_256)
1544 .Authorization(TAG_MIN_MAC_LENGTH, 128));
1545 string message = "123456789012345678901234567890123456789012345678";
1546 string signature;
1547 MacMessage(message, &signature, 256);
1548
1549 // Shorten to 128 bits, should still work.
1550 signature.resize(128 / 8);
1551 VerifyMac(message, signature);
1552
1553 // Drop one more byte.
1554 signature.resize(signature.length() - 1);
1555
1556 AuthorizationSet begin_params(client_params());
1557 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1558 string result;
1559 size_t input_consumed;
1560 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1561 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1562
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1563 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1564}
1565
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1566TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1567 GenerateKey(AuthorizationSetBuilder()
1568 .HmacKey(128)
1569 .Digest(KM_DIGEST_SHA_2_384)
1570 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1571 string message = "123456789012345678901234567890123456789012345678";
1572 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1573 MacMessage(message, &signature, 384);
1574 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1575
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1576 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1577}
1578
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1579TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1580 GenerateKey(AuthorizationSetBuilder()
1581 .HmacKey(128)
1582 .Digest(KM_DIGEST_SHA_2_512)
1583 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1584 string message = "123456789012345678901234567890123456789012345678";
1585 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1586 MacMessage(message, &signature, 512);
1587 VerifyMac(message, signature);
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1588
1589 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1590}
1591
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1592typedef Keymaster1Test ExportKeyTest;
1593INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1594
1595TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1596 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1597 .RsaSigningKey(256, 3)
1598 .Digest(KM_DIGEST_NONE)
1599 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1600 string export_data;
1601 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1602 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1603
1604 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1605
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1606 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1607 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1608}
1609
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1610TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1611 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1612 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1613 string export_data;
1614 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1615 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1616
1617 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1618
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1619 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1620 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1621}
1622
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1623TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1624 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1625 .RsaSigningKey(256, 3)
1626 .Digest(KM_DIGEST_NONE)
1627 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1628 string export_data;
1629 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1630
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1631 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1632 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1633}
1634
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1635TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1636 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1637 .RsaSigningKey(256, 3)
1638 .Digest(KM_DIGEST_NONE)
1639 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1640 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1641 string export_data;
1642 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1643
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1644 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1645 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1646}
1647
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1648TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1649 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1650 string export_data;
1651
1652 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1653 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1654 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1655
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1656 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1657}
1658
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1659static string read_file(const string& file_name) {
1660 ifstream file_stream(file_name, std::ios::binary);
1661 istreambuf_iterator<char> file_begin(file_stream);
1662 istreambuf_iterator<char> file_end;
1663 return string(file_begin, file_end);
1664}
1665
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1666typedef Keymaster1Test ImportKeyTest;
1667INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1668
1669TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1670 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1671 ASSERT_EQ(633U, pk8_key.size());
1672
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1673 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1674 .RsaSigningKey(1024, 65537)
1675 .Digest(KM_DIGEST_NONE)
1676 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1677 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1678
1679 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1680 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1681 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1682 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1683 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1684 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1685 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1686 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1687 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1688 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1689
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1690 // And values provided by AndroidKeymaster
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1691 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1692 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1693 else
1694 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1695 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1696
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1697 string message(1024 / 8, 'a');
1698 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1699 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1700 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1701
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1702 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1703 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1704}
1705
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1706TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1707 string pk8_key = read_file("rsa_privkey_pk8.der");
1708 ASSERT_EQ(633U, pk8_key.size());
1709
1710 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1711 // point softkeymaster will no longer support keymaster0 APIs anyway.
1712 uint8_t* key_blob;
1713 size_t key_blob_length;
1714 ASSERT_EQ(0,
1715 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1716 pk8_key.size(), &key_blob, &key_blob_length));
1717 set_key_blob(key_blob, key_blob_length);
1718
1719 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1720 AuthorizationSet begin_params; // Don't use client data.
1721 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1722 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1723 AuthorizationSet update_params;
1724 AuthorizationSet output_params;
1725 string signature =
1726 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1727 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1728 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1729
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1730 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1731 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1732}
1733
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1734TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1735 string pk8_key = read_file("rsa_privkey_pk8.der");
1736 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1737 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1738 ImportKey(AuthorizationSetBuilder()
1739 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1740 .Digest(KM_DIGEST_NONE)
1741 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1742 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1743
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1744 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1745}
1746
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1747TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1748 string pk8_key = read_file("rsa_privkey_pk8.der");
1749 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1750 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1751 ImportKey(AuthorizationSetBuilder()
1752 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1753 .Digest(KM_DIGEST_NONE)
1754 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1755 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1756
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1757 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1758}
1759
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1760TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1761 string pk8_key = read_file("ec_privkey_pk8.der");
1762 ASSERT_EQ(138U, pk8_key.size());
1763
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1764 ASSERT_EQ(KM_ERROR_OK,
1765 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1766 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1767
1768 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1769 EXPECT_TRUE(
1770 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1771 TAG_ALGORITHM, KM_ALGORITHM_EC));
1772 EXPECT_TRUE(
1773 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1774 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1775
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1776 // And values provided by AndroidKeymaster
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1777 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1778 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1779 else
1780 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1781 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1782
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1783 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1784 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1785 SignMessage(message, &signature, KM_DIGEST_NONE);
1786 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1787
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1788 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1789 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1790}
1791
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1792TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1793 string pk8_key = read_file("ec_privkey_pk8.der");
1794 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1795
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1796 ASSERT_EQ(KM_ERROR_OK,
1797 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1798 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1799
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1800 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1801 EXPECT_TRUE(
1802 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1803 TAG_ALGORITHM, KM_ALGORITHM_EC));
1804 EXPECT_TRUE(
1805 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1806 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1807
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1808 // And values provided by AndroidKeymaster
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1809 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1810 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1811 else
1812 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1813 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1814
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1815 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1816 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1817 SignMessage(message, &signature, KM_DIGEST_NONE);
1818 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1819
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1820 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1821 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1822}
1823
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1824TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1825 string pk8_key = read_file("ec_privkey_pk8.der");
1826 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1827 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1828 ImportKey(AuthorizationSetBuilder()
1829 .EcdsaSigningKey(224 /* Doesn't match key */)
1830 .Digest(KM_DIGEST_NONE),
1831 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1832
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1833 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1834}
1835
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1836TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1837 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1838 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1839 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1840 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1841 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1842 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1843
1844 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1845 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1846
1847 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1848 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1849 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1850 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1851
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1852 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1853}
1854
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1855TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1856 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1857 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1858 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1859 .HmacKey(sizeof(key_data) * 8)
1860 .Digest(KM_DIGEST_SHA_2_256)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1861 .Authorization(TAG_MIN_MAC_LENGTH, 256),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1862 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1863
1864 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1865 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1866
1867 string message = "Hello World!";
1868 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1869 MacMessage(message, &signature, 256);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1870 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1871
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1872 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1873}
1874
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1875typedef Keymaster1Test EncryptionOperationsTest;
1876INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1877
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1878TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1879 ASSERT_EQ(KM_ERROR_OK,
1880 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1881
1882 string message = "12345678901234567890123456789012";
1883 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1884 EXPECT_EQ(256U / 8, ciphertext1.size());
1885
1886 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1887 EXPECT_EQ(256U / 8, ciphertext2.size());
1888
1889 // Unpadded RSA is deterministic
1890 EXPECT_EQ(ciphertext1, ciphertext2);
1891
1892 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1893 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1894}
1895
1896TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1897 ASSERT_EQ(KM_ERROR_OK,
1898 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1899
1900 string message = "1234567890123456789012345678901";
1901
1902 AuthorizationSet begin_params(client_params());
1903 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1904 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1905
1906 string result;
1907 size_t input_consumed;
1908 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1909 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1910 EXPECT_EQ(0U, result.size());
1911
1912 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1913 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1914}
1915
1916TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1917 ASSERT_EQ(KM_ERROR_OK,
1918 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1919
1920 string message = "123456789012345678901234567890123";
1921
1922 AuthorizationSet begin_params(client_params());
1923 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1924 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1925
1926 string result;
1927 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1928 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1929
1930 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1931 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1932}
1933
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1934TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1935 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1936 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1937 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1938 .Padding(KM_PAD_RSA_OAEP)
1939 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1940
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1941 string message = "Hello";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1942 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1943 EXPECT_EQ(key_size / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1944
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1945 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1946 EXPECT_EQ(key_size / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1947
1948 // OAEP randomizes padding so every result should be different.
1949 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1950
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1951 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1952 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1953}
1954
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1955TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1956 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1957 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1958 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1959 .Padding(KM_PAD_RSA_OAEP)
1960 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1961 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1962 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1963 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1964
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1965 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1966 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1967
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1968 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1969 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1970}
1971
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1972TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1973 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1974 .RsaEncryptionKey(512, 3)
1975 .Padding(KM_PAD_RSA_OAEP)
1976 .Digest(KM_DIGEST_NONE)));
1977 string message = "Hello World!";
1978
1979 AuthorizationSet begin_params(client_params());
1980 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1981 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1982 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1983
1984 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1985 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1986}
1987
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1988TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) {
1989 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1990 .RsaEncryptionKey(512, 3)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1991 .Padding(KM_PAD_RSA_OAEP)
1992 .Digest(KM_DIGEST_SHA_2_256)));
1993 string message = "Hello World!";
1994 // Works because encryption is a public key operation.
1995 EncryptMessage(string(message), KM_DIGEST_SHA1, KM_PAD_RSA_OAEP);
1996
1997 AuthorizationSet begin_params(client_params());
1998 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1999 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
2000 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2001
2002 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2003 EXPECT_EQ(3, GetParam()->keymaster0_calls());
2004}
2005
2006TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
2007 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2008 .RsaEncryptionKey(768, 3)
2009 .Padding(KM_PAD_RSA_OAEP)
2010 .Digest(KM_DIGEST_SHA_2_256)
2011 .Digest(KM_DIGEST_SHA_2_384)));
2012 string message = "Hello World!";
2013 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
2014
2015 string result;
2016 size_t input_consumed;
2017 AuthorizationSet begin_params(client_params());
2018 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2019 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
2020 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2021 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
2022 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
2023 EXPECT_EQ(0U, result.size());
2024
2025 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2026 EXPECT_EQ(4, GetParam()->keymaster0_calls());
2027}
2028
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2029TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2030 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2031 .RsaEncryptionKey(512, 3)
2032 .Padding(KM_PAD_RSA_OAEP)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2033 .Digest(KM_DIGEST_SHA1)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2034 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2035 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2036 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2037
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2038 AuthorizationSet begin_params(client_params());
2039 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2040 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2041 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2042 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2043 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2044 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2045
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2046 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2047 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2048}
2049
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2050TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2051 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2052 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2053 .RsaEncryptionKey(768, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2054 .Padding(KM_PAD_RSA_OAEP)
2055 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2056 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2057 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2058 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2059
2060 // Corrupt the ciphertext
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2061 ciphertext[key_size / 8 / 2]++;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2062
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2063 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2064 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2065 AuthorizationSet begin_params(client_params());
2066 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2067 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2068 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2069 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2070 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2071 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2072
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2073 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2074 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2075}
2076
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2077TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2078 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2079 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2080 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2081 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2082 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2083
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2084 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2085 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2086
2087 // PKCS1 v1.5 randomizes padding so every result should be different.
2088 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2089
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2090 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2091 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2092}
2093
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2094TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2095 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2096 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2097 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2098 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2099 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2100
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2101 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2102 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2103
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2104 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2105 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2106}
2107
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2108TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2109 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2110 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]2111 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2112 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2113 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2114
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2115 AuthorizationSet begin_params(client_params());
2116 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2117 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2118 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2119 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2120 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2121
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2122 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2123 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2124}
2125
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2126TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
2127 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2128 .RsaEncryptionKey(512, 3)
2129 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
2130 .Digest(KM_DIGEST_NONE)));
2131 string message = "Hello World!";
2132 string result;
2133
2134 AuthorizationSet begin_params(client_params());
2135 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2136 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
2137 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2138
2139 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2140 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2141}
2142
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2143TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2144 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2145 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2146 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2147 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2148 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2149
2150 // Corrupt the ciphertext
2151 ciphertext[512 / 8 / 2]++;
2152
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2153 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2154 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2155 AuthorizationSet begin_params(client_params());
2156 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2157 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2158 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2159 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2160 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2161
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2162 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2163 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2164}
2165
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2166TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2167 ASSERT_EQ(KM_ERROR_OK,
2168 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2169
2170 AuthorizationSet begin_params(client_params());
2171 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2172 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2173
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2174 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2175 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2176}
2177
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2178TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2179 ASSERT_EQ(KM_ERROR_OK,
2180 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2181 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2182 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2183
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2184 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2185 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2186}
2187
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2188TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2189 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2190 .HmacKey(128)
2191 .Digest(KM_DIGEST_SHA_2_256)
2192 .Padding(KM_PAD_NONE)
2193 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2194 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2195 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2196
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2197 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2198}
2199
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2200TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2201 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2202 .AesEncryptionKey(128)
2203 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2204 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2205 // Two-block message.
2206 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2207 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2208 EXPECT_EQ(message.size(), ciphertext1.size());
2209
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2210 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2211 EXPECT_EQ(message.size(), ciphertext2.size());
2212
2213 // ECB is deterministic.
2214 EXPECT_EQ(ciphertext1, ciphertext2);
2215
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2216 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2217 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2218
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2219 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2220}
2221
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2222TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2223 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2224 .AesEncryptionKey(128)
2225 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2226 .Padding(KM_PAD_NONE)));
2227 // Two-block message.
2228 string message = "12345678901234567890123456789012";
2229 AuthorizationSet begin_params(client_params());
2230 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2231 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2232 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2233
2234 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2235}
2236
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2237TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2238 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2239 .AesEncryptionKey(128)
2240 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2241 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2242 // Message is slightly shorter than two blocks.
2243 string message = "1234567890123456789012345678901";
2244
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2245 AuthorizationSet begin_params(client_params());
2246 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2247 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2248 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2249 string ciphertext;
2250 size_t input_consumed;
2251 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2252 EXPECT_EQ(message.size(), input_consumed);
2253 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2254
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2255 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2256}
2257
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2258TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2259 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2260 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2261 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2262 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2263
2264 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2265 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2266 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2267 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2268 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2269 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2270 EXPECT_EQ(message, plaintext);
2271 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2272
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2273 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2274}
2275
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2276TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2277 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2278 .AesEncryptionKey(128)
2279 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2280 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2281
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]2282 // Try various message lengths; all should fail.
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2283 for (size_t i = 0; i < 32; ++i) {
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]2284 AuthorizationSet begin_params(client_params());
2285 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2286 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
2287 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE,
2288 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2289 }
2290
2291 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2292}
2293
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2294TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2295 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2296 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2297 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2298 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2299
2300 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2301 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2302 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2303 EXPECT_NE(ciphertext, message);
2304 ++ciphertext[ciphertext.size() / 2];
2305
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2306 AuthorizationSet begin_params(client_params());
2307 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2308 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2309 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2310 string plaintext;
2311 size_t input_consumed;
2312 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2313 EXPECT_EQ(ciphertext.size(), input_consumed);
2314 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2315
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2316 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2317}
2318
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2319TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2320 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2321 .AesEncryptionKey(128)
2322 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2323 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2324 string message = "123";
2325 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2326 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2327 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2328 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2329
2330 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2331 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2332 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2333 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2334
2335 // IVs should be random, so ciphertexts should differ.
2336 EXPECT_NE(iv1, iv2);
2337 EXPECT_NE(ciphertext1, ciphertext2);
2338
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2339 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2340 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2341
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2342 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2343}
2344
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2345TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2346 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2347 .AesEncryptionKey(128)
2348 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2349 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2350
2351 int increment = 15;
2352 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2353 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2354 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2355 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2356 AuthorizationSet output_params;
2357 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2358
2359 string ciphertext;
2360 size_t input_consumed;
2361 for (size_t i = 0; i < message.size(); i += increment)
2362 EXPECT_EQ(KM_ERROR_OK,
2363 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2364 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2365 EXPECT_EQ(message.size(), ciphertext.size());
2366
2367 // Move TAG_NONCE into input_params
2368 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2369 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2370 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2371 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2372 output_params.Clear();
2373
2374 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2375 string plaintext;
2376 for (size_t i = 0; i < ciphertext.size(); i += increment)
2377 EXPECT_EQ(KM_ERROR_OK,
2378 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2379 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2380 EXPECT_EQ(ciphertext.size(), plaintext.size());
2381 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2382
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2383 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2384}
2385
2386struct AesCtrSp80038aTestVector {
2387 const char* key;
2388 const char* nonce;
2389 const char* plaintext;
2390 const char* ciphertext;
2391};
2392
2393// These test vectors are taken from
2394// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2395static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2396 // AES-128
2397 {
2398 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2399 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2400 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2401 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2402 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2403 },
2404 // AES-192
2405 {
2406 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2407 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2408 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2409 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2410 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2411 },
2412 // AES-256
2413 {
2414 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2415 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2416 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2417 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2418 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2419 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2420 },
2421};
2422
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2423TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2424 for (size_t i = 0; i < 3; i++) {
2425 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2426 const string key = hex2str(test.key);
2427 const string nonce = hex2str(test.nonce);
2428 const string plaintext = hex2str(test.plaintext);
2429 const string ciphertext = hex2str(test.ciphertext);
2430 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2431 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2432
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2433 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2434}
2435
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2436TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2437 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2438 .AesEncryptionKey(128)
2439 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2440 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2441 AuthorizationSet begin_params(client_params());
2442 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2443 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2444 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2445
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2446 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2447}
2448
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2449TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2450 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2451 .AesEncryptionKey(128)
2452 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2453 .Authorization(TAG_CALLER_NONCE)
2454 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2455
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2456 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2457 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2458 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2459 input_params.push_back(TAG_NONCE, "123", 3);
2460 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2461
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2462 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2463}
2464
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2465TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2466 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2467 .AesEncryptionKey(128)
2468 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2469 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2470 // Two-block message.
2471 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2472 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2473 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2474 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2475
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2476 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2477 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2478 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2479
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2480 // IVs should be random, so ciphertexts should differ.
2481 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2482 EXPECT_NE(ciphertext1, ciphertext2);
2483
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2484 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2485 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2486
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2487 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2488}
2489
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2490TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2491 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2492 .AesEncryptionKey(128)
2493 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2494 .Authorization(TAG_CALLER_NONCE)
2495 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2496 string message = "12345678901234567890123456789012";
2497 string iv1;
2498 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2499 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2500 EXPECT_EQ(message.size(), ciphertext1.size());
2501 EXPECT_EQ(16U, iv1.size());
2502
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2503 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2504 EXPECT_EQ(message, plaintext);
2505
2506 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2507 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2508 AuthorizationSet update_params;
2509 AuthorizationSet output_params;
2510 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2511 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2512 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2513 string ciphertext2 =
2514 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2515
2516 // Decrypt with correct nonce.
2517 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2518 &output_params);
2519 EXPECT_EQ(message, plaintext);
2520
2521 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2522 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2523 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2524 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2525 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2526 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2527 &output_params);
2528 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2529
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2530 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2531}
2532
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2533TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2535 .AesEncryptionKey(128)
2536 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2537 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2538
2539 string message = "12345678901234567890123456789012";
2540 string iv1;
2541 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2542 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2543 EXPECT_EQ(message.size(), ciphertext1.size());
2544 EXPECT_EQ(16U, iv1.size());
2545
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2546 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2547 EXPECT_EQ(message, plaintext);
2548
2549 // Now specify a nonce, should fail.
2550 AuthorizationSet input_params(client_params());
2551 AuthorizationSet update_params;
2552 AuthorizationSet output_params;
2553 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2554 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2555 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2556
2557 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2558 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2559
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2560 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2561}
2562
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2563TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2564 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2565 .AesEncryptionKey(128)
2566 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2567 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2568
2569 int increment = 15;
2570 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2571 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2572 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2573 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2574 AuthorizationSet output_params;
2575 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2576
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2577 string ciphertext;
2578 size_t input_consumed;
2579 for (size_t i = 0; i < message.size(); i += increment)
2580 EXPECT_EQ(KM_ERROR_OK,
2581 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2582 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2583 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2584
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2585 // Move TAG_NONCE into input_params
2586 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2587 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2588 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2589 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2590 output_params.Clear();
2591
2592 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2593 string plaintext;
2594 for (size_t i = 0; i < ciphertext.size(); i += increment)
2595 EXPECT_EQ(KM_ERROR_OK,
2596 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2597 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2598 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2599 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2600
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2601 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2602}
2603
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2604TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2605 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2606 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2607 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2608 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2609
2610 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2611 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2612 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2613 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2614 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2615 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2616 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2617 EXPECT_EQ(message, plaintext);
2618 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2619
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2620 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2621}
2622
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2623TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2624 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2625 .AesEncryptionKey(128)
2626 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2627 .Authorization(TAG_PADDING, KM_PAD_NONE)
2628 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2629 string aad = "foobar";
2630 string message = "123456789012345678901234567890123456";
2631 AuthorizationSet begin_params(client_params());
2632 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2633 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2634 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2635
2636 AuthorizationSet update_params;
2637 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2638
2639 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2640 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2641 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2642 string ciphertext;
2643 size_t input_consumed;
2644 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2645 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2646 &input_consumed));
2647 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2648 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2649
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2650 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2651 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2652 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2653
2654 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2655 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2656 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2657 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2658 &plaintext, &input_consumed));
2659 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2660 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2661
2662 EXPECT_EQ(message, plaintext);
2663 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2664}
2665
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2666TEST_P(EncryptionOperationsTest, AesGcmTooShortTag) {
2667 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2668 .AesEncryptionKey(128)
2669 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2670 .Authorization(TAG_PADDING, KM_PAD_NONE)
2671 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2672 string aad = "foobar";
2673 string message = "123456789012345678901234567890123456";
2674 AuthorizationSet begin_params(client_params());
2675 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2676 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2677 begin_params.push_back(TAG_MAC_LENGTH, 96);
2678
2679 AuthorizationSet update_params;
2680 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2681
2682 AuthorizationSet begin_out_params;
2683 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
2684 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2685
2686 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2687}
2688
2689TEST_P(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) {
2690 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2691 .AesEncryptionKey(128)
2692 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2693 .Authorization(TAG_PADDING, KM_PAD_NONE)
2694 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2695 string aad = "foobar";
2696 string message = "123456789012345678901234567890123456";
2697 AuthorizationSet begin_params(client_params());
2698 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2699 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2700 begin_params.push_back(TAG_MAC_LENGTH, 128);
2701
2702 AuthorizationSet update_params;
2703 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2704
2705 // Encrypt
2706 AuthorizationSet begin_out_params;
2707 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2708 string ciphertext;
2709 size_t input_consumed;
2710 AuthorizationSet update_out_params;
2711 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2712 &input_consumed));
2713 EXPECT_EQ(message.size(), input_consumed);
2714 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2715
2716 // Grab nonce
2717 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2718 begin_params.Reinitialize(client_params());
2719 begin_params.push_back(begin_out_params);
2720 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2721 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2722 begin_params.push_back(TAG_MAC_LENGTH, 96);
2723
2724 // Decrypt.
2725 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2726
2727 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2728}
2729
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2730TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2731 uint8_t nonce[] = {
2732 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2733 };
2734 uint8_t ciphertext[] = {
2735 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2736 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2737 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2738 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2739 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2740 };
2741 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2742
2743 AuthorizationSet begin_params(client_params());
2744 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2745 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2746 begin_params.push_back(TAG_MAC_LENGTH, 128);
2747 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2748
2749 string plaintext;
2750 size_t input_consumed;
2751
2752 // Import correct key and decrypt
2753 uint8_t good_key[] = {
2754 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2755 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2756 };
2757 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2758 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2759 .AesEncryptionKey(128)
2760 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2761 .Authorization(TAG_PADDING, KM_PAD_NONE)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2762 .Authorization(TAG_CALLER_NONCE)
2763 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2764 KM_KEY_FORMAT_RAW, good_key_str));
2765 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2766 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2767 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2768
2769 // Import bad key and decrypt
2770 uint8_t bad_key[] = {
2771 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2772 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2773 };
2774 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2775 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2776 .AesEncryptionKey(128)
2777 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2778 .Authorization(TAG_PADDING, KM_PAD_NONE)
2779 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2780 KM_KEY_FORMAT_RAW, bad_key_str));
2781 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2782 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2783 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2784
2785 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2786}
2787
2788TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2789 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2790 .AesEncryptionKey(128)
2791 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2792 .Authorization(TAG_PADDING, KM_PAD_NONE)
2793 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2794 string aad = "123456789012345678";
2795 string empty_message;
2796 AuthorizationSet begin_params(client_params());
2797 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2798 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2799 begin_params.push_back(TAG_MAC_LENGTH, 128);
2800
2801 AuthorizationSet update_params;
2802 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2803
2804 // Encrypt
2805 AuthorizationSet begin_out_params;
2806 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2807 string ciphertext;
2808 size_t input_consumed;
2809 AuthorizationSet update_out_params;
2810 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2811 &ciphertext, &input_consumed));
2812 EXPECT_EQ(0U, input_consumed);
2813 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2814
2815 // Grab nonce
2816 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2817 begin_params.push_back(begin_out_params);
2818
2819 // Decrypt.
2820 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2821 string plaintext;
2822 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2823 &plaintext, &input_consumed));
2824 EXPECT_EQ(ciphertext.size(), input_consumed);
2825 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2826
2827 EXPECT_EQ(empty_message, plaintext);
2828 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2829}
2830
2831TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2832 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2833 .AesEncryptionKey(128)
2834 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2835 .Authorization(TAG_PADDING, KM_PAD_NONE)
2836 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2837 AuthorizationSet begin_params(client_params());
2838 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2839 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2840 begin_params.push_back(TAG_MAC_LENGTH, 128);
2841
2842 AuthorizationSet update_params;
2843 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2844
2845 // Encrypt
2846 AuthorizationSet begin_out_params;
2847 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2848 string ciphertext;
2849 size_t input_consumed;
2850 AuthorizationSet update_out_params;
2851
2852 // Send AAD, incrementally
2853 for (int i = 0; i < 1000; ++i) {
2854 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2855 &input_consumed));
2856 EXPECT_EQ(0U, input_consumed);
2857 EXPECT_EQ(0U, ciphertext.size());
2858 }
2859
2860 // Now send data, incrementally, no data.
2861 AuthorizationSet empty_params;
2862 for (int i = 0; i < 1000; ++i) {
2863 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2864 &input_consumed));
2865 EXPECT_EQ(1U, input_consumed);
2866 }
2867 EXPECT_EQ(1000U, ciphertext.size());
2868
2869 // And finish.
2870 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2871 EXPECT_EQ(1016U, ciphertext.size());
2872
2873 // Grab nonce
2874 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2875 begin_params.push_back(begin_out_params);
2876
2877 // Decrypt.
2878 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2879 string plaintext;
2880
2881 // Send AAD, incrementally, no data
2882 for (int i = 0; i < 1000; ++i) {
2883 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2884 &input_consumed));
2885 EXPECT_EQ(0U, input_consumed);
2886 EXPECT_EQ(0U, plaintext.size());
2887 }
2888
2889 // Now send data, incrementally.
2890 for (size_t i = 0; i < ciphertext.length(); ++i) {
2891 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2892 &update_out_params, &plaintext, &input_consumed));
2893 EXPECT_EQ(1U, input_consumed);
2894 }
2895 EXPECT_EQ(1000U, plaintext.size());
2896 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2897
2898 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2899}
2900
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2901TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2902 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2903 .AesEncryptionKey(128)
2904 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2905 .Authorization(TAG_PADDING, KM_PAD_NONE)
2906 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2907 string message = "123456789012345678901234567890123456";
2908 AuthorizationSet begin_params(client_params());
2909 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2910 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2911 begin_params.push_back(TAG_MAC_LENGTH, 128);
2912 AuthorizationSet begin_out_params;
2913
2914 AuthorizationSet update_params;
2915 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2916
2917 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2918
2919 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2920 string ciphertext;
2921 size_t input_consumed;
2922 AuthorizationSet update_out_params;
2923 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2924 &ciphertext, &input_consumed));
2925 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2926
2927 // AAD and data.
2928 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2929 &input_consumed));
2930 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2931 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2932
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2933 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2934 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2935 begin_params.push_back(begin_out_params);
2936
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2937 // Decrypt
2938 update_params.Clear();
2939 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2940
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2941 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2942 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2943 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2944 &plaintext, &input_consumed));
2945 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2946 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2947
2948 EXPECT_EQ(message, plaintext);
2949 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2950}
2951
2952TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2953 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2954 .AesEncryptionKey(128)
2955 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2956 .Authorization(TAG_PADDING, KM_PAD_NONE)
2957 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2958 string message = "12345678901234567890123456789012";
2959 AuthorizationSet begin_params(client_params());
2960 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2961 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2962 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2963
2964 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2965 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2966
2967 AuthorizationSet finish_params;
2968 AuthorizationSet finish_out_params;
2969
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2970 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2971 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2972 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2973 AuthorizationSet update_out_params;
2974 string ciphertext;
2975 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2976 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2977 &input_consumed));
2978 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2979 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2980
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2981 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2982 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2983 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2984
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2985 update_params.Clear();
2986 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2987
2988 // Decrypt.
2989 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2990 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2991 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2992 &plaintext, &input_consumed));
2993 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2994 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2995
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2996 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2997}
2998
2999TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
3000 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3001 .AesEncryptionKey(128)
3002 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3003 .Authorization(TAG_PADDING, KM_PAD_NONE)
3004 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3005 string message = "12345678901234567890123456789012";
3006 AuthorizationSet begin_params(client_params());
3007 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3008 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3009 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3010
3011 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3012 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3013
3014 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3015 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3016 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3017 AuthorizationSet update_out_params;
3018 string ciphertext;
3019 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3020 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3021 &input_consumed));
3022 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3023 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3024
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3025 begin_params.push_back(TAG_NONCE, "123456789012", 12);
3026
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3027 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3028 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3029 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3030 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3031 &plaintext, &input_consumed));
3032 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3033 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3034
3035 // With wrong nonce, should have gotten garbage plaintext.
3036 EXPECT_NE(message, plaintext);
3037 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3038}
3039
3040TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
3041 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3042 .AesEncryptionKey(128)
3043 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3044 .Authorization(TAG_PADDING, KM_PAD_NONE)
3045 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3046 string aad = "foobar";
3047 string message = "123456789012345678901234567890123456";
3048 AuthorizationSet begin_params(client_params());
3049 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3050 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3051 begin_params.push_back(TAG_MAC_LENGTH, 128);
3052 AuthorizationSet begin_out_params;
3053
3054 AuthorizationSet update_params;
3055 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3056
3057 // Encrypt
3058 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3059 AuthorizationSet update_out_params;
3060 string ciphertext;
3061 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3062 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3063 &input_consumed));
3064 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3065 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3066
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3067 // Corrupt tag
3068 (*ciphertext.rbegin())++;
3069
3070 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3071 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3072 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3073
3074 // Decrypt.
3075 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3076 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3077 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3078 &plaintext, &input_consumed));
3079 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3080 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3081
3082 EXPECT_EQ(message, plaintext);
3083 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3084}
3085
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]3086typedef Keymaster1Test MaxOperationsTest;
3087INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
3088
3089TEST_P(MaxOperationsTest, TestLimit) {
3090 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3091 .AesEncryptionKey(128)
3092 .EcbMode()
3093 .Authorization(TAG_PADDING, KM_PAD_NONE)
3094 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3095
3096 string message = "1234567890123456";
3097 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3098 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3099 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3100
3101 // Fourth time should fail.
3102 AuthorizationSet begin_params(client_params());
3103 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3104 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3105 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3106
3107 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3108}
3109
3110TEST_P(MaxOperationsTest, TestAbort) {
3111 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3112 .AesEncryptionKey(128)
3113 .EcbMode()
3114 .Authorization(TAG_PADDING, KM_PAD_NONE)
3115 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3116
3117 string message = "1234567890123456";
3118 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3119 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3120 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3121
3122 // Fourth time should fail.
3123 AuthorizationSet begin_params(client_params());
3124 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3125 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3126 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3127
3128 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3129}
3130
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]3131typedef Keymaster1Test AddEntropyTest;
3132INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
3133
3134TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3135 // There's no obvious way to test that entropy is actually added, but we can test that the API
3136 // doesn't blow up or return an error.
3137 EXPECT_EQ(KM_ERROR_OK,
3138 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3139
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3140 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3141}
3142
3143typedef Keymaster1Test Keymaster0AdapterTest;
3144INSTANTIATE_TEST_CASE_P(
3145 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3146 ::testing::Values(
3147 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
3148 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3149
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3150TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3151 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3152 // key data.
3153 string km1_sw = read_file("km1_sw_rsa_512.blob");
3154 EXPECT_EQ(486U, km1_sw.length());
3155
3156 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3157 memcpy(key_data, km1_sw.data(), km1_sw.length());
3158 set_key_blob(key_data, km1_sw.length());
3159
3160 string message(64, 'a');
3161 string signature;
3162 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3163
3164 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3165}
3166
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]3167TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
3168 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
3169 // blobs contain OCB-encrypted key data.
3170 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
3171 EXPECT_EQ(477U, km1_sw.length());
3172
3173 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3174 memcpy(key_data, km1_sw.data(), km1_sw.length());
3175 set_key_blob(key_data, km1_sw.length());
3176
3177 string message(64, 'a');
3178 string signature;
3179 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3180
3181 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3182}
3183
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3184TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
3185 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3186 // key data.
3187 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
3188 EXPECT_EQ(270U, km1_sw.length());
3189
3190 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3191 memcpy(key_data, km1_sw.data(), km1_sw.length());
3192 set_key_blob(key_data, km1_sw.length());
3193
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]3194 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3195 string signature;
3196 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3197
3198 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3199}
3200
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3201struct Malloc_Delete {
3202 void operator()(void* p) { free(p); }
3203};
3204
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3205TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3206 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3207 string km0_sw = read_file("km0_sw_rsa_512.blob");
3208 EXPECT_EQ(333U, km0_sw.length());
3209
3210 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3211 memcpy(key_data, km0_sw.data(), km0_sw.length());
3212 set_key_blob(key_data, km0_sw.length());
3213
3214 string message(64, 'a');
3215 string signature;
3216 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3217
3218 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3219}
3220
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3221TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3222 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3223 string km0_sw = read_file("km0_sw_rsa_512.blob");
3224 EXPECT_EQ(333U, km0_sw.length());
3225
3226 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3227 memcpy(key_data, km0_sw.data(), km0_sw.length());
3228 set_key_blob(key_data, km0_sw.length());
3229
3230 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3231 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3232 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3233 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3234 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3235 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3236 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3237 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3238 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3239 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3240
3241 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3242}
3243
3244TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3245 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3246 string km0_sw = read_file("km0_sw_rsa_512.blob");
3247 EXPECT_EQ(333U, km0_sw.length());
3248
3249 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3250 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3251 EXPECT_EQ('P', km0_sw[0]);
3252 km0_sw[0] = 'Q';
3253
3254 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3255 memcpy(key_data, km0_sw.data(), km0_sw.length());
3256 set_key_blob(key_data, km0_sw.length());
3257
3258 string message(64, 'a');
3259 string signature;
3260 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3261 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3262
3263 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3264}
3265
3266TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3267 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3268 string km0_sw = read_file("km0_sw_rsa_512.blob");
3269 EXPECT_EQ(333U, km0_sw.length());
3270
3271 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3272 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3273 EXPECT_EQ('P', km0_sw[0]);
3274 km0_sw[0] = 'Q';
3275
3276 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3277 memcpy(key_data, km0_sw.data(), km0_sw.length());
3278 set_key_blob(key_data, km0_sw.length());
3279
3280 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3281 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3282 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3283 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3284 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]3285 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_MD5));
3286 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA1));
3287 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_224));
3288 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_256));
3289 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_384));
3290 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_512));
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3291 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]3292 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT));
3293 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN));
3294 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_OAEP));
3295 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PSS));
3296 EXPECT_EQ(15U, hw_enforced().size());
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3297
3298 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3299 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3300 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3301 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3302
3303 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3304 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3305 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3306 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3307 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3308
3309 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3310}
3311
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3312} // namespace test
3313} // namespace keymaster