Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / c0a63805e4f21e46cc533ec0938306ca997c9a2d / . / android_keymaster_test.cpp
blob: af829e6009000f3427c81a6cafdf4a8e23de3a24 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]29#include "openssl_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]30
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]31using std::ifstream;
32using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]33using std::string;
34using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]35using std::unique_ptr;
36
37extern "C" {
38int __android_log_print(int prio, const char* tag, const char* fmt);
39int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]40 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]41 return 0;
42}
43} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]44
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]45namespace keymaster {
46namespace test {
47
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]48StdoutLogger logger;
49
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]50template <typename T> vector<T> make_vector(const T* array, size_t len) {
51 return vector<T>(array, array + len);
52}
53
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]54class TestKeymasterEnforcement : public KeymasterEnforcement {
55 public:
56 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
57
58 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
59 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
60 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
61 uint32_t /* timeout */) const {
62 return false;
63 }
64 virtual uint32_t get_current_time() const { return 0; }
65 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
66};
67
68class TestKeymasterContext : public SoftKeymasterContext {
69 public:
70 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
71 : SoftKeymasterContext(keymaster0) {}
72
73 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
74
75 private:
76 TestKeymasterEnforcement test_policy_;
77};
78
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]79class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
80 public:
81 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]82 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]83 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]84 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]85 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]86
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]87 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]88 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]89};
90
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]91class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
92 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]93 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
94
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]95 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]96 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
97 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]98 hw_device_t* softkeymaster_device;
99 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
100 &softkeymaster_device));
101 // Make the software device pretend to be hardware
102 keymaster0_device_t* keymaster0_device =
103 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]104 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
105
106 if (!support_ec_) {
107 // Make the software device pretend not to support EC
108 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
109 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]110
111 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
112
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]113 SoftKeymasterDevice* keymaster =
114 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]115 return keymaster->keymaster_device();
116 }
117
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]118 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
119 switch (algorithm) {
120 case KM_ALGORITHM_RSA:
121 return true;
122 case KM_ALGORITHM_EC:
123 return support_ec_;
124 default:
125 return false;
126 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]127 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]128 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
129
130 private:
131 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]132 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]133};
134
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]135static auto test_params = testing::Values(
136 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
137 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
138 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]139
140typedef Keymaster1Test CheckSupported;
141INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
142
143TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]144 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
145 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]146
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]147 size_t len;
148 keymaster_algorithm_t* algorithms;
149 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]150 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]151 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]152 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]153
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]154 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]155}
156
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]157TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]158 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
159 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
160 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]161
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]162 size_t len;
163 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]164 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]165 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]166 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]167 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]168
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]169 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]170 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]171 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]172
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]173 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]174 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]175 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]176 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]177
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]178 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]179}
180
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]181TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]182 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
183 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
184 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]185
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]186 size_t len;
187 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]188 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]189 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]190 EXPECT_TRUE(
191 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]192 free(modes);
193
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]194 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]195 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]196 EXPECT_TRUE(
197 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]198 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]199
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]200 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]201 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]202 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]203 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]204
205 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
206 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
207 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]208
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]209 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]210}
211
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]212TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]213 EXPECT_EQ(
214 KM_ERROR_OUTPUT_PARAMETER_NULL,
215 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]216
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]217 size_t len;
218 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]219 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]220 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]221 EXPECT_TRUE(
222 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
223 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
224 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]225 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]226
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]227 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]228 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]229 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
230 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
231 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]232 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]233
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]234 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
235 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
236 &len));
237
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]238 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]239 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]240 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
241 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
242 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]243 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]244
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]245 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]246}
247
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]248TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]249 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
250 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]251
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]252 size_t len;
253 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]254 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]255 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]256 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]257 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]258
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]259 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]260 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
261 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
262 free(formats);
263
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]264 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]265 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
266 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
267 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]268
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]269 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]270}
271
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]272TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]273 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
274 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]275
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]276 size_t len;
277 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]278 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]279 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]280 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]281 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]282
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]283 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]284 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]285 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]286 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]287
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]288 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]289 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]290 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]291 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]292
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]293 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]294 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]295 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]296 free(formats);
297
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]298 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]299 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]300 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]301 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]302
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]303 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]304}
305
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]306class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]307 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]308 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]309 AuthorizationSet auths = sw_enforced();
310 EXPECT_GT(auths.SerializedSize(), 12U);
311
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]312 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
313 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
314 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]315 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]316 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]317
318 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]319 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
320 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
321 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]322
323 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]324 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
325 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
326 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]327
328 // Now check that unspecified, defaulted tags are correct.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]329 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]330 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]331};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]332INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
333
334TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]335 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
336 .RsaSigningKey(256, 3)
337 .Digest(KM_DIGEST_NONE)
338 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]339 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]340
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]341 // Check specified tags are all present, and in the right set.
342 AuthorizationSet crypto_params;
343 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]344 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]345 EXPECT_NE(0U, hw_enforced().size());
346 EXPECT_NE(0U, sw_enforced().size());
347 crypto_params.push_back(hw_enforced());
348 non_crypto_params.push_back(sw_enforced());
349 } else {
350 EXPECT_EQ(0U, hw_enforced().size());
351 EXPECT_NE(0U, sw_enforced().size());
352 crypto_params.push_back(sw_enforced());
353 }
354
355 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
356 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
357 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
358 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
359 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
360 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
361
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]362 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]363 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]364}
365
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]366TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]367 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
368 GenerateKey(AuthorizationSetBuilder()
369 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
370 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
371 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]372
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]373 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]374}
375
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]376TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]377 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]378 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]379 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]380
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]381 // Check specified tags are all present, and in the right set.
382 AuthorizationSet crypto_params;
383 AuthorizationSet non_crypto_params;
384 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
385 EXPECT_NE(0U, hw_enforced().size());
386 EXPECT_NE(0U, sw_enforced().size());
387 crypto_params.push_back(hw_enforced());
388 non_crypto_params.push_back(sw_enforced());
389 } else {
390 EXPECT_EQ(0U, hw_enforced().size());
391 EXPECT_NE(0U, sw_enforced().size());
392 crypto_params.push_back(sw_enforced());
393 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]394
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]395 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
396 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
397 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
398 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
399
400 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
401 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]402}
403
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]404TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]405 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
406 GenerateKey(AuthorizationSetBuilder()
407 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
408 .SigningKey()
409 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]410
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]411 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]412}
413
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]414TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]415 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
416 ASSERT_EQ(
417 KM_ERROR_UNKNOWN_ERROR,
418 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
419 else
420 ASSERT_EQ(
421 KM_ERROR_UNSUPPORTED_KEY_SIZE,
422 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]423
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]424 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
425 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]426}
427
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]428TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]429 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]430 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]431 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
432 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]433 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]434 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]435
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]436 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
437 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]438}
439
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]440TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]441 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
442 .HmacKey(128)
443 .Digest(KM_DIGEST_SHA_2_256)
444 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
445
446 EXPECT_EQ(0, GetParam()->keymaster0_calls());
447}
448
449TEST_P(NewKeyGeneration, HmacMultipleDigests) {
450 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
451 GenerateKey(AuthorizationSetBuilder()
452 .HmacKey(128)
453 .Digest(KM_DIGEST_SHA1)
454 .Digest(KM_DIGEST_SHA_2_256)
455 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
456
457 EXPECT_EQ(0, GetParam()->keymaster0_calls());
458}
459
460TEST_P(NewKeyGeneration, HmacDigestNone) {
461 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
462 GenerateKey(AuthorizationSetBuilder()
463 .HmacKey(128)
464 .Digest(KM_DIGEST_NONE)
465 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
466
467 EXPECT_EQ(0, GetParam()->keymaster0_calls());
468}
469
470TEST_P(NewKeyGeneration, HmacSha256TooShortMacLength) {
471 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
472 GenerateKey(AuthorizationSetBuilder()
473 .HmacKey(128)
474 .Digest(KM_DIGEST_SHA_2_256)
475 .Authorization(TAG_MIN_MAC_LENGTH, 48)));
476
477 EXPECT_EQ(0, GetParam()->keymaster0_calls());
478}
479
480TEST_P(NewKeyGeneration, HmacSha256NonIntegralOctetMacLength) {
481 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
482 GenerateKey(AuthorizationSetBuilder()
483 .HmacKey(128)
484 .Digest(KM_DIGEST_SHA_2_256)
485 .Authorization(TAG_MIN_MAC_LENGTH, 130)));
486
487 EXPECT_EQ(0, GetParam()->keymaster0_calls());
488}
489
490TEST_P(NewKeyGeneration, HmacSha256TooLongMacLength) {
491 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
492 GenerateKey(AuthorizationSetBuilder()
493 .HmacKey(128)
494 .Digest(KM_DIGEST_SHA_2_256)
495 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]496
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]497 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]498}
499
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]500typedef Keymaster1Test GetKeyCharacteristics;
501INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
502
503TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]504 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
505 .RsaSigningKey(256, 3)
506 .Digest(KM_DIGEST_NONE)
507 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]508 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]509
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]510 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
511 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]513 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]514 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]515}
516
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]517typedef Keymaster1Test SigningOperationsTest;
518INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
519
520TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]521 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
522 .RsaSigningKey(256, 3)
523 .Digest(KM_DIGEST_NONE)
524 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]525 string message = "12345678901234567890123456789012";
526 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]527 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]528
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]529 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]530 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]531}
532
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]533TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]534 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
535 .RsaSigningKey(512, 3)
536 .Digest(KM_DIGEST_SHA_2_256)
537 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]538 // Use large message, which won't work without digesting.
539 string message(1024, 'a');
540 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]541 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]542
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]543 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]544 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]545}
546
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]547TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]548 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
549 .RsaSigningKey(512, 3)
550 .Digest(KM_DIGEST_NONE)
551 .Padding(KM_PAD_NONE)));
552 string message = "12345678901234567890123456789012";
553 string signature;
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]554
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]555 AuthorizationSet begin_params(client_params());
556 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
557 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
558 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]559}
560
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]561TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]562 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
563 .RsaSigningKey(512, 3)
564 .Digest(KM_DIGEST_SHA_2_256)
565 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]566 string message(1024, 'a');
567 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]568 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]569
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]570 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]571 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]572}
573
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]574TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
575 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
576 .RsaSigningKey(512, 3)
577 .Digest(KM_DIGEST_NONE)
578 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
579 string message(53, 'a');
580 string signature;
581 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
582
583 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
584 EXPECT_EQ(3, GetParam()->keymaster0_calls());
585}
586
587TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
588 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
589 .RsaSigningKey(512, 3)
590 .Digest(KM_DIGEST_NONE)
591 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
592 string message(54, 'a');
593
594 AuthorizationSet begin_params(client_params());
595 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
596 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
597 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
598 string result;
599 size_t input_consumed;
600 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
601 string signature;
602 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
603
604 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
605 EXPECT_EQ(2, GetParam()->keymaster0_calls());
606}
607
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]608TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]609 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
610 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]611 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
612 .RsaSigningKey(256 + 9 * 8, 3)
613 .Digest(KM_DIGEST_SHA_2_256)
614 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]615 string message(1024, 'a');
616 string signature;
617
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]618 AuthorizationSet begin_params(client_params());
619 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]620 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]621 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]622}
623
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]624TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
625 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
626 .RsaSigningKey(256, 3)
627 .Digest(KM_DIGEST_NONE)
628 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
629 string message(64 * 1024, 'a');
630 string signature;
631 AuthorizationSet begin_params(client_params());
632 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
633 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
634 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
635 string result;
636 size_t input_consumed;
637 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
638
639 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
640 EXPECT_EQ(2, GetParam()->keymaster0_calls());
641}
642
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]643TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]644 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
645 .RsaSigningKey(256, 3)
646 .Digest(KM_DIGEST_NONE)
647 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]648 AuthorizationSet begin_params(client_params());
649 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]650 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]652 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
653 // Another abort should fail
654 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]655
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]656 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]657 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]658}
659
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]660TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]661 GenerateKey(AuthorizationSetBuilder()
662 .RsaSigningKey(256, 3)
663 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
664 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]665 AuthorizationSet begin_params(client_params());
666 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
667 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]668
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]669 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]670 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]671}
672
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]673TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]674 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]675 GenerateKey(AuthorizationSetBuilder()
676 .RsaSigningKey(256, 3)
677 .Digest(KM_DIGEST_NONE)
678 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]679 AuthorizationSet begin_params(client_params());
680 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]681 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]682 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]683
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]684 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]685 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]686}
687
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]688TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]689 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]690 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
691 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]692 AuthorizationSet begin_params(client_params());
693 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
694 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]695
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]696 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]697 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]698}
699
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]700TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]701 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
702 .RsaSigningKey(256, 3)
703 .Digest(KM_DIGEST_NONE)
704 .Padding(KM_PAD_NONE)));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]705 string message = "1234567890123456789012345678901";
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]706 string signature;
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]707 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]708
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]709 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]710 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]711}
712
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]713TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]714 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
715 .RsaEncryptionKey(256, 3)
716 .Digest(KM_DIGEST_NONE)
717 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]718 AuthorizationSet begin_params(client_params());
719 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
720 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
721 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]722
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]723 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]724 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]725}
726
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]727TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]728 ASSERT_EQ(KM_ERROR_OK,
729 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]730 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]731 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]732 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]733
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]734 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
735 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]736}
737
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]738TEST_P(SigningOperationsTest, EcdsaSha256Success) {
739 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
740 KM_DIGEST_SHA_2_256)));
741 string message(1024, 'a');
742 string signature;
743 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
744
745 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
746 EXPECT_EQ(3, GetParam()->keymaster0_calls());
747}
748
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]749TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
750 ASSERT_EQ(KM_ERROR_OK,
751 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
752 string message(64 * 1024, 'a');
753 string signature;
754 AuthorizationSet begin_params(client_params());
755 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
756 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
757 string result;
758 size_t input_consumed;
759 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
760
761 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
762 EXPECT_EQ(2, GetParam()->keymaster0_calls());
763}
764
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]765TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) {
766 size_t len;
767 keymaster_digest_t* digest_arr;
768 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
769 KM_PURPOSE_SIGN, &digest_arr, &len));
770 vector<int> key_sizes = {224, 256, 384, 521};
771 vector<keymaster_digest_t> digests = make_vector(digest_arr, len);
772 free(digest_arr);
773
774 for (int key_size : key_sizes) {
775 for (keymaster_digest_t digest : digests) {
776 ASSERT_EQ(
777 KM_ERROR_OK,
778 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest)));
779
780 string message(1024, 'a');
781 string signature;
782 if (digest == KM_DIGEST_NONE)
783 message.resize(key_size / 8);
784 SignMessage(message, &signature, digest);
785 }
786 }
787
788 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
789 EXPECT_EQ(digests.size() * key_sizes.size() * 3,
790 static_cast<size_t>(GetParam()->keymaster0_calls()));
791}
792
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]793TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]794 ASSERT_EQ(KM_ERROR_OK,
795 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
796 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]797 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
798 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]799
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]800 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]801}
802
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]803TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]804 GenerateKey(AuthorizationSetBuilder()
805 .HmacKey(128)
806 .Digest(KM_DIGEST_SHA1)
807 .Authorization(TAG_MIN_MAC_LENGTH, 160));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]808 string message = "12345678901234567890123456789012";
809 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]810 MacMessage(message, &signature, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]811 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]812
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]813 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]814}
815
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]816TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]817 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
818 .HmacKey(128)
819 .Digest(KM_DIGEST_SHA_2_224)
820 .Authorization(TAG_MIN_MAC_LENGTH, 160)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]821 string message = "12345678901234567890123456789012";
822 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]823 MacMessage(message, &signature, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]824 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]825
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]826 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]827}
828
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]829TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]830 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
831 .HmacKey(128)
832 .Digest(KM_DIGEST_SHA_2_256)
833 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]834 string message = "12345678901234567890123456789012";
835 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]836 MacMessage(message, &signature, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]837 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]838
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]839 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]840}
841
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]842TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]843 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
844 .HmacKey(128)
845 .Digest(KM_DIGEST_SHA_2_384)
846 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]847
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]848 string message = "12345678901234567890123456789012";
849 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]850 MacMessage(message, &signature, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]851 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]852
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]853 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]854}
855
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]856TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]857 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
858 .HmacKey(128)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]859 .Digest(KM_DIGEST_SHA_2_512)
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]860 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
861 string message = "12345678901234567890123456789012";
862 string signature;
863 MacMessage(message, &signature, 512);
864 ASSERT_EQ(64U, signature.size());
865
866 EXPECT_EQ(0, GetParam()->keymaster0_calls());
867}
868
869TEST_P(SigningOperationsTest, HmacLengthInKey) {
870 // TODO(swillden): unified API should generate an error on key generation.
871 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
872 .HmacKey(128)
873 .Digest(KM_DIGEST_SHA_2_512)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]874 .Authorization(TAG_MIN_MAC_LENGTH, 512)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]875 string message = "12345678901234567890123456789012";
876 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]877 MacMessage(message, &signature, 512);
878 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]879
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]880 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]881}
882
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]883TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]884 uint8_t key_data[] = {
885 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
886 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
887 };
888 string message = "Hi There";
889 uint8_t sha_224_expected[] = {
890 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
891 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
892 };
893 uint8_t sha_256_expected[] = {
894 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
895 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
896 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
897 };
898 uint8_t sha_384_expected[] = {
899 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
900 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
901 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
902 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
903 };
904 uint8_t sha_512_expected[] = {
905 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
906 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
907 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
908 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
909 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
910 };
911
912 string key = make_string(key_data);
913
914 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
915 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
916 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
917 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]918
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]919 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]920}
921
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]922TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]923 string key = "Jefe";
924 string message = "what do ya want for nothing?";
925 uint8_t sha_224_expected[] = {
926 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
927 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
928 };
929 uint8_t sha_256_expected[] = {
930 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
931 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
932 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
933 };
934 uint8_t sha_384_expected[] = {
935 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
936 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
937 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
938 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
939 };
940 uint8_t sha_512_expected[] = {
941 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
942 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
943 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
944 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
945 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
946 };
947
948 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
949 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
950 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
951 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]952
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]953 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]954}
955
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]956TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]957 string key(20, 0xaa);
958 string message(50, 0xdd);
959 uint8_t sha_224_expected[] = {
960 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
961 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
962 };
963 uint8_t sha_256_expected[] = {
964 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
965 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
966 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
967 };
968 uint8_t sha_384_expected[] = {
969 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
970 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
971 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
972 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
973 };
974 uint8_t sha_512_expected[] = {
975 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
976 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
977 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
978 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
979 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
980 };
981
982 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
983 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
984 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
985 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]986
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]987 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]988}
989
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]990TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]991 uint8_t key_data[25] = {
992 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
993 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
994 };
995 string key = make_string(key_data);
996 string message(50, 0xcd);
997 uint8_t sha_224_expected[] = {
998 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
999 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
1000 };
1001 uint8_t sha_256_expected[] = {
1002 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
1003 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
1004 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
1005 };
1006 uint8_t sha_384_expected[] = {
1007 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
1008 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
1009 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
1010 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
1011 };
1012 uint8_t sha_512_expected[] = {
1013 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
1014 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
1015 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
1016 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
1017 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
1018 };
1019
1020 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1021 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1022 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1023 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1024
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1025 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1026}
1027
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1028TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1029 string key(20, 0x0c);
1030 string message = "Test With Truncation";
1031
1032 uint8_t sha_224_expected[] = {
1033 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
1034 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
1035 };
1036 uint8_t sha_256_expected[] = {
1037 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
1038 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
1039 };
1040 uint8_t sha_384_expected[] = {
1041 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
1042 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
1043 };
1044 uint8_t sha_512_expected[] = {
1045 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
1046 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
1047 };
1048
1049 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1050 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1051 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1052 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1053
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1054 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1055}
1056
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1057TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1058 string key(131, 0xaa);
1059 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1060
1061 uint8_t sha_224_expected[] = {
1062 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1063 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1064 };
1065 uint8_t sha_256_expected[] = {
1066 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1067 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1068 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1069 };
1070 uint8_t sha_384_expected[] = {
1071 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1072 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1073 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1074 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1075 };
1076 uint8_t sha_512_expected[] = {
1077 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1078 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1079 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1080 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1081 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1082 };
1083
1084 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1085 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1086 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1087 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1088
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1089 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1090}
1091
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1092TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1093 string key(131, 0xaa);
1094 string message = "This is a test using a larger than block-size key and a larger than "
1095 "block-size data. The key needs to be hashed before being used by the HMAC "
1096 "algorithm.";
1097
1098 uint8_t sha_224_expected[] = {
1099 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1100 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1101 };
1102 uint8_t sha_256_expected[] = {
1103 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1104 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1105 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1106 };
1107 uint8_t sha_384_expected[] = {
1108 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1109 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1110 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1111 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1112 };
1113 uint8_t sha_512_expected[] = {
1114 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1115 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1116 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1117 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1118 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1119 };
1120
1121 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1122 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1123 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1124 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1125
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1126 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1127}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1128
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1129TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1130 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1131 .HmacKey(128)
1132 .Digest(KM_DIGEST_SHA_2_256)
1133 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1134 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1135 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1136 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1137 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1138 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1139
1140 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1141}
1142
1143TEST_P(SigningOperationsTest, HmacSha256TooSmallMacLength) {
1144 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1145 .HmacKey(128)
1146 .Digest(KM_DIGEST_SHA_2_256)
1147 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
1148 AuthorizationSet begin_params(client_params());
1149 begin_params.push_back(TAG_MAC_LENGTH, 120);
1150 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
1151 ASSERT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
1152 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1153
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1154 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1155}
1156
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1157// TODO(swillden): Add more verification failure tests.
1158
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1159typedef Keymaster1Test VerificationOperationsTest;
1160INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1161
1162TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1163 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1164 .RsaSigningKey(256, 3)
1165 .Digest(KM_DIGEST_NONE)
1166 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1167 string message = "12345678901234567890123456789012";
1168 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1169 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1170 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1171
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1172 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1173 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1174}
1175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1176TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1177 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1178 .RsaSigningKey(512, 3)
1179 .Digest(KM_DIGEST_SHA_2_256)
1180 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1181 // Use large message, which won't work without digesting.
1182 string message(1024, 'a');
1183 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1184 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1185 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1186
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1187 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1188 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1189}
1190
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1191TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1192 GenerateKey(AuthorizationSetBuilder()
1193 .RsaSigningKey(512, 3)
1194 .Digest(KM_DIGEST_SHA_2_256)
1195 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1196 string message(1024, 'a');
1197 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1198 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1199 ++signature[signature.size() / 2];
1200
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1201 AuthorizationSet begin_params(client_params());
1202 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1203 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1204 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1205
1206 string result;
1207 size_t input_consumed;
1208 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1209 EXPECT_EQ(message.size(), input_consumed);
1210 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1212 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1213 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1214}
1215
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1216TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1217 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1218 .RsaSigningKey(512, 3)
1219 .Digest(KM_DIGEST_SHA_2_256)
1220 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1221 // Use large message, which won't work without digesting.
1222 string message(1024, 'a');
1223 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1224 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1225 ++message[message.size() / 2];
1226
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1227 AuthorizationSet begin_params(client_params());
1228 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1229 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1230 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1231
1232 string result;
1233 size_t input_consumed;
1234 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1235 EXPECT_EQ(message.size(), input_consumed);
1236 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1237
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1238 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1239 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1240}
1241
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1242TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1243 GenerateKey(AuthorizationSetBuilder()
1244 .RsaSigningKey(512, 3)
1245 .Digest(KM_DIGEST_SHA_2_256)
1246 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1247 string message(1024, 'a');
1248 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1249 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1250 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1251
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1252 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1253 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1254}
1255
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1256TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1257 GenerateKey(AuthorizationSetBuilder()
1258 .RsaSigningKey(512, 3)
1259 .Digest(KM_DIGEST_SHA_2_256)
1260 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1261 string message(1024, 'a');
1262 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1263 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1264 ++signature[signature.size() / 2];
1265
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1266 AuthorizationSet begin_params(client_params());
1267 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1268 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1269 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1270
1271 string result;
1272 size_t input_consumed;
1273 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1274 EXPECT_EQ(message.size(), input_consumed);
1275 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1276
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1277 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1278 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1279}
1280
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1281TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1282 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1283 .RsaSigningKey(512, 3)
1284 .Digest(KM_DIGEST_SHA_2_256)
1285 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1286 // Use large message, which won't work without digesting.
1287 string message(1024, 'a');
1288 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1289 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1290 ++message[message.size() / 2];
1291
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1292 AuthorizationSet begin_params(client_params());
1293 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1294 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1295 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1296
1297 string result;
1298 size_t input_consumed;
1299 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1300 EXPECT_EQ(message.size(), input_consumed);
1301 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1302
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1303 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1304 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1305}
1306
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1307TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1308 // Get all supported digests and padding modes.
1309 size_t digests_len;
1310 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1311 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1312 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1313 &digests_len));
1314
1315 size_t padding_modes_len;
1316 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1317 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1318 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1319 &padding_modes, &padding_modes_len));
1320
1321 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1322 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1323 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1324 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1325 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1326 // Digesting requires padding
1327 continue;
1328
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1329 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1330 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1331 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1332
1333 if (digest == KM_DIGEST_NONE) {
1334 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1335 switch (padding_mode) {
1336 case KM_PAD_NONE:
1337 // Match key size.
1338 message_len = key_bits / 8;
1339 break;
1340 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1341 message_len = key_bits / 8 - 11;
1342 break;
1343 case KM_PAD_RSA_PSS:
1344 // PSS requires a digest.
1345 continue;
1346 default:
1347 FAIL() << "Missing padding";
1348 break;
1349 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1350 } else {
1351 size_t digest_bits;
1352 switch (digest) {
1353 case KM_DIGEST_MD5:
1354 digest_bits = 128;
1355 break;
1356 case KM_DIGEST_SHA1:
1357 digest_bits = 160;
1358 break;
1359 case KM_DIGEST_SHA_2_224:
1360 digest_bits = 224;
1361 break;
1362 case KM_DIGEST_SHA_2_256:
1363 digest_bits = 256;
1364 break;
1365 case KM_DIGEST_SHA_2_384:
1366 digest_bits = 384;
1367 break;
1368 case KM_DIGEST_SHA_2_512:
1369 digest_bits = 512;
1370 break;
1371 default:
1372 FAIL() << "Missing digest";
1373 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1374
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1375 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1376 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1377 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1378 break;
1379 case KM_PAD_RSA_PSS:
Shawn Willden53488c62015-07-16 18:15:45 -0600[diff] [blame]1380 key_bits = digest_bits + 22 * 8;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1381 break;
1382 default:
1383 FAIL() << "Missing padding";
1384 break;
1385 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1386 }
1387
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1388 GenerateKey(AuthorizationSetBuilder()
1389 .RsaSigningKey(key_bits, 3)
1390 .Digest(digest)
1391 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1392 string message(message_len, 'a');
1393 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1394 SignMessage(message, &signature, digest, padding_mode);
1395 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1396 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1397 }
1398 }
1399
1400 free(padding_modes);
1401 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1402
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1403 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1404 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1405}
1406
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1407TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1408 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1409 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1410 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1411 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1412 SignMessage(message, &signature, KM_DIGEST_NONE);
1413 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1414
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1415 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1416 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1417}
1418
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1419TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1420 ASSERT_EQ(KM_ERROR_OK,
1421 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1422 string message = "12345678901234567890";
1423 string signature;
1424 SignMessage(message, &signature, KM_DIGEST_NONE);
1425 VerifyMessage(message, signature, KM_DIGEST_NONE);
1426
1427 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1428 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1429}
1430
1431TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1432 ASSERT_EQ(KM_ERROR_OK,
1433 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1434 string message = "1234567890123456789012345678901234";
1435 string signature;
1436
1437 AuthorizationSet begin_params(client_params());
1438 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1439 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1440 string output;
1441 size_t input_consumed;
1442 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1443
1444 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1445 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1446}
1447
1448TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1449 ASSERT_EQ(KM_ERROR_OK,
1450 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1451
1452 string message(66, 'a');
1453 string signature;
1454 SignMessage(message, &signature, KM_DIGEST_NONE);
1455 VerifyMessage(message, signature, KM_DIGEST_NONE);
1456
1457 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1458 message[65] ^= 7;
1459 VerifyMessage(message, signature, KM_DIGEST_NONE);
1460
1461 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1462 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1463}
1464
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1465TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1466 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1467 .EcdsaSigningKey(256)
1468 .Digest(KM_DIGEST_SHA_2_256)
1469 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1470 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1471 string signature;
1472 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1473 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1474
1475 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1476 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1477
1478 // Just for giggles, try verifying with the wrong digest.
1479 AuthorizationSet begin_params(client_params());
1480 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1481 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1482
1483 string result;
1484 size_t input_consumed;
1485 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1486 EXPECT_EQ(message.size(), input_consumed);
1487 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1488}
1489
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1490TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1491 GenerateKey(AuthorizationSetBuilder()
1492 .HmacKey(128)
1493 .Digest(KM_DIGEST_SHA1)
1494 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1495 string message = "123456789012345678901234567890123456789012345678";
1496 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1497 MacMessage(message, &signature, 160);
1498 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1499
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1500 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1501}
1502
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1503TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1504 GenerateKey(AuthorizationSetBuilder()
1505 .HmacKey(128)
1506 .Digest(KM_DIGEST_SHA_2_224)
1507 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1508 string message = "123456789012345678901234567890123456789012345678";
1509 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1510 MacMessage(message, &signature, 224);
1511 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1513 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1514}
1515
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1516TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1517 GenerateKey(AuthorizationSetBuilder()
1518 .HmacKey(128)
1519 .Digest(KM_DIGEST_SHA_2_256)
1520 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1521 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1522 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1523 MacMessage(message, &signature, 256);
1524 VerifyMac(message, signature);
1525
1526 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1527}
1528
1529TEST_P(VerificationOperationsTest, HmacSha256TooShortMac) {
1530 GenerateKey(AuthorizationSetBuilder()
1531 .HmacKey(128)
1532 .Digest(KM_DIGEST_SHA_2_256)
1533 .Authorization(TAG_MIN_MAC_LENGTH, 128));
1534 string message = "123456789012345678901234567890123456789012345678";
1535 string signature;
1536 MacMessage(message, &signature, 256);
1537
1538 // Shorten to 128 bits, should still work.
1539 signature.resize(128 / 8);
1540 VerifyMac(message, signature);
1541
1542 // Drop one more byte.
1543 signature.resize(signature.length() - 1);
1544
1545 AuthorizationSet begin_params(client_params());
1546 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1547 string result;
1548 size_t input_consumed;
1549 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1550 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1551
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1552 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1553}
1554
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1555TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1556 GenerateKey(AuthorizationSetBuilder()
1557 .HmacKey(128)
1558 .Digest(KM_DIGEST_SHA_2_384)
1559 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1560 string message = "123456789012345678901234567890123456789012345678";
1561 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1562 MacMessage(message, &signature, 384);
1563 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1564
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1565 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1566}
1567
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1568TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1569 GenerateKey(AuthorizationSetBuilder()
1570 .HmacKey(128)
1571 .Digest(KM_DIGEST_SHA_2_512)
1572 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1573 string message = "123456789012345678901234567890123456789012345678";
1574 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1575 MacMessage(message, &signature, 512);
1576 VerifyMac(message, signature);
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1577
1578 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1579}
1580
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1581typedef Keymaster1Test ExportKeyTest;
1582INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1583
1584TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1585 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1586 .RsaSigningKey(256, 3)
1587 .Digest(KM_DIGEST_NONE)
1588 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1589 string export_data;
1590 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1591 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1592
1593 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1594
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1595 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1596 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1597}
1598
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1599TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1600 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1601 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1602 string export_data;
1603 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1604 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1605
1606 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1607
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1608 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1609 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1610}
1611
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1612TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1613 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1614 .RsaSigningKey(256, 3)
1615 .Digest(KM_DIGEST_NONE)
1616 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1617 string export_data;
1618 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1619
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1620 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1621 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1622}
1623
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1624TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1625 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1626 .RsaSigningKey(256, 3)
1627 .Digest(KM_DIGEST_NONE)
1628 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1629 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1630 string export_data;
1631 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1632
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1633 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1634 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1635}
1636
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1637TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1638 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1639 string export_data;
1640
1641 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1642 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1643 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1644
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1645 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1646}
1647
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1648static string read_file(const string& file_name) {
1649 ifstream file_stream(file_name, std::ios::binary);
1650 istreambuf_iterator<char> file_begin(file_stream);
1651 istreambuf_iterator<char> file_end;
1652 return string(file_begin, file_end);
1653}
1654
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1655typedef Keymaster1Test ImportKeyTest;
1656INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1657
1658TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1659 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1660 ASSERT_EQ(633U, pk8_key.size());
1661
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1662 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1663 .RsaSigningKey(1024, 65537)
1664 .Digest(KM_DIGEST_NONE)
1665 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1666 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1667
1668 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1669 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1670 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1671 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1672 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1673 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1674 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1675 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1676 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1677 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1678
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1679 // And values provided by AndroidKeymaster
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1680 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1681 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1682 else
1683 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1684 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1685
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1686 string message(1024 / 8, 'a');
1687 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1688 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1689 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1690
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1691 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1692 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1693}
1694
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1695TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1696 string pk8_key = read_file("rsa_privkey_pk8.der");
1697 ASSERT_EQ(633U, pk8_key.size());
1698
1699 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1700 // point softkeymaster will no longer support keymaster0 APIs anyway.
1701 uint8_t* key_blob;
1702 size_t key_blob_length;
1703 ASSERT_EQ(0,
1704 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1705 pk8_key.size(), &key_blob, &key_blob_length));
1706 set_key_blob(key_blob, key_blob_length);
1707
1708 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1709 AuthorizationSet begin_params; // Don't use client data.
1710 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1711 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1712 AuthorizationSet update_params;
1713 AuthorizationSet output_params;
1714 string signature =
1715 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1716 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1717 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1718
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1719 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1720 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1721}
1722
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1723TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1724 string pk8_key = read_file("rsa_privkey_pk8.der");
1725 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1726 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1727 ImportKey(AuthorizationSetBuilder()
1728 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1729 .Digest(KM_DIGEST_NONE)
1730 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1731 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1732
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1733 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1734}
1735
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1736TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1737 string pk8_key = read_file("rsa_privkey_pk8.der");
1738 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1739 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1740 ImportKey(AuthorizationSetBuilder()
1741 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1742 .Digest(KM_DIGEST_NONE)
1743 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1744 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1745
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1746 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1747}
1748
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1749TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1750 string pk8_key = read_file("ec_privkey_pk8.der");
1751 ASSERT_EQ(138U, pk8_key.size());
1752
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1753 ASSERT_EQ(KM_ERROR_OK,
1754 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1755 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1756
1757 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1758 EXPECT_TRUE(
1759 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1760 TAG_ALGORITHM, KM_ALGORITHM_EC));
1761 EXPECT_TRUE(
1762 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1763 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1764
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1765 // And values provided by AndroidKeymaster
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1766 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1767 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1768 else
1769 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1770 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1771
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1772 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1773 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1774 SignMessage(message, &signature, KM_DIGEST_NONE);
1775 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1776
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1777 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1778 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1779}
1780
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1781TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1782 string pk8_key = read_file("ec_privkey_pk8.der");
1783 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1784
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1785 ASSERT_EQ(KM_ERROR_OK,
1786 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1787 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1788
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1789 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1790 EXPECT_TRUE(
1791 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1792 TAG_ALGORITHM, KM_ALGORITHM_EC));
1793 EXPECT_TRUE(
1794 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1795 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1796
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1797 // And values provided by AndroidKeymaster
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1798 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1799 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1800 else
1801 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1802 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1803
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1804 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1805 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1806 SignMessage(message, &signature, KM_DIGEST_NONE);
1807 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1808
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1809 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1810 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1811}
1812
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1813TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1814 string pk8_key = read_file("ec_privkey_pk8.der");
1815 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1816 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1817 ImportKey(AuthorizationSetBuilder()
1818 .EcdsaSigningKey(224 /* Doesn't match key */)
1819 .Digest(KM_DIGEST_NONE),
1820 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1821
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1822 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1823}
1824
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1825TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1826 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1827 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1828 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1829 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1830 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1831 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1832
1833 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1834 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1835
1836 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1837 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1838 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1839 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1840
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1841 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1842}
1843
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1844TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1845 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1846 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1847 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1848 .HmacKey(sizeof(key_data) * 8)
1849 .Digest(KM_DIGEST_SHA_2_256)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1850 .Authorization(TAG_MIN_MAC_LENGTH, 256),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1851 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1852
1853 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1854 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1855
1856 string message = "Hello World!";
1857 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1858 MacMessage(message, &signature, 256);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1859 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1860
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1861 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1862}
1863
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1864typedef Keymaster1Test EncryptionOperationsTest;
1865INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1866
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1867TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1868 ASSERT_EQ(KM_ERROR_OK,
1869 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1870
1871 string message = "12345678901234567890123456789012";
1872 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1873 EXPECT_EQ(256U / 8, ciphertext1.size());
1874
1875 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1876 EXPECT_EQ(256U / 8, ciphertext2.size());
1877
1878 // Unpadded RSA is deterministic
1879 EXPECT_EQ(ciphertext1, ciphertext2);
1880
1881 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1882 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1883}
1884
1885TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1886 ASSERT_EQ(KM_ERROR_OK,
1887 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1888
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]1889 string message = "1";
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1890
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]1891 string ciphertext = EncryptMessage(message, KM_PAD_NONE);
1892 EXPECT_EQ(256U / 8, ciphertext.size());
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1893
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]1894 string expected_plaintext = string(256 / 8 - 1, 0) + message;
1895 string plaintext = DecryptMessage(ciphertext, KM_PAD_NONE);
1896
1897 EXPECT_EQ(expected_plaintext, plaintext);
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1898
1899 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]1900 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1901}
1902
1903TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1904 ASSERT_EQ(KM_ERROR_OK,
1905 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1906
1907 string message = "123456789012345678901234567890123";
1908
1909 AuthorizationSet begin_params(client_params());
1910 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1911 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1912
1913 string result;
1914 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1915 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1916
1917 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1918 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1919}
1920
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame^]1921TEST_P(EncryptionOperationsTest, RsaNoPaddingLargerThanModulus) {
1922 ASSERT_EQ(KM_ERROR_OK,
1923 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1924
1925 string exported;
1926 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &exported));
1927
1928 const uint8_t* p = reinterpret_cast<const uint8_t*>(exported.data());
1929 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
1930 d2i_PUBKEY(nullptr /* alloc new */, &p, exported.size()));
1931 unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pkey.get()));
1932
1933 size_t modulus_len = BN_num_bytes(rsa->n);
1934 ASSERT_EQ(256U / 8, modulus_len);
1935 unique_ptr<uint8_t> modulus_buf(new uint8_t[modulus_len]);
1936 BN_bn2bin(rsa->n, modulus_buf.get());
1937
1938 // The modulus is too big to encrypt.
1939 string message(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len);
1940
1941 AuthorizationSet begin_params(client_params());
1942 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1943 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1944
1945 string result;
1946 size_t input_consumed;
1947 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1948 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&result));
1949
1950 // One smaller than the modulus is okay.
1951 BN_sub(rsa->n, rsa->n, BN_value_one());
1952 modulus_len = BN_num_bytes(rsa->n);
1953 ASSERT_EQ(256U / 8, modulus_len);
1954 BN_bn2bin(rsa->n, modulus_buf.get());
1955 message = string(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len);
1956 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1957 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1958 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
1959
1960 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1961 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1962}
1963
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1964TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1965 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1966 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1967 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1968 .Padding(KM_PAD_RSA_OAEP)
1969 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1970
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1971 string message = "Hello";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1972 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1973 EXPECT_EQ(key_size / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1974
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1975 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1976 EXPECT_EQ(key_size / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1977
1978 // OAEP randomizes padding so every result should be different.
1979 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1980
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1981 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1982 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1983}
1984
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1985TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1986 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1987 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1988 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1989 .Padding(KM_PAD_RSA_OAEP)
1990 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1991 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1992 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]1993 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1994
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1995 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1996 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1997
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1998 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1999 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2000}
2001
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2002TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
2003 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2004 .RsaEncryptionKey(512, 3)
2005 .Padding(KM_PAD_RSA_OAEP)
2006 .Digest(KM_DIGEST_NONE)));
2007 string message = "Hello World!";
2008
2009 AuthorizationSet begin_params(client_params());
2010 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2011 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
2012 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2013
2014 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2015 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2016}
2017
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2018TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) {
2019 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]2020 .RsaEncryptionKey(512, 3)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2021 .Padding(KM_PAD_RSA_OAEP)
2022 .Digest(KM_DIGEST_SHA_2_256)));
2023 string message = "Hello World!";
2024 // Works because encryption is a public key operation.
2025 EncryptMessage(string(message), KM_DIGEST_SHA1, KM_PAD_RSA_OAEP);
2026
2027 AuthorizationSet begin_params(client_params());
2028 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2029 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
2030 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2031
2032 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2033 EXPECT_EQ(3, GetParam()->keymaster0_calls());
2034}
2035
2036TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
2037 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2038 .RsaEncryptionKey(768, 3)
2039 .Padding(KM_PAD_RSA_OAEP)
2040 .Digest(KM_DIGEST_SHA_2_256)
2041 .Digest(KM_DIGEST_SHA_2_384)));
2042 string message = "Hello World!";
2043 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
2044
2045 string result;
2046 size_t input_consumed;
2047 AuthorizationSet begin_params(client_params());
2048 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2049 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
2050 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2051 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
2052 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
2053 EXPECT_EQ(0U, result.size());
2054
2055 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2056 EXPECT_EQ(4, GetParam()->keymaster0_calls());
2057}
2058
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2059TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2060 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2061 .RsaEncryptionKey(512, 3)
2062 .Padding(KM_PAD_RSA_OAEP)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2063 .Digest(KM_DIGEST_SHA1)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2064 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2065 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2066 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2067
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2068 AuthorizationSet begin_params(client_params());
2069 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2070 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2071 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2072 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2073 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2074 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2075
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2076 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2077 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2078}
2079
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2080TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2081 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2082 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2083 .RsaEncryptionKey(768, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2084 .Padding(KM_PAD_RSA_OAEP)
2085 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2086 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2087 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2088 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2089
2090 // Corrupt the ciphertext
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2091 ciphertext[key_size / 8 / 2]++;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2092
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2093 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2094 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2095 AuthorizationSet begin_params(client_params());
2096 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2097 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2098 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2099 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2100 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2101 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2102
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2103 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2104 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2105}
2106
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2107TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2108 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2109 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2110 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2111 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2112 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2113
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2114 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2115 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2116
2117 // PKCS1 v1.5 randomizes padding so every result should be different.
2118 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2119
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2120 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2121 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2122}
2123
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2124TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2125 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2126 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2127 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2128 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2129 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2130
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2131 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2132 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2133
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2134 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2135 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2136}
2137
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2138TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2139 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2140 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]2141 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2142 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2143 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2144
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2145 AuthorizationSet begin_params(client_params());
2146 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2147 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2148 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2149 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2150 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2151
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2152 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2153 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2154}
2155
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2156TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
2157 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2158 .RsaEncryptionKey(512, 3)
2159 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
2160 .Digest(KM_DIGEST_NONE)));
2161 string message = "Hello World!";
2162 string result;
2163
2164 AuthorizationSet begin_params(client_params());
2165 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2166 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
2167 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2168
2169 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
2170 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2171}
2172
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2173TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2174 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2175 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2176 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2177 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2178 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2179
2180 // Corrupt the ciphertext
2181 ciphertext[512 / 8 / 2]++;
2182
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2183 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2184 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2185 AuthorizationSet begin_params(client_params());
2186 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2187 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2188 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2189 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2190 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2191
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2192 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2193 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2194}
2195
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2196TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2197 ASSERT_EQ(KM_ERROR_OK,
2198 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2199
2200 AuthorizationSet begin_params(client_params());
2201 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2202 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2203
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2204 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2205 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2206}
2207
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2208TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2209 ASSERT_EQ(KM_ERROR_OK,
2210 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2211 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2212 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2213
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2214 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2215 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2216}
2217
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2218TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2219 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2220 .HmacKey(128)
2221 .Digest(KM_DIGEST_SHA_2_256)
2222 .Padding(KM_PAD_NONE)
2223 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2224 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2225 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2226
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2227 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2228}
2229
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2230TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2231 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2232 .AesEncryptionKey(128)
2233 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2234 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2235 // Two-block message.
2236 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2237 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2238 EXPECT_EQ(message.size(), ciphertext1.size());
2239
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2240 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2241 EXPECT_EQ(message.size(), ciphertext2.size());
2242
2243 // ECB is deterministic.
2244 EXPECT_EQ(ciphertext1, ciphertext2);
2245
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2246 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2247 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2248
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2249 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2250}
2251
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2252TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2253 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2254 .AesEncryptionKey(128)
2255 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2256 .Padding(KM_PAD_NONE)));
2257 // Two-block message.
2258 string message = "12345678901234567890123456789012";
2259 AuthorizationSet begin_params(client_params());
2260 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2261 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2262 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2263
2264 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2265}
2266
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2267TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2268 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2269 .AesEncryptionKey(128)
2270 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2271 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2272 // Message is slightly shorter than two blocks.
2273 string message = "1234567890123456789012345678901";
2274
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2275 AuthorizationSet begin_params(client_params());
2276 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2277 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2278 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2279 string ciphertext;
2280 size_t input_consumed;
2281 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2282 EXPECT_EQ(message.size(), input_consumed);
2283 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2284
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2285 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2286}
2287
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2288TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2289 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2290 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2291 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2292 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2293
2294 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2295 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2296 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2297 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2298 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2299 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2300 EXPECT_EQ(message, plaintext);
2301 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2302
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2303 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2304}
2305
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2306TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2307 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2308 .AesEncryptionKey(128)
2309 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2310 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2311
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]2312 // Try various message lengths; all should fail.
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2313 for (size_t i = 0; i < 32; ++i) {
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]2314 AuthorizationSet begin_params(client_params());
2315 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2316 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
2317 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE,
2318 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2319 }
2320
2321 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2322}
2323
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2324TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2325 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2326 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2327 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2328 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2329
2330 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2331 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2332 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2333 EXPECT_NE(ciphertext, message);
2334 ++ciphertext[ciphertext.size() / 2];
2335
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2336 AuthorizationSet begin_params(client_params());
2337 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2338 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2339 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2340 string plaintext;
2341 size_t input_consumed;
2342 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2343 EXPECT_EQ(ciphertext.size(), input_consumed);
2344 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2345
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2346 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2347}
2348
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2349TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2350 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2351 .AesEncryptionKey(128)
2352 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2353 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2354 string message = "123";
2355 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2356 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2357 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2358 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2359
2360 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2361 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2362 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2363 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2364
2365 // IVs should be random, so ciphertexts should differ.
2366 EXPECT_NE(iv1, iv2);
2367 EXPECT_NE(ciphertext1, ciphertext2);
2368
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2369 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2370 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2371
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2372 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2373}
2374
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2375TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2376 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2377 .AesEncryptionKey(128)
2378 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2379 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2380
2381 int increment = 15;
2382 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2383 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2384 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2385 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2386 AuthorizationSet output_params;
2387 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2388
2389 string ciphertext;
2390 size_t input_consumed;
2391 for (size_t i = 0; i < message.size(); i += increment)
2392 EXPECT_EQ(KM_ERROR_OK,
2393 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2394 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2395 EXPECT_EQ(message.size(), ciphertext.size());
2396
2397 // Move TAG_NONCE into input_params
2398 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2399 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2400 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2401 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2402 output_params.Clear();
2403
2404 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2405 string plaintext;
2406 for (size_t i = 0; i < ciphertext.size(); i += increment)
2407 EXPECT_EQ(KM_ERROR_OK,
2408 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2409 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2410 EXPECT_EQ(ciphertext.size(), plaintext.size());
2411 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2412
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2413 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2414}
2415
2416struct AesCtrSp80038aTestVector {
2417 const char* key;
2418 const char* nonce;
2419 const char* plaintext;
2420 const char* ciphertext;
2421};
2422
2423// These test vectors are taken from
2424// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2425static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2426 // AES-128
2427 {
2428 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2429 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2430 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2431 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2432 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2433 },
2434 // AES-192
2435 {
2436 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2437 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2438 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2439 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2440 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2441 },
2442 // AES-256
2443 {
2444 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2445 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2446 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2447 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2448 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2449 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2450 },
2451};
2452
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2453TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2454 for (size_t i = 0; i < 3; i++) {
2455 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2456 const string key = hex2str(test.key);
2457 const string nonce = hex2str(test.nonce);
2458 const string plaintext = hex2str(test.plaintext);
2459 const string ciphertext = hex2str(test.ciphertext);
2460 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2461 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2462
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2463 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2464}
2465
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2466TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2467 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2468 .AesEncryptionKey(128)
2469 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2470 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2471 AuthorizationSet begin_params(client_params());
2472 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2473 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2474 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2475
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2476 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2477}
2478
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2479TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2480 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2481 .AesEncryptionKey(128)
2482 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2483 .Authorization(TAG_CALLER_NONCE)
2484 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2485
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2486 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2487 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2488 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2489 input_params.push_back(TAG_NONCE, "123", 3);
2490 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2491
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2492 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2493}
2494
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2495TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2496 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2497 .AesEncryptionKey(128)
2498 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2499 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2500 // Two-block message.
2501 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2502 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2503 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2504 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2505
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2506 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2507 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2508 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2509
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2510 // IVs should be random, so ciphertexts should differ.
2511 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2512 EXPECT_NE(ciphertext1, ciphertext2);
2513
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2514 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2515 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2516
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2517 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2518}
2519
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2520TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2521 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2522 .AesEncryptionKey(128)
2523 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2524 .Authorization(TAG_CALLER_NONCE)
2525 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2526 string message = "12345678901234567890123456789012";
2527 string iv1;
2528 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2529 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2530 EXPECT_EQ(message.size(), ciphertext1.size());
2531 EXPECT_EQ(16U, iv1.size());
2532
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2533 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2534 EXPECT_EQ(message, plaintext);
2535
2536 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2537 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2538 AuthorizationSet update_params;
2539 AuthorizationSet output_params;
2540 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2541 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2542 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2543 string ciphertext2 =
2544 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2545
2546 // Decrypt with correct nonce.
2547 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2548 &output_params);
2549 EXPECT_EQ(message, plaintext);
2550
2551 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2552 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2553 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2554 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2555 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2556 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2557 &output_params);
2558 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2559
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2560 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2561}
2562
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2563TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2564 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2565 .AesEncryptionKey(128)
2566 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2567 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2568
2569 string message = "12345678901234567890123456789012";
2570 string iv1;
2571 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2572 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2573 EXPECT_EQ(message.size(), ciphertext1.size());
2574 EXPECT_EQ(16U, iv1.size());
2575
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2576 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2577 EXPECT_EQ(message, plaintext);
2578
2579 // Now specify a nonce, should fail.
2580 AuthorizationSet input_params(client_params());
2581 AuthorizationSet update_params;
2582 AuthorizationSet output_params;
2583 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2584 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2585 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2586
2587 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2588 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2589
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2590 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2591}
2592
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2593TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2594 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2595 .AesEncryptionKey(128)
2596 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2597 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2598
2599 int increment = 15;
2600 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2601 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2602 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2603 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2604 AuthorizationSet output_params;
2605 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2606
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2607 string ciphertext;
2608 size_t input_consumed;
2609 for (size_t i = 0; i < message.size(); i += increment)
2610 EXPECT_EQ(KM_ERROR_OK,
2611 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2612 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2613 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2614
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2615 // Move TAG_NONCE into input_params
2616 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2617 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2618 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2619 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2620 output_params.Clear();
2621
2622 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2623 string plaintext;
2624 for (size_t i = 0; i < ciphertext.size(); i += increment)
2625 EXPECT_EQ(KM_ERROR_OK,
2626 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2627 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2628 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2629 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2630
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2631 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2632}
2633
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2634TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2635 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2636 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2637 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2638 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2639
2640 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2641 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2642 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2643 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2644 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2645 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2646 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2647 EXPECT_EQ(message, plaintext);
2648 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2649
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2650 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2651}
2652
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2653TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2654 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2655 .AesEncryptionKey(128)
2656 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2657 .Authorization(TAG_PADDING, KM_PAD_NONE)
2658 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2659 string aad = "foobar";
2660 string message = "123456789012345678901234567890123456";
2661 AuthorizationSet begin_params(client_params());
2662 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2663 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2664 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2665
2666 AuthorizationSet update_params;
2667 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2668
2669 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2670 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2671 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2672 string ciphertext;
2673 size_t input_consumed;
2674 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2675 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2676 &input_consumed));
2677 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2678 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2679
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2680 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2681 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2682 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2683
2684 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2685 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2686 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2687 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2688 &plaintext, &input_consumed));
2689 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2690 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2691
2692 EXPECT_EQ(message, plaintext);
2693 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2694}
2695
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2696TEST_P(EncryptionOperationsTest, AesGcmTooShortTag) {
2697 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2698 .AesEncryptionKey(128)
2699 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2700 .Authorization(TAG_PADDING, KM_PAD_NONE)
2701 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2702 string aad = "foobar";
2703 string message = "123456789012345678901234567890123456";
2704 AuthorizationSet begin_params(client_params());
2705 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2706 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2707 begin_params.push_back(TAG_MAC_LENGTH, 96);
2708
2709 AuthorizationSet update_params;
2710 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2711
2712 AuthorizationSet begin_out_params;
2713 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
2714 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2715
2716 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2717}
2718
2719TEST_P(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) {
2720 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2721 .AesEncryptionKey(128)
2722 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2723 .Authorization(TAG_PADDING, KM_PAD_NONE)
2724 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2725 string aad = "foobar";
2726 string message = "123456789012345678901234567890123456";
2727 AuthorizationSet begin_params(client_params());
2728 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2729 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2730 begin_params.push_back(TAG_MAC_LENGTH, 128);
2731
2732 AuthorizationSet update_params;
2733 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2734
2735 // Encrypt
2736 AuthorizationSet begin_out_params;
2737 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2738 string ciphertext;
2739 size_t input_consumed;
2740 AuthorizationSet update_out_params;
2741 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2742 &input_consumed));
2743 EXPECT_EQ(message.size(), input_consumed);
2744 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2745
2746 // Grab nonce
2747 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2748 begin_params.Reinitialize(client_params());
2749 begin_params.push_back(begin_out_params);
2750 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2751 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2752 begin_params.push_back(TAG_MAC_LENGTH, 96);
2753
2754 // Decrypt.
2755 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2756
2757 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2758}
2759
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2760TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2761 uint8_t nonce[] = {
2762 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2763 };
2764 uint8_t ciphertext[] = {
2765 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2766 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2767 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2768 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2769 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2770 };
2771 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2772
2773 AuthorizationSet begin_params(client_params());
2774 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2775 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2776 begin_params.push_back(TAG_MAC_LENGTH, 128);
2777 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2778
2779 string plaintext;
2780 size_t input_consumed;
2781
2782 // Import correct key and decrypt
2783 uint8_t good_key[] = {
2784 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2785 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2786 };
2787 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2788 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2789 .AesEncryptionKey(128)
2790 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2791 .Authorization(TAG_PADDING, KM_PAD_NONE)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2792 .Authorization(TAG_CALLER_NONCE)
2793 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2794 KM_KEY_FORMAT_RAW, good_key_str));
2795 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2796 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2797 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2798
2799 // Import bad key and decrypt
2800 uint8_t bad_key[] = {
2801 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2802 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2803 };
2804 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2805 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2806 .AesEncryptionKey(128)
2807 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2808 .Authorization(TAG_PADDING, KM_PAD_NONE)
2809 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2810 KM_KEY_FORMAT_RAW, bad_key_str));
2811 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2812 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2813 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2814
2815 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2816}
2817
2818TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2819 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2820 .AesEncryptionKey(128)
2821 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2822 .Authorization(TAG_PADDING, KM_PAD_NONE)
2823 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2824 string aad = "123456789012345678";
2825 string empty_message;
2826 AuthorizationSet begin_params(client_params());
2827 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2828 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2829 begin_params.push_back(TAG_MAC_LENGTH, 128);
2830
2831 AuthorizationSet update_params;
2832 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2833
2834 // Encrypt
2835 AuthorizationSet begin_out_params;
2836 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2837 string ciphertext;
2838 size_t input_consumed;
2839 AuthorizationSet update_out_params;
2840 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2841 &ciphertext, &input_consumed));
2842 EXPECT_EQ(0U, input_consumed);
2843 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2844
2845 // Grab nonce
2846 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2847 begin_params.push_back(begin_out_params);
2848
2849 // Decrypt.
2850 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2851 string plaintext;
2852 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2853 &plaintext, &input_consumed));
2854 EXPECT_EQ(ciphertext.size(), input_consumed);
2855 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2856
2857 EXPECT_EQ(empty_message, plaintext);
2858 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2859}
2860
2861TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2862 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2863 .AesEncryptionKey(128)
2864 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2865 .Authorization(TAG_PADDING, KM_PAD_NONE)
2866 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2867 AuthorizationSet begin_params(client_params());
2868 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2869 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2870 begin_params.push_back(TAG_MAC_LENGTH, 128);
2871
2872 AuthorizationSet update_params;
2873 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2874
2875 // Encrypt
2876 AuthorizationSet begin_out_params;
2877 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2878 string ciphertext;
2879 size_t input_consumed;
2880 AuthorizationSet update_out_params;
2881
2882 // Send AAD, incrementally
2883 for (int i = 0; i < 1000; ++i) {
2884 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2885 &input_consumed));
2886 EXPECT_EQ(0U, input_consumed);
2887 EXPECT_EQ(0U, ciphertext.size());
2888 }
2889
2890 // Now send data, incrementally, no data.
2891 AuthorizationSet empty_params;
2892 for (int i = 0; i < 1000; ++i) {
2893 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2894 &input_consumed));
2895 EXPECT_EQ(1U, input_consumed);
2896 }
2897 EXPECT_EQ(1000U, ciphertext.size());
2898
2899 // And finish.
2900 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2901 EXPECT_EQ(1016U, ciphertext.size());
2902
2903 // Grab nonce
2904 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2905 begin_params.push_back(begin_out_params);
2906
2907 // Decrypt.
2908 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2909 string plaintext;
2910
2911 // Send AAD, incrementally, no data
2912 for (int i = 0; i < 1000; ++i) {
2913 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2914 &input_consumed));
2915 EXPECT_EQ(0U, input_consumed);
2916 EXPECT_EQ(0U, plaintext.size());
2917 }
2918
2919 // Now send data, incrementally.
2920 for (size_t i = 0; i < ciphertext.length(); ++i) {
2921 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2922 &update_out_params, &plaintext, &input_consumed));
2923 EXPECT_EQ(1U, input_consumed);
2924 }
2925 EXPECT_EQ(1000U, plaintext.size());
2926 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2927
2928 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2929}
2930
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2931TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2932 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2933 .AesEncryptionKey(128)
2934 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2935 .Authorization(TAG_PADDING, KM_PAD_NONE)
2936 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2937 string message = "123456789012345678901234567890123456";
2938 AuthorizationSet begin_params(client_params());
2939 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2940 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2941 begin_params.push_back(TAG_MAC_LENGTH, 128);
2942 AuthorizationSet begin_out_params;
2943
2944 AuthorizationSet update_params;
2945 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2946
2947 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2948
2949 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2950 string ciphertext;
2951 size_t input_consumed;
2952 AuthorizationSet update_out_params;
2953 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2954 &ciphertext, &input_consumed));
2955 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2956
2957 // AAD and data.
2958 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2959 &input_consumed));
2960 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2961 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2962
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2963 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2964 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2965 begin_params.push_back(begin_out_params);
2966
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2967 // Decrypt
2968 update_params.Clear();
2969 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2970
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2971 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2972 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2973 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2974 &plaintext, &input_consumed));
2975 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2976 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2977
2978 EXPECT_EQ(message, plaintext);
2979 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2980}
2981
2982TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2983 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2984 .AesEncryptionKey(128)
2985 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2986 .Authorization(TAG_PADDING, KM_PAD_NONE)
2987 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2988 string message = "12345678901234567890123456789012";
2989 AuthorizationSet begin_params(client_params());
2990 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2991 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2992 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2993
2994 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2995 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2996
2997 AuthorizationSet finish_params;
2998 AuthorizationSet finish_out_params;
2999
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3000 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3001 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3002 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3003 AuthorizationSet update_out_params;
3004 string ciphertext;
3005 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3006 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3007 &input_consumed));
3008 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3009 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3010
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3011 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3012 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3013 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3014
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3015 update_params.Clear();
3016 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3017
3018 // Decrypt.
3019 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3020 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3021 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3022 &plaintext, &input_consumed));
3023 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3024 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3025
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3026 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3027}
3028
3029TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
3030 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3031 .AesEncryptionKey(128)
3032 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3033 .Authorization(TAG_PADDING, KM_PAD_NONE)
3034 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3035 string message = "12345678901234567890123456789012";
3036 AuthorizationSet begin_params(client_params());
3037 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3038 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3039 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3040
3041 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3042 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3043
3044 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3045 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3046 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3047 AuthorizationSet update_out_params;
3048 string ciphertext;
3049 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3050 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3051 &input_consumed));
3052 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3053 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3054
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3055 begin_params.push_back(TAG_NONCE, "123456789012", 12);
3056
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3057 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3058 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3059 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3060 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3061 &plaintext, &input_consumed));
3062 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3063 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3064
3065 // With wrong nonce, should have gotten garbage plaintext.
3066 EXPECT_NE(message, plaintext);
3067 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3068}
3069
3070TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
3071 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3072 .AesEncryptionKey(128)
3073 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3074 .Authorization(TAG_PADDING, KM_PAD_NONE)
3075 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3076 string aad = "foobar";
3077 string message = "123456789012345678901234567890123456";
3078 AuthorizationSet begin_params(client_params());
3079 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3080 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3081 begin_params.push_back(TAG_MAC_LENGTH, 128);
3082 AuthorizationSet begin_out_params;
3083
3084 AuthorizationSet update_params;
3085 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3086
3087 // Encrypt
3088 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3089 AuthorizationSet update_out_params;
3090 string ciphertext;
3091 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3092 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3093 &input_consumed));
3094 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3095 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3096
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3097 // Corrupt tag
3098 (*ciphertext.rbegin())++;
3099
3100 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3101 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3102 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3103
3104 // Decrypt.
3105 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3106 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3107 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3108 &plaintext, &input_consumed));
3109 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3110 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3111
3112 EXPECT_EQ(message, plaintext);
3113 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3114}
3115
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]3116typedef Keymaster1Test MaxOperationsTest;
3117INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
3118
3119TEST_P(MaxOperationsTest, TestLimit) {
3120 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3121 .AesEncryptionKey(128)
3122 .EcbMode()
3123 .Authorization(TAG_PADDING, KM_PAD_NONE)
3124 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3125
3126 string message = "1234567890123456";
3127 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3128 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3129 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3130
3131 // Fourth time should fail.
3132 AuthorizationSet begin_params(client_params());
3133 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3134 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3135 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3136
3137 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3138}
3139
3140TEST_P(MaxOperationsTest, TestAbort) {
3141 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3142 .AesEncryptionKey(128)
3143 .EcbMode()
3144 .Authorization(TAG_PADDING, KM_PAD_NONE)
3145 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3146
3147 string message = "1234567890123456";
3148 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3149 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3150 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3151
3152 // Fourth time should fail.
3153 AuthorizationSet begin_params(client_params());
3154 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3155 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3156 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3157
3158 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3159}
3160
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]3161typedef Keymaster1Test AddEntropyTest;
3162INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
3163
3164TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3165 // There's no obvious way to test that entropy is actually added, but we can test that the API
3166 // doesn't blow up or return an error.
3167 EXPECT_EQ(KM_ERROR_OK,
3168 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3169
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3170 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3171}
3172
3173typedef Keymaster1Test Keymaster0AdapterTest;
3174INSTANTIATE_TEST_CASE_P(
3175 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3176 ::testing::Values(
3177 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
3178 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3179
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3180TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3181 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3182 // key data.
3183 string km1_sw = read_file("km1_sw_rsa_512.blob");
3184 EXPECT_EQ(486U, km1_sw.length());
3185
3186 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3187 memcpy(key_data, km1_sw.data(), km1_sw.length());
3188 set_key_blob(key_data, km1_sw.length());
3189
3190 string message(64, 'a');
3191 string signature;
3192 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3193
3194 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3195}
3196
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]3197TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
3198 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
3199 // blobs contain OCB-encrypted key data.
3200 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
3201 EXPECT_EQ(477U, km1_sw.length());
3202
3203 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3204 memcpy(key_data, km1_sw.data(), km1_sw.length());
3205 set_key_blob(key_data, km1_sw.length());
3206
3207 string message(64, 'a');
3208 string signature;
3209 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3210
3211 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3212}
3213
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3214TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
3215 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3216 // key data.
3217 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
3218 EXPECT_EQ(270U, km1_sw.length());
3219
3220 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3221 memcpy(key_data, km1_sw.data(), km1_sw.length());
3222 set_key_blob(key_data, km1_sw.length());
3223
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]3224 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3225 string signature;
3226 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3227
3228 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3229}
3230
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3231struct Malloc_Delete {
3232 void operator()(void* p) { free(p); }
3233};
3234
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3235TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3236 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3237 string km0_sw = read_file("km0_sw_rsa_512.blob");
3238 EXPECT_EQ(333U, km0_sw.length());
3239
3240 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3241 memcpy(key_data, km0_sw.data(), km0_sw.length());
3242 set_key_blob(key_data, km0_sw.length());
3243
3244 string message(64, 'a');
3245 string signature;
3246 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3247
3248 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3249}
3250
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3251TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3252 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3253 string km0_sw = read_file("km0_sw_rsa_512.blob");
3254 EXPECT_EQ(333U, km0_sw.length());
3255
3256 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3257 memcpy(key_data, km0_sw.data(), km0_sw.length());
3258 set_key_blob(key_data, km0_sw.length());
3259
3260 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3261 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3262 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3263 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3264 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3265 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3266 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3267 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3268 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3269 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3270
3271 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3272}
3273
3274TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3275 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3276 string km0_sw = read_file("km0_sw_rsa_512.blob");
3277 EXPECT_EQ(333U, km0_sw.length());
3278
3279 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3280 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3281 EXPECT_EQ('P', km0_sw[0]);
3282 km0_sw[0] = 'Q';
3283
3284 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3285 memcpy(key_data, km0_sw.data(), km0_sw.length());
3286 set_key_blob(key_data, km0_sw.length());
3287
3288 string message(64, 'a');
3289 string signature;
3290 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3291 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3292
3293 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3294}
3295
3296TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3297 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3298 string km0_sw = read_file("km0_sw_rsa_512.blob");
3299 EXPECT_EQ(333U, km0_sw.length());
3300
3301 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3302 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3303 EXPECT_EQ('P', km0_sw[0]);
3304 km0_sw[0] = 'Q';
3305
3306 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3307 memcpy(key_data, km0_sw.data(), km0_sw.length());
3308 set_key_blob(key_data, km0_sw.length());
3309
3310 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3311 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3312 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3313 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3314 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]3315 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_MD5));
3316 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA1));
3317 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_224));
3318 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_256));
3319 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_384));
3320 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_512));
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3321 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]3322 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT));
3323 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN));
3324 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_OAEP));
3325 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PSS));
3326 EXPECT_EQ(15U, hw_enforced().size());
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3327
3328 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3329 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3330 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3331 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3332
3333 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3334 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3335 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3336 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3337 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3338
3339 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3340}
3341
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3342} // namespace test
3343} // namespace keymaster