Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / ccb84e9118c6a89fedbb2be68bb629a0063eeda5 / . / android_keymaster_test.cpp
blob: f567c7233cbfaf7f1356ff9be66ee3285c81579c [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]22#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]23#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]24
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]25#include "android_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]26
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]27using std::ifstream;
28using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]29using std::string;
30using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]31using std::unique_ptr;
32
33extern "C" {
34int __android_log_print(int prio, const char* tag, const char* fmt);
35int __android_log_print(int prio, const char* tag, const char* fmt) {
36 prio, tag, fmt;
37 return 0;
38}
39} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]40
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]41namespace keymaster {
42namespace test {
43
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]44StdoutLogger logger;
45
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]46class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
47 public:
48 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]49 std::cerr << "Creating software-only device" << std::endl;
Shawn Willden95dda362015-02-27 10:58:37 -0700[diff] [blame]50 SoftKeymasterDevice* device = new SoftKeymasterDevice;
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]51 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]52 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]53
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]54 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]55 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]56};
57
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]58class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
59 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]60 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
61
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]62 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]63 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
64 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]65 hw_device_t* softkeymaster_device;
66 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
67 &softkeymaster_device));
68 // Make the software device pretend to be hardware
69 keymaster0_device_t* keymaster0_device =
70 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]71 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
72
73 if (!support_ec_) {
74 // Make the software device pretend not to support EC
75 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
76 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77
78 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
79
80 SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);
81 return keymaster->keymaster_device();
82 }
83
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]84 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
85 switch (algorithm) {
86 case KM_ALGORITHM_RSA:
87 return true;
88 case KM_ALGORITHM_EC:
89 return support_ec_;
90 default:
91 return false;
92 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]94 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
95
96 private:
97 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]98 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]99};
100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]101static auto test_params = testing::Values(
102 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
103 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
104 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]105
106typedef Keymaster1Test CheckSupported;
107INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
108
109TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]110 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
111 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]112
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]113 size_t len;
114 keymaster_algorithm_t* algorithms;
115 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]116 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]117 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]118 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]119
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]120 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]121}
122
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]123TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]124 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
125 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
126 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]127
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]128 size_t len;
129 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]130 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]131 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]132 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]133 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]134
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]135 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]136 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]137 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]138
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]139 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]140 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]141 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]142 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]143
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]144 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]145}
146
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]147TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]148 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
149 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
150 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]151
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]152 size_t len;
153 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]154 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]155 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]156 EXPECT_TRUE(
157 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]158 free(modes);
159
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]160 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]161 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]162 EXPECT_TRUE(
163 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]164 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]165
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]166 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]167 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]168 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]169 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]170
171 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
172 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
173 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]174
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]175 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]176}
177
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]178TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]179 EXPECT_EQ(
180 KM_ERROR_OUTPUT_PARAMETER_NULL,
181 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]182
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]183 size_t len;
184 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]185 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]186 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]187 EXPECT_TRUE(
188 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
189 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
190 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]191 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]192
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]193 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]194 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]195 EXPECT_TRUE(
196 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
197 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
198 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]199 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]200
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]201 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
202 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
203 &len));
204
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]205 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]206 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]207 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
208 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
209 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]210 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]212 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]213}
214
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]215TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]216 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
217 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]218
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]219 size_t len;
220 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]221 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]222 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]223 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]224 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]225
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]226 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]227 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
228 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
229 free(formats);
230
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]231 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]232 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
233 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
234 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]235
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]236 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]237}
238
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]239TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]240 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
241 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]243 size_t len;
244 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]245 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]246 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]247 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]249
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]251 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]257 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]258 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]262 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]263 free(formats);
264
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]265 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]266 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]267 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]268 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]269
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]270 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271}
272
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]273class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]274 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]275 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]276 AuthorizationSet auths = sw_enforced();
277 EXPECT_GT(auths.SerializedSize(), 12U);
278
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]279 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
280 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
281 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]282 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]283 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]284
285 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]286 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
287 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
288 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]289
290 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]291 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
292 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
293 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]294
295 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]296 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]297 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]298 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]299};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]300INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
301
302TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]303 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
304 .RsaSigningKey(256, 3)
305 .Digest(KM_DIGEST_NONE)
306 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]307 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]308
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]309 // Check specified tags are all present, and in the right set.
310 AuthorizationSet crypto_params;
311 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]312 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]313 EXPECT_NE(0U, hw_enforced().size());
314 EXPECT_NE(0U, sw_enforced().size());
315 crypto_params.push_back(hw_enforced());
316 non_crypto_params.push_back(sw_enforced());
317 } else {
318 EXPECT_EQ(0U, hw_enforced().size());
319 EXPECT_NE(0U, sw_enforced().size());
320 crypto_params.push_back(sw_enforced());
321 }
322
323 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
324 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
325 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
326 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
327 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
328 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
329
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]330 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]331 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]332}
333
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]334TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]335 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
336 GenerateKey(AuthorizationSetBuilder()
337 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
338 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
339 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]340
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]342}
343
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]344TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]345 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]346 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]347 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]348
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]349 // Check specified tags are all present, and in the right set.
350 AuthorizationSet crypto_params;
351 AuthorizationSet non_crypto_params;
352 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
353 EXPECT_NE(0U, hw_enforced().size());
354 EXPECT_NE(0U, sw_enforced().size());
355 crypto_params.push_back(hw_enforced());
356 non_crypto_params.push_back(sw_enforced());
357 } else {
358 EXPECT_EQ(0U, hw_enforced().size());
359 EXPECT_NE(0U, sw_enforced().size());
360 crypto_params.push_back(sw_enforced());
361 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]362
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]363 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
364 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
365 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
366 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
367
368 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
369 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]370}
371
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]372TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]373 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
374 GenerateKey(AuthorizationSetBuilder()
375 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
376 .SigningKey()
377 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]378
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]379 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]380}
381
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]382TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]383 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
384 ASSERT_EQ(
385 KM_ERROR_UNKNOWN_ERROR,
386 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
387 else
388 ASSERT_EQ(
389 KM_ERROR_UNSUPPORTED_KEY_SIZE,
390 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
393 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]394}
395
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]396TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]397 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]398 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]399 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
400 KM_DIGEST_NONE)))
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]401 << "Failed to generate size: "
402 << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]403 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]404
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]405 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
406 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]407}
408
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]409TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]410 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]411 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]412
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]413 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]414}
415
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]416typedef Keymaster1Test GetKeyCharacteristics;
417INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
418
419TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]420 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
421 .RsaSigningKey(256, 3)
422 .Digest(KM_DIGEST_NONE)
423 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]424 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]425
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]426 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
427 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]428
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]429 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]430 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]431}
432
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]433typedef Keymaster1Test SigningOperationsTest;
434INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
435
436TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]437 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
438 .RsaSigningKey(256, 3)
439 .Digest(KM_DIGEST_NONE)
440 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]441 string message = "12345678901234567890123456789012";
442 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]443 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]444
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]445 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]446 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]447}
448
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]449TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]450 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
451 .RsaSigningKey(512, 3)
452 .Digest(KM_DIGEST_SHA_2_256)
453 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]454 // Use large message, which won't work without digesting.
455 string message(1024, 'a');
456 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]457 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]458
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]459 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]460 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]461}
462
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]463TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]464 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
465 .RsaSigningKey(512, 3)
466 .Digest(KM_DIGEST_SHA_2_256)
467 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]468 string message(1024, 'a');
469 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]470 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]471
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]472 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]473 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]474}
475
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]476TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]477 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
478 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]479 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
480 .RsaSigningKey(256 + 9 * 8, 3)
481 .Digest(KM_DIGEST_SHA_2_256)
482 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]483 string message(1024, 'a');
484 string signature;
485
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]486 AuthorizationSet begin_params(client_params());
487 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]488 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]489 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]490}
491
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]492TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]493 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
494 .RsaSigningKey(256, 3)
495 .Digest(KM_DIGEST_NONE)
496 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]497 AuthorizationSet begin_params(client_params());
498 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]499 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]500 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]501 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
502 // Another abort should fail
503 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]504
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]505 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]506 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]507}
508
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]509TEST_P(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]510 GenerateKey(AuthorizationSetBuilder()
511 .RsaSigningKey(256, 3)
512 .Digest(KM_DIGEST_MD5)
513 .Padding(KM_PAD_RSA_PSS /* supported padding */));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]514 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]515
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]516 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]517 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]518}
519
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]520TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]521 GenerateKey(AuthorizationSetBuilder()
522 .RsaSigningKey(256, 3)
523 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
524 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]525 AuthorizationSet begin_params(client_params());
526 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
527 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]528
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]529 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]530 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]531}
532
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]533TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]534 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]535 GenerateKey(AuthorizationSetBuilder()
536 .RsaSigningKey(256, 3)
537 .Digest(KM_DIGEST_NONE)
538 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]539 AuthorizationSet begin_params(client_params());
540 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]541 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]542 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]543
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]544 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]545 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]546}
547
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]548TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]549 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]550 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
551 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]552 AuthorizationSet begin_params(client_params());
553 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
554 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]555
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]556 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]557 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]558}
559
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]560TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]561 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
562 .RsaSigningKey(256, 3)
563 .Digest(KM_DIGEST_NONE)
564 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]565 AuthorizationSet begin_params(client_params());
566 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]567 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]568 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]569
570 string message = "1234567890123456789012345678901";
571 string result;
572 size_t input_consumed;
573 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
574 EXPECT_EQ(0U, result.size());
575 EXPECT_EQ(31U, input_consumed);
576
577 string signature;
578 ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature));
579 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]580
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]581 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]582 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]583}
584
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]585TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]586 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
587 .RsaEncryptionKey(256, 3)
588 .Digest(KM_DIGEST_NONE)
589 .Padding(KM_PAD_NONE)));
590 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
591 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]592
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]593 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]594 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]595}
596
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]597TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]598 ASSERT_EQ(KM_ERROR_OK,
599 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]600 string message(1024, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]601 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]602 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]603
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]604 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
605 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]606}
607
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]608TEST_P(SigningOperationsTest, EcdsaSha256Success) {
609 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
610 KM_DIGEST_SHA_2_256)));
611 string message(1024, 'a');
612 string signature;
613 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
614
615 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
616 EXPECT_EQ(3, GetParam()->keymaster0_calls());
617}
618
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]619TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]620 ASSERT_EQ(KM_ERROR_OK,
621 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
622 TAG_BLOCK_MODE, KM_MODE_ECB)));
623 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
624 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]625
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]626 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]627}
628
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]629TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]630 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]631 string message = "12345678901234567890123456789012";
632 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]633 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]634 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]635
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]636 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]637}
638
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]639TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]640 ASSERT_EQ(KM_ERROR_OK,
641 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]642 string message = "12345678901234567890123456789012";
643 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]644 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]645 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]646
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]647 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]648}
649
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]650TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK,
652 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]653 string message = "12345678901234567890123456789012";
654 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]655 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]656 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]657
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]658 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]659}
660
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]661TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]662 ASSERT_EQ(KM_ERROR_OK,
663 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
664
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]665 string message = "12345678901234567890123456789012";
666 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]667 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]668 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]669
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]670 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]671}
672
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]673TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]674 ASSERT_EQ(KM_ERROR_OK,
675 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]676 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]677 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]678 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]679 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]680
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]681 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]682}
683
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]684TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]685 // TODO(swillden): unified API should generate an error on key generation.
686 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
687 .HmacKey(128)
688 .Digest(KM_DIGEST_SHA_2_256)
689 .Authorization(TAG_MAC_LENGTH, 20)));
690 string message = "12345678901234567890123456789012";
691 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]692 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]693 // Size in key was ignored.
694 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]695
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]696 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]697}
698
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]699TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]700 uint8_t key_data[] = {
701 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
702 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
703 };
704 string message = "Hi There";
705 uint8_t sha_224_expected[] = {
706 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
707 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
708 };
709 uint8_t sha_256_expected[] = {
710 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
711 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
712 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
713 };
714 uint8_t sha_384_expected[] = {
715 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
716 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
717 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
718 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
719 };
720 uint8_t sha_512_expected[] = {
721 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
722 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
723 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
724 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
725 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
726 };
727
728 string key = make_string(key_data);
729
730 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
731 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
732 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
733 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]734
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]735 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]736}
737
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]738TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]739 string key = "Jefe";
740 string message = "what do ya want for nothing?";
741 uint8_t sha_224_expected[] = {
742 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
743 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
744 };
745 uint8_t sha_256_expected[] = {
746 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
747 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
748 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
749 };
750 uint8_t sha_384_expected[] = {
751 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
752 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
753 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
754 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
755 };
756 uint8_t sha_512_expected[] = {
757 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
758 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
759 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
760 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
761 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
762 };
763
764 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
765 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
766 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
767 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]768
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]769 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]770}
771
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]772TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]773 string key(20, 0xaa);
774 string message(50, 0xdd);
775 uint8_t sha_224_expected[] = {
776 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
777 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
778 };
779 uint8_t sha_256_expected[] = {
780 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
781 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
782 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
783 };
784 uint8_t sha_384_expected[] = {
785 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
786 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
787 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
788 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
789 };
790 uint8_t sha_512_expected[] = {
791 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
792 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
793 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
794 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
795 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
796 };
797
798 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
799 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
800 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
801 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]802
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]803 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]804}
805
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]806TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]807 uint8_t key_data[25] = {
808 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
809 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
810 };
811 string key = make_string(key_data);
812 string message(50, 0xcd);
813 uint8_t sha_224_expected[] = {
814 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
815 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
816 };
817 uint8_t sha_256_expected[] = {
818 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
819 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
820 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
821 };
822 uint8_t sha_384_expected[] = {
823 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
824 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
825 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
826 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
827 };
828 uint8_t sha_512_expected[] = {
829 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
830 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
831 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
832 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
833 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
834 };
835
836 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
837 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
838 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
839 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]840
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]841 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]842}
843
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]844TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]845 string key(20, 0x0c);
846 string message = "Test With Truncation";
847
848 uint8_t sha_224_expected[] = {
849 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
850 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
851 };
852 uint8_t sha_256_expected[] = {
853 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
854 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
855 };
856 uint8_t sha_384_expected[] = {
857 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
858 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
859 };
860 uint8_t sha_512_expected[] = {
861 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
862 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
863 };
864
865 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
866 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
867 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
868 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]869
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]870 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]871}
872
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]873TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]874 string key(131, 0xaa);
875 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
876
877 uint8_t sha_224_expected[] = {
878 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
879 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
880 };
881 uint8_t sha_256_expected[] = {
882 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
883 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
884 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
885 };
886 uint8_t sha_384_expected[] = {
887 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
888 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
889 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
890 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
891 };
892 uint8_t sha_512_expected[] = {
893 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
894 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
895 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
896 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
897 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
898 };
899
900 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
901 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
902 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
903 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]904
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]905 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]906}
907
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]908TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]909 string key(131, 0xaa);
910 string message = "This is a test using a larger than block-size key and a larger than "
911 "block-size data. The key needs to be hashed before being used by the HMAC "
912 "algorithm.";
913
914 uint8_t sha_224_expected[] = {
915 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
916 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
917 };
918 uint8_t sha_256_expected[] = {
919 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
920 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
921 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
922 };
923 uint8_t sha_384_expected[] = {
924 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
925 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
926 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
927 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
928 };
929 uint8_t sha_512_expected[] = {
930 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
931 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
932 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
933 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
934 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
935 };
936
937 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
938 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
939 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
940 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]941
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]942 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]943}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]944
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]945TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]946 ASSERT_EQ(KM_ERROR_OK,
947 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
948 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]949 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]950 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]951 ASSERT_EQ(KM_ERROR_OK,
952 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
953 string message = "1234567890123456789012345678901";
954 string result;
955 size_t input_consumed;
956 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
957 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]958
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]959 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]960}
961
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]962// TODO(swillden): Add more verification failure tests.
963
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]964typedef Keymaster1Test VerificationOperationsTest;
965INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
966
967TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]968 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
969 .RsaSigningKey(256, 3)
970 .Digest(KM_DIGEST_NONE)
971 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]972 string message = "12345678901234567890123456789012";
973 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]974 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
975 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]976
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]977 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]978 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]979}
980
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]981TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]982 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
983 .RsaSigningKey(512, 3)
984 .Digest(KM_DIGEST_SHA_2_256)
985 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]986 // Use large message, which won't work without digesting.
987 string message(1024, 'a');
988 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]989 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
990 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]991
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]992 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]993 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]994}
995
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]996TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]997 GenerateKey(AuthorizationSetBuilder()
998 .RsaSigningKey(512, 3)
999 .Digest(KM_DIGEST_SHA_2_256)
1000 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1001 string message(1024, 'a');
1002 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1003 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1004 ++signature[signature.size() / 2];
1005
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1006 AuthorizationSet begin_params(client_params());
1007 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1008 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1009 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1010
1011 string result;
1012 size_t input_consumed;
1013 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1014 EXPECT_EQ(message.size(), input_consumed);
1015 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1016
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1017 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1018 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1019}
1020
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1021TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1022 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1023 .RsaSigningKey(512, 3)
1024 .Digest(KM_DIGEST_SHA_2_256)
1025 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1026 // Use large message, which won't work without digesting.
1027 string message(1024, 'a');
1028 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1029 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1030 ++message[message.size() / 2];
1031
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1032 AuthorizationSet begin_params(client_params());
1033 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1034 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1035 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1036
1037 string result;
1038 size_t input_consumed;
1039 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1040 EXPECT_EQ(message.size(), input_consumed);
1041 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1042
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1043 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1044 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1045}
1046
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1047TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1048 GenerateKey(AuthorizationSetBuilder()
1049 .RsaSigningKey(512, 3)
1050 .Digest(KM_DIGEST_SHA_2_256)
1051 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1052 string message(1024, 'a');
1053 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1054 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1055 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1056
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1057 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1058 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1059}
1060
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1061TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1062 GenerateKey(AuthorizationSetBuilder()
1063 .RsaSigningKey(512, 3)
1064 .Digest(KM_DIGEST_SHA_2_256)
1065 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1066 string message(1024, 'a');
1067 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1068 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1069 ++signature[signature.size() / 2];
1070
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1071 AuthorizationSet begin_params(client_params());
1072 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1073 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1074 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1075
1076 string result;
1077 size_t input_consumed;
1078 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1079 EXPECT_EQ(message.size(), input_consumed);
1080 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1081
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1082 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1083 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1084}
1085
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1086TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1087 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1088 .RsaSigningKey(512, 3)
1089 .Digest(KM_DIGEST_SHA_2_256)
1090 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1091 // Use large message, which won't work without digesting.
1092 string message(1024, 'a');
1093 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1094 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1095 ++message[message.size() / 2];
1096
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1097 AuthorizationSet begin_params(client_params());
1098 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1099 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1100 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1101
1102 string result;
1103 size_t input_consumed;
1104 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1105 EXPECT_EQ(message.size(), input_consumed);
1106 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1107
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1108 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1109 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1110}
1111
1112template <typename T> vector<T> make_vector(const T* array, size_t len) {
1113 return vector<T>(array, array + len);
1114}
1115
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1116TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1117 // Get all supported digests and padding modes.
1118 size_t digests_len;
1119 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1120 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1121 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1122 &digests_len));
1123
1124 size_t padding_modes_len;
1125 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1126 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1127 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1128 &padding_modes, &padding_modes_len));
1129
1130 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1131 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1132 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1133 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1134 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1135 // Digesting requires padding
1136 continue;
1137
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1138 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1139 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1140 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1141
1142 if (digest == KM_DIGEST_NONE) {
1143 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1144 switch (padding_mode) {
1145 case KM_PAD_NONE:
1146 // Match key size.
1147 message_len = key_bits / 8;
1148 break;
1149 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1150 message_len = key_bits / 8 - 11;
1151 break;
1152 case KM_PAD_RSA_PSS:
1153 // PSS requires a digest.
1154 continue;
1155 default:
1156 FAIL() << "Missing padding";
1157 break;
1158 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1159 } else {
1160 size_t digest_bits;
1161 switch (digest) {
1162 case KM_DIGEST_MD5:
1163 digest_bits = 128;
1164 break;
1165 case KM_DIGEST_SHA1:
1166 digest_bits = 160;
1167 break;
1168 case KM_DIGEST_SHA_2_224:
1169 digest_bits = 224;
1170 break;
1171 case KM_DIGEST_SHA_2_256:
1172 digest_bits = 256;
1173 break;
1174 case KM_DIGEST_SHA_2_384:
1175 digest_bits = 384;
1176 break;
1177 case KM_DIGEST_SHA_2_512:
1178 digest_bits = 512;
1179 break;
1180 default:
1181 FAIL() << "Missing digest";
1182 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1183
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1184 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1185 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1186 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1187 break;
1188 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1189 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1190 break;
1191 default:
1192 FAIL() << "Missing padding";
1193 break;
1194 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1195 }
1196
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1197 GenerateKey(AuthorizationSetBuilder()
1198 .RsaSigningKey(key_bits, 3)
1199 .Digest(digest)
1200 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1201 string message(message_len, 'a');
1202 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1203 SignMessage(message, &signature, digest, padding_mode);
1204 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1205 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1206 }
1207 }
1208
1209 free(padding_modes);
1210 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1211
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1212 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1213 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1214}
1215
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1216TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1217 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1218 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1219 string message = "123456789012345678901234567890123456789012345678";
1220 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1221 SignMessage(message, &signature, KM_DIGEST_NONE);
1222 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1223
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1224 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1225 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1226}
1227
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1228TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1229 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1230 .EcdsaSigningKey(256)
1231 .Digest(KM_DIGEST_SHA_2_256)
1232 .Digest(KM_DIGEST_NONE)));
1233 string message = "123456789012345678901234567890123456789012345678";
1234 string signature;
1235 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1236 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1237
1238 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1239 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1240
1241 // Just for giggles, try verifying with the wrong digest.
1242 AuthorizationSet begin_params(client_params());
1243 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1244 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1245
1246 string result;
1247 size_t input_consumed;
1248 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1249 EXPECT_EQ(message.size(), input_consumed);
1250 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1251}
1252
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1253TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1254 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1255 string message = "123456789012345678901234567890123456789012345678";
1256 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1257 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1258 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1259
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1260 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1261}
1262
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1263TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1264 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1265 string message = "123456789012345678901234567890123456789012345678";
1266 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1267 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1268 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1269
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1270 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1271}
1272
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1273TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1274 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1275 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1276 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1277 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1278 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1279
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1280 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1281}
1282
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1283TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1284 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1285 string message = "123456789012345678901234567890123456789012345678";
1286 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1287 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1288 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1289
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1290 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1291}
1292
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1293TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1294 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1295 string message = "123456789012345678901234567890123456789012345678";
1296 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1297 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1298 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1299
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1300 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1301}
1302
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1303typedef Keymaster1Test ExportKeyTest;
1304INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1305
1306TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1307 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1308 .RsaSigningKey(256, 3)
1309 .Digest(KM_DIGEST_NONE)
1310 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1311 string export_data;
1312 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1313 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1314
1315 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1316
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1317 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1318 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1319}
1320
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1321TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1322 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1323 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1324 string export_data;
1325 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1326 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1327
1328 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1329
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1330 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1331 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1332}
1333
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1334TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1335 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1336 .RsaSigningKey(256, 3)
1337 .Digest(KM_DIGEST_NONE)
1338 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1339 string export_data;
1340 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1341
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1342 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1343 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1344}
1345
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1346TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1347 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1348 .RsaSigningKey(256, 3)
1349 .Digest(KM_DIGEST_NONE)
1350 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1351 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1352 string export_data;
1353 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1354
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1355 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1356 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1357}
1358
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1359TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1360 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1361 string export_data;
1362
1363 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1364 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1365 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1366
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1367 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1368}
1369
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1370static string read_file(const string& file_name) {
1371 ifstream file_stream(file_name, std::ios::binary);
1372 istreambuf_iterator<char> file_begin(file_stream);
1373 istreambuf_iterator<char> file_end;
1374 return string(file_begin, file_end);
1375}
1376
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1377typedef Keymaster1Test ImportKeyTest;
1378INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1379
1380TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1381 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1382 ASSERT_EQ(633U, pk8_key.size());
1383
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1384 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1385 .RsaSigningKey(1024, 65537)
1386 .Digest(KM_DIGEST_NONE)
1387 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1388 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1389
1390 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1391 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1392 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1393 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1394 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1395 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1396 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1397 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1398 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1399 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1400
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1401 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1402 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1403 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1404
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1405 string message(1024 / 8, 'a');
1406 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1407 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1408 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1409
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1410 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1411 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1412}
1413
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1414TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1415 string pk8_key = read_file("rsa_privkey_pk8.der");
1416 ASSERT_EQ(633U, pk8_key.size());
1417
1418 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1419 // point softkeymaster will no longer support keymaster0 APIs anyway.
1420 uint8_t* key_blob;
1421 size_t key_blob_length;
1422 ASSERT_EQ(0,
1423 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1424 pk8_key.size(), &key_blob, &key_blob_length));
1425 set_key_blob(key_blob, key_blob_length);
1426
1427 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1428 AuthorizationSet begin_params; // Don't use client data.
1429 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1430 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1431 AuthorizationSet update_params;
1432 AuthorizationSet output_params;
1433 string signature =
1434 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1435 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1436 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1437
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1438 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1439 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1440}
1441
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1442TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1443 string pk8_key = read_file("rsa_privkey_pk8.der");
1444 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1445 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1446 ImportKey(AuthorizationSetBuilder()
1447 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1448 .Digest(KM_DIGEST_NONE)
1449 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1450 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1451
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1452 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1453}
1454
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1455TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1456 string pk8_key = read_file("rsa_privkey_pk8.der");
1457 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1458 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1459 ImportKey(AuthorizationSetBuilder()
1460 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1461 .Digest(KM_DIGEST_NONE)
1462 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1463 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1464
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1465 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1466}
1467
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1468TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1469 string pk8_key = read_file("ec_privkey_pk8.der");
1470 ASSERT_EQ(138U, pk8_key.size());
1471
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1472 ASSERT_EQ(KM_ERROR_OK,
1473 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1474 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1475
1476 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1477 EXPECT_TRUE(
1478 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1479 TAG_ALGORITHM, KM_ALGORITHM_EC));
1480 EXPECT_TRUE(
1481 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1482 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1483
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1484 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1485 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1486 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1487
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1488 string message(1024 / 8, 'a');
1489 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1490 SignMessage(message, &signature, KM_DIGEST_NONE);
1491 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1492
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1493 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1494 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1495}
1496
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1497TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1498 string pk8_key = read_file("ec_privkey_pk8.der");
1499 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1500
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1501 ASSERT_EQ(KM_ERROR_OK,
1502 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1503 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1504
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1505 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1506 EXPECT_TRUE(
1507 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1508 TAG_ALGORITHM, KM_ALGORITHM_EC));
1509 EXPECT_TRUE(
1510 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1511 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1512
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1513 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1514 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1515 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1516
1517 string message(1024 / 8, 'a');
1518 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1519 SignMessage(message, &signature, KM_DIGEST_NONE);
1520 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1521
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1522 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1523 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1524}
1525
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1526TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1527 string pk8_key = read_file("ec_privkey_pk8.der");
1528 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1529 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1530 ImportKey(AuthorizationSetBuilder()
1531 .EcdsaSigningKey(224 /* Doesn't match key */)
1532 .Digest(KM_DIGEST_NONE),
1533 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1534
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1535 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1536}
1537
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1538TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1539 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1540 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1541 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1542 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1543 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1544 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1545
1546 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1547 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1548
1549 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1550 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1551 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1552 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1553
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1554 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1555}
1556
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1557TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1558 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1559 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1560 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1561 .HmacKey(sizeof(key_data) * 8)
1562 .Digest(KM_DIGEST_SHA_2_256)
1563 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1564 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1565
1566 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1567 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1568
1569 string message = "Hello World!";
1570 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1571 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1572 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1573
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1574 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1575}
1576
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1577typedef Keymaster1Test EncryptionOperationsTest;
1578INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1579
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1580TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1581 ASSERT_EQ(KM_ERROR_OK,
1582 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1583
1584 string message = "12345678901234567890123456789012";
1585 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1586 EXPECT_EQ(256U / 8, ciphertext1.size());
1587
1588 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1589 EXPECT_EQ(256U / 8, ciphertext2.size());
1590
1591 // Unpadded RSA is deterministic
1592 EXPECT_EQ(ciphertext1, ciphertext2);
1593
1594 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1595 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1596}
1597
1598TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1599 ASSERT_EQ(KM_ERROR_OK,
1600 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1601
1602 string message = "1234567890123456789012345678901";
1603
1604 AuthorizationSet begin_params(client_params());
1605 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1606 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1607
1608 string result;
1609 size_t input_consumed;
1610 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1611 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1612 EXPECT_EQ(0U, result.size());
1613
1614 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1615 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1616}
1617
1618TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1619 ASSERT_EQ(KM_ERROR_OK,
1620 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1621
1622 string message = "123456789012345678901234567890123";
1623
1624 AuthorizationSet begin_params(client_params());
1625 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1626 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1627
1628 string result;
1629 size_t input_consumed;
1630 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1631 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1632 EXPECT_EQ(0U, result.size());
1633
1634 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1635 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1636}
1637
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1638TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1639 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1640 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1641
1642 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1643 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1644 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1645
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1646 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1647 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1648
1649 // OAEP randomizes padding so every result should be different.
1650 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1651
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1652 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1653 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1654}
1655
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1656TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1657 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1658 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1659 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1660 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1661 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1662
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1663 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1664 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1665
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1666 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1667 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1668}
1669
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1670TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1671 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1672 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1673 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1674 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1675 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1676
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1677 AuthorizationSet begin_params(client_params());
1678 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1679 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1680 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1681 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1682 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1683
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1684 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1685 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1686}
1687
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1688TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1689 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1690 KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1691 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1692 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1693 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1694
1695 // Corrupt the ciphertext
1696 ciphertext[512 / 8 / 2]++;
1697
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1698 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1699 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1700 AuthorizationSet begin_params(client_params());
1701 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1702 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1703 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1704 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1705 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1706
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1707 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1708 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1709}
1710
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1711TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1712 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1713 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1714 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1715 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1716 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1717
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1718 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1719 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1720
1721 // PKCS1 v1.5 randomizes padding so every result should be different.
1722 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1723
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1724 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1725 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1726}
1727
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1728TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1729 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1730 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1731 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1732 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1733 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1734
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1735 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1736 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1737
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1738 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1739 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1740}
1741
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1742TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1743 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1744 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1745 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1746 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1747 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1748
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1749 AuthorizationSet begin_params(client_params());
1750 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1751 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1752 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1753 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1754 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1755
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1756 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1757 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1758}
1759
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1760TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1761 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1762 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1763 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1764 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1765 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1766
1767 // Corrupt the ciphertext
1768 ciphertext[512 / 8 / 2]++;
1769
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1770 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1771 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1772 AuthorizationSet begin_params(client_params());
1773 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1774 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1775 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1776 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1777 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1778
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1779 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1780 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1781}
1782
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1783TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1784 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1785 .RsaSigningKey(256, 3)
1786 .Digest(KM_DIGEST_NONE)
1787 .Padding(KM_PAD_NONE)));
1788 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1789 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1790
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1791 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1792 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1793}
1794
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1795TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1796 ASSERT_EQ(KM_ERROR_OK,
1797 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
1798 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1799 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1800
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1801 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1802 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1803}
1804
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1805TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1806 ASSERT_EQ(
1807 KM_ERROR_OK,
1808 GenerateKey(
1809 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
1810 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
1811 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1812
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1813 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]1814}
1815
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1816TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1817 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1818 .AesEncryptionKey(128)
1819 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1820 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1821 // Two-block message.
1822 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1823 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1824 EXPECT_EQ(message.size(), ciphertext1.size());
1825
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1826 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1827 EXPECT_EQ(message.size(), ciphertext2.size());
1828
1829 // ECB is deterministic.
1830 EXPECT_EQ(ciphertext1, ciphertext2);
1831
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1832 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1833 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1834
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1835 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1836}
1837
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1838TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1839 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1840 .AesEncryptionKey(128)
1841 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1842 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1843 // Message is slightly shorter than two blocks.
1844 string message = "1234567890123456789012345678901";
1845
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1846 AuthorizationSet begin_params(client_params());
1847 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1848 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1849 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1850 string ciphertext;
1851 size_t input_consumed;
1852 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
1853 EXPECT_EQ(message.size(), input_consumed);
1854 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1855
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1856 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1857}
1858
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1859TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1860 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1861 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1862 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1863 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1864
1865 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1866 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1867 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1868 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1869 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1870 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1871 EXPECT_EQ(message, plaintext);
1872 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1873
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1874 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1875}
1876
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1877TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1878 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1879 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1880 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
1881 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1882
1883 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1884 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1885 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1886 EXPECT_NE(ciphertext, message);
1887 ++ciphertext[ciphertext.size() / 2];
1888
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1889 AuthorizationSet begin_params(client_params());
1890 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1891 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1892 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1893 string plaintext;
1894 size_t input_consumed;
1895 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
1896 EXPECT_EQ(ciphertext.size(), input_consumed);
1897 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1898
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1899 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]1900}
1901
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1902TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1903 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1904 .AesEncryptionKey(128)
1905 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
1906 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1907 string message = "123";
1908 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1909 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1910 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]1911 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1912
1913 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1914 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1915 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]1916 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1917
1918 // IVs should be random, so ciphertexts should differ.
1919 EXPECT_NE(iv1, iv2);
1920 EXPECT_NE(ciphertext1, ciphertext2);
1921
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1922 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1923 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1924
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1925 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1926}
1927
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1928TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1929 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1930 .AesEncryptionKey(128)
1931 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
1932 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1933
1934 int increment = 15;
1935 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1936 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1937 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1938 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1939 AuthorizationSet output_params;
1940 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
1941
1942 string ciphertext;
1943 size_t input_consumed;
1944 for (size_t i = 0; i < message.size(); i += increment)
1945 EXPECT_EQ(KM_ERROR_OK,
1946 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
1947 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
1948 EXPECT_EQ(message.size(), ciphertext.size());
1949
1950 // Move TAG_NONCE into input_params
1951 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1952 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]1953 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1954 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1955 output_params.Clear();
1956
1957 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
1958 string plaintext;
1959 for (size_t i = 0; i < ciphertext.size(); i += increment)
1960 EXPECT_EQ(KM_ERROR_OK,
1961 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
1962 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
1963 EXPECT_EQ(ciphertext.size(), plaintext.size());
1964 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1965
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1966 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]1967}
1968
1969struct AesCtrSp80038aTestVector {
1970 const char* key;
1971 const char* nonce;
1972 const char* plaintext;
1973 const char* ciphertext;
1974};
1975
1976// These test vectors are taken from
1977// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
1978static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
1979 // AES-128
1980 {
1981 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1982 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
1983 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
1984 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
1985 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
1986 },
1987 // AES-192
1988 {
1989 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1990 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
1991 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
1992 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
1993 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
1994 },
1995 // AES-256
1996 {
1997 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
1998 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
1999 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2000 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2001 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2002 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2003 },
2004};
2005
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2006TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2007 for (size_t i = 0; i < 3; i++) {
2008 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2009 const string key = hex2str(test.key);
2010 const string nonce = hex2str(test.nonce);
2011 const string plaintext = hex2str(test.plaintext);
2012 const string ciphertext = hex2str(test.ciphertext);
2013 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2014 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2015
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2016 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2017}
2018
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2019TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2020 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2021 .AesEncryptionKey(128)
2022 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2023 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2024 AuthorizationSet begin_params(client_params());
2025 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2026 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2027 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2028
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2029 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2030}
2031
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2032TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2033 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2034 .AesEncryptionKey(128)
2035 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2036 .Authorization(TAG_CALLER_NONCE)
2037 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2038
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2039 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2040 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2041 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2042 input_params.push_back(TAG_NONCE, "123", 3);
2043 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2044
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2045 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2046}
2047
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2048TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2049 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2050 .AesEncryptionKey(128)
2051 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2052 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2053 // Two-block message.
2054 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2055 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2056 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2057 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2058
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2059 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2060 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2061 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2062
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2063 // IVs should be random, so ciphertexts should differ.
2064 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2065 EXPECT_NE(ciphertext1, ciphertext2);
2066
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2067 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2068 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2069
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2070 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2071}
2072
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2073TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2074 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2075 .AesEncryptionKey(128)
2076 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2077 .Authorization(TAG_CALLER_NONCE)
2078 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2079 string message = "12345678901234567890123456789012";
2080 string iv1;
2081 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2082 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2083 EXPECT_EQ(message.size(), ciphertext1.size());
2084 EXPECT_EQ(16U, iv1.size());
2085
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2086 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2087 EXPECT_EQ(message, plaintext);
2088
2089 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2090 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2091 AuthorizationSet update_params;
2092 AuthorizationSet output_params;
2093 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2094 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2095 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2096 string ciphertext2 =
2097 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2098
2099 // Decrypt with correct nonce.
2100 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2101 &output_params);
2102 EXPECT_EQ(message, plaintext);
2103
2104 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2105 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2106 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2107 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2108 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2109 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2110 &output_params);
2111 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2112
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2113 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2114}
2115
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2116TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2117 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2118 .AesEncryptionKey(128)
2119 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2120 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2121
2122 string message = "12345678901234567890123456789012";
2123 string iv1;
2124 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2125 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2126 EXPECT_EQ(message.size(), ciphertext1.size());
2127 EXPECT_EQ(16U, iv1.size());
2128
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2129 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2130 EXPECT_EQ(message, plaintext);
2131
2132 // Now specify a nonce, should fail.
2133 AuthorizationSet input_params(client_params());
2134 AuthorizationSet update_params;
2135 AuthorizationSet output_params;
2136 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2137 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2138 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2139
2140 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2141 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2142
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2143 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2144}
2145
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2146TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2147 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2148 .AesEncryptionKey(128)
2149 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2150 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2151
2152 int increment = 15;
2153 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2154 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2155 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2156 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2157 AuthorizationSet output_params;
2158 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2159
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2160 string ciphertext;
2161 size_t input_consumed;
2162 for (size_t i = 0; i < message.size(); i += increment)
2163 EXPECT_EQ(KM_ERROR_OK,
2164 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2165 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2166 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2167
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2168 // Move TAG_NONCE into input_params
2169 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2170 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2171 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2172 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2173 output_params.Clear();
2174
2175 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2176 string plaintext;
2177 for (size_t i = 0; i < ciphertext.size(); i += increment)
2178 EXPECT_EQ(KM_ERROR_OK,
2179 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2180 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2181 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2182 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2183
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2184 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2185}
2186
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2187TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2188 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2189 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2190 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2191 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2192
2193 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2194 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2195 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2196 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2197 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2198 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2199 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2200 EXPECT_EQ(message, plaintext);
2201 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2202
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2203 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2204}
2205
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2206TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2207 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2208 .AesEncryptionKey(128)
2209 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2210 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2211 string aad = "foobar";
2212 string message = "123456789012345678901234567890123456";
2213 AuthorizationSet begin_params(client_params());
2214 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2215 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2216 begin_params.push_back(TAG_MAC_LENGTH, 128);
2217 AuthorizationSet begin_out_params;
2218
2219 AuthorizationSet update_params;
2220 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2221 AuthorizationSet update_out_params;
2222
2223 AuthorizationSet finish_params;
2224 AuthorizationSet finish_out_params;
2225
2226 string ciphertext;
2227 string discard;
2228 string plaintext;
2229
2230 size_t input_consumed;
2231
2232 // Encrypt
2233 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2234 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2235 &input_consumed));
2236 EXPECT_EQ(message.size(), input_consumed);
2237 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2238
2239 // Grab nonce & tag.
2240 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2241 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2242 begin_params.push_back(begin_out_params);
2243 update_params.push_back(finish_out_params);
2244
2245 // Decrypt.
2246 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2247 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2248 &plaintext, &input_consumed));
2249 EXPECT_EQ(ciphertext.size(), input_consumed);
2250 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&discard));
2251
2252 EXPECT_EQ(message, plaintext);
2253 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2254}
2255
2256TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2257 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2258 .AesEncryptionKey(128)
2259 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2260 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2261 string message = "123456789012345678901234567890123456";
2262 AuthorizationSet begin_params(client_params());
2263 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2264 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2265 begin_params.push_back(TAG_MAC_LENGTH, 128);
2266 AuthorizationSet begin_out_params;
2267
2268 AuthorizationSet update_params;
2269 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
2270 AuthorizationSet update_out_params;
2271
2272 AuthorizationSet finish_params;
2273 AuthorizationSet finish_out_params;
2274
2275 string ciphertext;
2276 string discard;
2277 string plaintext;
2278
2279 size_t input_consumed;
2280
2281 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2282
2283 // No data, AAD only.
2284 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2285 &input_consumed));
2286
2287 // AAD and data.
2288 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2289 &input_consumed));
2290 EXPECT_EQ(message.size(), input_consumed);
2291 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2292
2293 // Grab nonce & tag.
2294 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2295 begin_params.push_back(begin_out_params);
2296
2297 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2298 update_params.push_back(finish_out_params);
2299
2300 // All of the AAD in one.
2301
2302 // Decrypt.
2303 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2304 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2305 &input_consumed));
2306 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2307 &plaintext, &input_consumed));
2308 EXPECT_EQ(ciphertext.size(), input_consumed);
2309 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&discard));
2310
2311 EXPECT_EQ(message, plaintext);
2312 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2313}
2314
2315TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2316 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2317 .AesEncryptionKey(128)
2318 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2319 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2320 string aad = "foobar";
2321 string message = "12345678901234567890123456789012";
2322 AuthorizationSet begin_params(client_params());
2323 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2324 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2325 begin_params.push_back(TAG_MAC_LENGTH, 128);
2326 AuthorizationSet begin_out_params;
2327
2328 AuthorizationSet update_params;
2329 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2330 AuthorizationSet update_out_params;
2331
2332 AuthorizationSet finish_params;
2333 AuthorizationSet finish_out_params;
2334
2335 string ciphertext;
2336 string discard;
2337 string plaintext;
2338
2339 size_t input_consumed;
2340
2341 // Encrypt
2342 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2343 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2344 &input_consumed));
2345 EXPECT_EQ(message.size(), input_consumed);
2346 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2347
2348 // Grab nonce & tag.
2349 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2350 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2351 begin_params.push_back(begin_out_params);
2352 update_params.Clear();
2353 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
2354 update_params.push_back(finish_out_params);
2355
2356 // Decrypt.
2357 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2358 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2359 &plaintext, &input_consumed));
2360 EXPECT_EQ(ciphertext.size(), input_consumed);
2361 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&discard));
2362
2363 EXPECT_EQ(message, plaintext);
2364 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2365}
2366
2367TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2368 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2369 .AesEncryptionKey(128)
2370 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2371 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2372 string aad = "foobar";
2373 string message = "12345678901234567890123456789012";
2374 AuthorizationSet begin_params(client_params());
2375 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2376 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2377 begin_params.push_back(TAG_MAC_LENGTH, 128);
2378 AuthorizationSet begin_out_params;
2379
2380 AuthorizationSet update_params;
2381 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2382 AuthorizationSet update_out_params;
2383
2384 AuthorizationSet finish_params;
2385 AuthorizationSet finish_out_params;
2386
2387 string ciphertext;
2388 string discard;
2389 string plaintext;
2390
2391 size_t input_consumed;
2392
2393 // Encrypt
2394 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2395 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2396 &input_consumed));
2397 EXPECT_EQ(message.size(), input_consumed);
2398 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2399
2400 EXPECT_NE(-1, finish_out_params.find(TAG_AEAD_TAG));
2401 update_params.push_back(finish_out_params);
2402 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2403
2404 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2405 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2406 &plaintext, &input_consumed));
2407 EXPECT_EQ(ciphertext.size(), input_consumed);
2408 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&discard));
2409
2410 // With wrong nonce, should have gotten garbage plaintext.
2411 EXPECT_NE(message, plaintext);
2412 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2413}
2414
2415TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2416 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2417 .AesEncryptionKey(128)
2418 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2419 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2420 string aad = "foobar";
2421 string message = "123456789012345678901234567890123456";
2422 AuthorizationSet begin_params(client_params());
2423 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2424 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2425 begin_params.push_back(TAG_MAC_LENGTH, 128);
2426 AuthorizationSet begin_out_params;
2427
2428 AuthorizationSet update_params;
2429 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2430 AuthorizationSet update_out_params;
2431
2432 AuthorizationSet finish_params;
2433 AuthorizationSet finish_out_params;
2434
2435 string ciphertext;
2436 string discard;
2437 string plaintext;
2438
2439 size_t input_consumed;
2440
2441 // Encrypt
2442 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2443 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2444 &input_consumed));
2445 EXPECT_EQ(message.size(), input_consumed);
2446 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2447
2448 // Grab nonce & tag; corrupt tag.
2449 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2450 begin_params.push_back(begin_out_params);
2451 keymaster_blob_t tag;
2452 EXPECT_TRUE(finish_out_params.GetTagValue(TAG_AEAD_TAG, &tag));
2453 const_cast<uint8_t*>(tag.data)[tag.data_length / 2]++;
2454 update_params.push_back(TAG_AEAD_TAG, tag);
2455
2456 // Decrypt.
2457 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2458 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2459 &plaintext, &input_consumed));
2460 EXPECT_EQ(ciphertext.size(), input_consumed);
2461 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&discard));
2462
2463 EXPECT_EQ(message, plaintext);
2464 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2465}
2466
2467TEST_P(EncryptionOperationsTest, AesGcmShortTag) {
2468 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2469 .AesEncryptionKey(128)
2470 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2471 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2472 string aad = "foobar";
2473 string message = "123456789012345678901234567890123456";
2474 AuthorizationSet begin_params(client_params());
2475 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2476 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2477 begin_params.push_back(TAG_MAC_LENGTH, 128);
2478 AuthorizationSet begin_out_params;
2479
2480 AuthorizationSet update_params;
2481 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2482 AuthorizationSet update_out_params;
2483
2484 AuthorizationSet finish_params;
2485 AuthorizationSet finish_out_params;
2486
2487 string ciphertext;
2488 string discard;
2489 string plaintext;
2490
2491 size_t input_consumed;
2492
2493 // Encrypt
2494 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2495 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2496 &input_consumed));
2497 EXPECT_EQ(message.size(), input_consumed);
2498 EXPECT_EQ(KM_ERROR_OK, FinishOperation(finish_params, "", &finish_out_params, &discard));
2499
2500 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2501 begin_params.push_back(begin_out_params);
2502 keymaster_blob_t tag;
2503 EXPECT_TRUE(finish_out_params.GetTagValue(TAG_AEAD_TAG, &tag));
2504 tag.data_length = 11;
2505 update_params.push_back(TAG_AEAD_TAG, tag);
2506
2507 // Decrypt.
2508 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
2509 EXPECT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
2510 UpdateOperation(update_params, ciphertext, &update_out_params, &plaintext,
2511 &input_consumed));
2512
2513 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2514}
2515
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2516typedef Keymaster1Test AddEntropyTest;
2517INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2518
2519TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2520 // There's no obvious way to test that entropy is actually added, but we can test that the API
2521 // doesn't blow up or return an error.
2522 EXPECT_EQ(KM_ERROR_OK,
2523 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2524
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2525 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2526}
2527
2528typedef Keymaster1Test Keymaster0AdapterTest;
2529INSTANTIATE_TEST_CASE_P(
2530 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2531 ::testing::Values(
2532 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2533 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2534
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2535TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2536 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2537 // key data.
2538 string km1_sw = read_file("km1_sw_rsa_512.blob");
2539 EXPECT_EQ(486U, km1_sw.length());
2540
2541 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2542 memcpy(key_data, km1_sw.data(), km1_sw.length());
2543 set_key_blob(key_data, km1_sw.length());
2544
2545 string message(64, 'a');
2546 string signature;
2547 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2548
2549 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2550}
2551
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2552TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2553 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2554 // key data.
2555 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2556 EXPECT_EQ(270U, km1_sw.length());
2557
2558 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2559 memcpy(key_data, km1_sw.data(), km1_sw.length());
2560 set_key_blob(key_data, km1_sw.length());
2561
2562 string message(64, 'a');
2563 string signature;
2564 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2565
2566 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2567}
2568
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2569struct Malloc_Delete {
2570 void operator()(void* p) { free(p); }
2571};
2572
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2573TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2574 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2575 string km0_sw = read_file("km0_sw_rsa_512.blob");
2576 EXPECT_EQ(333U, km0_sw.length());
2577
2578 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2579 memcpy(key_data, km0_sw.data(), km0_sw.length());
2580 set_key_blob(key_data, km0_sw.length());
2581
2582 string message(64, 'a');
2583 string signature;
2584 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2585
2586 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2587}
2588
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame^]2589TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
2590 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2591 string km0_sw = read_file("km0_sw_rsa_512.blob");
2592 EXPECT_EQ(333U, km0_sw.length());
2593
2594 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2595 memcpy(key_data, km0_sw.data(), km0_sw.length());
2596 set_key_blob(key_data, km0_sw.length());
2597
2598 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2599 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2600 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2601 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2602 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2603 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2604 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2605 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2606 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2607 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2608
2609 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2610}
2611
2612TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
2613 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2614 string km0_sw = read_file("km0_sw_rsa_512.blob");
2615 EXPECT_EQ(333U, km0_sw.length());
2616
2617 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2618 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2619 EXPECT_EQ('P', km0_sw[0]);
2620 km0_sw[0] = 'Q';
2621
2622 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2623 memcpy(key_data, km0_sw.data(), km0_sw.length());
2624 set_key_blob(key_data, km0_sw.length());
2625
2626 string message(64, 'a');
2627 string signature;
2628 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2629 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
2630
2631 EXPECT_EQ(5, GetParam()->keymaster0_calls());
2632}
2633
2634TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
2635 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2636 string km0_sw = read_file("km0_sw_rsa_512.blob");
2637 EXPECT_EQ(333U, km0_sw.length());
2638
2639 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
2640 // be recognized as a software key. Do the same here to pretend this is a hardware key.
2641 EXPECT_EQ('P', km0_sw[0]);
2642 km0_sw[0] = 'Q';
2643
2644 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2645 memcpy(key_data, km0_sw.data(), km0_sw.length());
2646 set_key_blob(key_data, km0_sw.length());
2647
2648 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2649 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2650 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
2651 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2652 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2653 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
2654 EXPECT_EQ(5U, hw_enforced().size());
2655
2656 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2657 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2658 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2659 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2660
2661 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2662 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2663 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2664 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2665 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2666
2667 EXPECT_EQ(1, GetParam()->keymaster0_calls());
2668}
2669
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]2670} // namespace test
2671} // namespace keymaster