Blame - google_keymaster_test.cpp - fp2-dev/platform/system/keymaster

blob: 55e9b0e2f51b5bde82dc5f7c99831f6e93df5618 [file] [log] [blame]

Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	1	/*
				2	* Copyright (C) 2014 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
Shawn Willden	437fbd1	2014-08-20 11:59:49 -0600	[diff] [blame]	17	#include <string>
				18	#include <fstream>
				19
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	20	#include <gtest/gtest.h>
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	21
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	22	#include <openssl/engine.h>
				23
Shawn Willden	98d9b92	2014-08-26 08:14:10 -0600	[diff] [blame]	24	#include <keymaster/google_keymaster_utils.h>
				25	#include <keymaster/keymaster_tags.h>
				26
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	27	#include "google_keymaster_test_utils.h"
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	28	#include "google_softkeymaster.h"
				29
Shawn Willden	437fbd1	2014-08-20 11:59:49 -0600	[diff] [blame]	30	using std::string;
				31	using std::ifstream;
				32	using std::istreambuf_iterator;
				33
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	34	int main(int argc, char** argv) {
				35	::testing::InitGoogleTest(&argc, argv);
				36	int result = RUN_ALL_TESTS();
				37	// Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
				38	CRYPTO_cleanup_all_ex_data();
Shawn Willden	7c0a82b	2014-09-17 12:57:32 -0600	[diff] [blame]	39	ERR_remove_thread_state(NULL);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	40	ERR_free_strings();
				41	return result;
				42	}
				43
				44	namespace keymaster {
				45	namespace test {
				46
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	47	// Note that these DSA generator, p and q values must match the values from dsa_privkey_pk8.der.
				48	const uint8_t dsa_g[] = {
				49	0x19, 0x1C, 0x71, 0xFD, 0xE0, 0x03, 0x0C, 0x43, 0xD9, 0x0B, 0xF6, 0xCD, 0xD6, 0xA9, 0x70, 0xE7,
				50	0x37, 0x86, 0x3A, 0x78, 0xE9, 0xA7, 0x47, 0xA7, 0x47, 0x06, 0x88, 0xB1, 0xAF, 0xD7, 0xF3, 0xF1,
				51	0xA1, 0xD7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xD8, 0x11, 0xEF, 0xA5, 0x24, 0x1A, 0x81,
				52	0xC4, 0x2A, 0xE2, 0xEA, 0x0E, 0x36, 0xD2, 0xD2, 0x05, 0x84, 0x37, 0xCF, 0x32, 0x7D, 0x09, 0xE6,
				53	0x0F, 0x8B, 0x0C, 0xC8, 0xC2, 0xA4, 0xB1, 0xDC, 0x80, 0xCA, 0x68, 0xDF, 0xAF, 0xD2, 0x90, 0xC0,
				54	0x37, 0x58, 0x54, 0x36, 0x8F, 0x49, 0xB8, 0x62, 0x75, 0x8B, 0x48, 0x47, 0xC0, 0xBE, 0xF7, 0x9A,
				55	0x92, 0xA6, 0x68, 0x05, 0xDA, 0x9D, 0xAF, 0x72, 0x9A, 0x67, 0xB3, 0xB4, 0x14, 0x03, 0xAE, 0x4F,
				56	0x4C, 0x76, 0xB9, 0xD8, 0x64, 0x0A, 0xBA, 0x3B, 0xA8, 0x00, 0x60, 0x4D, 0xAE, 0x81, 0xC3, 0xC5,
				57	};
				58	const uint8_t dsa_p[] = {
				59	0xA3, 0xF3, 0xE9, 0xB6, 0x7E, 0x7D, 0x88, 0xF6, 0xB7, 0xE5, 0xF5, 0x1F, 0x3B, 0xEE, 0xAC, 0xD7,
				60	0xAD, 0xBC, 0xC9, 0xD1, 0x5A, 0xF8, 0x88, 0xC4, 0xEF, 0x6E, 0x3D, 0x74, 0x19, 0x74, 0xE7, 0xD8,
				61	0xE0, 0x26, 0x44, 0x19, 0x86, 0xAF, 0x19, 0xDB, 0x05, 0xE9, 0x3B, 0x8B, 0x58, 0x58, 0xDE, 0xE5,
				62	0x4F, 0x48, 0x15, 0x01, 0xEA, 0xE6, 0x83, 0x52, 0xD7, 0xC1, 0x21, 0xDF, 0xB9, 0xB8, 0x07, 0x66,
				63	0x50, 0xFB, 0x3A, 0x0C, 0xB3, 0x85, 0xEE, 0xBB, 0x04, 0x5F, 0xC2, 0x6D, 0x6D, 0x95, 0xFA, 0x11,
				64	0x93, 0x1E, 0x59, 0x5B, 0xB1, 0x45, 0x8D, 0xE0, 0x3D, 0x73, 0xAA, 0xF2, 0x41, 0x14, 0x51, 0x07,
				65	0x72, 0x3D, 0xA2, 0xF7, 0x58, 0xCD, 0x11, 0xA1, 0x32, 0xCF, 0xDA, 0x42, 0xB7, 0xCC, 0x32, 0x80,
				66	0xDB, 0x87, 0x82, 0xEC, 0x42, 0xDB, 0x5A, 0x55, 0x24, 0x24, 0xA2, 0xD1, 0x55, 0x29, 0xAD, 0xEB,
				67	};
				68	const uint8_t dsa_q[] = {
				69	0xEB, 0xEA, 0x17, 0xD2, 0x09, 0xB3, 0xD7, 0x21, 0x9A, 0x21,
				70	0x07, 0x82, 0x8F, 0xAB, 0xFE, 0x88, 0x71, 0x68, 0xF7, 0xE3,
				71	};
				72
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	73	class KeymasterTest : public testing::Test {
				74	protected:
Shawn Willden	2f3be36	2014-08-25 11:31:39 -0600	[diff] [blame]	75	KeymasterTest() : device(5, new StdoutLogger) { RAND_seed("foobar", 6); }
Shawn Willden	da8485e	2014-08-17 08:00:01 -0600	[diff] [blame]	76	~KeymasterTest() {}
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	77
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	78	template <typename T> void ExpectEmptyResponse(const SupportedResponse<T>& response) {
				79	EXPECT_EQ(KM_ERROR_OK, response.error);
				80	EXPECT_EQ(0U, response.results_length);
				81	}
				82
				83	template <typename T> void ExpectResponseContains(T val, const SupportedResponse<T>& response) {
				84	EXPECT_EQ(KM_ERROR_OK, response.error);
				85	EXPECT_EQ(1U, response.results_length);
				86	EXPECT_EQ(val, response.results[0]);
				87	}
				88
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	89	GoogleSoftKeymaster device;
				90	};
				91
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	92	typedef KeymasterTest CheckSupported;
				93	TEST_F(CheckSupported, SupportedAlgorithms) {
				94	// Shouldn't blow up on NULL.
				95	device.SupportedAlgorithms(NULL);
				96
				97	SupportedResponse<keymaster_algorithm_t> response;
				98	device.SupportedAlgorithms(&response);
				99	EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	100	EXPECT_EQ(3U, response.results_length);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	101	EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	102	EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	103	EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	104	}
				105
				106	TEST_F(CheckSupported, SupportedBlockModes) {
				107	// Shouldn't blow up on NULL.
				108	device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
				109
				110	SupportedResponse<keymaster_block_mode_t> response;
				111	device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	112	ExpectEmptyResponse(response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	113
				114	device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	115	ExpectEmptyResponse(response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	116
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	117	device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	118	ExpectEmptyResponse(response);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	119
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	120	device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	121	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				122	}
				123
				124	TEST_F(CheckSupported, SupportedPaddingModes) {
				125	// Shouldn't blow up on NULL.
				126	device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
				127
				128	SupportedResponse<keymaster_padding_t> response;
				129	device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	130	ExpectResponseContains(KM_PAD_NONE, response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	131
				132	device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	133	ExpectResponseContains(KM_PAD_NONE, response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	134
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	135	device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	136	ExpectResponseContains(KM_PAD_NONE, response);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	137
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	138	device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	139	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				140	}
				141
				142	TEST_F(CheckSupported, SupportedDigests) {
				143	// Shouldn't blow up on NULL.
				144	device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
				145
				146	SupportedResponse<keymaster_digest_t> response;
				147	device.SupportedDigests(KM_ALGORITHM_RSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	148	ExpectResponseContains(KM_DIGEST_NONE, response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	149
				150	device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	151	ExpectResponseContains(KM_DIGEST_NONE, response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	152
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	153	device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	154	ExpectResponseContains(KM_DIGEST_NONE, response);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	155
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	156	device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	157	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				158	}
				159
				160	TEST_F(CheckSupported, SupportedImportFormats) {
				161	// Shouldn't blow up on NULL.
				162	device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
				163
				164	SupportedResponse<keymaster_key_format_t> response;
				165	device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	166	ExpectResponseContains(KM_KEY_FORMAT_PKCS8, response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	167
				168	device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	169	ExpectResponseContains(KM_KEY_FORMAT_PKCS8, response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	170
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	171	device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	172	ExpectResponseContains(KM_KEY_FORMAT_PKCS8, response);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	173
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	174	device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	175	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				176	}
				177
				178	TEST_F(CheckSupported, SupportedExportFormats) {
				179	// Shouldn't blow up on NULL.
				180	device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
				181
				182	SupportedResponse<keymaster_key_format_t> response;
				183	device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	184	ExpectResponseContains(KM_KEY_FORMAT_X509, response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	185
				186	device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	187	ExpectResponseContains(KM_KEY_FORMAT_X509, response);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	188
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	189	device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	190	ExpectResponseContains(KM_KEY_FORMAT_X509, response);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	191
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	192	device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	193	EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
				194	}
				195
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	196	keymaster_key_param_t key_generation_base_params[] = {
				197	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				198	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				199	Authorization(TAG_USER_ID, 7),
				200	Authorization(TAG_USER_AUTH_ID, 8),
				201	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				202	Authorization(TAG_APPLICATION_DATA, "app_data", 8),
				203	Authorization(TAG_AUTH_TIMEOUT, 300),
				204	};
				205
				206	class NewKeyGeneration : public KeymasterTest {
				207	protected:
				208	NewKeyGeneration() {
				209	req_.key_description.Reinitialize(key_generation_base_params,
				210	array_length(key_generation_base_params));
				211	}
				212
				213	void CheckBaseParams(const GenerateKeyResponse& rsp) {
				214	ASSERT_EQ(KM_ERROR_OK, rsp.error);
				215	EXPECT_EQ(0U, rsp.enforced.size());
				216	EXPECT_EQ(12U, rsp.enforced.SerializedSize());
				217	EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
				218
				219	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
				220	EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
				221	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
				222	EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
				223	EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
				224
				225	// Verify that App ID, App data and ROT are NOT included.
				226	EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
				227	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
				228	EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
				229
				230	// Just for giggles, check that some unexpected tags/values are NOT present.
				231	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
				232	EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
				233	EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
				234	EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
				235
				236	// Now check that unspecified, defaulted tags are correct.
				237	EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
				238	EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
				239	}
				240
				241	GenerateKeyRequest req_;
				242	GenerateKeyResponse rsp_;
				243	};
				244
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	245	TEST_F(NewKeyGeneration, Rsa) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	246	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
				247	req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
				248	req_.key_description.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, 3));
				249	device.GenerateKey(req_, &rsp_);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	250
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	251	CheckBaseParams(rsp_);
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	252
				253	// Check specified tags are all present in unenforced characteristics
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	254	EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
				255	EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 256));
				256	EXPECT_TRUE(contains(rsp_.unenforced, TAG_RSA_PUBLIC_EXPONENT, 3));
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	257	}
				258
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	259	TEST_F(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	260	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA));
				261	device.GenerateKey(req_, &rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	262
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	263	CheckBaseParams(rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	264
				265	// Check specified tags are all present in unenforced characteristics
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	266	EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	267
				268	// Now check that unspecified, defaulted tags are correct.
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	269	EXPECT_TRUE(contains(rsp_.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
				270	EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 2048));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	271	}
				272
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	273	TEST_F(NewKeyGeneration, Dsa) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	274	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
				275	req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
				276	device.GenerateKey(req_, &rsp_);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	277
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	278	CheckBaseParams(rsp_);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	279
				280	// Check specified tags are all present in unenforced characteristics
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	281	EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
				282	EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	283
				284	// Generator should have created DSA params.
				285	keymaster_blob_t g, p, q;
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	286	EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
				287	EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_P, &p));
				288	EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willden	d67afae	2014-08-19 12:36:27 -0600	[diff] [blame]	289	EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden	28e4147	2014-08-18 13:35:22 -0600	[diff] [blame]	290	EXPECT_EQ(64U, p.data_length);
				291	EXPECT_EQ(20U, q.data_length);
				292	}
				293
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	294	TEST_F(NewKeyGeneration, DsaDefaultSize) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	295	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
				296	device.GenerateKey(req_, &rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	297
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	298	CheckBaseParams(rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	299
				300	// Check specified tags are all present in unenforced characteristics
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	301	EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	302
				303	// Now check that unspecified, defaulted tags are correct.
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	304	EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 2048));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	305	keymaster_blob_t g, p, q;
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	306	EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
				307	EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_P, &p));
				308	EXPECT_TRUE(rsp_.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	309	EXPECT_TRUE(g.data_length >= 255 && g.data_length <= 256);
				310	EXPECT_EQ(256U, p.data_length);
				311	EXPECT_EQ(32U, q.data_length);
				312	}
				313
				314	TEST_F(NewKeyGeneration, Dsa_ParamsSpecified) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	315	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
				316	req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
				317	req_.key_description.push_back(Authorization(TAG_DSA_GENERATOR, dsa_g, array_size(dsa_g)));
				318	req_.key_description.push_back(Authorization(TAG_DSA_P, dsa_p, array_size(dsa_p)));
				319	req_.key_description.push_back(Authorization(TAG_DSA_Q, dsa_q, array_size(dsa_q)));
				320	device.GenerateKey(req_, &rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	321
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	322	CheckBaseParams(rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	323
				324	// Check specified tags are all present in unenforced characteristics
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	325	EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
				326	EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 256));
				327	EXPECT_TRUE(contains(rsp_.unenforced, TAG_DSA_GENERATOR,
				328	std::string(reinterpret_cast<const char*>(dsa_g), array_size(dsa_g))));
				329	EXPECT_TRUE(contains(rsp_.unenforced, TAG_DSA_P,
				330	std::string(reinterpret_cast<const char*>(dsa_p), array_size(dsa_p))));
				331	EXPECT_TRUE(contains(rsp_.unenforced, TAG_DSA_Q,
				332	std::string(reinterpret_cast<const char*>(dsa_q), array_size(dsa_q))));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	333	}
				334
				335	TEST_F(NewKeyGeneration, Dsa_SomeParamsSpecified) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	336	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA));
				337	req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 256));
				338	req_.key_description.push_back(Authorization(TAG_DSA_P, dsa_p, array_size(dsa_p)));
				339	req_.key_description.push_back(Authorization(TAG_DSA_Q, dsa_q, array_size(dsa_q)));
				340	device.GenerateKey(req_, &rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	341
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	342	ASSERT_EQ(KM_ERROR_INVALID_DSA_PARAMS, rsp_.error);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	343	}
				344
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	345	TEST_F(NewKeyGeneration, Ecdsa) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	346	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				347	req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 192));
				348	device.GenerateKey(req_, &rsp_);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	349
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	350	CheckBaseParams(rsp_);
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	351
				352	// Check specified tags are all present in unenforced characteristics
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	353	EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				354	EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 192));
Shawn Willden	c3864dd	2014-08-18 15:20:01 -0600	[diff] [blame]	355	}
				356
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	357	TEST_F(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	358	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				359	device.GenerateKey(req_, &rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	360
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	361	CheckBaseParams(rsp_);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	362
				363	// Check specified tags are all present in unenforced characteristics
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	364	EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	365
				366	// Now check that unspecified, defaulted tags are correct.
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	367	EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 224));
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	368	}
				369
				370	TEST_F(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	371	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				372	req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 190));
				373	device.GenerateKey(req_, &rsp_);
				374	ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, rsp_.error);
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	375	}
				376
				377	TEST_F(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	378	size_t valid_sizes[] = {192, 224, 256, 384, 521};
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	379	for (size_t size : valid_sizes) {
Shawn Willden	d077231	2014-09-18 12:27:57 -0600	[diff] [blame^]	380	req_.key_description.Reinitialize(key_generation_base_params,
				381	array_length(key_generation_base_params));
				382	req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				383	req_.key_description.push_back(Authorization(TAG_KEY_SIZE, size));
				384	device.GenerateKey(req_, &rsp_);
				385	EXPECT_EQ(KM_ERROR_OK, rsp_.error) << "Failed to generate size: " << size;
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	386	}
				387	}
				388
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	389	typedef KeymasterTest GetKeyCharacteristics;
				390	TEST_F(GetKeyCharacteristics, SimpleRsa) {
				391	keymaster_key_param_t params[] = {
				392	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				393	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				394	Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
				395	Authorization(TAG_KEY_SIZE, 256),
				396	Authorization(TAG_USER_ID, 7),
				397	Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	398	Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	399	Authorization(TAG_AUTH_TIMEOUT, 300),
				400	};
				401
				402	GenerateKeyRequest gen_req;
				403	gen_req.key_description.Reinitialize(params, array_length(params));
				404	GenerateKeyResponse gen_rsp;
				405
				406	device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	407	ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	408
				409	GetKeyCharacteristicsRequest req;
Shawn Willden	da8485e	2014-08-17 08:00:01 -0600	[diff] [blame]	410	req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	411	req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden	7636471	2014-08-11 17:48:04 -0600	[diff] [blame]	412
				413	GetKeyCharacteristicsResponse rsp;
				414	device.GetKeyCharacteristics(req, &rsp);
				415	ASSERT_EQ(KM_ERROR_OK, rsp.error);
				416
				417	EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
				418	EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
				419	}
				420
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	421	/**
				422	* Test class that provides some infrastructure for generating keys and signing messages.
				423	*/
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	424	class SigningOperationsTest : public KeymasterTest {
				425	protected:
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	426	void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
				427	keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	428	keymaster_key_param_t params[] = {
				429	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				430	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	431	Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	432	Authorization(TAG_KEY_SIZE, key_size),
				433	Authorization(TAG_USER_ID, 7),
				434	Authorization(TAG_USER_AUTH_ID, 8),
				435	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				436	Authorization(TAG_AUTH_TIMEOUT, 300),
				437	};
				438	GenerateKeyRequest generate_request;
				439	generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	440	if (static_cast<int>(digest) != -1)
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	441	generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	442	if (static_cast<int>(padding) != -1)
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	443	generate_request.key_description.push_back(TAG_PADDING, padding);
				444	device.GenerateKey(generate_request, &generate_response_);
				445	EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	446	}
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	447
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	448	void SignMessage(const void* message, size_t size) {
Shawn Willden	437fbd1	2014-08-20 11:59:49 -0600	[diff] [blame]	449	SignMessage(generate_response_.key_blob, message, size);
				450	}
				451
				452	void SignMessage(const keymaster_key_blob_t& key_blob, const void* message, size_t size) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	453	BeginOperationRequest begin_request;
				454	BeginOperationResponse begin_response;
Shawn Willden	437fbd1	2014-08-20 11:59:49 -0600	[diff] [blame]	455	begin_request.SetKeyMaterial(key_blob);
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	456	begin_request.purpose = KM_PURPOSE_SIGN;
				457	AddClientParams(&begin_request.additional_params);
				458
				459	device.BeginOperation(begin_request, &begin_response);
				460	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				461
				462	UpdateOperationRequest update_request;
				463	UpdateOperationResponse update_response;
				464	update_request.op_handle = begin_response.op_handle;
				465	update_request.input.Reinitialize(message, size);
				466	EXPECT_EQ(size, update_request.input.available_read());
				467
				468	device.UpdateOperation(update_request, &update_response);
				469	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				470	EXPECT_EQ(0U, update_response.output.available_read());
				471
				472	FinishOperationRequest finish_request;
				473	finish_request.op_handle = begin_response.op_handle;
				474	device.FinishOperation(finish_request, &finish_response_);
				475	ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
				476	EXPECT_GT(finish_response_.output.available_read(), 0U);
				477	}
				478
				479	void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
				480
				481	const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
Shawn Willden	f268d74	2014-08-19 15:36:26 -0600	[diff] [blame]	482
				483	const keymaster_key_blob_t& corrupt_key_blob() {
Shawn Willden	2241bf0	2014-08-28 09:59:53 -0600	[diff] [blame]	484	uint8_t* tmp = const_cast<uint8_t*>(generate_response_.key_blob.key_material);
				485	++tmp[generate_response_.key_blob.key_material_size / 2];
Shawn Willden	f268d74	2014-08-19 15:36:26 -0600	[diff] [blame]	486	return generate_response_.key_blob;
				487	}
				488
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	489	Buffer* signature() {
				490	if (finish_response_.error == KM_ERROR_OK)
				491	return &finish_response_.output;
				492	return NULL;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	493	}
				494
				495	private:
				496	GenerateKeyResponse generate_response_;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	497	FinishOperationResponse finish_response_;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	498	};
				499
				500	TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	501	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	ffd790c	2014-08-18 21:20:06 -0600	[diff] [blame]	502	const char message[] = "12345678901234567890123456789012";
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	503
				504	BeginOperationRequest begin_request;
				505	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	506	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	507	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	508	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	509
				510	device.BeginOperation(begin_request, &begin_response);
				511	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				512
				513	UpdateOperationRequest update_request;
				514	UpdateOperationResponse update_response;
				515	update_request.op_handle = begin_response.op_handle;
Shawn Willden	ffd790c	2014-08-18 21:20:06 -0600	[diff] [blame]	516	update_request.input.Reinitialize(message, array_size(message) - 1);
				517	EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	518
				519	device.UpdateOperation(update_request, &update_response);
				520	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				521	EXPECT_EQ(0U, update_response.output.available_read());
				522
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	523	FinishOperationRequest finish_request;
				524	finish_request.op_handle = begin_response.op_handle;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	525	FinishOperationResponse finish_response;
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	526	device.FinishOperation(finish_request, &finish_response);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	527	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	528	EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	529
				530	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				531	}
				532
Shawn Willden	5b41ca2	2014-08-18 14:29:14 -0600	[diff] [blame]	533	TEST_F(SigningOperationsTest, DsaSuccess) {
				534	GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
				535
				536	BeginOperationRequest begin_request;
				537	BeginOperationResponse begin_response;
				538	begin_request.SetKeyMaterial(key_blob());
				539	begin_request.purpose = KM_PURPOSE_SIGN;
				540	AddClientParams(&begin_request.additional_params);
				541
				542	device.BeginOperation(begin_request, &begin_response);
				543	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				544
				545	UpdateOperationRequest update_request;
				546	UpdateOperationResponse update_response;
				547	update_request.op_handle = begin_response.op_handle;
				548	update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
				549	EXPECT_EQ(48U, update_request.input.available_read());
				550
				551	device.UpdateOperation(update_request, &update_response);
				552	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				553	EXPECT_EQ(0U, update_response.output.available_read());
				554
				555	FinishOperationRequest finish_request;
				556	finish_request.op_handle = begin_response.op_handle;
				557	FinishOperationResponse finish_response;
				558	device.FinishOperation(finish_request, &finish_response);
				559	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				560	EXPECT_GT(finish_response.output.available_read(), 0U);
				561
				562	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				563	}
				564
Shawn Willden	5ac2f8f	2014-08-18 15:33:10 -0600	[diff] [blame]	565	TEST_F(SigningOperationsTest, EcdsaSuccess) {
				566	GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
				567
				568	BeginOperationRequest begin_request;
				569	BeginOperationResponse begin_response;
				570	begin_request.SetKeyMaterial(key_blob());
				571	begin_request.purpose = KM_PURPOSE_SIGN;
				572	AddClientParams(&begin_request.additional_params);
				573
				574	device.BeginOperation(begin_request, &begin_response);
				575	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				576
				577	UpdateOperationRequest update_request;
				578	UpdateOperationResponse update_response;
				579	update_request.op_handle = begin_response.op_handle;
				580	update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
				581	EXPECT_EQ(48U, update_request.input.available_read());
				582
				583	device.UpdateOperation(update_request, &update_response);
				584	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				585	EXPECT_EQ(0U, update_response.output.available_read());
				586
				587	FinishOperationRequest finish_request;
				588	finish_request.op_handle = begin_response.op_handle;
				589	FinishOperationResponse finish_response;
				590	device.FinishOperation(finish_request, &finish_response);
				591	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				592	EXPECT_GT(finish_response.output.available_read(), 0U);
				593
				594	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				595	}
				596
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	597	TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	598	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	599
				600	BeginOperationRequest begin_request;
				601	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	602	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	603	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	604	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	605
				606	device.BeginOperation(begin_request, &begin_response);
				607	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				608
				609	EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
				610
				611	// Another abort should fail
				612	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				613	}
				614
				615	TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	616	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	617
				618	BeginOperationRequest begin_request;
				619	BeginOperationResponse begin_response;
				620	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	621	begin_request.SetKeyMaterial(key_blob());
				622	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	623
				624	device.BeginOperation(begin_request, &begin_response);
				625	ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
				626
				627	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				628	}
				629
				630	TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	631	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	632
				633	BeginOperationRequest begin_request;
				634	BeginOperationResponse begin_response;
				635	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	636	begin_request.SetKeyMaterial(key_blob());
				637	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	638
				639	device.BeginOperation(begin_request, &begin_response);
				640	ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
				641
				642	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				643	}
				644
				645	TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	646	GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
				647	256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	648
				649	BeginOperationRequest begin_request;
				650	BeginOperationResponse begin_response;
				651	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	652	begin_request.SetKeyMaterial(key_blob());
				653	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	654
				655	device.BeginOperation(begin_request, &begin_response);
				656	ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
				657
				658	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				659	}
				660
				661	TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	662	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
				663	256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	664
				665	BeginOperationRequest begin_request;
				666	BeginOperationResponse begin_response;
				667	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	668	begin_request.SetKeyMaterial(key_blob());
				669	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	670
				671	device.BeginOperation(begin_request, &begin_response);
				672	ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
				673
				674	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				675	}
				676
				677	TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	678	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	679
				680	BeginOperationRequest begin_request;
				681	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	682	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	683	begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	684	AddClientParams(&begin_request.additional_params);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	685
				686	device.BeginOperation(begin_request, &begin_response);
				687	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				688
				689	UpdateOperationRequest update_request;
				690	UpdateOperationResponse update_response;
				691	update_request.op_handle = begin_response.op_handle;
				692	update_request.input.Reinitialize("01234567890123456789012345678901", 31);
				693	EXPECT_EQ(31U, update_request.input.available_read());
				694
				695	device.UpdateOperation(update_request, &update_response);
				696	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				697	EXPECT_EQ(0U, update_response.output.available_read());
				698
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	699	FinishOperationRequest finish_request;
				700	finish_request.op_handle = begin_response.op_handle;
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	701	FinishOperationResponse finish_response;
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	702	device.FinishOperation(finish_request, &finish_response);
Shawn Willden	00aa794	2014-09-10 07:57:43 -0600	[diff] [blame]	703	ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, finish_response.error);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	704	EXPECT_EQ(0U, finish_response.output.available_read());
				705
				706	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				707	}
				708
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	709	typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	710	TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	711	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
				712	const char message[] = "12345678901234567890123456789012";
				713	SignMessage(message, array_size(message) - 1);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	714	ASSERT_TRUE(signature() != NULL);
				715
				716	BeginOperationRequest begin_request;
				717	BeginOperationResponse begin_response;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	718	begin_request.SetKeyMaterial(key_blob());
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	719	begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	720	AddClientParams(&begin_request.additional_params);
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	721
				722	device.BeginOperation(begin_request, &begin_response);
				723	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				724
				725	UpdateOperationRequest update_request;
				726	UpdateOperationResponse update_response;
				727	update_request.op_handle = begin_response.op_handle;
Shawn Willden	61644f3	2014-08-18 13:43:14 -0600	[diff] [blame]	728	update_request.input.Reinitialize(message, array_size(message) - 1);
				729	EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden	43e999e	2014-08-13 13:29:50 -0600	[diff] [blame]	730
				731	device.UpdateOperation(update_request, &update_response);
				732	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				733	EXPECT_EQ(0U, update_response.output.available_read());
				734
				735	FinishOperationRequest finish_request;
				736	finish_request.op_handle = begin_response.op_handle;
				737	finish_request.signature.Reinitialize(*signature());
				738	FinishOperationResponse finish_response;
				739	device.FinishOperation(finish_request, &finish_response);
				740	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden	1615f2e	2014-08-13 10:37:40 -0600	[diff] [blame]	741	EXPECT_EQ(0U, finish_response.output.available_read());
				742
				743	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				744	}
				745
Shawn Willden	5b41ca2	2014-08-18 14:29:14 -0600	[diff] [blame]	746	TEST_F(VerificationOperationsTest, DsaSuccess) {
				747	GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
				748	const char message[] = "123456789012345678901234567890123456789012345678";
				749	SignMessage(message, array_size(message) - 1);
				750	ASSERT_TRUE(signature() != NULL);
				751
				752	BeginOperationRequest begin_request;
				753	BeginOperationResponse begin_response;
				754	begin_request.SetKeyMaterial(key_blob());
				755	begin_request.purpose = KM_PURPOSE_VERIFY;
				756	AddClientParams(&begin_request.additional_params);
				757
				758	device.BeginOperation(begin_request, &begin_response);
				759	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				760
				761	UpdateOperationRequest update_request;
				762	UpdateOperationResponse update_response;
				763	update_request.op_handle = begin_response.op_handle;
				764	update_request.input.Reinitialize(message, array_size(message) - 1);
				765	EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
				766
				767	device.UpdateOperation(update_request, &update_response);
				768	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				769	EXPECT_EQ(0U, update_response.output.available_read());
				770
				771	FinishOperationRequest finish_request;
				772	finish_request.op_handle = begin_response.op_handle;
				773	finish_request.signature.Reinitialize(*signature());
				774	FinishOperationResponse finish_response;
				775	device.FinishOperation(finish_request, &finish_response);
				776	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				777	EXPECT_EQ(0U, finish_response.output.available_read());
				778
				779	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				780	}
				781
Shawn Willden	5ac2f8f	2014-08-18 15:33:10 -0600	[diff] [blame]	782	TEST_F(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	783	GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
Shawn Willden	5ac2f8f	2014-08-18 15:33:10 -0600	[diff] [blame]	784	const char message[] = "123456789012345678901234567890123456789012345678";
				785	SignMessage(message, array_size(message) - 1);
				786	ASSERT_TRUE(signature() != NULL);
				787
				788	BeginOperationRequest begin_request;
				789	BeginOperationResponse begin_response;
				790	begin_request.SetKeyMaterial(key_blob());
				791	begin_request.purpose = KM_PURPOSE_VERIFY;
				792	AddClientParams(&begin_request.additional_params);
				793
				794	device.BeginOperation(begin_request, &begin_response);
				795	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				796
				797	UpdateOperationRequest update_request;
				798	UpdateOperationResponse update_response;
				799	update_request.op_handle = begin_response.op_handle;
				800	update_request.input.Reinitialize(message, array_size(message) - 1);
				801	EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
				802
				803	device.UpdateOperation(update_request, &update_response);
				804	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				805	EXPECT_EQ(0U, update_response.output.available_read());
				806
				807	FinishOperationRequest finish_request;
				808	finish_request.op_handle = begin_response.op_handle;
				809	finish_request.signature.Reinitialize(*signature());
				810	FinishOperationResponse finish_response;
				811	device.FinishOperation(finish_request, &finish_response);
				812	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				813	EXPECT_EQ(0U, finish_response.output.available_read());
				814
				815	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				816	}
				817
Shawn Willden	ffd790c	2014-08-18 21:20:06 -0600	[diff] [blame]	818	typedef SigningOperationsTest ExportKeyTest;
				819	TEST_F(ExportKeyTest, RsaSuccess) {
				820	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden	ffd790c	2014-08-18 21:20:06 -0600	[diff] [blame]	821
				822	ExportKeyRequest request;
				823	ExportKeyResponse response;
				824	AddClientParams(&request.additional_params);
				825	request.key_format = KM_KEY_FORMAT_X509;
				826	request.SetKeyMaterial(key_blob());
				827
				828	device.ExportKey(request, &response);
				829	ASSERT_EQ(KM_ERROR_OK, response.error);
				830	EXPECT_TRUE(response.key_data != NULL);
Shawn Willden	e46a43f	2014-08-27 10:35:36 -0600	[diff] [blame]	831
				832	// TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden	ffd790c	2014-08-18 21:20:06 -0600	[diff] [blame]	833	}
				834
Shawn Willden	f268d74	2014-08-19 15:36:26 -0600	[diff] [blame]	835	TEST_F(ExportKeyTest, DsaSuccess) {
				836	GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 1024 /* key size */);
				837
				838	ExportKeyRequest request;
				839	ExportKeyResponse response;
				840	AddClientParams(&request.additional_params);
				841	request.key_format = KM_KEY_FORMAT_X509;
				842	request.SetKeyMaterial(key_blob());
				843
				844	device.ExportKey(request, &response);
				845	ASSERT_EQ(KM_ERROR_OK, response.error);
				846	EXPECT_TRUE(response.key_data != NULL);
Shawn Willden	e46a43f	2014-08-27 10:35:36 -0600	[diff] [blame]	847
				848	// TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden	f268d74	2014-08-19 15:36:26 -0600	[diff] [blame]	849	}
				850
				851	TEST_F(ExportKeyTest, EcdsaSuccess) {
				852	GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
				853
				854	ExportKeyRequest request;
				855	ExportKeyResponse response;
				856	AddClientParams(&request.additional_params);
				857	request.key_format = KM_KEY_FORMAT_X509;
				858	request.SetKeyMaterial(key_blob());
				859
				860	device.ExportKey(request, &response);
				861	ASSERT_EQ(KM_ERROR_OK, response.error);
				862	EXPECT_TRUE(response.key_data != NULL);
Shawn Willden	e46a43f	2014-08-27 10:35:36 -0600	[diff] [blame]	863
				864	// TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden	f268d74	2014-08-19 15:36:26 -0600	[diff] [blame]	865	}
				866
				867	TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
				868	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
				869
				870	ExportKeyRequest request;
				871	ExportKeyResponse response;
				872	AddClientParams(&request.additional_params);
				873
				874	/* We have no other defined export formats defined. */
				875	request.key_format = KM_KEY_FORMAT_PKCS8;
				876	request.SetKeyMaterial(key_blob());
				877
				878	device.ExportKey(request, &response);
				879	ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, response.error);
				880	EXPECT_TRUE(response.key_data == NULL);
				881	}
				882
				883	TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
				884	GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
				885
				886	ExportKeyRequest request;
				887	ExportKeyResponse response;
				888	AddClientParams(&request.additional_params);
				889	request.key_format = KM_KEY_FORMAT_X509;
				890	request.SetKeyMaterial(corrupt_key_blob());
				891
				892	device.ExportKey(request, &response);
				893	ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, response.error);
				894	ASSERT_TRUE(response.key_data == NULL);
				895	}
				896
Shawn Willden	437fbd1	2014-08-20 11:59:49 -0600	[diff] [blame]	897	static string read_file(const string& file_name) {
				898	ifstream file_stream(file_name, std::ios::binary);
				899	istreambuf_iterator<char> file_begin(file_stream);
				900	istreambuf_iterator<char> file_end;
				901	return string(file_begin, file_end);
				902	}
				903
				904	typedef SigningOperationsTest ImportKeyTest;
				905	TEST_F(ImportKeyTest, RsaSuccess) {
				906	keymaster_key_param_t params[] = {
				907	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				908	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				909	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				910	Authorization(TAG_PADDING, KM_PAD_NONE),
				911	Authorization(TAG_USER_ID, 7),
				912	Authorization(TAG_USER_AUTH_ID, 8),
				913	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				914	Authorization(TAG_AUTH_TIMEOUT, 300),
				915	};
				916
Shawn Willden	81effc6	2014-08-27 10:08:46 -0600	[diff] [blame]	917	string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden	437fbd1	2014-08-20 11:59:49 -0600	[diff] [blame]	918	ASSERT_EQ(633U, pk8_key.size());
				919
				920	ImportKeyRequest import_request;
				921	import_request.key_description.Reinitialize(params, array_length(params));
				922	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				923	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				924
				925	ImportKeyResponse import_response;
				926	device.ImportKey(import_request, &import_response);
				927	ASSERT_EQ(KM_ERROR_OK, import_response.error);
				928	EXPECT_EQ(0U, import_response.enforced.size());
				929	EXPECT_GT(import_response.unenforced.size(), 0U);
				930
				931	// Check values derived from the key.
				932	EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
				933	EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
				934	EXPECT_TRUE(contains(import_response.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537U));
				935
				936	// And values provided by GoogleKeymaster
				937	EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
				938	EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
				939
				940	size_t message_len = 1024 / 8;
				941	UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
				942	std::fill(message.get(), message.get() + message_len, 'a');
				943	SignMessage(import_response.key_blob, message.get(), message_len);
				944	ASSERT_TRUE(signature() != NULL);
				945
				946	BeginOperationRequest begin_request;
				947	BeginOperationResponse begin_response;
				948	begin_request.SetKeyMaterial(import_response.key_blob);
				949	begin_request.purpose = KM_PURPOSE_VERIFY;
				950	AddClientParams(&begin_request.additional_params);
				951
				952	device.BeginOperation(begin_request, &begin_response);
				953	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				954
				955	UpdateOperationRequest update_request;
				956	UpdateOperationResponse update_response;
				957	update_request.op_handle = begin_response.op_handle;
				958	update_request.input.Reinitialize(message.get(), message_len);
				959	EXPECT_EQ(message_len, update_request.input.available_read());
				960
				961	device.UpdateOperation(update_request, &update_response);
				962	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				963	EXPECT_EQ(0U, update_response.output.available_read());
				964
				965	FinishOperationRequest finish_request;
				966	finish_request.op_handle = begin_response.op_handle;
				967	finish_request.signature.Reinitialize(*signature());
				968	FinishOperationResponse finish_response;
				969	device.FinishOperation(finish_request, &finish_response);
				970	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				971	EXPECT_EQ(0U, finish_response.output.available_read());
				972
				973	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				974	}
				975
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	976	TEST_F(ImportKeyTest, RsaKeySizeMismatch) {
				977	keymaster_key_param_t params[] = {
				978	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				979	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				980	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				981	Authorization(TAG_PADDING, KM_PAD_NONE),
				982	Authorization(TAG_KEY_SIZE, 2048), // Doesn't match key
				983	Authorization(TAG_USER_ID, 7),
				984	Authorization(TAG_USER_AUTH_ID, 8),
				985	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				986	Authorization(TAG_AUTH_TIMEOUT, 300),
				987	};
				988
				989	string pk8_key = read_file("rsa_privkey_pk8.der");
				990	ASSERT_EQ(633U, pk8_key.size());
				991
				992	ImportKeyRequest import_request;
				993	import_request.key_description.Reinitialize(params, array_length(params));
				994	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				995	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				996
				997	ImportKeyResponse import_response;
				998	device.ImportKey(import_request, &import_response);
				999	ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, import_response.error);
				1000	}
				1001
				1002	TEST_F(ImportKeyTest, RsaPublicExponenMismatch) {
				1003	keymaster_key_param_t params[] = {
				1004	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1005	Authorization(TAG_DIGEST, KM_DIGEST_NONE), Authorization(TAG_PADDING, KM_PAD_NONE),
				1006	Authorization(TAG_RSA_PUBLIC_EXPONENT, 3), Authorization(TAG_USER_ID, 7),
				1007	Authorization(TAG_USER_AUTH_ID, 8), Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1008	Authorization(TAG_AUTH_TIMEOUT, 300),
				1009	};
				1010
				1011	string pk8_key = read_file("rsa_privkey_pk8.der");
				1012	ASSERT_EQ(633U, pk8_key.size());
				1013
				1014	ImportKeyRequest import_request;
				1015	import_request.key_description.Reinitialize(params, array_length(params));
				1016	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1017	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1018
				1019	ImportKeyResponse import_response;
				1020	device.ImportKey(import_request, &import_response);
				1021	ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, import_response.error);
				1022	}
				1023
Shawn Willden	81effc6	2014-08-27 10:08:46 -0600	[diff] [blame]	1024	TEST_F(ImportKeyTest, DsaSuccess) {
				1025	keymaster_key_param_t params[] = {
				1026	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				1027	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1028	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				1029	Authorization(TAG_PADDING, KM_PAD_NONE),
				1030	Authorization(TAG_USER_ID, 7),
				1031	Authorization(TAG_USER_AUTH_ID, 8),
				1032	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1033	Authorization(TAG_AUTH_TIMEOUT, 300),
				1034	};
				1035
				1036	string pk8_key = read_file("dsa_privkey_pk8.der");
				1037	ASSERT_EQ(335U, pk8_key.size());
				1038
				1039	ImportKeyRequest import_request;
				1040	import_request.key_description.Reinitialize(params, array_length(params));
				1041	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1042	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1043
				1044	ImportKeyResponse import_response;
				1045	device.ImportKey(import_request, &import_response);
				1046	ASSERT_EQ(KM_ERROR_OK, import_response.error);
				1047	EXPECT_EQ(0U, import_response.enforced.size());
				1048	EXPECT_GT(import_response.unenforced.size(), 0U);
				1049
				1050	// Check values derived from the key.
				1051	EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
				1052	EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
				1053
				1054	// And values provided by GoogleKeymaster
				1055	EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
				1056	EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
				1057
				1058	size_t message_len = 48;
				1059	UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
				1060	std::fill(message.get(), message.get() + message_len, 'a');
				1061	SignMessage(import_response.key_blob, message.get(), message_len);
				1062	ASSERT_TRUE(signature() != NULL);
				1063
				1064	BeginOperationRequest begin_request;
				1065	BeginOperationResponse begin_response;
				1066	begin_request.SetKeyMaterial(import_response.key_blob);
				1067	begin_request.purpose = KM_PURPOSE_VERIFY;
				1068	AddClientParams(&begin_request.additional_params);
				1069
				1070	device.BeginOperation(begin_request, &begin_response);
				1071	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				1072
				1073	UpdateOperationRequest update_request;
				1074	UpdateOperationResponse update_response;
				1075	update_request.op_handle = begin_response.op_handle;
				1076	update_request.input.Reinitialize(message.get(), message_len);
				1077	EXPECT_EQ(message_len, update_request.input.available_read());
				1078
				1079	device.UpdateOperation(update_request, &update_response);
				1080	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				1081	EXPECT_EQ(0U, update_response.output.available_read());
				1082
				1083	FinishOperationRequest finish_request;
				1084	finish_request.op_handle = begin_response.op_handle;
				1085	finish_request.signature.Reinitialize(*signature());
				1086	FinishOperationResponse finish_response;
				1087	device.FinishOperation(finish_request, &finish_response);
				1088	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				1089	EXPECT_EQ(0U, finish_response.output.available_read());
				1090
				1091	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				1092	}
				1093
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	1094	TEST_F(ImportKeyTest, DsaParametersMatch) {
				1095	keymaster_key_param_t params[] = {
				1096	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				1097	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1098	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				1099	Authorization(TAG_PADDING, KM_PAD_NONE),
				1100	Authorization(TAG_USER_ID, 7),
				1101	Authorization(TAG_USER_AUTH_ID, 8),
				1102	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1103	Authorization(TAG_AUTH_TIMEOUT, 300),
				1104	Authorization(TAG_KEY_SIZE, 1024),
				1105	Authorization(TAG_DSA_GENERATOR, dsa_g, array_size(dsa_g)),
				1106	Authorization(TAG_DSA_P, dsa_p, array_size(dsa_p)),
				1107	Authorization(TAG_DSA_Q, dsa_q, array_size(dsa_q)),
				1108	};
				1109
				1110	string pk8_key = read_file("dsa_privkey_pk8.der");
				1111	ASSERT_EQ(335U, pk8_key.size());
				1112
				1113	ImportKeyRequest import_request;
				1114	import_request.key_description.Reinitialize(params, array_length(params));
				1115	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1116	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1117
				1118	ImportKeyResponse import_response;
				1119	device.ImportKey(import_request, &import_response);
				1120	ASSERT_EQ(KM_ERROR_OK, import_response.error);
				1121	EXPECT_EQ(0U, import_response.enforced.size());
				1122	EXPECT_GT(import_response.unenforced.size(), 0U);
				1123
				1124	// Check values derived from the key.
				1125	EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
				1126	EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 1024));
				1127
				1128	// And values provided by GoogleKeymaster
				1129	EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
				1130	EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
				1131
				1132	size_t message_len = 48;
				1133	UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
				1134	std::fill(message.get(), message.get() + message_len, 'a');
				1135	SignMessage(import_response.key_blob, message.get(), message_len);
				1136	ASSERT_TRUE(signature() != NULL);
				1137
				1138	BeginOperationRequest begin_request;
				1139	BeginOperationResponse begin_response;
				1140	begin_request.SetKeyMaterial(import_response.key_blob);
				1141	begin_request.purpose = KM_PURPOSE_VERIFY;
				1142	AddClientParams(&begin_request.additional_params);
				1143
				1144	device.BeginOperation(begin_request, &begin_response);
				1145	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				1146
				1147	UpdateOperationRequest update_request;
				1148	UpdateOperationResponse update_response;
				1149	update_request.op_handle = begin_response.op_handle;
				1150	update_request.input.Reinitialize(message.get(), message_len);
				1151	EXPECT_EQ(message_len, update_request.input.available_read());
				1152
				1153	device.UpdateOperation(update_request, &update_response);
				1154	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				1155	EXPECT_EQ(0U, update_response.output.available_read());
				1156
				1157	FinishOperationRequest finish_request;
				1158	finish_request.op_handle = begin_response.op_handle;
				1159	finish_request.signature.Reinitialize(*signature());
				1160	FinishOperationResponse finish_response;
				1161	device.FinishOperation(finish_request, &finish_response);
				1162	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				1163	EXPECT_EQ(0U, finish_response.output.available_read());
				1164
				1165	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				1166	}
				1167
				1168	uint8_t dsa_wrong_q[] = {
				1169	0xC0, 0x66, 0x64, 0xF9, 0x05, 0x38, 0x64, 0x38, 0x4A, 0x17,
				1170	0x66, 0x79, 0xDD, 0x7F, 0x6E, 0x55, 0x22, 0x2A, 0xDF, 0xC5,
				1171	};
				1172
				1173	TEST_F(ImportKeyTest, DsaParameterMismatch) {
				1174	keymaster_key_param_t params[] = {
				1175	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				1176	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1177	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				1178	Authorization(TAG_PADDING, KM_PAD_NONE),
				1179	Authorization(TAG_USER_ID, 7),
				1180	Authorization(TAG_USER_AUTH_ID, 8),
				1181	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1182	Authorization(TAG_AUTH_TIMEOUT, 300),
				1183	Authorization(TAG_KEY_SIZE, 1024),
				1184	Authorization(TAG_DSA_Q, dsa_wrong_q, array_size(dsa_wrong_q)),
				1185	};
				1186
				1187	string pk8_key = read_file("dsa_privkey_pk8.der");
				1188	ASSERT_EQ(335U, pk8_key.size());
				1189
				1190	ImportKeyRequest import_request;
				1191	import_request.key_description.Reinitialize(params, array_length(params));
				1192	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1193	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1194
				1195	ImportKeyResponse import_response;
				1196	device.ImportKey(import_request, &import_response);
				1197	ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, import_response.error);
				1198	}
				1199
				1200	TEST_F(ImportKeyTest, DsaKeySizeMismatch) {
				1201	keymaster_key_param_t params[] = {
				1202	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				1203	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1204	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				1205	Authorization(TAG_PADDING, KM_PAD_NONE),
				1206	Authorization(TAG_USER_ID, 7),
				1207	Authorization(TAG_USER_AUTH_ID, 8),
				1208	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1209	Authorization(TAG_AUTH_TIMEOUT, 300),
				1210	Authorization(TAG_KEY_SIZE, 2048),
				1211	};
				1212
				1213	string pk8_key = read_file("dsa_privkey_pk8.der");
				1214	ASSERT_EQ(335U, pk8_key.size());
				1215
				1216	ImportKeyRequest import_request;
				1217	import_request.key_description.Reinitialize(params, array_length(params));
				1218	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1219	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1220
				1221	ImportKeyResponse import_response;
				1222	device.ImportKey(import_request, &import_response);
				1223	ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, import_response.error);
				1224	}
				1225
Shawn Willden	81effc6	2014-08-27 10:08:46 -0600	[diff] [blame]	1226	TEST_F(ImportKeyTest, EcdsaSuccess) {
				1227	keymaster_key_param_t params[] = {
				1228	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				1229	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1230	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				1231	Authorization(TAG_PADDING, KM_PAD_NONE),
				1232	Authorization(TAG_USER_ID, 7),
				1233	Authorization(TAG_USER_AUTH_ID, 8),
				1234	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1235	Authorization(TAG_AUTH_TIMEOUT, 300),
				1236	};
				1237
				1238	string pk8_key = read_file("ec_privkey_pk8.der");
				1239	ASSERT_EQ(138U, pk8_key.size());
				1240
				1241	ImportKeyRequest import_request;
				1242	import_request.key_description.Reinitialize(params, array_length(params));
				1243	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1244	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1245
				1246	ImportKeyResponse import_response;
				1247	device.ImportKey(import_request, &import_response);
				1248	ASSERT_EQ(KM_ERROR_OK, import_response.error);
				1249	EXPECT_EQ(0U, import_response.enforced.size());
				1250	EXPECT_GT(import_response.unenforced.size(), 0U);
				1251
				1252	// Check values derived from the key.
				1253	EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				1254	EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 256));
				1255
				1256	// And values provided by GoogleKeymaster
				1257	EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
				1258	EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
				1259
				1260	size_t message_len = 1024 / 8;
				1261	UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
				1262	std::fill(message.get(), message.get() + message_len, 'a');
				1263	SignMessage(import_response.key_blob, message.get(), message_len);
				1264	ASSERT_TRUE(signature() != NULL);
				1265
				1266	BeginOperationRequest begin_request;
				1267	BeginOperationResponse begin_response;
				1268	begin_request.SetKeyMaterial(import_response.key_blob);
				1269	begin_request.purpose = KM_PURPOSE_VERIFY;
				1270	AddClientParams(&begin_request.additional_params);
				1271
				1272	device.BeginOperation(begin_request, &begin_response);
				1273	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				1274
				1275	UpdateOperationRequest update_request;
				1276	UpdateOperationResponse update_response;
				1277	update_request.op_handle = begin_response.op_handle;
				1278	update_request.input.Reinitialize(message.get(), message_len);
				1279	EXPECT_EQ(message_len, update_request.input.available_read());
				1280
				1281	device.UpdateOperation(update_request, &update_response);
				1282	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				1283	EXPECT_EQ(0U, update_response.output.available_read());
				1284
				1285	FinishOperationRequest finish_request;
				1286	finish_request.op_handle = begin_response.op_handle;
				1287	finish_request.signature.Reinitialize(*signature());
				1288	FinishOperationResponse finish_response;
				1289	device.FinishOperation(finish_request, &finish_response);
				1290	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				1291	EXPECT_EQ(0U, finish_response.output.available_read());
				1292
				1293	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				1294	}
				1295
Shawn Willden	6bbe678	2014-09-18 11:26:15 -0600	[diff] [blame]	1296	TEST_F(ImportKeyTest, EcdsaSizeSpecified) {
				1297	keymaster_key_param_t params[] = {
				1298	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				1299	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1300	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				1301	Authorization(TAG_PADDING, KM_PAD_NONE),
				1302	Authorization(TAG_USER_ID, 7),
				1303	Authorization(TAG_USER_AUTH_ID, 8),
				1304	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1305	Authorization(TAG_AUTH_TIMEOUT, 300),
				1306	Authorization(TAG_KEY_SIZE, 256),
				1307	};
				1308
				1309	string pk8_key = read_file("ec_privkey_pk8.der");
				1310	ASSERT_EQ(138U, pk8_key.size());
				1311
				1312	ImportKeyRequest import_request;
				1313	import_request.key_description.Reinitialize(params, array_length(params));
				1314	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1315	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1316
				1317	ImportKeyResponse import_response;
				1318	device.ImportKey(import_request, &import_response);
				1319	ASSERT_EQ(KM_ERROR_OK, import_response.error);
				1320	EXPECT_EQ(0U, import_response.enforced.size());
				1321	EXPECT_GT(import_response.unenforced.size(), 0U);
				1322
				1323	// Check values derived from the key.
				1324	EXPECT_TRUE(contains(import_response.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
				1325	EXPECT_TRUE(contains(import_response.unenforced, TAG_KEY_SIZE, 256));
				1326
				1327	// And values provided by GoogleKeymaster
				1328	EXPECT_TRUE(contains(import_response.unenforced, TAG_ORIGIN, KM_ORIGIN_IMPORTED));
				1329	EXPECT_TRUE(contains(import_response.unenforced, KM_TAG_CREATION_DATETIME));
				1330
				1331	size_t message_len = 1024 / 8;
				1332	UniquePtr<uint8_t[]> message(new uint8_t[message_len]);
				1333	std::fill(message.get(), message.get() + message_len, 'a');
				1334	SignMessage(import_response.key_blob, message.get(), message_len);
				1335	ASSERT_TRUE(signature() != NULL);
				1336
				1337	BeginOperationRequest begin_request;
				1338	BeginOperationResponse begin_response;
				1339	begin_request.SetKeyMaterial(import_response.key_blob);
				1340	begin_request.purpose = KM_PURPOSE_VERIFY;
				1341	AddClientParams(&begin_request.additional_params);
				1342
				1343	device.BeginOperation(begin_request, &begin_response);
				1344	ASSERT_EQ(KM_ERROR_OK, begin_response.error);
				1345
				1346	UpdateOperationRequest update_request;
				1347	UpdateOperationResponse update_response;
				1348	update_request.op_handle = begin_response.op_handle;
				1349	update_request.input.Reinitialize(message.get(), message_len);
				1350	EXPECT_EQ(message_len, update_request.input.available_read());
				1351
				1352	device.UpdateOperation(update_request, &update_response);
				1353	ASSERT_EQ(KM_ERROR_OK, update_response.error);
				1354	EXPECT_EQ(0U, update_response.output.available_read());
				1355
				1356	FinishOperationRequest finish_request;
				1357	finish_request.op_handle = begin_response.op_handle;
				1358	finish_request.signature.Reinitialize(*signature());
				1359	FinishOperationResponse finish_response;
				1360	device.FinishOperation(finish_request, &finish_response);
				1361	ASSERT_EQ(KM_ERROR_OK, finish_response.error);
				1362	EXPECT_EQ(0U, finish_response.output.available_read());
				1363
				1364	EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
				1365	}
				1366
				1367	TEST_F(ImportKeyTest, EcdsaSizeMismatch) {
				1368	keymaster_key_param_t params[] = {
				1369	Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
				1370	Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
				1371	Authorization(TAG_DIGEST, KM_DIGEST_NONE),
				1372	Authorization(TAG_PADDING, KM_PAD_NONE),
				1373	Authorization(TAG_USER_ID, 7),
				1374	Authorization(TAG_USER_AUTH_ID, 8),
				1375	Authorization(TAG_APPLICATION_ID, "app_id", 6),
				1376	Authorization(TAG_AUTH_TIMEOUT, 300),
				1377	Authorization(TAG_KEY_SIZE, 192),
				1378	};
				1379
				1380	string pk8_key = read_file("ec_privkey_pk8.der");
				1381	ASSERT_EQ(138U, pk8_key.size());
				1382
				1383	ImportKeyRequest import_request;
				1384	import_request.key_description.Reinitialize(params, array_length(params));
				1385	import_request.key_format = KM_KEY_FORMAT_PKCS8;
				1386	import_request.SetKeyMaterial(pk8_key.data(), pk8_key.size());
				1387
				1388	ImportKeyResponse import_response;
				1389	device.ImportKey(import_request, &import_response);
				1390	ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, import_response.error);
				1391	}
				1392
Shawn Willden	128ffe0	2014-08-06 12:31:33 -0600	[diff] [blame]	1393	} // namespace test
				1394	} // namespace keymaster