Blame - android_keymaster_test.cpp - fp2-dev/platform/system/keymaster

2014-08-06 12:31:33 -0600

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

17

#include <fstream>

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

18

#include <string>

19

#include <vector>

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

20

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

21

#include <hardware/keymaster0.h>

Shawn Willden

b751033

2015-02-06 19:58:29 -0700

[diff] [blame]

22

#include <keymaster/soft_keymaster_device.h>

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

23

#include <keymaster/softkeymaster.h>

Shawn Willden

98d9b92

2014-08-26 08:14:10 -0600

[diff] [blame]

24

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

25

#include "android_keymaster_test_utils.h"

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

26

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

27

using std::ifstream;

28

using std::istreambuf_iterator;

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

29

using std::string;

30

using std::vector;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

31

using std::unique_ptr;

32

33

extern "C" {

34

int __android_log_print(int prio, const char* tag, const char* fmt);

35

int __android_log_print(int prio, const char* tag, const char* fmt) {

Chad Brubaker

3e37f0a

2015-06-03 10:39:00 -0700

[diff] [blame]

36

(void)prio, (void)tag, (void)fmt;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

37

return 0;

38

}

39

} // extern "C"

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

40

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

41

namespace keymaster {

42

namespace test {

43

Shawn Willden

567a4a0

2014-12-31 12:14:46 -0700

[diff] [blame]

44

StdoutLogger logger;

45

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

46

class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {

47

public:

48

keymaster1_device_t* CreateDevice() const override {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

49

std::cerr << "Creating software-only device" << std::endl;

Shawn Willden

95dda36

2015-02-27 10:58:37 -0700

[diff] [blame]

50

SoftKeymasterDevice* device = new SoftKeymasterDevice;

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

51

return device->keymaster_device();

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

52

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

53

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

54

bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

55

int keymaster0_calls() const override { return 0; }

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

56

};

57

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

58

class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {

59

public:

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

60

Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}

61

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

62

keymaster1_device_t* CreateDevice() const {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

63

std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_

64

<< ")." << std::endl;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

65

hw_device_t* softkeymaster_device;

66

EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,

67

&softkeymaster_device));

68

// Make the software device pretend to be hardware

69

keymaster0_device_t* keymaster0_device =

70

reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

71

keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;

72

73

if (!support_ec_) {

74

// Make the software device pretend not to support EC

75

keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;

76

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

77

78

counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);

79

80

SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(counting_keymaster0_device_);

81

return keymaster->keymaster_device();

82

}

83

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

84

bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {

85

switch (algorithm) {

86

case KM_ALGORITHM_RSA:

87

return true;

88

case KM_ALGORITHM_EC:

return support_ec_;

default:

return false;

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

93

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

94

int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }

95

96

private:

97

mutable Keymaster0CountingWrapper* counting_keymaster0_device_;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

98

bool support_ec_;

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

99

};

100

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

101

static auto test_params = testing::Values(

102

InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),

103

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

104

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

105

106

typedef Keymaster1Test CheckSupported;

107

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);

108

109

TEST_P(CheckSupported, SupportedAlgorithms) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

110

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

111

device()->get_supported_algorithms(device(), NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

112

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

113

size_t len;

114

keymaster_algorithm_t* algorithms;

115

EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));

Shawn Willden

a278f61

2014-12-23 11:22:21 -0700

[diff] [blame]

116

EXPECT_TRUE(ResponseContains(

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

117

{KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

118

free(algorithms);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

119

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

120

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

121

}

122

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

123

TEST_P(CheckSupported, SupportedBlockModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

124

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

125

device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

126

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

127

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

128

size_t len;

129

keymaster_block_mode_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

130

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

131

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

132

EXPECT_EQ(0U, len);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

133

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

134

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

135

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

136

device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

137

&modes, &len));

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

138

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

139

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

140

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

141

EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

142

free(modes);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

143

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

144

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

145

}

146

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

147

TEST_P(CheckSupported, SupportedPaddingModes) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

148

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

149

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,

150

NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

151

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

152

size_t len;

153

keymaster_padding_t* modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

154

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

155

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

156

EXPECT_TRUE(

157

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

158

free(modes);

159

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

160

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

161

KM_PURPOSE_ENCRYPT, &modes, &len));

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

162

EXPECT_TRUE(

163

ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

164

free(modes);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

165

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

166

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

167

KM_PURPOSE_SIGN, &modes, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

168

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

169

free(modes);

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

170

171

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

172

device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,

173

&modes, &len));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

174

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

175

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

176

}

177

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

178

TEST_P(CheckSupported, SupportedDigests) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

179

EXPECT_EQ(

180

KM_ERROR_OUTPUT_PARAMETER_NULL,

181

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

182

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

183

size_t len;

184

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

185

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

186

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

187

EXPECT_TRUE(

188

ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,

189

KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},

190

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

191

free(digests);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

192

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

193

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

194

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

195

EXPECT_TRUE(

196

ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,

197

KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},

198

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

199

free(digests);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

200

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

201

EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,

202

device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,

203

&len));

204

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

205

ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

206

KM_PURPOSE_SIGN, &digests, &len));

Shawn Willden

2014-12-29 14:07:08 -0700

[diff] [blame]

207

EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,

208

KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},

209

digests, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

210

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

211

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

212

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

213

}

214

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

215

TEST_P(CheckSupported, SupportedImportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

216

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

217

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

218

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

219

size_t len;

220

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

221

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

222

device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

223

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

224

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

225

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

226

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

227

device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));

228

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

229

free(formats);

230

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

231

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

232

device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

233

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));

234

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

235

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

236

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

237

}

238

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

239

TEST_P(CheckSupported, SupportedExportFormats) {

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

240

EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,

241

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

242

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

243

size_t len;

244

keymaster_key_format_t* formats;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

245

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

246

device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

247

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

248

free(formats);

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

249

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

250

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

9c65b2b

2015-04-07 17:01:10 -0600

[diff] [blame]

251

device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));

Shawn Willden

2014-12-18 08:36:35 -0700

[diff] [blame]

252

EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

253

free(formats);

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

254

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

255

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

256

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

257

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

258

free(formats);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

259

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

260

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

261

device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

262

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

263

free(formats);

264

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

265

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

266

device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

267

EXPECT_EQ(0U, len);

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

268

free(formats);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

269

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

270

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

271

}

272

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

273

class NewKeyGeneration : public Keymaster1Test {

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

274

protected:

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

275

void CheckBaseParams() {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

276

AuthorizationSet auths = sw_enforced();

277

EXPECT_GT(auths.SerializedSize(), 12U);

278

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

279

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));

280

EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));

281

EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));

Shawn Willden

eb63b97

2015-03-14 08:01:12 -0600

[diff] [blame]

282

EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

283

EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

284

285

// Verify that App ID, App data and ROT are NOT included.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

286

EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));

287

EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));

288

EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

289

290

// Just for giggles, check that some unexpected tags/values are NOT present.

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

291

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));

292

EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));

293

EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

294

295

// Now check that unspecified, defaulted tags are correct.

Shawn Willden

0b2d333

2015-04-07 17:46:18 -0600

[diff] [blame]

296

EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

297

EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-09-18 12:27:57 -0600

[diff] [blame]

298

}

Shawn Willden

2079ae8

2015-01-22 13:42:31 -0700

[diff] [blame]

299

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

300

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);

301

302

TEST_P(NewKeyGeneration, Rsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

303

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

304

.RsaSigningKey(256, 3)

305

.Digest(KM_DIGEST_NONE)

306

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

307

CheckBaseParams();

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

308

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

309

// Check specified tags are all present, and in the right set.

310

AuthorizationSet crypto_params;

311

AuthorizationSet non_crypto_params;

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

312

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

313

EXPECT_NE(0U, hw_enforced().size());

314

EXPECT_NE(0U, sw_enforced().size());

315

crypto_params.push_back(hw_enforced());

316

non_crypto_params.push_back(sw_enforced());

317

} else {

318

EXPECT_EQ(0U, hw_enforced().size());

319

EXPECT_NE(0U, sw_enforced().size());

320

crypto_params.push_back(sw_enforced());

321

}

322

323

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

324

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));

325

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));

326

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));

327

EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

328

EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));

329

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

330

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

331

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-06 12:31:33 -0600

[diff] [blame]

332

}

333

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

334

TEST_P(NewKeyGeneration, RsaDefaultSize) {

Shawn Willden

3b4e165

2015-02-27 13:33:01 -0700

[diff] [blame]

335

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

336

GenerateKey(AuthorizationSetBuilder()

337

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)

338

.Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)

339

.SigningKey()));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

340

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

341

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

342

}

343

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

344

TEST_P(NewKeyGeneration, Ecdsa) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

345

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

346

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

347

CheckBaseParams();

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

348

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

349

// Check specified tags are all present, and in the right set.

350

AuthorizationSet crypto_params;

351

AuthorizationSet non_crypto_params;

352

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {

353

EXPECT_NE(0U, hw_enforced().size());

354

EXPECT_NE(0U, sw_enforced().size());

355

crypto_params.push_back(hw_enforced());

356

non_crypto_params.push_back(sw_enforced());

357

} else {

358

EXPECT_EQ(0U, hw_enforced().size());

359

EXPECT_NE(0U, sw_enforced().size());

360

crypto_params.push_back(sw_enforced());

361

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

362

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

363

EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

364

EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));

365

EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));

366

EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));

367

368

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

369

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-18 15:20:01 -0600

[diff] [blame]

370

}

371

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

372

TEST_P(NewKeyGeneration, EcdsaDefaultSize) {

Shawn Willden

4f83b89

2015-05-26 12:52:54 -0600

[diff] [blame]

373

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,

374

GenerateKey(AuthorizationSetBuilder()

375

.Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)

376

.SigningKey()

377

.Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

378

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

379

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

380

}

381

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

382

TEST_P(NewKeyGeneration, EcdsaInvalidSize) {

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

383

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

384

ASSERT_EQ(

385

KM_ERROR_UNKNOWN_ERROR,

386

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

387

else

388

ASSERT_EQ(

389

KM_ERROR_UNSUPPORTED_KEY_SIZE,

390

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

391

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

392

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

393

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

394

}

395

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

396

TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {

Shawn Willden

8c856c8

2014-09-26 09:34:36 -0600

[diff] [blame]

397

size_t valid_sizes[] = {224, 256, 384, 521};

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

398

for (size_t size : valid_sizes) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

399

EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(

400

KM_DIGEST_NONE)))

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

401

<< "Failed to generate size: " << size;

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

402

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

403

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

404

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

405

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

406

}

407

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

408

TEST_P(NewKeyGeneration, HmacSha256) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

409

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

410

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

411

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

412

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

413

}

414

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

415

typedef Keymaster1Test GetKeyCharacteristics;

416

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);

417

418

TEST_P(GetKeyCharacteristics, SimpleRsa) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

419

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

420

.RsaSigningKey(256, 3)

421

.Digest(KM_DIGEST_NONE)

422

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

423

AuthorizationSet original(sw_enforced());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

424

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

425

ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());

426

EXPECT_EQ(original, sw_enforced());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

427

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

428

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

429

EXPECT_EQ(1, GetParam()->keymaster0_calls());

Shawn Willden

7636471

2014-08-11 17:48:04 -0600

[diff] [blame]

430

}

431

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

432

typedef Keymaster1Test SigningOperationsTest;

433

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);

434

435

TEST_P(SigningOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

436

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

437

.RsaSigningKey(256, 3)

438

.Digest(KM_DIGEST_NONE)

439

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

440

string message = "12345678901234567890123456789012";

441

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

442

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

443

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

444

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

445

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

446

}

447

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

448

TEST_P(SigningOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

449

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

450

.RsaSigningKey(512, 3)

451

.Digest(KM_DIGEST_SHA_2_256)

452

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

453

// Use large message, which won't work without digesting.

454

string message(1024, 'a');

455

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

456

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

457

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

458

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

459

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

460

}

461

Shawn Willden

bfd9ed7

2015-06-11 10:51:12 -0600

[diff] [blame]

462

TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {

463

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

464

.RsaSigningKey(512, 3)

465

.Digest(KM_DIGEST_NONE)

466

.Padding(KM_PAD_NONE)));

467

string message = "12345678901234567890123456789012";

468

string signature;

469

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

470

471

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

472

EXPECT_EQ(3, GetParam()->keymaster0_calls());

473

}

474

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

475

TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

476

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

477

.RsaSigningKey(512, 3)

478

.Digest(KM_DIGEST_SHA_2_256)

479

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

480

string message(1024, 'a');

481

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

482

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

483

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

484

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

485

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

486

}

487

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

488

TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {

489

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

490

.RsaSigningKey(512, 3)

491

.Digest(KM_DIGEST_NONE)

492

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

493

string message(53, 'a');

494

string signature;

495

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);

496

497

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

498

EXPECT_EQ(3, GetParam()->keymaster0_calls());

499

}

500

501

TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {

502

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

503

.RsaSigningKey(512, 3)

504

.Digest(KM_DIGEST_NONE)

505

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

506

string message(54, 'a');

507

508

AuthorizationSet begin_params(client_params());

509

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

510

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

511

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

512

string result;

513

size_t input_consumed;

514

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

515

string signature;

516

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));

517

518

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

519

EXPECT_EQ(2, GetParam()->keymaster0_calls());

520

}

521

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

522

TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

523

// Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so

524

// verify that nine bytes larger than hash won't work.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

525

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

526

.RsaSigningKey(256 + 9 * 8, 3)

527

.Digest(KM_DIGEST_SHA_2_256)

528

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

529

string message(1024, 'a');

530

string signature;

531

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

532

AuthorizationSet begin_params(client_params());

533

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

534

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

535

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

536

}

537

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

538

TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {

539

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

540

.RsaSigningKey(256, 3)

541

.Digest(KM_DIGEST_NONE)

542

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

543

string message(64 * 1024, 'a');

544

string signature;

545

AuthorizationSet begin_params(client_params());

546

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

547

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

548

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

549

string result;

550

size_t input_consumed;

551

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));

552

553

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

554

EXPECT_EQ(2, GetParam()->keymaster0_calls());

555

}

556

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

557

TEST_P(SigningOperationsTest, RsaAbort) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

558

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

559

.RsaSigningKey(256, 3)

560

.Digest(KM_DIGEST_NONE)

561

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

562

AuthorizationSet begin_params(client_params());

563

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

564

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

565

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

566

EXPECT_EQ(KM_ERROR_OK, AbortOperation());

567

// Another abort should fail

568

EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

569

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

570

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

571

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

572

}

573

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

574

TEST_P(SigningOperationsTest, RsaUnsupportedDigest) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

575

GenerateKey(AuthorizationSetBuilder()

576

.RsaSigningKey(256, 3)

577

.Digest(KM_DIGEST_MD5)

578

.Padding(KM_PAD_RSA_PSS /* supported padding */));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

579

ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

580

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

581

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

582

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

583

}

584

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

585

TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

586

GenerateKey(AuthorizationSetBuilder()

587

.RsaSigningKey(256, 3)

588

.Digest(KM_DIGEST_SHA_2_256 /* supported digest */)

589

.Padding(KM_PAD_PKCS7));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

590

AuthorizationSet begin_params(client_params());

591

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

592

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

593

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

594

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

595

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

596

}

597

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

598

TEST_P(SigningOperationsTest, RsaNoDigest) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

599

// PSS requires a digest.

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

600

GenerateKey(AuthorizationSetBuilder()

601

.RsaSigningKey(256, 3)

602

.Digest(KM_DIGEST_NONE)

603

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

604

AuthorizationSet begin_params(client_params());

605

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

606

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

607

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

608

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

609

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

610

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

611

}

612

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

613

TEST_P(SigningOperationsTest, RsaNoPadding) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

614

// Padding must be specified

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

615

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(

616

KM_DIGEST_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

617

AuthorizationSet begin_params(client_params());

618

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

619

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

620

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

621

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

622

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

623

}

624

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

625

TEST_P(SigningOperationsTest, RsaTooShortMessage) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

626

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

627

.RsaSigningKey(256, 3)

628

.Digest(KM_DIGEST_NONE)

629

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

630

AuthorizationSet begin_params(client_params());

631

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

632

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

633

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

634

635

string message = "1234567890123456789012345678901";

636

string result;

637

size_t input_consumed;

638

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

639

EXPECT_EQ(0U, result.size());

640

EXPECT_EQ(31U, input_consumed);

641

642

string signature;

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

643

ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

644

EXPECT_EQ(0U, signature.length());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

645

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

646

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

647

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

648

}

649

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

650

TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

651

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

652

.RsaEncryptionKey(256, 3)

653

.Digest(KM_DIGEST_NONE)

654

.Padding(KM_PAD_NONE)));

655

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

656

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

657

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

658

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

659

}

660

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

661

TEST_P(SigningOperationsTest, EcdsaSuccess) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

662

ASSERT_EQ(KM_ERROR_OK,

663

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

664

string message(224 / 8, 'a');

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

665

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

666

SignMessage(message, &signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

667

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

668

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

669

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

670

}

671

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

672

TEST_P(SigningOperationsTest, EcdsaSha256Success) {

673

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(

674

KM_DIGEST_SHA_2_256)));

675

string message(1024, 'a');

676

string signature;

677

SignMessage(message, &signature, KM_DIGEST_SHA_2_256);

678

679

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

680

EXPECT_EQ(3, GetParam()->keymaster0_calls());

681

}

682

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

683

TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {

684

ASSERT_EQ(KM_ERROR_OK,

685

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

686

string message(64 * 1024, 'a');

687

string signature;

688

AuthorizationSet begin_params(client_params());

689

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

690

ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));

691

string result;

692

size_t input_consumed;

693

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));

694

695

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

696

EXPECT_EQ(2, GetParam()->keymaster0_calls());

697

}

698

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

699

TEST_P(SigningOperationsTest, AesEcbSign) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

700

ASSERT_EQ(KM_ERROR_OK,

701

GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(

702

TAG_BLOCK_MODE, KM_MODE_ECB)));

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

703

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));

704

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

705

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

706

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

707

}

708

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

709

TEST_P(SigningOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

710

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

711

string message = "12345678901234567890123456789012";

712

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

713

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

714

ASSERT_EQ(20U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

715

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

716

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

717

}

718

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

719

TEST_P(SigningOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

720

ASSERT_EQ(KM_ERROR_OK,

721

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

722

string message = "12345678901234567890123456789012";

723

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

724

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

725

ASSERT_EQ(28U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

726

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

727

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

728

}

729

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

730

TEST_P(SigningOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

731

ASSERT_EQ(KM_ERROR_OK,

732

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

733

string message = "12345678901234567890123456789012";

734

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

735

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

736

ASSERT_EQ(32U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

737

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

738

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

739

}

740

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

741

TEST_P(SigningOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

742

ASSERT_EQ(KM_ERROR_OK,

743

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));

744

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

745

string message = "12345678901234567890123456789012";

746

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

747

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

748

ASSERT_EQ(48U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

749

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

750

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

751

}

752

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

753

TEST_P(SigningOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

754

ASSERT_EQ(KM_ERROR_OK,

755

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

756

string message = "12345678901234567890123456789012";

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

757

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

758

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

759

ASSERT_EQ(64U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

760

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

761

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 08:36:20 -0700

[diff] [blame]

762

}

763

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

764

TEST_P(SigningOperationsTest, HmacLengthInKey) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

765

// TODO(swillden): unified API should generate an error on key generation.

766

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

767

.HmacKey(128)

768

.Digest(KM_DIGEST_SHA_2_256)

769

.Authorization(TAG_MAC_LENGTH, 20)));

770

string message = "12345678901234567890123456789012";

771

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

772

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

773

// Size in key was ignored.

774

ASSERT_EQ(30U, signature.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

775

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

776

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

777

}

778

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

779

TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

780

uint8_t key_data[] = {

781

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

782

0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,

783

};

784

string message = "Hi There";

785

uint8_t sha_224_expected[] = {

786

0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,

787

0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,

788

};

789

uint8_t sha_256_expected[] = {

790

0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,

791

0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,

792

0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,

793

};

794

uint8_t sha_384_expected[] = {

795

0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,

796

0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,

797

0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,

798

0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,

799

};

800

uint8_t sha_512_expected[] = {

801

0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,

802

0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,

803

0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,

804

0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,

805

0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,

806

};

807

808

string key = make_string(key_data);

809

810

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

811

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

812

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

813

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

814

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

815

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

816

}

817

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

818

TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

819

string key = "Jefe";

820

string message = "what do ya want for nothing?";

821

uint8_t sha_224_expected[] = {

822

0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,

823

0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,

824

};

825

uint8_t sha_256_expected[] = {

826

0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,

827

0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,

828

0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,

829

};

830

uint8_t sha_384_expected[] = {

831

0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,

832

0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,

833

0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,

834

0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,

835

};

836

uint8_t sha_512_expected[] = {

837

0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,

838

0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,

839

0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,

840

0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,

841

0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,

842

};

843

844

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

845

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

846

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

847

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

848

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

849

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

850

}

851

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

852

TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

853

string key(20, 0xaa);

854

string message(50, 0xdd);

855

uint8_t sha_224_expected[] = {

856

0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,

857

0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,

858

};

859

uint8_t sha_256_expected[] = {

860

0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,

861

0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,

862

0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,

863

};

864

uint8_t sha_384_expected[] = {

865

0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,

866

0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,

867

0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,

868

0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,

869

};

870

uint8_t sha_512_expected[] = {

871

0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,

872

0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,

873

0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,

874

0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,

875

0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,

876

};

877

878

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

879

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

880

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

881

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

882

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

883

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

884

}

885

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

886

TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

887

uint8_t key_data[25] = {

888

0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,

889

0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,

890

};

891

string key = make_string(key_data);

892

string message(50, 0xcd);

893

uint8_t sha_224_expected[] = {

894

0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,

895

0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,

896

};

897

uint8_t sha_256_expected[] = {

898

0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,

899

0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,

900

0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,

901

};

902

uint8_t sha_384_expected[] = {

903

0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,

904

0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,

905

0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,

906

0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,

907

};

908

uint8_t sha_512_expected[] = {

909

0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,

910

0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,

911

0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,

912

0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,

913

0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,

914

};

915

916

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

917

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

918

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

919

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

920

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

921

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

922

}

923

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

924

TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

925

string key(20, 0x0c);

926

string message = "Test With Truncation";

927

928

uint8_t sha_224_expected[] = {

929

0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,

930

0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,

931

};

932

uint8_t sha_256_expected[] = {

933

0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,

934

0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,

935

};

936

uint8_t sha_384_expected[] = {

937

0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,

938

0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,

939

};

940

uint8_t sha_512_expected[] = {

941

0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,

942

0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,

943

};

944

945

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

946

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

947

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

948

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

949

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

950

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

951

}

952

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

953

TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

954

string key(131, 0xaa);

955

string message = "Test Using Larger Than Block-Size Key - Hash Key First";

956

957

uint8_t sha_224_expected[] = {

958

0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,

959

0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,

960

};

961

uint8_t sha_256_expected[] = {

962

0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,

963

0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,

964

0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,

965

};

966

uint8_t sha_384_expected[] = {

967

0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,

968

0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,

969

0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,

970

0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,

971

};

972

uint8_t sha_512_expected[] = {

973

0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,

974

0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,

975

0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,

976

0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,

977

0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,

978

};

979

980

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

981

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

982

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

983

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

984

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

985

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

986

}

987

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

988

TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

989

string key(131, 0xaa);

990

string message = "This is a test using a larger than block-size key and a larger than "

991

"block-size data. The key needs to be hashed before being used by the HMAC "

992

"algorithm.";

993

994

uint8_t sha_224_expected[] = {

995

0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,

996

0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,

997

};

998

uint8_t sha_256_expected[] = {

999

0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,

1000

0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,

1001

0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,

1002

};

1003

uint8_t sha_384_expected[] = {

1004

0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,

1005

0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,

1006

0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,

1007

0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,

1008

};

1009

uint8_t sha_512_expected[] = {

1010

0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,

1011

0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,

1012

0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,

1013

0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,

1014

0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,

1015

};

1016

1017

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));

1018

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));

1019

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));

1020

CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1021

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1022

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1023

}

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1024

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1025

TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1026

ASSERT_EQ(KM_ERROR_OK,

1027

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));

1028

AuthorizationSet begin_params(client_params());

Shawn Willden

0c60f6f

2015-04-27 23:40:10 -0600

[diff] [blame]

1029

begin_params.push_back(TAG_MAC_LENGTH, 264);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1030

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1031

ASSERT_EQ(KM_ERROR_OK,

1032

BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));

1033

string message = "1234567890123456789012345678901";

1034

string result;

1035

size_t input_consumed;

1036

ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1037

ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1038

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1039

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1040

}

1041

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1042

// TODO(swillden): Add more verification failure tests.

1043

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1044

typedef Keymaster1Test VerificationOperationsTest;

1045

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);

1046

1047

TEST_P(VerificationOperationsTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1048

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1049

.RsaSigningKey(256, 3)

1050

.Digest(KM_DIGEST_NONE)

1051

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1052

string message = "12345678901234567890123456789012";

1053

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1054

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

1055

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1056

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1057

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1058

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-13 10:37:40 -0600

[diff] [blame]

1059

}

1060

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1061

TEST_P(VerificationOperationsTest, RsaPssSha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1062

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1063

.RsaSigningKey(512, 3)

1064

.Digest(KM_DIGEST_SHA_2_256)

1065

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1066

// Use large message, which won't work without digesting.

1067

string message(1024, 'a');

1068

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1069

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

1070

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1071

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1072

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1073

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1074

}

1075

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1076

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1077

GenerateKey(AuthorizationSetBuilder()

1078

.RsaSigningKey(512, 3)

1079

.Digest(KM_DIGEST_SHA_2_256)

1080

.Padding(KM_PAD_RSA_PSS));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1081

string message(1024, 'a');

1082

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1083

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1084

++signature[signature.size() / 2];

1085

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1086

AuthorizationSet begin_params(client_params());

1087

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1088

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1089

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1090

1091

string result;

1092

size_t input_consumed;

1093

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1094

EXPECT_EQ(message.size(), input_consumed);

1095

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1096

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1097

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1098

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1099

}

1100

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1101

TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1102

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1103

.RsaSigningKey(512, 3)

1104

.Digest(KM_DIGEST_SHA_2_256)

1105

.Padding(KM_PAD_RSA_PSS)));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1106

// Use large message, which won't work without digesting.

1107

string message(1024, 'a');

1108

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1109

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1110

++message[message.size() / 2];

1111

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1112

AuthorizationSet begin_params(client_params());

1113

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1114

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1115

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1116

1117

string result;

1118

size_t input_consumed;

1119

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1120

EXPECT_EQ(message.size(), input_consumed);

1121

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1122

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1123

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1124

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:33:24 -0700

[diff] [blame]

1125

}

1126

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1127

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1128

GenerateKey(AuthorizationSetBuilder()

1129

.RsaSigningKey(512, 3)

1130

.Digest(KM_DIGEST_SHA_2_256)

1131

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1132

string message(1024, 'a');

1133

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1134

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

1135

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1136

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1137

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1138

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1139

}

1140

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1141

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1142

GenerateKey(AuthorizationSetBuilder()

1143

.RsaSigningKey(512, 3)

1144

.Digest(KM_DIGEST_SHA_2_256)

1145

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1146

string message(1024, 'a');

1147

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1148

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1149

++signature[signature.size() / 2];

1150

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1151

AuthorizationSet begin_params(client_params());

1152

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1153

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1154

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1155

1156

string result;

1157

size_t input_consumed;

1158

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1159

EXPECT_EQ(message.size(), input_consumed);

1160

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1161

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1162

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1163

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1164

}

1165

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1166

TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1167

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1168

.RsaSigningKey(512, 3)

1169

.Digest(KM_DIGEST_SHA_2_256)

1170

.Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1171

// Use large message, which won't work without digesting.

1172

string message(1024, 'a');

1173

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1174

SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1175

++message[message.size() / 2];

1176

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1177

AuthorizationSet begin_params(client_params());

1178

begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1179

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1180

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1181

1182

string result;

1183

size_t input_consumed;

1184

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1185

EXPECT_EQ(message.size(), input_consumed);

1186

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1187

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1188

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1189

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1190

}

1191

1192

template <typename T> vector<T> make_vector(const T* array, size_t len) {

1193

return vector<T>(array, array + len);

1194

}

1195

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1196

TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1197

// Get all supported digests and padding modes.

1198

size_t digests_len;

1199

keymaster_digest_t* digests;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1200

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1201

device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,

1202

&digests_len));

1203

1204

size_t padding_modes_len;

1205

keymaster_padding_t* padding_modes;

Shawn Willden

2015-05-26 08:31:37 -0600

[diff] [blame]

1206

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1207

device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,

1208

&padding_modes, &padding_modes_len));

1209

1210

// Try them.

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1211

int trial_count = 0;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1212

for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {

1213

for (keymaster_digest_t digest : make_vector(digests, digests_len)) {

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1214

if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)

1215

// Digesting requires padding

1216

continue;

1217

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1218

// Compute key & message size that will work.

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1219

size_t key_bits = 0;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1220

size_t message_len = 1000;

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1221

1222

if (digest == KM_DIGEST_NONE) {

1223

key_bits = 256;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1224

switch (padding_mode) {

1225

case KM_PAD_NONE:

1226

// Match key size.

1227

message_len = key_bits / 8;

1228

break;

1229

case KM_PAD_RSA_PKCS1_1_5_SIGN:

1230

message_len = key_bits / 8 - 11;

1231

break;

1232

case KM_PAD_RSA_PSS:

1233

// PSS requires a digest.

1234

continue;

1235

default:

1236

FAIL() << "Missing padding";

1237

break;

1238

}

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

} else {

size_t digest_bits;

switch (digest) {

case KM_DIGEST_MD5:

digest_bits = 128;

break;

case KM_DIGEST_SHA1:

digest_bits = 160;

break;

case KM_DIGEST_SHA_2_224:

1249

digest_bits = 224;

1250

break;

1251

case KM_DIGEST_SHA_2_256:

1252

digest_bits = 256;

1253

break;

1254

case KM_DIGEST_SHA_2_384:

1255

digest_bits = 384;

1256

break;

1257

case KM_DIGEST_SHA_2_512:

digest_bits = 512;

break;

default:

FAIL() << "Missing digest";

1262

}

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1263

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1264

switch (padding_mode) {

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1265

case KM_PAD_RSA_PKCS1_1_5_SIGN:

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1266

key_bits = digest_bits + 8 * (11 + 19);

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1267

break;

1268

case KM_PAD_RSA_PSS:

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1269

key_bits = digest_bits + 8 * 10;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1270

break;

1271

default:

1272

FAIL() << "Missing padding";

1273

break;

1274

}

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1275

}

1276

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1277

GenerateKey(AuthorizationSetBuilder()

1278

.RsaSigningKey(key_bits, 3)

1279

.Digest(digest)

1280

.Padding(padding_mode));

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1281

string message(message_len, 'a');

1282

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1283

SignMessage(message, &signature, digest, padding_mode);

1284

VerifyMessage(message, signature, digest, padding_mode);

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1285

++trial_count;

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

}

}

free(padding_modes);

free(digests);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1291

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1292

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-06-01 07:33:51 -0600

[diff] [blame]

1293

EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 23:01:15 -0700

[diff] [blame]

1294

}

1295

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1296

TEST_P(VerificationOperationsTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1297

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1298

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

1299

string message = "12345678901234567890123456789012";

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1300

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1301

SignMessage(message, &signature, KM_DIGEST_NONE);

1302

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1303

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1304

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1305

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

5ac2f8f

2014-08-18 15:33:10 -0600

[diff] [blame]

1306

}

1307

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

1308

TEST_P(VerificationOperationsTest, EcdsaSha256Success) {

1309

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1310

.EcdsaSigningKey(256)

1311

.Digest(KM_DIGEST_SHA_2_256)

1312

.Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

1313

string message = "12345678901234567890123456789012";

Shawn Willden

2015-06-01 07:07:33 -0600

[diff] [blame]

1314

string signature;

1315

SignMessage(message, &signature, KM_DIGEST_SHA_2_256);

1316

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

1317

1318

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1319

EXPECT_EQ(4, GetParam()->keymaster0_calls());

1320

1321

// Just for giggles, try verifying with the wrong digest.

1322

AuthorizationSet begin_params(client_params());

1323

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

1324

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));

1325

1326

string result;

1327

size_t input_consumed;

1328

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1329

EXPECT_EQ(message.size(), input_consumed);

1330

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));

1331

}

1332

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1333

TEST_P(VerificationOperationsTest, HmacSha1Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1334

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1335

string message = "123456789012345678901234567890123456789012345678";

1336

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1337

MacMessage(message, &signature, KM_DIGEST_SHA1, 160);

1338

VerifyMessage(message, signature, KM_DIGEST_SHA1);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1339

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1340

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1341

}

1342

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1343

TEST_P(VerificationOperationsTest, HmacSha224Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1344

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1345

string message = "123456789012345678901234567890123456789012345678";

1346

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1347

MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);

1348

VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1349

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1350

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1351

}

1352

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1353

TEST_P(VerificationOperationsTest, HmacSha256Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1354

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1355

string message = "123456789012345678901234567890123456789012345678";

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1356

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1357

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);

1358

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1359

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1360

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-15 17:44:02 -0700

[diff] [blame]

1361

}

1362

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1363

TEST_P(VerificationOperationsTest, HmacSha384Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1364

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1365

string message = "123456789012345678901234567890123456789012345678";

1366

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1367

MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);

1368

VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1369

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1370

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1371

}

1372

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1373

TEST_P(VerificationOperationsTest, HmacSha512Success) {

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

1374

GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1375

string message = "123456789012345678901234567890123456789012345678";

1376

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1377

MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);

1378

VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1379

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1380

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-18 10:44:03 -0700

[diff] [blame]

1381

}

1382

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1383

typedef Keymaster1Test ExportKeyTest;

1384

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);

1385

1386

TEST_P(ExportKeyTest, RsaSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1387

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1388

.RsaSigningKey(256, 3)

1389

.Digest(KM_DIGEST_NONE)

1390

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1391

string export_data;

1392

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1393

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1394

1395

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1396

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1397

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1398

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

ffd790c

2014-08-18 21:20:06 -0600

[diff] [blame]

1399

}

1400

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1401

TEST_P(ExportKeyTest, EcdsaSuccess) {

Shawn Willden

84b8da5

2015-03-11 07:21:32 -0600

[diff] [blame]

1402

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1403

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1404

string export_data;

1405

ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1406

EXPECT_GT(export_data.length(), 0U);

Shawn Willden

e46a43f

2014-08-27 10:35:36 -0600

[diff] [blame]

1407

1408

// TODO(swillden): Verify that the exported key is actually usable to verify signatures.

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1409

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1410

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1411

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1412

}

1413

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1414

TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1415

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1416

.RsaSigningKey(256, 3)

1417

.Digest(KM_DIGEST_NONE)

1418

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1419

string export_data;

1420

ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1421

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1422

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1423

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1424

}

1425

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1426

TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1427

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1428

.RsaSigningKey(256, 3)

1429

.Digest(KM_DIGEST_NONE)

1430

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1431

corrupt_key_blob();

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1432

string export_data;

1433

ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1434

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1435

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1436

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

f268d74

2014-08-19 15:36:26 -0600

[diff] [blame]

1437

}

1438

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1439

TEST_P(ExportKeyTest, AesKeyExportFails) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1440

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1441

string export_data;

1442

1443

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));

1444

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));

1445

EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1446

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1447

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:20:47 -0700

[diff] [blame]

1448

}

1449

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1450

static string read_file(const string& file_name) {

1451

ifstream file_stream(file_name, std::ios::binary);

1452

istreambuf_iterator<char> file_begin(file_stream);

1453

istreambuf_iterator<char> file_end;

1454

return string(file_begin, file_end);

1455

}

1456

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1457

typedef Keymaster1Test ImportKeyTest;

1458

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);

1459

1460

TEST_P(ImportKeyTest, RsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1461

string pk8_key = read_file("rsa_privkey_pk8.der");

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1462

ASSERT_EQ(633U, pk8_key.size());

1463

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1464

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1465

.RsaSigningKey(1024, 65537)

1466

.Digest(KM_DIGEST_NONE)

1467

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1468

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1469

1470

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1471

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1472

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1473

TAG_ALGORITHM, KM_ALGORITHM_RSA));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1474

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1475

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1476

TAG_KEY_SIZE, 1024));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1477

EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()

1478

: sw_enforced(),

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1479

TAG_RSA_PUBLIC_EXPONENT, 65537U));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1480

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1481

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1482

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1483

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1484

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1485

string message(1024 / 8, 'a');

1486

string signature;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1487

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

1488

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1489

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1490

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1491

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-20 11:59:49 -0600

[diff] [blame]

1492

}

1493

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1494

TEST_P(ImportKeyTest, OldApiRsaSuccess) {

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1495

string pk8_key = read_file("rsa_privkey_pk8.der");

1496

ASSERT_EQ(633U, pk8_key.size());

1497

1498

// NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that

1499

// point softkeymaster will no longer support keymaster0 APIs anyway.

1500

uint8_t* key_blob;

1501

size_t key_blob_length;

1502

ASSERT_EQ(0,

1503

device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),

1504

pk8_key.size(), &key_blob, &key_blob_length));

1505

set_key_blob(key_blob, key_blob_length);

1506

1507

string message(1024 / 8, 'a');

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1508

AuthorizationSet begin_params; // Don't use client data.

1509

begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1510

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1511

AuthorizationSet update_params;

1512

AuthorizationSet output_params;

1513

string signature =

1514

ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);

1515

ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,

1516

&output_params);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1517

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1518

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1519

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

d7a5c71

2015-04-09 16:33:52 -0600

[diff] [blame]

1520

}

1521

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1522

TEST_P(ImportKeyTest, RsaKeySizeMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1523

string pk8_key = read_file("rsa_privkey_pk8.der");

1524

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1525

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1526

ImportKey(AuthorizationSetBuilder()

1527

.RsaSigningKey(2048 /* Doesn't match key */, 3)

1528

.Digest(KM_DIGEST_NONE)

1529

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1530

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1531

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1532

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1533

}

1534

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1535

TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1536

string pk8_key = read_file("rsa_privkey_pk8.der");

1537

ASSERT_EQ(633U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1538

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1539

ImportKey(AuthorizationSetBuilder()

1540

.RsaSigningKey(256, 3 /* Doesnt' match key */)

1541

.Digest(KM_DIGEST_NONE)

1542

.Padding(KM_PAD_NONE),

Shawn Willden

c24c110

2014-12-22 15:30:09 -0700

[diff] [blame]

1543

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1544

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1545

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1546

}

1547

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1548

TEST_P(ImportKeyTest, EcdsaSuccess) {

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1549

string pk8_key = read_file("ec_privkey_pk8.der");

1550

ASSERT_EQ(138U, pk8_key.size());

1551

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1552

ASSERT_EQ(KM_ERROR_OK,

1553

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1554

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1555

1556

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1557

EXPECT_TRUE(

1558

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1559

TAG_ALGORITHM, KM_ALGORITHM_EC));

1560

EXPECT_TRUE(

1561

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1562

TAG_KEY_SIZE, 256));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1563

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1564

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1565

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1566

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1567

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

1568

string message(32, 'a');

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1569

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1570

SignMessage(message, &signature, KM_DIGEST_NONE);

1571

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1572

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1573

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1574

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-08-27 10:08:46 -0600

[diff] [blame]

1575

}

1576

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1577

TEST_P(ImportKeyTest, EcdsaSizeSpecified) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1578

string pk8_key = read_file("ec_privkey_pk8.der");

1579

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1580

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1581

ASSERT_EQ(KM_ERROR_OK,

1582

ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),

1583

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1584

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1585

// Check values derived from the key.

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1586

EXPECT_TRUE(

1587

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1588

TAG_ALGORITHM, KM_ALGORITHM_EC));

1589

EXPECT_TRUE(

1590

contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),

1591

TAG_KEY_SIZE, 256));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1592

Shawn Willden

2015-05-16 09:20:59 -0600

[diff] [blame]

1593

// And values provided by AndroidKeymaster

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1594

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1595

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1596

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

1597

string message(32, 'a');

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1598

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1599

SignMessage(message, &signature, KM_DIGEST_NONE);

1600

VerifyMessage(message, signature, KM_DIGEST_NONE);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1601

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1602

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1603

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1604

}

1605

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1606

TEST_P(ImportKeyTest, EcdsaSizeMismatch) {

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1607

string pk8_key = read_file("ec_privkey_pk8.der");

1608

ASSERT_EQ(138U, pk8_key.size());

Shawn Willden

2015-02-02 08:05:25 -0700

[diff] [blame]

1609

ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1610

ImportKey(AuthorizationSetBuilder()

1611

.EcdsaSigningKey(224 /* Doesn't match key */)

1612

.Digest(KM_DIGEST_NONE),

1613

KM_KEY_FORMAT_PKCS8, pk8_key));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1614

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1615

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-09-18 11:26:15 -0600

[diff] [blame]

1616

}

1617

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1618

TEST_P(ImportKeyTest, AesKeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1619

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1620

string key(key_data, sizeof(key_data));

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1621

ASSERT_EQ(KM_ERROR_OK,

Shawn Willden

c47c88f

2015-04-07 17:23:27 -0600

[diff] [blame]

1622

ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(

1623

TAG_PADDING, KM_PAD_PKCS7),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1624

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1625

1626

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1627

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1628

1629

string message = "Hello World!";

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1630

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

1631

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1632

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1633

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1634

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1635

}

1636

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1637

TEST_P(ImportKeyTest, HmacSha256KeySuccess) {

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1638

char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

1639

string key(key_data, sizeof(key_data));

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1640

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

1641

.HmacKey(sizeof(key_data) * 8)

1642

.Digest(KM_DIGEST_SHA_2_256)

1643

.Authorization(TAG_MAC_LENGTH, 32),

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1644

KM_KEY_FORMAT_RAW, key));

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1645

1646

EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));

1647

EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));

1648

1649

string message = "Hello World!";

1650

string signature;

Shawn Willden

2015-05-08 11:36:56 -0600

[diff] [blame]

1651

MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);

1652

VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1653

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1654

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-02-05 10:26:47 -0700

[diff] [blame]

1655

}

1656

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1657

typedef Keymaster1Test EncryptionOperationsTest;

1658

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);

1659

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

1660

TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {

1661

ASSERT_EQ(KM_ERROR_OK,

1662

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1663

1664

string message = "12345678901234567890123456789012";

1665

string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);

1666

EXPECT_EQ(256U / 8, ciphertext1.size());

1667

1668

string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);

1669

EXPECT_EQ(256U / 8, ciphertext2.size());

1670

1671

// Unpadded RSA is deterministic

1672

EXPECT_EQ(ciphertext1, ciphertext2);

1673

1674

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1675

EXPECT_EQ(3, GetParam()->keymaster0_calls());

1676

}

1677

1678

TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {

1679

ASSERT_EQ(KM_ERROR_OK,

1680

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1681

1682

string message = "1234567890123456789012345678901";

1683

1684

AuthorizationSet begin_params(client_params());

1685

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

1686

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1687

1688

string result;

1689

size_t input_consumed;

1690

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

1691

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

1692

EXPECT_EQ(0U, result.size());

1693

1694

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1695

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1696

}

1697

1698

TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {

1699

ASSERT_EQ(KM_ERROR_OK,

1700

GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));

1701

1702

string message = "123456789012345678901234567890123";

1703

1704

AuthorizationSet begin_params(client_params());

1705

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

1706

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

1707

1708

string result;

1709

size_t input_consumed;

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

1710

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

3016084

2015-06-01 08:31:00 -0600

[diff] [blame]

1711

1712

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

1713

EXPECT_EQ(2, GetParam()->keymaster0_calls());

1714

}

1715

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1716

TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1717

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1718

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1719

1720

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1721

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1722

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1723

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1724

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1725

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1726

1727

// OAEP randomizes padding so every result should be different.

1728

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1729

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1730

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1731

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1732

}

1733

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1734

TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1735

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1736

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1737

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1738

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1739

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1740

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1741

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_OAEP);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1742

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1743

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1744

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1745

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1746

}

1747

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1748

TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1749

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1750

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1751

string message = "12345678901234567890123";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1752

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1753

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1754

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1755

AuthorizationSet begin_params(client_params());

1756

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1757

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1758

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1759

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1760

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1761

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1762

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1763

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1764

}

1765

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1766

TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1767

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1768

KM_PAD_RSA_OAEP)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1769

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1770

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_OAEP);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1771

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1772

1773

// Corrupt the ciphertext

1774

ciphertext[512 / 8 / 2]++;

1775

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1776

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1777

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1778

AuthorizationSet begin_params(client_params());

1779

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);

1780

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1781

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1782

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1783

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1784

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1785

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1786

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1787

}

1788

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1789

TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1790

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1791

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1792

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1793

string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1794

EXPECT_EQ(512U / 8, ciphertext1.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1795

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1796

string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1797

EXPECT_EQ(512U / 8, ciphertext2.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1798

1799

// PKCS1 v1.5 randomizes padding so every result should be different.

1800

EXPECT_NE(ciphertext1, ciphertext2);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1801

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1802

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1803

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1804

}

1805

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1806

TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1807

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1808

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1809

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1810

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1811

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1812

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1813

string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1814

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1815

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1816

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1817

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1818

}

1819

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1820

TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1821

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1822

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

7bae132

2015-05-26 10:16:49 -0600

[diff] [blame]

1823

string message = "123456789012345678901234567890123456789012345678901234";

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1824

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1825

size_t input_consumed;

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1826

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1827

AuthorizationSet begin_params(client_params());

1828

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1829

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1830

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1831

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1832

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1833

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1834

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1835

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1836

}

1837

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1838

TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {

Shawn Willden

2015-04-15 13:48:28 -0600

[diff] [blame]

1839

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(

1840

KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1841

string message = "Hello World!";

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1842

string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1843

EXPECT_EQ(512U / 8, ciphertext.size());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1844

1845

// Corrupt the ciphertext

1846

ciphertext[512 / 8 / 2]++;

1847

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1848

string result;

Shawn Willden

2014-12-08 08:15:14 -0700

[diff] [blame]

1849

size_t input_consumed;

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1850

AuthorizationSet begin_params(client_params());

1851

begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);

1852

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-17 16:44:29 -0700

[diff] [blame]

1853

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));

Shawn Willden

2014-12-17 08:01:26 -0700

[diff] [blame]

1854

EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1855

EXPECT_EQ(0U, result.size());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1856

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1857

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1858

EXPECT_EQ(4, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-02 07:01:21 -0700

[diff] [blame]

1859

}

1860

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1861

TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1862

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1863

.RsaSigningKey(256, 3)

1864

.Digest(KM_DIGEST_NONE)

1865

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1866

ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1867

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1868

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

1869

EXPECT_EQ(2, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1870

}

1871

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1872

TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1873

ASSERT_EQ(KM_ERROR_OK,

1874

GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

1875

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1876

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1877

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1878

if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))

1879

EXPECT_EQ(3, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1880

}

1881

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1882

TEST_P(EncryptionOperationsTest, HmacEncrypt) {

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

ASSERT_EQ(

KM_ERROR_OK,

GenerateKey(

AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));

Shawn Willden

2015-06-17 11:20:56 -0600

[diff] [blame]

1887

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));

1888

ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1889

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1890

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-08 06:46:44 -0600

[diff] [blame]

1891

}

1892

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1893

TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1894

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1895

.AesEncryptionKey(128)

1896

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1897

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1898

// Two-block message.

1899

string message = "12345678901234567890123456789012";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1900

string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1901

EXPECT_EQ(message.size(), ciphertext1.size());

1902

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1903

string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1904

EXPECT_EQ(message.size(), ciphertext2.size());

1905

1906

// ECB is deterministic.

1907

EXPECT_EQ(ciphertext1, ciphertext2);

1908

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1909

string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1910

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1911

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1912

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1913

}

1914

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1915

TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1916

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1917

.AesEncryptionKey(128)

1918

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1919

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1920

// Message is slightly shorter than two blocks.

1921

string message = "1234567890123456789012345678901";

1922

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1923

AuthorizationSet begin_params(client_params());

1924

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1925

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1926

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1927

string ciphertext;

1928

size_t input_consumed;

1929

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));

1930

EXPECT_EQ(message.size(), input_consumed);

1931

EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1932

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1933

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1934

}

1935

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1936

TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1937

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1938

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1939

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1940

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1941

1942

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1943

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1944

string message(i, 'a');

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1945

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1946

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1947

string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1948

EXPECT_EQ(message, plaintext);

1949

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1950

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1951

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1952

}

1953

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1954

TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1955

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1956

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

1957

.Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)

1958

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1959

1960

string message = "a";

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1961

string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

1962

EXPECT_EQ(16U, ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1963

EXPECT_NE(ciphertext, message);

1964

++ciphertext[ciphertext.size() / 2];

1965

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1966

AuthorizationSet begin_params(client_params());

1967

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

1968

begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1969

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1970

string plaintext;

1971

size_t input_consumed;

1972

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));

1973

EXPECT_EQ(ciphertext.size(), input_consumed);

1974

EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

1975

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

1976

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

1977

}

1978

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

1979

TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

1980

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

1981

.AesEncryptionKey(128)

1982

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

1983

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1984

string message = "123";

1985

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1986

string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1987

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1988

EXPECT_EQ(16U, iv1.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1989

1990

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1991

string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1992

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

72a5fdd

2015-03-17 20:04:33 -0600

[diff] [blame]

1993

EXPECT_EQ(16U, iv2.size());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

1994

1995

// IVs should be random, so ciphertexts should differ.

1996

EXPECT_NE(iv1, iv2);

1997

EXPECT_NE(ciphertext1, ciphertext2);

1998

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

1999

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2000

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2001

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2002

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2003

}

2004

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2005

TEST_P(EncryptionOperationsTest, AesCtrIncremental) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2006

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2007

.AesEncryptionKey(128)

2008

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

2009

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2010

2011

int increment = 15;

2012

string message(239, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2013

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2014

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2015

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2016

AuthorizationSet output_params;

2017

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

2018

2019

string ciphertext;

2020

size_t input_consumed;

2021

for (size_t i = 0; i < message.size(); i += increment)

2022

EXPECT_EQ(KM_ERROR_OK,

2023

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

2024

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2025

EXPECT_EQ(message.size(), ciphertext.size());

2026

2027

// Move TAG_NONCE into input_params

2028

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2029

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2030

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2031

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2032

output_params.Clear();

2033

2034

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

2035

string plaintext;

2036

for (size_t i = 0; i < ciphertext.size(); i += increment)

2037

EXPECT_EQ(KM_ERROR_OK,

2038

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

2039

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2040

EXPECT_EQ(ciphertext.size(), plaintext.size());

2041

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2042

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2043

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2044

}

2045

2046

struct AesCtrSp80038aTestVector {

2047

const char* key;

2048

const char* nonce;

2049

const char* plaintext;

2050

const char* ciphertext;

2051

};

2052

2053

// These test vectors are taken from

2054

// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.

2055

static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {

2056

// AES-128

2057

{

2058

"2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2059

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2060

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2061

"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"

2062

"5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",

},

// AES-192

{

"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2067

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2068

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2069

"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"

2070

"1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",

},

// AES-256

{

"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",

2075

"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",

2076

"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"

2077

"30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",

2078

"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"

2079

"2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",

},

};

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2083

TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2084

for (size_t i = 0; i < 3; i++) {

2085

const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);

2086

const string key = hex2str(test.key);

2087

const string nonce = hex2str(test.nonce);

2088

const string plaintext = hex2str(test.plaintext);

2089

const string ciphertext = hex2str(test.ciphertext);

2090

CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);

2091

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2092

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2093

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2094

}

2095

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2096

TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2097

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2098

.AesEncryptionKey(128)

2099

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

2100

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2101

AuthorizationSet begin_params(client_params());

2102

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2103

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2104

EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2105

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2106

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2107

}

2108

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2109

TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2110

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2111

.AesEncryptionKey(128)

2112

.Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2113

.Authorization(TAG_CALLER_NONCE)

2114

.Padding(KM_PAD_NONE)));

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2115

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2116

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2117

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2118

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2119

input_params.push_back(TAG_NONCE, "123", 3);

2120

EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2121

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2122

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Thai Duong

2015-03-24 17:49:58 -0700

[diff] [blame]

2123

}

2124

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2125

TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2126

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2127

.AesEncryptionKey(128)

2128

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2129

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2130

// Two-block message.

2131

string message = "12345678901234567890123456789012";

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2132

string iv1;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2133

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2134

EXPECT_EQ(message.size(), ciphertext1.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2135

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2136

string iv2;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2137

string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2138

EXPECT_EQ(message.size(), ciphertext2.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2139

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2140

// IVs should be random, so ciphertexts should differ.

2141

EXPECT_NE(iv1, iv2);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2142

EXPECT_NE(ciphertext1, ciphertext2);

2143

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2144

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2145

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2146

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2147

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2148

}

2149

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2150

TEST_P(EncryptionOperationsTest, AesCallerNonce) {

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2151

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2152

.AesEncryptionKey(128)

2153

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2154

.Authorization(TAG_CALLER_NONCE)

2155

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2156

string message = "12345678901234567890123456789012";

2157

string iv1;

2158

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2159

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2160

EXPECT_EQ(message.size(), ciphertext1.size());

2161

EXPECT_EQ(16U, iv1.size());

2162

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2163

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2164

EXPECT_EQ(message, plaintext);

2165

2166

// Now specify a nonce, should also work.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2167

AuthorizationSet input_params(client_params());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2168

AuthorizationSet update_params;

2169

AuthorizationSet output_params;

2170

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2171

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2172

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2173

string ciphertext2 =

2174

ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);

2175

2176

// Decrypt with correct nonce.

2177

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2178

&output_params);

2179

EXPECT_EQ(message, plaintext);

2180

2181

// Now try with wrong nonce.

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2182

input_params.Reinitialize(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2183

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2184

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2185

input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);

2186

plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,

2187

&output_params);

2188

EXPECT_NE(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2189

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2190

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-15 17:05:53 -0700

[diff] [blame]

2191

}

2192

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2193

TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2194

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2195

.AesEncryptionKey(128)

2196

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2197

.Padding(KM_PAD_NONE)));

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2198

2199

string message = "12345678901234567890123456789012";

2200

string iv1;

2201

// Don't specify nonce, should get a random one.

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2202

string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2203

EXPECT_EQ(message.size(), ciphertext1.size());

2204

EXPECT_EQ(16U, iv1.size());

2205

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2206

string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2207

EXPECT_EQ(message, plaintext);

2208

2209

// Now specify a nonce, should fail.

2210

AuthorizationSet input_params(client_params());

2211

AuthorizationSet update_params;

2212

AuthorizationSet output_params;

2213

input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2214

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2215

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2216

2217

EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,

2218

BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2219

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2220

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-04-28 00:43:19 -0600

[diff] [blame]

2221

}

2222

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2223

TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {

Shawn Willden

2015-05-08 14:05:13 -0600

[diff] [blame]

2224

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2225

.AesEncryptionKey(128)

2226

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2227

.Padding(KM_PAD_NONE)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2228

2229

int increment = 15;

2230

string message(240, 'a');

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2231

AuthorizationSet input_params(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2232

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2233

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2234

AuthorizationSet output_params;

2235

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));

2236

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2237

string ciphertext;

2238

size_t input_consumed;

2239

for (size_t i = 0; i < message.size(); i += increment)

2240

EXPECT_EQ(KM_ERROR_OK,

2241

UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));

2242

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2243

EXPECT_EQ(message.size(), ciphertext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2244

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2245

// Move TAG_NONCE into input_params

2246

input_params.Reinitialize(output_params);

Shawn Willden

2015-04-15 13:49:49 -0600

[diff] [blame]

2247

input_params.push_back(client_params());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2248

input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);

Shawn Willden

2015-05-11 11:56:02 -0600

[diff] [blame]

2249

input_params.push_back(TAG_PADDING, KM_PAD_NONE);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2250

output_params.Clear();

2251

2252

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2253

string plaintext;

2254

for (size_t i = 0; i < ciphertext.size(); i += increment)

2255

EXPECT_EQ(KM_ERROR_OK,

2256

UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));

2257

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2258

EXPECT_EQ(ciphertext.size(), plaintext.size());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2259

EXPECT_EQ(message, plaintext);

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2260

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2261

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2262

}

2263

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2264

TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2265

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2266

.AesEncryptionKey(128)

Shawn Willden

2015-02-27 07:01:02 -0700

[diff] [blame]

2267

.Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)

2268

.Authorization(TAG_PADDING, KM_PAD_PKCS7)));

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2269

2270

// Try various message lengths; all should work.

Shawn Willden

2015-03-17 15:53:14 -0600

[diff] [blame]

2271

for (size_t i = 0; i < 32; ++i) {

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2272

string message(i, 'a');

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2273

string iv;

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2274

string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);

Shawn Willden

2015-03-10 12:59:20 -0600

[diff] [blame]

2275

EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());

Shawn Willden

2015-05-08 14:31:22 -0600

[diff] [blame]

2276

string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2277

EXPECT_EQ(message, plaintext);

2278

}

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2279

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2280

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2014-12-30 16:03:28 -0700

[diff] [blame]

2281

}

2282

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2283

TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {

2284

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2285

.AesEncryptionKey(128)

2286

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2287

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2288

string aad = "foobar";

2289

string message = "123456789012345678901234567890123456";

2290

AuthorizationSet begin_params(client_params());

2291

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2292

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2293

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2294

2295

AuthorizationSet update_params;

2296

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2297

2298

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2299

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2300

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2301

string ciphertext;

2302

size_t input_consumed;

2303

AuthorizationSet update_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2304

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2305

&input_consumed));

2306

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2307

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2308

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2309

// Grab nonce

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2310

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2311

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2312

2313

// Decrypt.

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2314

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2315

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2316

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2317

&plaintext, &input_consumed));

2318

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2319

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2320

2321

EXPECT_EQ(message, plaintext);

2322

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2323

}

2324

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2325

TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {

2326

uint8_t nonce[] = {

2327

0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,

2328

};

2329

uint8_t ciphertext[] = {

2330

0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,

2331

0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,

2332

0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,

2333

0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,

2334

0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,

2335

};

2336

string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));

2337

2338

AuthorizationSet begin_params(client_params());

2339

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2340

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2341

begin_params.push_back(TAG_MAC_LENGTH, 128);

2342

begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));

2343

2344

string plaintext;

2345

size_t input_consumed;

2346

2347

// Import correct key and decrypt

2348

uint8_t good_key[] = {

2349

0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,

2350

0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,

2351

};

2352

string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));

2353

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

2354

.AesEncryptionKey(128)

2355

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2356

.Authorization(TAG_PADDING, KM_PAD_NONE)

2357

.Authorization(TAG_CALLER_NONCE),

2358

KM_KEY_FORMAT_RAW, good_key_str));

2359

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2360

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));

2361

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2362

2363

// Import bad key and decrypt

2364

uint8_t bad_key[] = {

2365

0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,

2366

0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,

2367

};

2368

string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));

2369

ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()

2370

.AesEncryptionKey(128)

2371

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2372

.Authorization(TAG_PADDING, KM_PAD_NONE),

2373

KM_KEY_FORMAT_RAW, bad_key_str));

2374

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2375

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));

2376

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

2377

2378

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2379

}

2380

2381

TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {

2382

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2383

.AesEncryptionKey(128)

2384

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2385

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2386

string aad = "123456789012345678";

2387

string empty_message;

2388

AuthorizationSet begin_params(client_params());

2389

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2390

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2391

begin_params.push_back(TAG_MAC_LENGTH, 128);

2392

2393

AuthorizationSet update_params;

2394

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

2395

2396

// Encrypt

2397

AuthorizationSet begin_out_params;

2398

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2399

string ciphertext;

2400

size_t input_consumed;

2401

AuthorizationSet update_out_params;

2402

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,

2403

&ciphertext, &input_consumed));

2404

EXPECT_EQ(0U, input_consumed);

2405

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2406

2407

// Grab nonce

2408

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2409

begin_params.push_back(begin_out_params);

2410

2411

// Decrypt.

2412

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2413

string plaintext;

2414

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2415

&plaintext, &input_consumed));

2416

EXPECT_EQ(ciphertext.size(), input_consumed);

2417

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2418

2419

EXPECT_EQ(empty_message, plaintext);

2420

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2421

}

2422

2423

TEST_P(EncryptionOperationsTest, AesGcmIncremental) {

2424

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2425

.AesEncryptionKey(128)

2426

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2427

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2428

AuthorizationSet begin_params(client_params());

2429

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2430

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2431

begin_params.push_back(TAG_MAC_LENGTH, 128);

2432

2433

AuthorizationSet update_params;

2434

update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);

2435

2436

// Encrypt

2437

AuthorizationSet begin_out_params;

2438

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2439

string ciphertext;

2440

size_t input_consumed;

2441

AuthorizationSet update_out_params;

2442

2443

// Send AAD, incrementally

2444

for (int i = 0; i < 1000; ++i) {

2445

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,

2446

&input_consumed));

2447

EXPECT_EQ(0U, input_consumed);

2448

EXPECT_EQ(0U, ciphertext.size());

2449

}

2450

2451

// Now send data, incrementally, no data.

2452

AuthorizationSet empty_params;

2453

for (int i = 0; i < 1000; ++i) {

2454

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,

2455

&input_consumed));

2456

EXPECT_EQ(1U, input_consumed);

2457

}

2458

EXPECT_EQ(1000U, ciphertext.size());

2459

2460

// And finish.

2461

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

2462

EXPECT_EQ(1016U, ciphertext.size());

2463

2464

// Grab nonce

2465

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2466

begin_params.push_back(begin_out_params);

2467

2468

// Decrypt.

2469

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2470

string plaintext;

2471

2472

// Send AAD, incrementally, no data

2473

for (int i = 0; i < 1000; ++i) {

2474

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,

2475

&input_consumed));

2476

EXPECT_EQ(0U, input_consumed);

2477

EXPECT_EQ(0U, plaintext.size());

2478

}

2479

2480

// Now send data, incrementally.

2481

for (size_t i = 0; i < ciphertext.length(); ++i) {

2482

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),

2483

&update_out_params, &plaintext, &input_consumed));

2484

EXPECT_EQ(1U, input_consumed);

2485

}

2486

EXPECT_EQ(1000U, plaintext.size());

2487

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

2488

2489

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2490

}

2491

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2492

TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {

2493

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2494

.AesEncryptionKey(128)

2495

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2496

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2497

string message = "123456789012345678901234567890123456";

2498

AuthorizationSet begin_params(client_params());

2499

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2500

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2501

begin_params.push_back(TAG_MAC_LENGTH, 128);

2502

AuthorizationSet begin_out_params;

2503

2504

AuthorizationSet update_params;

2505

update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2506

2507

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

2508

2509

// No data, AAD only.

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2510

string ciphertext;

2511

size_t input_consumed;

2512

AuthorizationSet update_out_params;

2513

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,

2514

&ciphertext, &input_consumed));

2515

EXPECT_EQ(0U, input_consumed);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2516

2517

// AAD and data.

2518

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2519

&input_consumed));

2520

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2521

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2522

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2523

// Grab nonce.

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2524

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2525

begin_params.push_back(begin_out_params);

2526

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2527

// Decrypt

2528

update_params.Clear();

2529

update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2530

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2531

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));

2532

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2533

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2534

&plaintext, &input_consumed));

2535

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2536

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2537

2538

EXPECT_EQ(message, plaintext);

2539

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2540

}

2541

2542

TEST_P(EncryptionOperationsTest, AesGcmBadAad) {

2543

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2544

.AesEncryptionKey(128)

2545

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2546

.Authorization(TAG_PADDING, KM_PAD_NONE)));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2547

string message = "12345678901234567890123456789012";

2548

AuthorizationSet begin_params(client_params());

2549

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2550

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2551

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2552

2553

AuthorizationSet update_params;

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2554

update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2555

2556

AuthorizationSet finish_params;

2557

AuthorizationSet finish_out_params;

2558

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2559

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2560

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2561

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2562

AuthorizationSet update_out_params;

2563

string ciphertext;

2564

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2565

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2566

&input_consumed));

2567

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2568

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2569

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2570

// Grab nonce

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2571

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2572

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2573

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2574

update_params.Clear();

2575

update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2576

2577

// Decrypt.

2578

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2579

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2580

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2581

&plaintext, &input_consumed));

2582

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2583

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2584

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2585

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2586

}

2587

2588

TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {

2589

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2590

.AesEncryptionKey(128)

2591

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2592

.Authorization(TAG_PADDING, KM_PAD_NONE)));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2593

string message = "12345678901234567890123456789012";

2594

AuthorizationSet begin_params(client_params());

2595

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2596

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2597

begin_params.push_back(TAG_MAC_LENGTH, 128);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2598

2599

AuthorizationSet update_params;

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2600

update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2601

2602

// Encrypt

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2603

AuthorizationSet begin_out_params;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2604

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2605

AuthorizationSet update_out_params;

2606

string ciphertext;

2607

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2608

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2609

&input_consumed));

2610

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2611

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2612

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2613

begin_params.push_back(TAG_NONCE, "123456789012", 12);

2614

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2615

// Decrypt

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2616

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2617

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2618

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2619

&plaintext, &input_consumed));

2620

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2621

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2622

2623

// With wrong nonce, should have gotten garbage plaintext.

2624

EXPECT_NE(message, plaintext);

2625

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2626

}

2627

2628

TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {

2629

ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()

2630

.AesEncryptionKey(128)

2631

.Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)

2632

.Authorization(TAG_PADDING, KM_PAD_NONE)));

2633

string aad = "foobar";

2634

string message = "123456789012345678901234567890123456";

2635

AuthorizationSet begin_params(client_params());

2636

begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);

2637

begin_params.push_back(TAG_PADDING, KM_PAD_NONE);

2638

begin_params.push_back(TAG_MAC_LENGTH, 128);

2639

AuthorizationSet begin_out_params;

2640

2641

AuthorizationSet update_params;

2642

update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2643

2644

// Encrypt

2645

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2646

AuthorizationSet update_out_params;

2647

string ciphertext;

2648

size_t input_consumed;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2649

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,

2650

&input_consumed));

2651

EXPECT_EQ(message.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2652

EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2653

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2654

// Corrupt tag

2655

(*ciphertext.rbegin())++;

2656

2657

// Grab nonce.

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2658

EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));

2659

begin_params.push_back(begin_out_params);

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2660

2661

// Decrypt.

2662

EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2663

string plaintext;

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2664

EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,

2665

&plaintext, &input_consumed));

2666

EXPECT_EQ(ciphertext.size(), input_consumed);

Shawn Willden

2015-06-08 23:10:44 -0600

[diff] [blame]

2667

EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));

Shawn Willden

2015-06-02 09:00:52 -0600

[diff] [blame]

2668

2669

EXPECT_EQ(message, plaintext);

2670

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2671

}

2672

Shawn Willden

2015-05-20 13:00:42 -0600

[diff] [blame]

2673

typedef Keymaster1Test AddEntropyTest;

2674

INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);

2675

2676

TEST_P(AddEntropyTest, AddEntropy) {

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2677

// There's no obvious way to test that entropy is actually added, but we can test that the API

2678

// doesn't blow up or return an error.

2679

EXPECT_EQ(KM_ERROR_OK,

2680

device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2681

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2682

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2683

}

2684

2685

typedef Keymaster1Test Keymaster0AdapterTest;

2686

INSTANTIATE_TEST_CASE_P(

2687

AndroidKeymasterTest, Keymaster0AdapterTest,

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2688

::testing::Values(

2689

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),

2690

InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2691

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2692

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2693

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2694

// key data.

2695

string km1_sw = read_file("km1_sw_rsa_512.blob");

2696

EXPECT_EQ(486U, km1_sw.length());

2697

2698

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2699

memcpy(key_data, km1_sw.data(), km1_sw.length());

2700

set_key_blob(key_data, km1_sw.length());

2701

2702

string message(64, 'a');

2703

string signature;

2704

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2705

2706

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2707

}

2708

Shawn Willden

c7fe06d

2015-06-11 15:50:04 -0600

[diff] [blame]

2709

TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {

2710

// Load and use an old-style Keymaster1 software key blob, without the version byte. These

2711

// blobs contain OCB-encrypted key data.

2712

string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");

2713

EXPECT_EQ(477U, km1_sw.length());

2714

2715

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2716

memcpy(key_data, km1_sw.data(), km1_sw.length());

2717

set_key_blob(key_data, km1_sw.length());

2718

2719

string message(64, 'a');

2720

string signature;

2721

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2722

2723

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2724

}

2725

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2726

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {

2727

// Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted

2728

// key data.

2729

string km1_sw = read_file("km1_sw_ecdsa_256.blob");

2730

EXPECT_EQ(270U, km1_sw.length());

2731

2732

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));

2733

memcpy(key_data, km1_sw.data(), km1_sw.length());

2734

set_key_blob(key_data, km1_sw.length());

2735

Shawn Willden

2015-06-22 05:25:59 -0600

[diff] [blame^]

2736

string message(32, static_cast<char>(0xFF));

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2737

string signature;

2738

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2739

2740

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2741

}

2742

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2743

struct Malloc_Delete {

2744

void operator()(void* p) { free(p); }

2745

};

2746

Shawn Willden

2015-05-26 13:12:24 -0600

[diff] [blame]

2747

TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {

Shawn Willden

2015-05-20 16:36:24 -0600

[diff] [blame]

2748

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2749

string km0_sw = read_file("km0_sw_rsa_512.blob");

2750

EXPECT_EQ(333U, km0_sw.length());

2751

2752

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2753

memcpy(key_data, km0_sw.data(), km0_sw.length());

2754

set_key_blob(key_data, km0_sw.length());

2755

2756

string message(64, 'a');

2757

string signature;

2758

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2759

2760

EXPECT_EQ(0, GetParam()->keymaster0_calls());

Shawn Willden

cd69582

2015-01-26 14:06:32 -0700

[diff] [blame]

2761

}

2762

Shawn Willden

ccb84e9

2015-06-02 19:44:54 -0600

[diff] [blame]

2763

TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {

2764

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2765

string km0_sw = read_file("km0_sw_rsa_512.blob");

2766

EXPECT_EQ(333U, km0_sw.length());

2767

2768

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2769

memcpy(key_data, km0_sw.data(), km0_sw.length());

2770

set_key_blob(key_data, km0_sw.length());

2771

2772

EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());

2773

EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2774

EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));

2775

EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2776

EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2777

EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));

2778

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));

2779

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));

2780

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));

2781

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));

2782

2783

EXPECT_EQ(0, GetParam()->keymaster0_calls());

2784

}

2785

2786

TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {

2787

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2788

string km0_sw = read_file("km0_sw_rsa_512.blob");

2789

EXPECT_EQ(333U, km0_sw.length());

2790

2791

// The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not

2792

// be recognized as a software key. Do the same here to pretend this is a hardware key.

2793

EXPECT_EQ('P', km0_sw[0]);

2794

km0_sw[0] = 'Q';

2795

2796

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2797

memcpy(key_data, km0_sw.data(), km0_sw.length());

2798

set_key_blob(key_data, km0_sw.length());

2799

2800

string message(64, 'a');

2801

string signature;

2802

SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);

2803

VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);

2804

2805

EXPECT_EQ(5, GetParam()->keymaster0_calls());

2806

}

2807

2808

TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {

2809

// Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.

2810

string km0_sw = read_file("km0_sw_rsa_512.blob");

2811

EXPECT_EQ(333U, km0_sw.length());

2812

2813

// The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not

2814

// be recognized as a software key. Do the same here to pretend this is a hardware key.

2815

EXPECT_EQ('P', km0_sw[0]);

2816

km0_sw[0] = 'Q';

2817

2818

uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));

2819

memcpy(key_data, km0_sw.data(), km0_sw.length());

2820

set_key_blob(key_data, km0_sw.length());

2821

2822

EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());

2823

EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2824

EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));

2825

EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2826

EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2827

EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));

2828

EXPECT_EQ(5U, hw_enforced().size());

2829

2830

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));

2831

EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));

2832

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));

2833

EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));

2834

2835

EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));

2836

EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));

2837

EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));

2838

EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));

2839

EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));

2840

2841

EXPECT_EQ(1, GetParam()->keymaster0_calls());

2842

}

2843

Shawn Willden