Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / d599b15c0693950bdc72fb867872044fdc484ef5 / . / android_keymaster_test.cpp
blob: f0ae2f1c3beca7f6da76a3b8abb973e05f7af731 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]21#include <openssl/evp.h>
22#include <openssl/x509.h>
23
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]24#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]25#include <keymaster/key_factory.h>
26#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]27#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]28#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]29
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]30#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]31#include "keymaster0_engine.h"
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]32#include "openssl_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]33
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]34using std::ifstream;
35using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]36using std::string;
37using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]38using std::unique_ptr;
39
40extern "C" {
41int __android_log_print(int prio, const char* tag, const char* fmt);
42int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]43 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]44 return 0;
45}
46} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]47
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]48namespace keymaster {
49namespace test {
50
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]51StdoutLogger logger;
52
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]53template <typename T> vector<T> make_vector(const T* array, size_t len) {
54 return vector<T>(array, array + len);
55}
56
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]57/**
58 * KeymasterEnforcement class for use in testing. It's permissive in the sense that it doesn't
59 * check cryptoperiods, but restrictive in the sense that the clock never advances (so rate-limited
60 * keys will only work once).
61 */
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]62class TestKeymasterEnforcement : public KeymasterEnforcement {
63 public:
64 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
65
66 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
67 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
68 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
69 uint32_t /* timeout */) const {
70 return false;
71 }
72 virtual uint32_t get_current_time() const { return 0; }
73 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
74};
75
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]76/**
77 * Variant of SoftKeymasterContext that provides a TestKeymasterEnforcement.
78 */
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]79class TestKeymasterContext : public SoftKeymasterContext {
80 public:
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]81 TestKeymasterContext() {}
82 TestKeymasterContext(const string& root_of_trust) : SoftKeymasterContext(root_of_trust) {}
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]83
84 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
85
86 private:
87 TestKeymasterEnforcement test_policy_;
88};
89
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]90/**
91 * Test instance creator that builds a pure software keymaster1 implementations.
92 */
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]93class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
94 public:
95 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]96 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]97 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]98 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]99 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]100
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]101 bool algorithm_in_km0_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]102 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]103};
104
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]105/**
106 * Test instance creator that builds keymaster1 instances which wrap a faked hardware keymaster0
107 * instance, with or without EC support.
108 */
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]109class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
110 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]111 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
112
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]113 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]114 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
115 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]116 hw_device_t* softkeymaster_device;
117 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
118 &softkeymaster_device));
119 // Make the software device pretend to be hardware
120 keymaster0_device_t* keymaster0_device =
121 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]122 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
123
124 if (!support_ec_) {
125 // Make the software device pretend not to support EC
126 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
127 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]128
129 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
130
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]131 SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(new TestKeymasterContext);
132 keymaster->SetHardwareDevice(counting_keymaster0_device_);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]133 return keymaster->keymaster_device();
134 }
135
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]136 bool algorithm_in_km0_hardware(keymaster_algorithm_t algorithm) const override {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]137 switch (algorithm) {
138 case KM_ALGORITHM_RSA:
139 return true;
140 case KM_ALGORITHM_EC:
141 return support_ec_;
142 default:
143 return false;
144 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]145 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]146 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
147
148 private:
149 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]150 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]151};
152
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]153/**
154 * Test instance creator that builds a SoftKeymasterDevice which wraps a fake hardware keymaster1
155 * instance, with minimal digest support.
156 */
157class Sha256OnlyKeymaster1TestInstanceCreator : public Keymaster1TestInstanceCreator {
158 keymaster1_device_t* CreateDevice() const {
159 std::cerr << "Creating keymaster1-backed device that supports only SHA256";
160
161 // fake_device doesn't leak because device (below) takes ownership of it.
162 keymaster1_device_t* fake_device = make_device_sha256_only(
163 (new SoftKeymasterDevice(new TestKeymasterContext("PseudoHW")))->keymaster_device());
164
165 // device doesn't leak; it's cleaned up by device->keymaster_device()->common.close().
166 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
167 device->SetHardwareDevice(fake_device);
168
169 return device->keymaster_device();
170 }
171
172 bool algorithm_in_km0_hardware(keymaster_algorithm_t) const override { return false; }
173 int keymaster0_calls() const override { return 0; }
174 int minimal_digest_set() const override { return true; }
175};
176
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]177static auto test_params = testing::Values(
178 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
179 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]180 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)),
181 InstanceCreatorPtr(new Sha256OnlyKeymaster1TestInstanceCreator));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]182
183typedef Keymaster1Test CheckSupported;
184INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
185
186TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]187 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
188 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]189
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]190 size_t len;
191 keymaster_algorithm_t* algorithms;
192 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]193 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]194 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]195 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]196
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]197 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]198}
199
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]200TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]201 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
202 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
203 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]204
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]205 size_t len;
206 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]207 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]208 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]209 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]210 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]211
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]212 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]213 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]214 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]215
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]216 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]217 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]218 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]219 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]220
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]221 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]222}
223
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]224TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]225 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
226 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
227 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]228
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]229 size_t len;
230 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]231 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]232 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]233 EXPECT_TRUE(
234 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]235 free(modes);
236
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]237 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]238 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]239 EXPECT_TRUE(
240 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]241 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]243 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]244 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]245 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]246 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]247
248 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
249 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
250 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]251
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]252 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]253}
254
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]255TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]256 EXPECT_EQ(
257 KM_ERROR_OUTPUT_PARAMETER_NULL,
258 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]259
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]260 size_t len;
261 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]262 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]263 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]264 if (GetParam()->minimal_digest_set()) {
265 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));
266 } else {
267 EXPECT_TRUE(
268 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
269 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
270 digests, len));
271 }
272 free(digests);
273
274 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
275 KM_PURPOSE_ENCRYPT, &digests, &len));
276 if (GetParam()->minimal_digest_set()) {
277 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));
278 } else {
279 EXPECT_TRUE(
280 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
281 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
282 digests, len));
283 }
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]284 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]285
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]286 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]287 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]288 if (GetParam()->minimal_digest_set()) {
289 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));
290 } else {
291 EXPECT_TRUE(
292 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
293 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
294 digests, len));
295 }
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]296 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]297
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]298 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
299 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
300 &len));
301
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]302 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]303 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]304 if (GetParam()->minimal_digest_set()) {
305 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_256}, digests, len));
306 } else {
307 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
308 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
309 digests, len));
310 }
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]311 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]312
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]313 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]314}
315
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]316TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]317 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
318 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]319
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]320 size_t len;
321 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]322 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]323 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]324 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]325 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]326
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]327 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]328 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
329 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
330 free(formats);
331
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]332 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]333 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
334 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
335 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]336
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]337 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]338}
339
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]340TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]341 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
342 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]343
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]344 size_t len;
345 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]346 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]347 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]348 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]349 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]350
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]351 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]352 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]353 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]354 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]355
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]356 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]357 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]358 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]359 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]360
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]361 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]362 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]363 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]364 free(formats);
365
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]366 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]367 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]368 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]369 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]370
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]371 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]372}
373
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]374class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]375 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]376 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]377 AuthorizationSet auths = sw_enforced();
378 EXPECT_GT(auths.SerializedSize(), 12U);
379
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]380 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
381 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
382 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]383 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]384 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]385
386 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]387 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
388 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
389 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]390
391 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]392 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
393 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
394 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]395
396 // Now check that unspecified, defaulted tags are correct.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]397 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]398 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]399};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]400INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
401
402TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]403 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
404 .RsaSigningKey(256, 3)
405 .Digest(KM_DIGEST_NONE)
406 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]407 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]408
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]409 // Check specified tags are all present, and in the right set.
410 AuthorizationSet crypto_params;
411 AuthorizationSet non_crypto_params;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]412 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]413 EXPECT_NE(0U, hw_enforced().size());
414 EXPECT_NE(0U, sw_enforced().size());
415 crypto_params.push_back(hw_enforced());
416 non_crypto_params.push_back(sw_enforced());
417 } else {
418 EXPECT_EQ(0U, hw_enforced().size());
419 EXPECT_NE(0U, sw_enforced().size());
420 crypto_params.push_back(sw_enforced());
421 }
422
423 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
424 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
425 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
426 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
427 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
428 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
429
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]430 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]431 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]432}
433
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]434TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]435 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
436 GenerateKey(AuthorizationSetBuilder()
437 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
438 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
439 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]440
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]441 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]442}
443
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]444TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]445 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]446 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]447 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]448
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]449 // Check specified tags are all present, and in the right set.
450 AuthorizationSet crypto_params;
451 AuthorizationSet non_crypto_params;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]452 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]453 EXPECT_NE(0U, hw_enforced().size());
454 EXPECT_NE(0U, sw_enforced().size());
455 crypto_params.push_back(hw_enforced());
456 non_crypto_params.push_back(sw_enforced());
457 } else {
458 EXPECT_EQ(0U, hw_enforced().size());
459 EXPECT_NE(0U, sw_enforced().size());
460 crypto_params.push_back(sw_enforced());
461 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]462
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]463 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
464 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
465 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
466 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
467
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]468 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]469 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]470}
471
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]472TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]473 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
474 GenerateKey(AuthorizationSetBuilder()
475 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
476 .SigningKey()
477 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]478
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]479 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]480}
481
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]482TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]483 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]484 ASSERT_EQ(
485 KM_ERROR_UNKNOWN_ERROR,
486 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
487 else
488 ASSERT_EQ(
489 KM_ERROR_UNSUPPORTED_KEY_SIZE,
490 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]491
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]492 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]493 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]494}
495
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]496TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]497 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]498 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]499 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
500 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]501 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]502 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]503
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]504 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]505 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]506}
507
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]508TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]509 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
510 .HmacKey(128)
511 .Digest(KM_DIGEST_SHA_2_256)
512 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
513
514 EXPECT_EQ(0, GetParam()->keymaster0_calls());
515}
516
517TEST_P(NewKeyGeneration, HmacMultipleDigests) {
518 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
519 GenerateKey(AuthorizationSetBuilder()
520 .HmacKey(128)
521 .Digest(KM_DIGEST_SHA1)
522 .Digest(KM_DIGEST_SHA_2_256)
523 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
524
525 EXPECT_EQ(0, GetParam()->keymaster0_calls());
526}
527
528TEST_P(NewKeyGeneration, HmacDigestNone) {
529 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST,
530 GenerateKey(AuthorizationSetBuilder()
531 .HmacKey(128)
532 .Digest(KM_DIGEST_NONE)
533 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
534
535 EXPECT_EQ(0, GetParam()->keymaster0_calls());
536}
537
538TEST_P(NewKeyGeneration, HmacSha256TooShortMacLength) {
539 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
540 GenerateKey(AuthorizationSetBuilder()
541 .HmacKey(128)
542 .Digest(KM_DIGEST_SHA_2_256)
543 .Authorization(TAG_MIN_MAC_LENGTH, 48)));
544
545 EXPECT_EQ(0, GetParam()->keymaster0_calls());
546}
547
548TEST_P(NewKeyGeneration, HmacSha256NonIntegralOctetMacLength) {
549 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
550 GenerateKey(AuthorizationSetBuilder()
551 .HmacKey(128)
552 .Digest(KM_DIGEST_SHA_2_256)
553 .Authorization(TAG_MIN_MAC_LENGTH, 130)));
554
555 EXPECT_EQ(0, GetParam()->keymaster0_calls());
556}
557
558TEST_P(NewKeyGeneration, HmacSha256TooLongMacLength) {
559 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH,
560 GenerateKey(AuthorizationSetBuilder()
561 .HmacKey(128)
562 .Digest(KM_DIGEST_SHA_2_256)
563 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]564
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]565 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]566}
567
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]568typedef Keymaster1Test GetKeyCharacteristics;
569INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
570
571TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]572 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
573 .RsaSigningKey(256, 3)
574 .Digest(KM_DIGEST_NONE)
575 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]576 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]577
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]578 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
579 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]580
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]581 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]582 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]583}
584
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]585typedef Keymaster1Test SigningOperationsTest;
586INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
587
588TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]589 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
590 .RsaSigningKey(256, 3)
591 .Digest(KM_DIGEST_NONE)
592 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]593 string message = "12345678901234567890123456789012";
594 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]595 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]596
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]597 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]598 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]599}
600
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]601TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]602 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
603 .RsaSigningKey(512, 3)
604 .Digest(KM_DIGEST_SHA_2_256)
605 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]606 // Use large message, which won't work without digesting.
607 string message(1024, 'a');
608 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]609 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]610
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]611 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]612 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]613}
614
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]615TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]616 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
617 .RsaSigningKey(512, 3)
618 .Digest(KM_DIGEST_NONE)
619 .Padding(KM_PAD_NONE)));
620 string message = "12345678901234567890123456789012";
621 string signature;
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]622
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]623 AuthorizationSet begin_params(client_params());
624 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
625 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
626 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]627
628 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
629 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]630}
631
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]632TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]633 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
634 .RsaSigningKey(512, 3)
635 .Digest(KM_DIGEST_SHA_2_256)
636 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]637 string message(1024, 'a');
638 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]639 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]640
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]641 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]642 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]643}
644
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]645TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
646 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
647 .RsaSigningKey(512, 3)
648 .Digest(KM_DIGEST_NONE)
649 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
650 string message(53, 'a');
651 string signature;
652 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
653
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]654 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]655 EXPECT_EQ(3, GetParam()->keymaster0_calls());
656}
657
658TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
659 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
660 .RsaSigningKey(512, 3)
661 .Digest(KM_DIGEST_NONE)
662 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
663 string message(54, 'a');
664
665 AuthorizationSet begin_params(client_params());
666 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
667 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
668 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
669 string result;
670 size_t input_consumed;
671 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
672 string signature;
673 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
674
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]675 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]676 EXPECT_EQ(2, GetParam()->keymaster0_calls());
677}
678
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]679TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]680 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
681 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]682 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
683 .RsaSigningKey(256 + 9 * 8, 3)
684 .Digest(KM_DIGEST_SHA_2_256)
685 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]686 string message(1024, 'a');
687 string signature;
688
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]689 AuthorizationSet begin_params(client_params());
690 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]691 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]692 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]693}
694
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]695TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
696 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
697 .RsaSigningKey(256, 3)
698 .Digest(KM_DIGEST_NONE)
699 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
700 string message(64 * 1024, 'a');
701 string signature;
702 AuthorizationSet begin_params(client_params());
703 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
704 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
705 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
706 string result;
707 size_t input_consumed;
708 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
709
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]710 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]711 EXPECT_EQ(2, GetParam()->keymaster0_calls());
712}
713
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]714TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]715 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
716 .RsaSigningKey(256, 3)
717 .Digest(KM_DIGEST_NONE)
718 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]719 AuthorizationSet begin_params(client_params());
720 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]721 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]722 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]723 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
724 // Another abort should fail
725 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]726
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]727 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]728 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]729}
730
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]731TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]732 GenerateKey(AuthorizationSetBuilder()
733 .RsaSigningKey(256, 3)
734 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
735 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]736 AuthorizationSet begin_params(client_params());
737 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
738 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]739
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]740 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]741 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]742}
743
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]744TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]745 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]746 GenerateKey(AuthorizationSetBuilder()
747 .RsaSigningKey(256, 3)
748 .Digest(KM_DIGEST_NONE)
749 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]750 AuthorizationSet begin_params(client_params());
751 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]752 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]753 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]754
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]755 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]756 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]757}
758
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]759TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]760 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]761 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
762 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]763 AuthorizationSet begin_params(client_params());
764 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
765 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]766
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]767 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]768 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]769}
770
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]771TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]772 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
773 .RsaSigningKey(256, 3)
774 .Digest(KM_DIGEST_NONE)
775 .Padding(KM_PAD_NONE)));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]776 string message = "1234567890123456789012345678901";
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]777 string signature;
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]778 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]779
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]780 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]781 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]782}
783
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]784TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]785 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
786 .RsaEncryptionKey(256, 3)
787 .Digest(KM_DIGEST_NONE)
788 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]789 AuthorizationSet begin_params(client_params());
790 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
791 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
792 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]793
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]794 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]795 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]796}
797
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]798TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]799 ASSERT_EQ(KM_ERROR_OK,
800 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]801 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]802 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]803 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]804
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]805 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]806 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]807}
808
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]809TEST_P(SigningOperationsTest, EcdsaSha256Success) {
810 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
811 KM_DIGEST_SHA_2_256)));
812 string message(1024, 'a');
813 string signature;
814 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
815
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]816 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
817 EXPECT_EQ(3, GetParam()->keymaster0_calls());
818}
819
820TEST_P(SigningOperationsTest, EcdsaSha384Success) {
821 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
822 KM_DIGEST_SHA_2_384)));
823 string message(1024, 'a');
824 string signature;
825 SignMessage(message, &signature, KM_DIGEST_SHA_2_384);
826
827 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]828 EXPECT_EQ(3, GetParam()->keymaster0_calls());
829}
830
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]831TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
832 ASSERT_EQ(KM_ERROR_OK,
833 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
834 string message(64 * 1024, 'a');
835 string signature;
836 AuthorizationSet begin_params(client_params());
837 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
838 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
839 string result;
840 size_t input_consumed;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]841 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]842
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]843 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]844 EXPECT_EQ(2, GetParam()->keymaster0_calls());
845}
846
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]847TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) {
848 size_t len;
849 keymaster_digest_t* digest_arr;
850 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
851 KM_PURPOSE_SIGN, &digest_arr, &len));
852 vector<int> key_sizes = {224, 256, 384, 521};
853 vector<keymaster_digest_t> digests = make_vector(digest_arr, len);
854 free(digest_arr);
855
856 for (int key_size : key_sizes) {
857 for (keymaster_digest_t digest : digests) {
858 ASSERT_EQ(
859 KM_ERROR_OK,
860 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest)));
861
862 string message(1024, 'a');
863 string signature;
864 if (digest == KM_DIGEST_NONE)
865 message.resize(key_size / 8);
866 SignMessage(message, &signature, digest);
867 }
868 }
869
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]870 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden0d061c82015-07-08 17:12:16 -0600[diff] [blame]871 EXPECT_EQ(digests.size() * key_sizes.size() * 3,
872 static_cast<size_t>(GetParam()->keymaster0_calls()));
873}
874
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]875TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]876 ASSERT_EQ(KM_ERROR_OK,
877 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
878 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]879 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
880 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]881
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]882 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]883}
884
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]885TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]886 if (GetParam()->minimal_digest_set())
887 // Can't emulate other digests for HMAC.
888 return;
889
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]890 GenerateKey(AuthorizationSetBuilder()
891 .HmacKey(128)
892 .Digest(KM_DIGEST_SHA1)
893 .Authorization(TAG_MIN_MAC_LENGTH, 160));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]894 string message = "12345678901234567890123456789012";
895 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]896 MacMessage(message, &signature, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]897 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]898
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]899 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]900}
901
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]902TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]903 if (GetParam()->minimal_digest_set())
904 // Can't emulate other digests for HMAC.
905 return;
906
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]907 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
908 .HmacKey(128)
909 .Digest(KM_DIGEST_SHA_2_224)
910 .Authorization(TAG_MIN_MAC_LENGTH, 160)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]911 string message = "12345678901234567890123456789012";
912 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]913 MacMessage(message, &signature, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]914 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]915
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]916 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]917}
918
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]919TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]920 if (GetParam()->minimal_digest_set())
921 // Can't emulate other digests for HMAC.
922 return;
923
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]924 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
925 .HmacKey(128)
926 .Digest(KM_DIGEST_SHA_2_256)
927 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]928 string message = "12345678901234567890123456789012";
929 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]930 MacMessage(message, &signature, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]931 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]932
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]933 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]934}
935
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]936TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]937 if (GetParam()->minimal_digest_set())
938 // Can't emulate other digests for HMAC.
939 return;
940
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]941 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
942 .HmacKey(128)
943 .Digest(KM_DIGEST_SHA_2_384)
944 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]945
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]946 string message = "12345678901234567890123456789012";
947 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]948 MacMessage(message, &signature, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]949 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]950
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]951 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]952}
953
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]954TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]955 if (GetParam()->minimal_digest_set())
956 // Can't emulate other digests for HMAC.
957 return;
958
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]959 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
960 .HmacKey(128)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]961 .Digest(KM_DIGEST_SHA_2_512)
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]962 .Authorization(TAG_MIN_MAC_LENGTH, 384)));
963 string message = "12345678901234567890123456789012";
964 string signature;
965 MacMessage(message, &signature, 512);
966 ASSERT_EQ(64U, signature.size());
967
968 EXPECT_EQ(0, GetParam()->keymaster0_calls());
969}
970
971TEST_P(SigningOperationsTest, HmacLengthInKey) {
972 // TODO(swillden): unified API should generate an error on key generation.
973 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
974 .HmacKey(128)
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]975 .Digest(KM_DIGEST_SHA_2_256)
976 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]977 string message = "12345678901234567890123456789012";
978 string signature;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]979 MacMessage(message, &signature, 160);
980 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]981
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]982 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]983}
984
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]985TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]986 uint8_t key_data[] = {
987 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
988 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
989 };
990 string message = "Hi There";
991 uint8_t sha_224_expected[] = {
992 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
993 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
994 };
995 uint8_t sha_256_expected[] = {
996 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
997 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
998 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
999 };
1000 uint8_t sha_384_expected[] = {
1001 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
1002 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
1003 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
1004 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
1005 };
1006 uint8_t sha_512_expected[] = {
1007 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
1008 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
1009 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
1010 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
1011 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
1012 };
1013
1014 string key = make_string(key_data);
1015
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1016 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1017 if (!GetParam()->minimal_digest_set()) {
1018 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1019 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1020 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
1021 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1022
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1023 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1024}
1025
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1026TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1027 string key = "Jefe";
1028 string message = "what do ya want for nothing?";
1029 uint8_t sha_224_expected[] = {
1030 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
1031 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
1032 };
1033 uint8_t sha_256_expected[] = {
1034 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
1035 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
1036 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
1037 };
1038 uint8_t sha_384_expected[] = {
1039 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
1040 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
1041 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
1042 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
1043 };
1044 uint8_t sha_512_expected[] = {
1045 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
1046 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
1047 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
1048 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
1049 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
1050 };
1051
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1052 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1053 if (!GetParam()->minimal_digest_set()) {
1054 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1055 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1056 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1057 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
1058 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1059
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1060 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1061}
1062
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1063TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1064 string key(20, 0xaa);
1065 string message(50, 0xdd);
1066 uint8_t sha_224_expected[] = {
1067 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
1068 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
1069 };
1070 uint8_t sha_256_expected[] = {
1071 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
1072 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
1073 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
1074 };
1075 uint8_t sha_384_expected[] = {
1076 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
1077 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
1078 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
1079 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
1080 };
1081 uint8_t sha_512_expected[] = {
1082 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
1083 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
1084 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
1085 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
1086 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
1087 };
1088
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1089 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1090 if (!GetParam()->minimal_digest_set()) {
1091 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1092 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1093 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1094 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
1095 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1096
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1097 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1098}
1099
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1100TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1101 uint8_t key_data[25] = {
1102 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
1103 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
1104 };
1105 string key = make_string(key_data);
1106 string message(50, 0xcd);
1107 uint8_t sha_224_expected[] = {
1108 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
1109 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
1110 };
1111 uint8_t sha_256_expected[] = {
1112 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
1113 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
1114 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
1115 };
1116 uint8_t sha_384_expected[] = {
1117 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
1118 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
1119 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
1120 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
1121 };
1122 uint8_t sha_512_expected[] = {
1123 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
1124 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
1125 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
1126 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
1127 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
1128 };
1129
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1130 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1131 if (!GetParam()->minimal_digest_set()) {
1132 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1133 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1134 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1135 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
1136 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1137
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1138 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1139}
1140
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1141TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1142 string key(20, 0x0c);
1143 string message = "Test With Truncation";
1144
1145 uint8_t sha_224_expected[] = {
1146 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
1147 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
1148 };
1149 uint8_t sha_256_expected[] = {
1150 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
1151 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
1152 };
1153 uint8_t sha_384_expected[] = {
1154 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
1155 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
1156 };
1157 uint8_t sha_512_expected[] = {
1158 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
1159 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
1160 };
1161
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1162 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1163 if (!GetParam()->minimal_digest_set()) {
1164 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1165 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1166 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
1167 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1168
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1169 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1170}
1171
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1172TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1173 string key(131, 0xaa);
1174 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1175
1176 uint8_t sha_224_expected[] = {
1177 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1178 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1179 };
1180 uint8_t sha_256_expected[] = {
1181 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1182 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1183 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1184 };
1185 uint8_t sha_384_expected[] = {
1186 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1187 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1188 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1189 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1190 };
1191 uint8_t sha_512_expected[] = {
1192 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1193 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1194 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1195 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1196 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1197 };
1198
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1199 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1200 if (!GetParam()->minimal_digest_set()) {
1201 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1202 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1203 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
1204 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1205
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1206 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1207}
1208
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1209TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1210 string key(131, 0xaa);
1211 string message = "This is a test using a larger than block-size key and a larger than "
1212 "block-size data. The key needs to be hashed before being used by the HMAC "
1213 "algorithm.";
1214
1215 uint8_t sha_224_expected[] = {
1216 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1217 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1218 };
1219 uint8_t sha_256_expected[] = {
1220 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1221 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1222 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1223 };
1224 uint8_t sha_384_expected[] = {
1225 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1226 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1227 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1228 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1229 };
1230 uint8_t sha_512_expected[] = {
1231 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1232 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1233 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1234 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1235 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1236 };
1237
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1238 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1239 if (!GetParam()->minimal_digest_set()) {
1240 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1241 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1242 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
1243 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1244
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1245 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1246}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1247
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1248TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1249 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1250 .HmacKey(128)
1251 .Digest(KM_DIGEST_SHA_2_256)
1252 .Authorization(TAG_MIN_MAC_LENGTH, 256)));
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1253 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1254 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1255 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1256 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1257 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1258
1259 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1260}
1261
1262TEST_P(SigningOperationsTest, HmacSha256TooSmallMacLength) {
1263 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1264 .HmacKey(128)
1265 .Digest(KM_DIGEST_SHA_2_256)
1266 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
1267 AuthorizationSet begin_params(client_params());
1268 begin_params.push_back(TAG_MAC_LENGTH, 120);
1269 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
1270 ASSERT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
1271 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1272
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1273 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1274}
1275
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1276// TODO(swillden): Add more verification failure tests.
1277
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1278typedef Keymaster1Test VerificationOperationsTest;
1279INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1280
1281TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1282 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1283 .RsaSigningKey(256, 3)
1284 .Digest(KM_DIGEST_NONE)
1285 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1286 string message = "12345678901234567890123456789012";
1287 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1288 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1289 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1290
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1291 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1292 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1293}
1294
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1295TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1296 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1297 .RsaSigningKey(512, 3)
1298 .Digest(KM_DIGEST_SHA_2_256)
1299 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1300 // Use large message, which won't work without digesting.
1301 string message(1024, 'a');
1302 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1303 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1304 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1305
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1306 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1307 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1308}
1309
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1310TEST_P(VerificationOperationsTest, RsaPssSha224Success) {
1311 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1312 .RsaSigningKey(512, 3)
1313 .Digest(KM_DIGEST_SHA_2_224)
1314 .Padding(KM_PAD_RSA_PSS)));
1315 // Use large message, which won't work without digesting.
1316 string message(1024, 'a');
1317 string signature;
1318 SignMessage(message, &signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PSS);
1319 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PSS);
1320
1321 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
1322 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1323
1324 // Verify with OpenSSL.
1325 string pubkey;
1326 EXPECT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &pubkey));
1327
1328 const uint8_t* p = reinterpret_cast<const uint8_t*>(pubkey.data());
1329 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
1330 d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size()));
1331 ASSERT_TRUE(pkey.get());
1332
1333 EVP_MD_CTX digest_ctx;
1334 EVP_MD_CTX_init(&digest_ctx);
1335 EVP_PKEY_CTX* pkey_ctx;
1336 EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, EVP_sha224(), nullptr /* engine */,
1337 pkey.get()));
1338 EXPECT_EQ(1, EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING));
1339 EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size()));
1340 EXPECT_EQ(1,
1341 EVP_DigestVerifyFinal(&digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()),
1342 signature.size()));
1343 EVP_MD_CTX_cleanup(&digest_ctx);
1344}
1345
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1346TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1347 GenerateKey(AuthorizationSetBuilder()
1348 .RsaSigningKey(512, 3)
1349 .Digest(KM_DIGEST_SHA_2_256)
1350 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1351 string message(1024, 'a');
1352 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1353 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1354 ++signature[signature.size() / 2];
1355
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1356 AuthorizationSet begin_params(client_params());
1357 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1358 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1359 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1360
1361 string result;
1362 size_t input_consumed;
1363 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1364 EXPECT_EQ(message.size(), input_consumed);
1365 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1366
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1367 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1368 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1369}
1370
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1371TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1372 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1373 .RsaSigningKey(512, 3)
1374 .Digest(KM_DIGEST_SHA_2_256)
1375 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1376 // Use large message, which won't work without digesting.
1377 string message(1024, 'a');
1378 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1379 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1380 ++message[message.size() / 2];
1381
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1382 AuthorizationSet begin_params(client_params());
1383 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1384 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1385 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1386
1387 string result;
1388 size_t input_consumed;
1389 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1390 EXPECT_EQ(message.size(), input_consumed);
1391 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1392
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1393 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1394 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1395}
1396
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1397TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1398 GenerateKey(AuthorizationSetBuilder()
1399 .RsaSigningKey(512, 3)
1400 .Digest(KM_DIGEST_SHA_2_256)
1401 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1402 string message(1024, 'a');
1403 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1404 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1405 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1406
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1407 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1408 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1409}
1410
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1411TEST_P(VerificationOperationsTest, RsaPks1Sha224Success) {
1412 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1413 .RsaSigningKey(512, 3)
1414 .Digest(KM_DIGEST_SHA_2_224)
1415 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
1416 // Use large message, which won't work without digesting.
1417 string message(1024, 'a');
1418 string signature;
1419 SignMessage(message, &signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PKCS1_1_5_SIGN);
1420 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PKCS1_1_5_SIGN);
1421
1422 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
1423 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1424
1425 // Verify with OpenSSL.
1426 string pubkey;
1427 EXPECT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &pubkey));
1428
1429 const uint8_t* p = reinterpret_cast<const uint8_t*>(pubkey.data());
1430 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
1431 d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size()));
1432 ASSERT_TRUE(pkey.get());
1433
1434 EVP_MD_CTX digest_ctx;
1435 EVP_MD_CTX_init(&digest_ctx);
1436 EVP_PKEY_CTX* pkey_ctx;
1437 EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, EVP_sha224(), nullptr /* engine */,
1438 pkey.get()));
1439 EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size()));
1440 EXPECT_EQ(1,
1441 EVP_DigestVerifyFinal(&digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()),
1442 signature.size()));
1443 EVP_MD_CTX_cleanup(&digest_ctx);
1444}
1445
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1446TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1447 GenerateKey(AuthorizationSetBuilder()
1448 .RsaSigningKey(512, 3)
1449 .Digest(KM_DIGEST_SHA_2_256)
1450 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1451 string message(1024, 'a');
1452 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1453 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1454 ++signature[signature.size() / 2];
1455
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1456 AuthorizationSet begin_params(client_params());
1457 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1458 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1459 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1460
1461 string result;
1462 size_t input_consumed;
1463 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1464 EXPECT_EQ(message.size(), input_consumed);
1465 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1466
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1467 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1468 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1469}
1470
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1471TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1472 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1473 .RsaSigningKey(512, 3)
1474 .Digest(KM_DIGEST_SHA_2_256)
1475 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1476 // Use large message, which won't work without digesting.
1477 string message(1024, 'a');
1478 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1479 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1480 ++message[message.size() / 2];
1481
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1482 AuthorizationSet begin_params(client_params());
1483 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1484 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1485 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1486
1487 string result;
1488 size_t input_consumed;
1489 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1490 EXPECT_EQ(message.size(), input_consumed);
1491 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1492
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1493 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1494 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1495}
1496
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1497TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1498 vector<keymaster_digest_t> digests = {
1499 KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
1500 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512,
1501 };
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1502
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1503 vector<keymaster_padding_t> padding_modes{
1504 KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS,
1505 };
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1506
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1507 int trial_count = 0;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1508 for (keymaster_padding_t padding_mode : padding_modes) {
1509 for (keymaster_digest_t digest : digests) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1510 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1511 // Digesting requires padding
1512 continue;
1513
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1514 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1515 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1516 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1517
1518 if (digest == KM_DIGEST_NONE) {
1519 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1520 switch (padding_mode) {
1521 case KM_PAD_NONE:
1522 // Match key size.
1523 message_len = key_bits / 8;
1524 break;
1525 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1526 message_len = key_bits / 8 - 11;
1527 break;
1528 case KM_PAD_RSA_PSS:
1529 // PSS requires a digest.
1530 continue;
1531 default:
1532 FAIL() << "Missing padding";
1533 break;
1534 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1535 } else {
1536 size_t digest_bits;
1537 switch (digest) {
1538 case KM_DIGEST_MD5:
1539 digest_bits = 128;
1540 break;
1541 case KM_DIGEST_SHA1:
1542 digest_bits = 160;
1543 break;
1544 case KM_DIGEST_SHA_2_224:
1545 digest_bits = 224;
1546 break;
1547 case KM_DIGEST_SHA_2_256:
1548 digest_bits = 256;
1549 break;
1550 case KM_DIGEST_SHA_2_384:
1551 digest_bits = 384;
1552 break;
1553 case KM_DIGEST_SHA_2_512:
1554 digest_bits = 512;
1555 break;
1556 default:
1557 FAIL() << "Missing digest";
1558 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1559
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1560 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1561 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1562 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1563 break;
1564 case KM_PAD_RSA_PSS:
Shawn Willden53488c62015-07-16 18:15:45 -0600[diff] [blame]1565 key_bits = digest_bits + 22 * 8;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1566 break;
1567 default:
1568 FAIL() << "Missing padding";
1569 break;
1570 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1571 }
1572
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1573 GenerateKey(AuthorizationSetBuilder()
1574 .RsaSigningKey(key_bits, 3)
1575 .Digest(digest)
1576 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1577 string message(message_len, 'a');
1578 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1579 SignMessage(message, &signature, digest, padding_mode);
1580 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1581 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1582 }
1583 }
1584
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1585 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1586 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1587}
1588
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1589TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1590 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1591 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1592 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1593 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1594 SignMessage(message, &signature, KM_DIGEST_NONE);
1595 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1596
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1597 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1598 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1599}
1600
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1601TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1602 ASSERT_EQ(KM_ERROR_OK,
1603 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1604 string message = "12345678901234567890";
1605 string signature;
1606 SignMessage(message, &signature, KM_DIGEST_NONE);
1607 VerifyMessage(message, signature, KM_DIGEST_NONE);
1608
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1609 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1610 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1611}
1612
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1613TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1614 ASSERT_EQ(KM_ERROR_OK,
1615 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1616
1617 string message(66, 'a');
1618 string signature;
1619 SignMessage(message, &signature, KM_DIGEST_NONE);
1620 VerifyMessage(message, signature, KM_DIGEST_NONE);
1621
1622 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1623 message[65] ^= 7;
1624 VerifyMessage(message, signature, KM_DIGEST_NONE);
1625
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1626 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1627 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1628}
1629
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1630TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1631 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1632 .EcdsaSigningKey(256)
1633 .Digest(KM_DIGEST_SHA_2_256)
1634 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1635 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1636 string signature;
1637 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1638 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1639
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1640 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1641 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1642
1643 // Just for giggles, try verifying with the wrong digest.
1644 AuthorizationSet begin_params(client_params());
1645 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1646 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1647
1648 string result;
1649 size_t input_consumed;
1650 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1651 EXPECT_EQ(message.size(), input_consumed);
1652 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1653}
1654
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1655TEST_P(VerificationOperationsTest, EcdsaSha224Success) {
1656 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(
1657 KM_DIGEST_SHA_2_224)));
1658
1659 string message = "12345678901234567890123456789012";
1660 string signature;
1661 SignMessage(message, &signature, KM_DIGEST_SHA_2_224);
1662 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
1663
1664 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
1665 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1666
1667 // Just for giggles, try verifying with the wrong digest.
1668 AuthorizationSet begin_params(client_params());
1669 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1670 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1671
1672 string result;
1673 size_t input_consumed;
1674 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1675 EXPECT_EQ(message.size(), input_consumed);
1676 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1677}
1678
1679TEST_P(VerificationOperationsTest, EcdsaAllDigestsAndKeySizes) {
1680 keymaster_digest_t digests[] = {
1681 KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256,
1682 KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512,
1683 };
1684 size_t key_sizes[] = {224, 256, 384, 521};
1685
1686 string message = "1234567890";
1687 string signature;
1688
1689 for (auto key_size : key_sizes) {
1690 AuthorizationSetBuilder builder;
1691 builder.EcdsaSigningKey(key_size);
1692 for (auto digest : digests)
1693 builder.Digest(digest);
1694 ASSERT_EQ(KM_ERROR_OK, GenerateKey(builder));
1695
1696 for (auto digest : digests) {
1697 SignMessage(message, &signature, digest);
1698 VerifyMessage(message, signature, digest);
1699 }
1700 }
1701
1702 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
1703 EXPECT_EQ(static_cast<int>(array_length(key_sizes) * (1 + 3 * array_length(digests))),
1704 GetParam()->keymaster0_calls());
1705}
1706
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1707TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1708 if (GetParam()->minimal_digest_set())
1709 // Can't emulate missing digests for HMAC.
1710 return;
1711
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1712 GenerateKey(AuthorizationSetBuilder()
1713 .HmacKey(128)
1714 .Digest(KM_DIGEST_SHA1)
1715 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1716 string message = "123456789012345678901234567890123456789012345678";
1717 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1718 MacMessage(message, &signature, 160);
1719 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1720
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1721 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1722}
1723
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1724TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1725 if (GetParam()->minimal_digest_set())
1726 // Can't emulate missing digests for HMAC.
1727 return;
1728
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1729 GenerateKey(AuthorizationSetBuilder()
1730 .HmacKey(128)
1731 .Digest(KM_DIGEST_SHA_2_224)
1732 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1733 string message = "123456789012345678901234567890123456789012345678";
1734 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1735 MacMessage(message, &signature, 224);
1736 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1737
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1738 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1739}
1740
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1741TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1742 GenerateKey(AuthorizationSetBuilder()
1743 .HmacKey(128)
1744 .Digest(KM_DIGEST_SHA_2_256)
1745 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1746 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1747 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1748 MacMessage(message, &signature, 256);
1749 VerifyMac(message, signature);
1750
1751 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1752}
1753
1754TEST_P(VerificationOperationsTest, HmacSha256TooShortMac) {
1755 GenerateKey(AuthorizationSetBuilder()
1756 .HmacKey(128)
1757 .Digest(KM_DIGEST_SHA_2_256)
1758 .Authorization(TAG_MIN_MAC_LENGTH, 128));
1759 string message = "123456789012345678901234567890123456789012345678";
1760 string signature;
1761 MacMessage(message, &signature, 256);
1762
1763 // Shorten to 128 bits, should still work.
1764 signature.resize(128 / 8);
1765 VerifyMac(message, signature);
1766
1767 // Drop one more byte.
1768 signature.resize(signature.length() - 1);
1769
1770 AuthorizationSet begin_params(client_params());
1771 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1772 string result;
1773 size_t input_consumed;
1774 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1775 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1776
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1777 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1778}
1779
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1780TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1781 if (GetParam()->minimal_digest_set())
1782 // Can't emulate missing digests for HMAC.
1783 return;
1784
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1785 GenerateKey(AuthorizationSetBuilder()
1786 .HmacKey(128)
1787 .Digest(KM_DIGEST_SHA_2_384)
1788 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1789 string message = "123456789012345678901234567890123456789012345678";
1790 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1791 MacMessage(message, &signature, 384);
1792 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1793
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1794 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1795}
1796
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1797TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1798 if (GetParam()->minimal_digest_set())
1799 // Can't emulate missing digests for HMAC.
1800 return;
1801
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1802 GenerateKey(AuthorizationSetBuilder()
1803 .HmacKey(128)
1804 .Digest(KM_DIGEST_SHA_2_512)
1805 .Authorization(TAG_MIN_MAC_LENGTH, 128));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1806 string message = "123456789012345678901234567890123456789012345678";
1807 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]1808 MacMessage(message, &signature, 512);
1809 VerifyMac(message, signature);
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame]1810
1811 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1812}
1813
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1814typedef Keymaster1Test ExportKeyTest;
1815INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1816
1817TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1818 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1819 .RsaSigningKey(256, 3)
1820 .Digest(KM_DIGEST_NONE)
1821 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1822 string export_data;
1823 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1824 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1825
1826 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1827
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1828 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1829 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1830}
1831
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1832TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1833 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1834 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1835 string export_data;
1836 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1837 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1838
1839 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1840
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1841 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1842 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1843}
1844
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1845TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1846 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1847 .RsaSigningKey(256, 3)
1848 .Digest(KM_DIGEST_NONE)
1849 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1850 string export_data;
1851 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1852
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1853 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1854 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1855}
1856
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1857TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1858 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1859 .RsaSigningKey(256, 3)
1860 .Digest(KM_DIGEST_NONE)
1861 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1862 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1863 string export_data;
1864 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1865
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1866 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1867 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1868}
1869
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1870TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1871 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1872 string export_data;
1873
1874 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1875 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1876 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1877
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1878 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1879}
1880
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1881static string read_file(const string& file_name) {
1882 ifstream file_stream(file_name, std::ios::binary);
1883 istreambuf_iterator<char> file_begin(file_stream);
1884 istreambuf_iterator<char> file_end;
1885 return string(file_begin, file_end);
1886}
1887
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1888typedef Keymaster1Test ImportKeyTest;
1889INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1890
1891TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1892 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1893 ASSERT_EQ(633U, pk8_key.size());
1894
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1895 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1896 .RsaSigningKey(1024, 65537)
1897 .Digest(KM_DIGEST_NONE)
1898 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1899 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1900
1901 // Check values derived from the key.
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1902 EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1903 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1904 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1905 EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1906 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1907 TAG_KEY_SIZE, 1024));
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1908 EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1909 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1910 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1911
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1912 // And values provided by AndroidKeymaster
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1913 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1914 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1915 else
1916 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1917 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1918
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1919 string message(1024 / 8, 'a');
1920 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1921 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1922 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1923
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1924 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1925 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1926}
1927
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1928TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1929 string pk8_key = read_file("rsa_privkey_pk8.der");
1930 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1931 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1932 ImportKey(AuthorizationSetBuilder()
1933 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1934 .Digest(KM_DIGEST_NONE)
1935 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1936 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1937
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1938 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1939}
1940
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1941TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1942 string pk8_key = read_file("rsa_privkey_pk8.der");
1943 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1944 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1945 ImportKey(AuthorizationSetBuilder()
1946 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1947 .Digest(KM_DIGEST_NONE)
1948 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1949 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1950
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1951 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1952}
1953
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1954TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1955 string pk8_key = read_file("ec_privkey_pk8.der");
1956 ASSERT_EQ(138U, pk8_key.size());
1957
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1958 ASSERT_EQ(KM_ERROR_OK,
1959 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1960 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1961
1962 // Check values derived from the key.
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1963 EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced()
1964 : sw_enforced(),
1965 TAG_ALGORITHM, KM_ALGORITHM_EC));
1966 EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced()
1967 : sw_enforced(),
1968 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1969
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1970 // And values provided by AndroidKeymaster
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1971 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]1972 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
1973 else
1974 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1975 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1976
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1977 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1978 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1979 SignMessage(message, &signature, KM_DIGEST_NONE);
1980 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1981
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1982 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1983 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1984}
1985
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1986TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1987 string pk8_key = read_file("ec_privkey_pk8.der");
1988 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1989
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1990 ASSERT_EQ(KM_ERROR_OK,
1991 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1992 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1993
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1994 // Check values derived from the key.
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]1995 EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced()
1996 : sw_enforced(),
1997 TAG_ALGORITHM, KM_ALGORITHM_EC));
1998 EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced()
1999 : sw_enforced(),
2000 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2001
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]2002 // And values provided by AndroidKeymaster
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2003 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]2004 EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
2005 else
2006 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2007 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
2008
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]2009 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2010 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]2011 SignMessage(message, &signature, KM_DIGEST_NONE);
2012 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2013
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2014 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2015 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2016}
2017
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2018TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2019 string pk8_key = read_file("ec_privkey_pk8.der");
2020 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]2021 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2022 ImportKey(AuthorizationSetBuilder()
2023 .EcdsaSigningKey(224 /* Doesn't match key */)
2024 .Digest(KM_DIGEST_NONE),
2025 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2026
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2027 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]2028}
2029
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2030TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]2031 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2032 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2033 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]2034 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
2035 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2036 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]2037
2038 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
2039 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
2040
2041 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2042 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
2043 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]2044 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2045
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2046 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]2047}
2048
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2049TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]2050 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2051 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2052 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2053 .HmacKey(sizeof(key_data) * 8)
2054 .Digest(KM_DIGEST_SHA_2_256)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2055 .Authorization(TAG_MIN_MAC_LENGTH, 256),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2056 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]2057
2058 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
2059 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
2060
2061 string message = "Hello World!";
2062 string signature;
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2063 MacMessage(message, &signature, 256);
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2064 VerifyMac(message, signature);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2065
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2066 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]2067}
2068
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2069typedef Keymaster1Test EncryptionOperationsTest;
2070INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
2071
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2072TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
2073 ASSERT_EQ(KM_ERROR_OK,
2074 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
2075
2076 string message = "12345678901234567890123456789012";
2077 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
2078 EXPECT_EQ(256U / 8, ciphertext1.size());
2079
2080 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
2081 EXPECT_EQ(256U / 8, ciphertext2.size());
2082
2083 // Unpadded RSA is deterministic
2084 EXPECT_EQ(ciphertext1, ciphertext2);
2085
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2086 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2087 EXPECT_EQ(3, GetParam()->keymaster0_calls());
2088}
2089
2090TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
2091 ASSERT_EQ(KM_ERROR_OK,
2092 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
2093
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]2094 string message = "1";
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2095
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]2096 string ciphertext = EncryptMessage(message, KM_PAD_NONE);
2097 EXPECT_EQ(256U / 8, ciphertext.size());
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2098
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]2099 string expected_plaintext = string(256 / 8 - 1, 0) + message;
2100 string plaintext = DecryptMessage(ciphertext, KM_PAD_NONE);
2101
2102 EXPECT_EQ(expected_plaintext, plaintext);
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2103
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2104 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]2105 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2106}
2107
2108TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
2109 ASSERT_EQ(KM_ERROR_OK,
2110 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
2111
2112 string message = "123456789012345678901234567890123";
2113
2114 AuthorizationSet begin_params(client_params());
2115 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2116 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2117
2118 string result;
2119 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]2120 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2121
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2122 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]2123 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2124}
2125
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]2126TEST_P(EncryptionOperationsTest, RsaNoPaddingLargerThanModulus) {
2127 ASSERT_EQ(KM_ERROR_OK,
2128 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
2129
2130 string exported;
2131 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &exported));
2132
2133 const uint8_t* p = reinterpret_cast<const uint8_t*>(exported.data());
2134 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
2135 d2i_PUBKEY(nullptr /* alloc new */, &p, exported.size()));
2136 unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pkey.get()));
2137
2138 size_t modulus_len = BN_num_bytes(rsa->n);
2139 ASSERT_EQ(256U / 8, modulus_len);
2140 unique_ptr<uint8_t> modulus_buf(new uint8_t[modulus_len]);
2141 BN_bn2bin(rsa->n, modulus_buf.get());
2142
2143 // The modulus is too big to encrypt.
2144 string message(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len);
2145
2146 AuthorizationSet begin_params(client_params());
2147 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2148 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2149
2150 string result;
2151 size_t input_consumed;
2152 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
2153 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&result));
2154
2155 // One smaller than the modulus is okay.
2156 BN_sub(rsa->n, rsa->n, BN_value_one());
2157 modulus_len = BN_num_bytes(rsa->n);
2158 ASSERT_EQ(256U / 8, modulus_len);
2159 BN_bn2bin(rsa->n, modulus_buf.get());
2160 message = string(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len);
2161 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2162 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
2163 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
2164
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2165 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]2166 EXPECT_EQ(4, GetParam()->keymaster0_calls());
2167}
2168
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2169TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2170 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2171 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2172 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2173 .Padding(KM_PAD_RSA_OAEP)
2174 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2175
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2176 string message = "Hello";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2177 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2178 EXPECT_EQ(key_size / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2179
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2180 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2181 EXPECT_EQ(key_size / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2182
2183 // OAEP randomizes padding so every result should be different.
2184 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2185
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2186 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
2187 EXPECT_EQ(3, GetParam()->keymaster0_calls());
2188}
2189
2190TEST_P(EncryptionOperationsTest, RsaOaepSha224Success) {
2191 size_t key_size = 768;
2192 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2193 .RsaEncryptionKey(key_size, 3)
2194 .Padding(KM_PAD_RSA_OAEP)
2195 .Digest(KM_DIGEST_SHA_2_224)));
2196
2197 string message = "Hello";
2198 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP);
2199 EXPECT_EQ(key_size / 8, ciphertext1.size());
2200
2201 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP);
2202 EXPECT_EQ(key_size / 8, ciphertext2.size());
2203
2204 // OAEP randomizes padding so every result should be different.
2205 EXPECT_NE(ciphertext1, ciphertext2);
2206
2207 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2208 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2209}
2210
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2211TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2212 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2213 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2214 .RsaEncryptionKey(key_size, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2215 .Padding(KM_PAD_RSA_OAEP)
2216 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2217 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2218 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2219 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2220
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2221 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2222 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2223
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2224 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
2225 EXPECT_EQ(4, GetParam()->keymaster0_calls());
2226}
2227
2228TEST_P(EncryptionOperationsTest, RsaOaepSha224RoundTrip) {
2229 size_t key_size = 768;
2230 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2231 .RsaEncryptionKey(key_size, 3)
2232 .Padding(KM_PAD_RSA_OAEP)
2233 .Digest(KM_DIGEST_SHA_2_224)));
2234 string message = "Hello World!";
2235 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP);
2236 EXPECT_EQ(key_size / 8, ciphertext.size());
2237
2238 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP);
2239 EXPECT_EQ(message, plaintext);
2240
2241 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2242 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2243}
2244
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2245TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
2246 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2247 .RsaEncryptionKey(512, 3)
2248 .Padding(KM_PAD_RSA_OAEP)
2249 .Digest(KM_DIGEST_NONE)));
2250 string message = "Hello World!";
2251
2252 AuthorizationSet begin_params(client_params());
2253 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2254 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
2255 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2256
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2257 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2258 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2259}
2260
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2261TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2262 if (GetParam()->minimal_digest_set())
2263 // We don't have two supported digests, so we can't try authorizing one and using another.
2264 return;
2265
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2266 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden34f09c52015-07-23 23:17:39 +0000[diff] [blame]2267 .RsaEncryptionKey(512, 3)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2268 .Padding(KM_PAD_RSA_OAEP)
2269 .Digest(KM_DIGEST_SHA_2_256)));
2270 string message = "Hello World!";
2271 // Works because encryption is a public key operation.
2272 EncryptMessage(string(message), KM_DIGEST_SHA1, KM_PAD_RSA_OAEP);
2273
2274 AuthorizationSet begin_params(client_params());
2275 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2276 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
2277 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2278
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2279 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2280 EXPECT_EQ(3, GetParam()->keymaster0_calls());
2281}
2282
2283TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2284 if (GetParam()->minimal_digest_set())
2285 // We don't have two supported digests, so we can't try encrypting with one and decrypting
2286 // with another.
2287 return;
2288
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2289 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2290 .RsaEncryptionKey(768, 3)
2291 .Padding(KM_PAD_RSA_OAEP)
2292 .Digest(KM_DIGEST_SHA_2_256)
2293 .Digest(KM_DIGEST_SHA_2_384)));
2294 string message = "Hello World!";
2295 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
2296
2297 string result;
2298 size_t input_consumed;
2299 AuthorizationSet begin_params(client_params());
2300 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
2301 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
2302 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2303 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
2304 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
2305 EXPECT_EQ(0U, result.size());
2306
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2307 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2308 EXPECT_EQ(4, GetParam()->keymaster0_calls());
2309}
2310
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2311TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2312 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2313 .RsaEncryptionKey(512, 3)
2314 .Padding(KM_PAD_RSA_OAEP)
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2315 .Digest(KM_DIGEST_SHA1)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2316 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2317 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2318 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2319
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2320 AuthorizationSet begin_params(client_params());
2321 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2322 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2323 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2324 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2325 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2326 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2327
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2328 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2329 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2330}
2331
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2332TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2333 size_t key_size = 768;
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2334 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2335 .RsaEncryptionKey(768, 3)
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2336 .Padding(KM_PAD_RSA_OAEP)
2337 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2338 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2339 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2340 EXPECT_EQ(key_size / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2341
2342 // Corrupt the ciphertext
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]2343 ciphertext[key_size / 8 / 2]++;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2344
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2345 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2346 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2347 AuthorizationSet begin_params(client_params());
2348 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2349 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2350 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2351 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2352 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2353 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2354
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2355 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2356 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2357}
2358
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2359TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2360 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2361 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2362 string message = "Hello World!";
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2363 string ciphertext1 = EncryptMessage(message, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2364 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2365
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2366 string ciphertext2 = EncryptMessage(message, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2367 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2368
2369 // PKCS1 v1.5 randomizes padding so every result should be different.
2370 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2371
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2372 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2373 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2374}
2375
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2376TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2377 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2378 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2379 string message = "Hello World!";
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2380 string ciphertext = EncryptMessage(message, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2381 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2382
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2383 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2384 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2385
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2386 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2387 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2388}
2389
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2390TEST_P(EncryptionOperationsTest, RsaRoundTripAllCombinations) {
2391 size_t key_size = 2048;
2392 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2393 .RsaEncryptionKey(key_size, 3)
2394 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
2395 .Padding(KM_PAD_RSA_OAEP)
2396 .Digest(KM_DIGEST_NONE)
2397 .Digest(KM_DIGEST_MD5)
2398 .Digest(KM_DIGEST_SHA1)
2399 .Digest(KM_DIGEST_SHA_2_224)
2400 .Digest(KM_DIGEST_SHA_2_256)
2401 .Digest(KM_DIGEST_SHA_2_384)
2402 .Digest(KM_DIGEST_SHA_2_512)));
2403
2404 string message = "Hello World!";
2405
2406 keymaster_padding_t padding_modes[] = {KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT};
2407 keymaster_digest_t digests[] = {
2408 KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
2409 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512,
2410 };
2411
2412 for (auto padding : padding_modes)
2413 for (auto digest : digests) {
2414 if (padding == KM_PAD_RSA_OAEP && digest == KM_DIGEST_NONE)
2415 // OAEP requires a digest.
2416 continue;
2417
2418 string ciphertext = EncryptMessage(message, digest, padding);
2419 EXPECT_EQ(key_size / 8, ciphertext.size());
2420
2421 string plaintext = DecryptMessage(ciphertext, digest, padding);
2422 EXPECT_EQ(message, plaintext);
2423 }
2424
2425 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
2426 EXPECT_EQ(40, GetParam()->keymaster0_calls());
2427}
2428
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2429TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2430 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2431 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]2432 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2433 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2434 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2435
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2436 AuthorizationSet begin_params(client_params());
2437 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2438 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2439 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2440 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2441 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2442
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2443 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2444 EXPECT_EQ(2, GetParam()->keymaster0_calls());
2445}
2446
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2447TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2448 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2449 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2450 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2451 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2452 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2453
2454 // Corrupt the ciphertext
2455 ciphertext[512 / 8 / 2]++;
2456
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2457 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2458 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2459 AuthorizationSet begin_params(client_params());
2460 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2461 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2462 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2463 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2464 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2465
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2466 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2467 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2468}
2469
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2470TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2471 ASSERT_EQ(KM_ERROR_OK,
2472 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2473
2474 AuthorizationSet begin_params(client_params());
2475 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2476 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2477
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2478 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2479 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2480}
2481
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2482TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2483 ASSERT_EQ(KM_ERROR_OK,
2484 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2485 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2486 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2487
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]2488 if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC))
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2489 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2490}
2491
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2492TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2493 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2494 .HmacKey(128)
2495 .Digest(KM_DIGEST_SHA_2_256)
2496 .Padding(KM_PAD_NONE)
2497 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2498 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2499 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2500
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2501 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2502}
2503
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2504TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2505 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2506 .AesEncryptionKey(128)
2507 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2508 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2509 // Two-block message.
2510 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2511 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2512 EXPECT_EQ(message.size(), ciphertext1.size());
2513
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2514 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2515 EXPECT_EQ(message.size(), ciphertext2.size());
2516
2517 // ECB is deterministic.
2518 EXPECT_EQ(ciphertext1, ciphertext2);
2519
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2520 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2521 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2522
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2523 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2524}
2525
Shawn Willdene23a2c92015-07-06 15:52:45 -0600[diff] [blame]2526TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
2527 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2528 .AesEncryptionKey(128)
2529 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2530 .Padding(KM_PAD_NONE)));
2531 // Two-block message.
2532 string message = "12345678901234567890123456789012";
2533 AuthorizationSet begin_params(client_params());
2534 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2535 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2536 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2537
2538 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2539}
2540
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2541TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2542 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2543 .AesEncryptionKey(128)
2544 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2545 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2546 // Message is slightly shorter than two blocks.
2547 string message = "1234567890123456789012345678901";
2548
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2549 AuthorizationSet begin_params(client_params());
2550 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2551 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2552 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2553 string ciphertext;
2554 size_t input_consumed;
2555 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2556 EXPECT_EQ(message.size(), input_consumed);
2557 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2558
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2559 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2560}
2561
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2562TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2563 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2564 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2565 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2566 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2567
2568 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2569 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2570 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2571 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2572 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2573 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2574 EXPECT_EQ(message, plaintext);
2575 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2576
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2577 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2578}
2579
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2580TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) {
2581 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2582 .AesEncryptionKey(128)
2583 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2584 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2585
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]2586 // Try various message lengths; all should fail.
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2587 for (size_t i = 0; i < 32; ++i) {
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]2588 AuthorizationSet begin_params(client_params());
2589 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2590 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
2591 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE,
2592 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden5532a082015-07-01 12:58:08 -0600[diff] [blame]2593 }
2594
2595 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2596}
2597
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2598TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2599 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2600 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2601 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2602 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2603
2604 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2605 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2606 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2607 EXPECT_NE(ciphertext, message);
2608 ++ciphertext[ciphertext.size() / 2];
2609
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2610 AuthorizationSet begin_params(client_params());
2611 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2612 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2613 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2614 string plaintext;
2615 size_t input_consumed;
2616 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2617 EXPECT_EQ(ciphertext.size(), input_consumed);
2618 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2619
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2620 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2621}
2622
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2623TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2624 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2625 .AesEncryptionKey(128)
2626 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2627 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2628 string message = "123";
2629 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2630 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2631 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2632 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2633
2634 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2635 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2636 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2637 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2638
2639 // IVs should be random, so ciphertexts should differ.
2640 EXPECT_NE(iv1, iv2);
2641 EXPECT_NE(ciphertext1, ciphertext2);
2642
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2643 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2644 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2645
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2646 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2647}
2648
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2649TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2650 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2651 .AesEncryptionKey(128)
2652 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2653 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2654
2655 int increment = 15;
2656 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2657 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2658 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2659 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2660 AuthorizationSet output_params;
2661 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2662
2663 string ciphertext;
2664 size_t input_consumed;
2665 for (size_t i = 0; i < message.size(); i += increment)
2666 EXPECT_EQ(KM_ERROR_OK,
2667 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2668 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2669 EXPECT_EQ(message.size(), ciphertext.size());
2670
2671 // Move TAG_NONCE into input_params
2672 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2673 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2674 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2675 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2676 output_params.Clear();
2677
2678 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2679 string plaintext;
2680 for (size_t i = 0; i < ciphertext.size(); i += increment)
2681 EXPECT_EQ(KM_ERROR_OK,
2682 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2683 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2684 EXPECT_EQ(ciphertext.size(), plaintext.size());
2685 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2686
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2687 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2688}
2689
2690struct AesCtrSp80038aTestVector {
2691 const char* key;
2692 const char* nonce;
2693 const char* plaintext;
2694 const char* ciphertext;
2695};
2696
2697// These test vectors are taken from
2698// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2699static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2700 // AES-128
2701 {
2702 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2703 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2704 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2705 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2706 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2707 },
2708 // AES-192
2709 {
2710 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2711 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2712 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2713 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2714 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2715 },
2716 // AES-256
2717 {
2718 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2719 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2720 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2721 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2722 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2723 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2724 },
2725};
2726
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2727TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2728 for (size_t i = 0; i < 3; i++) {
2729 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2730 const string key = hex2str(test.key);
2731 const string nonce = hex2str(test.nonce);
2732 const string plaintext = hex2str(test.plaintext);
2733 const string ciphertext = hex2str(test.ciphertext);
2734 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2735 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2736
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2737 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2738}
2739
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2740TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2741 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2742 .AesEncryptionKey(128)
2743 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2744 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2745 AuthorizationSet begin_params(client_params());
2746 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2747 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2748 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2749
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2750 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2751}
2752
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2753TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2754 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2755 .AesEncryptionKey(128)
2756 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2757 .Authorization(TAG_CALLER_NONCE)
2758 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2759
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2760 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2761 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2762 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2763 input_params.push_back(TAG_NONCE, "123", 3);
2764 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2765
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2766 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2767}
2768
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2769TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2770 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2771 .AesEncryptionKey(128)
2772 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2773 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2774 // Two-block message.
2775 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2776 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2777 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2778 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2779
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2780 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2781 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2782 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2783
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2784 // IVs should be random, so ciphertexts should differ.
2785 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2786 EXPECT_NE(ciphertext1, ciphertext2);
2787
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2788 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2789 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2790
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2791 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2792}
2793
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2794TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2795 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2796 .AesEncryptionKey(128)
2797 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2798 .Authorization(TAG_CALLER_NONCE)
2799 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2800 string message = "12345678901234567890123456789012";
2801 string iv1;
2802 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2803 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2804 EXPECT_EQ(message.size(), ciphertext1.size());
2805 EXPECT_EQ(16U, iv1.size());
2806
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2807 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2808 EXPECT_EQ(message, plaintext);
2809
2810 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2811 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2812 AuthorizationSet update_params;
2813 AuthorizationSet output_params;
2814 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2815 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2816 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2817 string ciphertext2 =
2818 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2819
2820 // Decrypt with correct nonce.
2821 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2822 &output_params);
2823 EXPECT_EQ(message, plaintext);
2824
2825 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2826 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2827 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2828 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2829 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2830 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2831 &output_params);
2832 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2833
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2834 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2835}
2836
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2837TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2838 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2839 .AesEncryptionKey(128)
2840 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2841 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2842
2843 string message = "12345678901234567890123456789012";
2844 string iv1;
2845 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2846 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2847 EXPECT_EQ(message.size(), ciphertext1.size());
2848 EXPECT_EQ(16U, iv1.size());
2849
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2850 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2851 EXPECT_EQ(message, plaintext);
2852
2853 // Now specify a nonce, should fail.
2854 AuthorizationSet input_params(client_params());
2855 AuthorizationSet update_params;
2856 AuthorizationSet output_params;
2857 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2858 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2859 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2860
2861 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2862 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2863
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2864 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2865}
2866
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2867TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2868 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2869 .AesEncryptionKey(128)
2870 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2871 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2872
2873 int increment = 15;
2874 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2875 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2876 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2877 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2878 AuthorizationSet output_params;
2879 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2880
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2881 string ciphertext;
2882 size_t input_consumed;
2883 for (size_t i = 0; i < message.size(); i += increment)
2884 EXPECT_EQ(KM_ERROR_OK,
2885 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2886 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2887 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2888
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2889 // Move TAG_NONCE into input_params
2890 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2891 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2892 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2893 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2894 output_params.Clear();
2895
2896 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2897 string plaintext;
2898 for (size_t i = 0; i < ciphertext.size(); i += increment)
2899 EXPECT_EQ(KM_ERROR_OK,
2900 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2901 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2902 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2903 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2904
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2905 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2906}
2907
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2908TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2909 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2910 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2911 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2912 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2913
2914 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2915 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2916 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2917 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2918 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2919 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2920 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2921 EXPECT_EQ(message, plaintext);
2922 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2923
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2924 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2925}
2926
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2927TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2928 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2929 .AesEncryptionKey(128)
2930 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2931 .Authorization(TAG_PADDING, KM_PAD_NONE)
2932 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2933 string aad = "foobar";
2934 string message = "123456789012345678901234567890123456";
2935 AuthorizationSet begin_params(client_params());
2936 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2937 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2938 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2939
2940 AuthorizationSet update_params;
2941 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2942
2943 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2944 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2945 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2946 string ciphertext;
2947 size_t input_consumed;
2948 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2949 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2950 &input_consumed));
2951 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2952 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2953
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2954 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2955 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2956 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2957
2958 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2959 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2960 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2961 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2962 &plaintext, &input_consumed));
2963 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2964 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2965
2966 EXPECT_EQ(message, plaintext);
2967 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2968}
2969
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]2970TEST_P(EncryptionOperationsTest, AesGcmTooShortTag) {
2971 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2972 .AesEncryptionKey(128)
2973 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2974 .Authorization(TAG_PADDING, KM_PAD_NONE)
2975 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2976 string aad = "foobar";
2977 string message = "123456789012345678901234567890123456";
2978 AuthorizationSet begin_params(client_params());
2979 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2980 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2981 begin_params.push_back(TAG_MAC_LENGTH, 96);
2982
2983 AuthorizationSet update_params;
2984 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2985
2986 AuthorizationSet begin_out_params;
2987 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH,
2988 BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2989
2990 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2991}
2992
2993TEST_P(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) {
2994 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2995 .AesEncryptionKey(128)
2996 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2997 .Authorization(TAG_PADDING, KM_PAD_NONE)
2998 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
2999 string aad = "foobar";
3000 string message = "123456789012345678901234567890123456";
3001 AuthorizationSet begin_params(client_params());
3002 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3003 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3004 begin_params.push_back(TAG_MAC_LENGTH, 128);
3005
3006 AuthorizationSet update_params;
3007 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
3008
3009 // Encrypt
3010 AuthorizationSet begin_out_params;
3011 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
3012 string ciphertext;
3013 size_t input_consumed;
3014 AuthorizationSet update_out_params;
3015 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3016 &input_consumed));
3017 EXPECT_EQ(message.size(), input_consumed);
3018 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
3019
3020 // Grab nonce
3021 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3022 begin_params.Reinitialize(client_params());
3023 begin_params.push_back(begin_out_params);
3024 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3025 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3026 begin_params.push_back(TAG_MAC_LENGTH, 96);
3027
3028 // Decrypt.
3029 EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
3030
3031 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3032}
3033
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3034TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
3035 uint8_t nonce[] = {
3036 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
3037 };
3038 uint8_t ciphertext[] = {
3039 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
3040 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
3041 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
3042 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
3043 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
3044 };
3045 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
3046
3047 AuthorizationSet begin_params(client_params());
3048 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3049 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3050 begin_params.push_back(TAG_MAC_LENGTH, 128);
3051 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
3052
3053 string plaintext;
3054 size_t input_consumed;
3055
3056 // Import correct key and decrypt
3057 uint8_t good_key[] = {
3058 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
3059 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
3060 };
3061 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
3062 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
3063 .AesEncryptionKey(128)
3064 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
3065 .Authorization(TAG_PADDING, KM_PAD_NONE)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3066 .Authorization(TAG_CALLER_NONCE)
3067 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3068 KM_KEY_FORMAT_RAW, good_key_str));
3069 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
3070 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
3071 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
3072
3073 // Import bad key and decrypt
3074 uint8_t bad_key[] = {
3075 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
3076 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
3077 };
3078 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
3079 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
3080 .AesEncryptionKey(128)
3081 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3082 .Authorization(TAG_PADDING, KM_PAD_NONE)
3083 .Authorization(TAG_MIN_MAC_LENGTH, 128),
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3084 KM_KEY_FORMAT_RAW, bad_key_str));
3085 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
3086 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
3087 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
3088
3089 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3090}
3091
3092TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
3093 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3094 .AesEncryptionKey(128)
3095 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3096 .Authorization(TAG_PADDING, KM_PAD_NONE)
3097 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3098 string aad = "123456789012345678";
3099 string empty_message;
3100 AuthorizationSet begin_params(client_params());
3101 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3102 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3103 begin_params.push_back(TAG_MAC_LENGTH, 128);
3104
3105 AuthorizationSet update_params;
3106 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
3107
3108 // Encrypt
3109 AuthorizationSet begin_out_params;
3110 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
3111 string ciphertext;
3112 size_t input_consumed;
3113 AuthorizationSet update_out_params;
3114 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
3115 &ciphertext, &input_consumed));
3116 EXPECT_EQ(0U, input_consumed);
3117 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
3118
3119 // Grab nonce
3120 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3121 begin_params.push_back(begin_out_params);
3122
3123 // Decrypt.
3124 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
3125 string plaintext;
3126 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3127 &plaintext, &input_consumed));
3128 EXPECT_EQ(ciphertext.size(), input_consumed);
3129 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
3130
3131 EXPECT_EQ(empty_message, plaintext);
3132 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3133}
3134
3135TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
3136 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3137 .AesEncryptionKey(128)
3138 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3139 .Authorization(TAG_PADDING, KM_PAD_NONE)
3140 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3141 AuthorizationSet begin_params(client_params());
3142 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3143 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3144 begin_params.push_back(TAG_MAC_LENGTH, 128);
3145
3146 AuthorizationSet update_params;
3147 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
3148
3149 // Encrypt
3150 AuthorizationSet begin_out_params;
3151 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
3152 string ciphertext;
3153 size_t input_consumed;
3154 AuthorizationSet update_out_params;
3155
3156 // Send AAD, incrementally
3157 for (int i = 0; i < 1000; ++i) {
3158 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
3159 &input_consumed));
3160 EXPECT_EQ(0U, input_consumed);
3161 EXPECT_EQ(0U, ciphertext.size());
3162 }
3163
3164 // Now send data, incrementally, no data.
3165 AuthorizationSet empty_params;
3166 for (int i = 0; i < 1000; ++i) {
3167 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
3168 &input_consumed));
3169 EXPECT_EQ(1U, input_consumed);
3170 }
3171 EXPECT_EQ(1000U, ciphertext.size());
3172
3173 // And finish.
3174 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
3175 EXPECT_EQ(1016U, ciphertext.size());
3176
3177 // Grab nonce
3178 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3179 begin_params.push_back(begin_out_params);
3180
3181 // Decrypt.
3182 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
3183 string plaintext;
3184
3185 // Send AAD, incrementally, no data
3186 for (int i = 0; i < 1000; ++i) {
3187 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
3188 &input_consumed));
3189 EXPECT_EQ(0U, input_consumed);
3190 EXPECT_EQ(0U, plaintext.size());
3191 }
3192
3193 // Now send data, incrementally.
3194 for (size_t i = 0; i < ciphertext.length(); ++i) {
3195 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
3196 &update_out_params, &plaintext, &input_consumed));
3197 EXPECT_EQ(1U, input_consumed);
3198 }
3199 EXPECT_EQ(1000U, plaintext.size());
3200 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
3201
3202 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3203}
3204
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3205TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
3206 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3207 .AesEncryptionKey(128)
3208 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3209 .Authorization(TAG_PADDING, KM_PAD_NONE)
3210 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3211 string message = "123456789012345678901234567890123456";
3212 AuthorizationSet begin_params(client_params());
3213 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3214 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3215 begin_params.push_back(TAG_MAC_LENGTH, 128);
3216 AuthorizationSet begin_out_params;
3217
3218 AuthorizationSet update_params;
3219 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3220
3221 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
3222
3223 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3224 string ciphertext;
3225 size_t input_consumed;
3226 AuthorizationSet update_out_params;
3227 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
3228 &ciphertext, &input_consumed));
3229 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3230
3231 // AAD and data.
3232 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3233 &input_consumed));
3234 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3235 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3236
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3237 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3238 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3239 begin_params.push_back(begin_out_params);
3240
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3241 // Decrypt
3242 update_params.Clear();
3243 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3244
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3245 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
3246 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3247 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3248 &plaintext, &input_consumed));
3249 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3250 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3251
3252 EXPECT_EQ(message, plaintext);
3253 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3254}
3255
3256TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
3257 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3258 .AesEncryptionKey(128)
3259 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3260 .Authorization(TAG_PADDING, KM_PAD_NONE)
3261 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3262 string message = "12345678901234567890123456789012";
3263 AuthorizationSet begin_params(client_params());
3264 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3265 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3266 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3267
3268 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3269 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3270
3271 AuthorizationSet finish_params;
3272 AuthorizationSet finish_out_params;
3273
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3274 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3275 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3276 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3277 AuthorizationSet update_out_params;
3278 string ciphertext;
3279 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3280 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3281 &input_consumed));
3282 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3283 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3284
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3285 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3286 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3287 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3288
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3289 update_params.Clear();
3290 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3291
3292 // Decrypt.
3293 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3294 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3295 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3296 &plaintext, &input_consumed));
3297 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3298 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3299
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3300 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3301}
3302
3303TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
3304 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3305 .AesEncryptionKey(128)
3306 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3307 .Authorization(TAG_PADDING, KM_PAD_NONE)
3308 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3309 string message = "12345678901234567890123456789012";
3310 AuthorizationSet begin_params(client_params());
3311 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3312 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3313 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3314
3315 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3316 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3317
3318 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3319 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3320 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3321 AuthorizationSet update_out_params;
3322 string ciphertext;
3323 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3324 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3325 &input_consumed));
3326 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3327 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3328
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3329 begin_params.push_back(TAG_NONCE, "123456789012", 12);
3330
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3331 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3332 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3333 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3334 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3335 &plaintext, &input_consumed));
3336 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3337 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3338
3339 // With wrong nonce, should have gotten garbage plaintext.
3340 EXPECT_NE(message, plaintext);
3341 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3342}
3343
3344TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
3345 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3346 .AesEncryptionKey(128)
3347 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
Shawn Willden33ab0382015-07-08 08:47:25 -0600[diff] [blame]3348 .Authorization(TAG_PADDING, KM_PAD_NONE)
3349 .Authorization(TAG_MIN_MAC_LENGTH, 128)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3350 string aad = "foobar";
3351 string message = "123456789012345678901234567890123456";
3352 AuthorizationSet begin_params(client_params());
3353 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
3354 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3355 begin_params.push_back(TAG_MAC_LENGTH, 128);
3356 AuthorizationSet begin_out_params;
3357
3358 AuthorizationSet update_params;
3359 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3360
3361 // Encrypt
3362 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3363 AuthorizationSet update_out_params;
3364 string ciphertext;
3365 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3366 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
3367 &input_consumed));
3368 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3369 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3370
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3371 // Corrupt tag
3372 (*ciphertext.rbegin())++;
3373
3374 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3375 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
3376 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3377
3378 // Decrypt.
3379 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3380 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3381 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
3382 &plaintext, &input_consumed));
3383 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]3384 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]3385
3386 EXPECT_EQ(message, plaintext);
3387 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3388}
3389
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]3390typedef Keymaster1Test MaxOperationsTest;
3391INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
3392
3393TEST_P(MaxOperationsTest, TestLimit) {
3394 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3395 .AesEncryptionKey(128)
3396 .EcbMode()
3397 .Authorization(TAG_PADDING, KM_PAD_NONE)
3398 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3399
3400 string message = "1234567890123456";
3401 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3402 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3403 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3404
3405 // Fourth time should fail.
3406 AuthorizationSet begin_params(client_params());
3407 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3408 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3409 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3410
3411 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3412}
3413
3414TEST_P(MaxOperationsTest, TestAbort) {
3415 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
3416 .AesEncryptionKey(128)
3417 .EcbMode()
3418 .Authorization(TAG_PADDING, KM_PAD_NONE)
3419 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
3420
3421 string message = "1234567890123456";
3422 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3423 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3424 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
3425
3426 // Fourth time should fail.
3427 AuthorizationSet begin_params(client_params());
3428 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
3429 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
3430 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
3431
3432 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3433}
3434
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]3435typedef Keymaster1Test AddEntropyTest;
3436INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
3437
3438TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3439 // There's no obvious way to test that entropy is actually added, but we can test that the API
3440 // doesn't blow up or return an error.
3441 EXPECT_EQ(KM_ERROR_OK,
3442 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3443
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3444 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3445}
3446
3447typedef Keymaster1Test Keymaster0AdapterTest;
3448INSTANTIATE_TEST_CASE_P(
3449 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3450 ::testing::Values(
3451 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
3452 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3453
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3454TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3455 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3456 // key data.
3457 string km1_sw = read_file("km1_sw_rsa_512.blob");
3458 EXPECT_EQ(486U, km1_sw.length());
3459
3460 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3461 memcpy(key_data, km1_sw.data(), km1_sw.length());
3462 set_key_blob(key_data, km1_sw.length());
3463
3464 string message(64, 'a');
3465 string signature;
3466 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3467
3468 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3469}
3470
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]3471TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
3472 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
3473 // blobs contain OCB-encrypted key data.
3474 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
3475 EXPECT_EQ(477U, km1_sw.length());
3476
3477 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3478 memcpy(key_data, km1_sw.data(), km1_sw.length());
3479 set_key_blob(key_data, km1_sw.length());
3480
3481 string message(64, 'a');
3482 string signature;
3483 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3484
3485 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3486}
3487
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3488TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
3489 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
3490 // key data.
3491 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
3492 EXPECT_EQ(270U, km1_sw.length());
3493
3494 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
3495 memcpy(key_data, km1_sw.data(), km1_sw.length());
3496 set_key_blob(key_data, km1_sw.length());
3497
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]3498 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3499 string signature;
3500 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3501
3502 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3503}
3504
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3505struct Malloc_Delete {
3506 void operator()(void* p) { free(p); }
3507};
3508
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]3509TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]3510 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3511 string km0_sw = read_file("km0_sw_rsa_512.blob");
3512 EXPECT_EQ(333U, km0_sw.length());
3513
3514 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3515 memcpy(key_data, km0_sw.data(), km0_sw.length());
3516 set_key_blob(key_data, km0_sw.length());
3517
3518 string message(64, 'a');
3519 string signature;
3520 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3521
3522 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]3523}
3524
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3525TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
3526 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3527 string km0_sw = read_file("km0_sw_rsa_512.blob");
3528 EXPECT_EQ(333U, km0_sw.length());
3529
3530 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3531 memcpy(key_data, km0_sw.data(), km0_sw.length());
3532 set_key_blob(key_data, km0_sw.length());
3533
3534 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3535 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3536 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3537 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3538 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3539 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3540 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3541 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3542 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3543 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3544
3545 EXPECT_EQ(0, GetParam()->keymaster0_calls());
3546}
3547
3548TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
3549 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3550 string km0_sw = read_file("km0_sw_rsa_512.blob");
3551 EXPECT_EQ(333U, km0_sw.length());
3552
3553 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3554 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3555 EXPECT_EQ('P', km0_sw[0]);
3556 km0_sw[0] = 'Q';
3557
3558 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3559 memcpy(key_data, km0_sw.data(), km0_sw.length());
3560 set_key_blob(key_data, km0_sw.length());
3561
3562 string message(64, 'a');
3563 string signature;
3564 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3565 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3566
3567 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3568}
3569
3570TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3571 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3572 string km0_sw = read_file("km0_sw_rsa_512.blob");
3573 EXPECT_EQ(333U, km0_sw.length());
3574
3575 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3576 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3577 EXPECT_EQ('P', km0_sw[0]);
3578 km0_sw[0] = 'Q';
3579
3580 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3581 memcpy(key_data, km0_sw.data(), km0_sw.length());
3582 set_key_blob(key_data, km0_sw.length());
3583
3584 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3585 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3586 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3587 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3588 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]3589 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_MD5));
3590 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA1));
3591 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_224));
3592 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_256));
3593 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_384));
3594 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_512));
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3595 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
Shawn Willden5cf45022015-07-20 09:10:32 -0600[diff] [blame]3596 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT));
3597 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN));
3598 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_OAEP));
3599 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PSS));
3600 EXPECT_EQ(15U, hw_enforced().size());
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]3601
3602 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3603 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3604 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3605 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3606
3607 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3608 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3609 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3610 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3611 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3612
3613 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3614}
3615
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame^]3616TEST(SoftKeymasterWrapperTest, CheckKeymaster1Device) {
3617 // Make a good fake device, and wrap it.
3618 SoftKeymasterDevice* good_fake(new SoftKeymasterDevice(new TestKeymasterContext));
3619
3620 // Wrap it and check it.
3621 SoftKeymasterDevice* good_fake_wrapper(new SoftKeymasterDevice(new TestKeymasterContext));
3622 good_fake_wrapper->SetHardwareDevice(good_fake->keymaster_device());
3623 EXPECT_TRUE(good_fake_wrapper->Keymaster1DeviceIsGood());
3624
3625 // Close and clean up wrapper and wrapped
3626 good_fake_wrapper->keymaster_device()->common.close(good_fake_wrapper->hw_device());
3627
3628 // Make a "bad" (doesn't support all digests) device;
3629 keymaster1_device_t* sha256_only_fake = make_device_sha256_only(
3630 (new SoftKeymasterDevice(new TestKeymasterContext("256")))->keymaster_device());
3631
3632 // Wrap it and check it.
3633 SoftKeymasterDevice* sha256_only_fake_wrapper(
3634 (new SoftKeymasterDevice(new TestKeymasterContext)));
3635 sha256_only_fake_wrapper->SetHardwareDevice(sha256_only_fake);
3636 EXPECT_FALSE(sha256_only_fake_wrapper->Keymaster1DeviceIsGood());
3637
3638 // Close and clean up wrapper and wrapped
3639 sha256_only_fake_wrapper->keymaster_device()->common.close(
3640 sha256_only_fake_wrapper->hw_device());
3641}
3642
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3643} // namespace test
3644} // namespace keymaster