Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / d67afae61f822463120c36fea846362450dd7d71 / . / google_keymaster_test.cpp
blob: 43945a96f956e57e30889fa465958d2a66507cf3 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]18
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]19#include <openssl/engine.h>
20
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include "google_keymaster_utils.h"
23#include "google_softkeymaster.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]24#include "keymaster_tags.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]25
26int main(int argc, char** argv) {
27 ::testing::InitGoogleTest(&argc, argv);
28 int result = RUN_ALL_TESTS();
29 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
30 CRYPTO_cleanup_all_ex_data();
31 ERR_free_strings();
32 return result;
33}
34
35namespace keymaster {
36namespace test {
37
38class KeymasterTest : public testing::Test {
39 protected:
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]40 KeymasterTest() : device(5) { RAND_seed("foobar", 6); }
41 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]42
43 GoogleSoftKeymaster device;
44};
45
46template <keymaster_tag_t Tag, typename KeymasterEnum>
47bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM, Tag, KeymasterEnum> tag,
48 KeymasterEnum val) {
49 int pos = set.find(tag);
50 return pos != -1 && set[pos].enumerated == val;
51}
52
53template <keymaster_tag_t Tag, typename KeymasterEnum>
54bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM_REP, Tag, KeymasterEnum> tag,
55 KeymasterEnum val) {
56 int pos = -1;
57 while ((pos = set.find(tag, pos)) != -1)
58 if (set[pos].enumerated == val)
59 return true;
60 return false;
61}
62
63template <keymaster_tag_t Tag>
64bool contains(const AuthorizationSet& set, TypedTag<KM_INT, Tag> tag, uint32_t val) {
65 int pos = set.find(tag);
66 return pos != -1 && set[pos].integer == val;
67}
68
69template <keymaster_tag_t Tag>
70bool contains(const AuthorizationSet& set, TypedTag<KM_INT_REP, Tag> tag, uint32_t val) {
71 int pos = -1;
72 while ((pos = set.find(tag, pos)) != -1)
73 if (set[pos].integer == val)
74 return true;
75 return false;
76}
77
78template <keymaster_tag_t Tag>
79bool contains(const AuthorizationSet& set, TypedTag<KM_LONG, Tag> tag, uint64_t val) {
80 int pos = set.find(tag);
81 return pos != -1 && set[pos].long_integer == val;
82}
83
84template <keymaster_tag_t Tag>
85bool contains(const AuthorizationSet& set, TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
86 int pos = set.find(tag);
87 return pos != -1 &&
88 std::string(reinterpret_cast<const char*>(set[pos].blob.data),
89 set[pos].blob.data_length) == val;
90}
91
92inline bool contains(const AuthorizationSet& set, keymaster_tag_t tag) {
93 return set.find(tag) != -1;
94}
95
96typedef KeymasterTest CheckSupported;
97TEST_F(CheckSupported, SupportedAlgorithms) {
98 // Shouldn't blow up on NULL.
99 device.SupportedAlgorithms(NULL);
100
101 SupportedResponse<keymaster_algorithm_t> response;
102 device.SupportedAlgorithms(&response);
103 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]104 EXPECT_EQ(3U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]105 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]106 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]107 EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]108}
109
110TEST_F(CheckSupported, SupportedBlockModes) {
111 // Shouldn't blow up on NULL.
112 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
113
114 SupportedResponse<keymaster_block_mode_t> response;
115 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
116 EXPECT_EQ(KM_ERROR_OK, response.error);
117 EXPECT_EQ(0U, response.results_length);
118
119 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]120 EXPECT_EQ(KM_ERROR_OK, response.error);
121 EXPECT_EQ(0U, response.results_length);
122
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]123 device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
124 EXPECT_EQ(KM_ERROR_OK, response.error);
125 EXPECT_EQ(0U, response.results_length);
126
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]127 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]128 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
129}
130
131TEST_F(CheckSupported, SupportedPaddingModes) {
132 // Shouldn't blow up on NULL.
133 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
134
135 SupportedResponse<keymaster_padding_t> response;
136 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
137 EXPECT_EQ(KM_ERROR_OK, response.error);
138 EXPECT_EQ(1U, response.results_length);
139 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
140
141 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]142 EXPECT_EQ(KM_ERROR_OK, response.error);
143 EXPECT_EQ(1U, response.results_length);
144 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
145
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]146 device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
147 EXPECT_EQ(KM_ERROR_OK, response.error);
148 EXPECT_EQ(1U, response.results_length);
149 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
150
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]151 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]152 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
153}
154
155TEST_F(CheckSupported, SupportedDigests) {
156 // Shouldn't blow up on NULL.
157 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
158
159 SupportedResponse<keymaster_digest_t> response;
160 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
161 EXPECT_EQ(KM_ERROR_OK, response.error);
162 EXPECT_EQ(1U, response.results_length);
163 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
164
165 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]166 EXPECT_EQ(KM_ERROR_OK, response.error);
167 EXPECT_EQ(1U, response.results_length);
168 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
169
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]170 device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
171 EXPECT_EQ(KM_ERROR_OK, response.error);
172 EXPECT_EQ(1U, response.results_length);
173 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
174
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]175 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]176 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
177}
178
179TEST_F(CheckSupported, SupportedImportFormats) {
180 // Shouldn't blow up on NULL.
181 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
182
183 SupportedResponse<keymaster_key_format_t> response;
184 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
185 EXPECT_EQ(KM_ERROR_OK, response.error);
186 EXPECT_EQ(1U, response.results_length);
187 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
188
189 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]190 EXPECT_EQ(KM_ERROR_OK, response.error);
191 EXPECT_EQ(1U, response.results_length);
192 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
193
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]194 device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
195 EXPECT_EQ(KM_ERROR_OK, response.error);
196 EXPECT_EQ(1U, response.results_length);
197 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
198
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]199 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]200 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
201}
202
203TEST_F(CheckSupported, SupportedExportFormats) {
204 // Shouldn't blow up on NULL.
205 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
206
207 SupportedResponse<keymaster_key_format_t> response;
208 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
209 EXPECT_EQ(KM_ERROR_OK, response.error);
210 EXPECT_EQ(1U, response.results_length);
211 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
212
213 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]214 EXPECT_EQ(KM_ERROR_OK, response.error);
215 EXPECT_EQ(1U, response.results_length);
216 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
217
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]218 device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
219 EXPECT_EQ(KM_ERROR_OK, response.error);
220 EXPECT_EQ(1U, response.results_length);
221 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
222
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]223 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]224 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
225}
226
227typedef KeymasterTest NewKeyGeneration;
228TEST_F(NewKeyGeneration, Rsa) {
229 keymaster_key_param_t params[] = {
230 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
231 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
232 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]233 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]234 Authorization(TAG_USER_ID, 7),
235 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]236 Authorization(TAG_APPLICATION_ID, "app_id", 6),
237 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]238 Authorization(TAG_AUTH_TIMEOUT, 300),
239 };
240 GenerateKeyRequest req;
241 req.key_description.Reinitialize(params, array_length(params));
242 GenerateKeyResponse rsp;
243
244 device.GenerateKey(req, &rsp);
245
246 ASSERT_EQ(KM_ERROR_OK, rsp.error);
247 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]248 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
249 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]250
251 // Check specified tags are all present in unenforced characteristics
252 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
253 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
254
255 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
256
257 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
258 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]259 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]260 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
261
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]262 // Verify that App ID, App data and ROT are NOT included.
263 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
264 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
265 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
266
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]267 // Just for giggles, check that some unexpected tags/values are NOT present.
268 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
269 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
270 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
271 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
272
273 // Now check that unspecified, defaulted tags are correct.
274 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
275 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
276 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]277}
278
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]279TEST_F(NewKeyGeneration, Dsa) {
280 keymaster_key_param_t params[] = {
281 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
282 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
283 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
284 Authorization(TAG_KEY_SIZE, 256),
285 Authorization(TAG_USER_ID, 7),
286 Authorization(TAG_USER_AUTH_ID, 8),
287 Authorization(TAG_APPLICATION_ID, "app_id", 6),
288 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
289 Authorization(TAG_AUTH_TIMEOUT, 300),
290 };
291 GenerateKeyRequest req;
292 req.key_description.Reinitialize(params, array_length(params));
293 GenerateKeyResponse rsp;
294
295 device.GenerateKey(req, &rsp);
296
297 ASSERT_EQ(KM_ERROR_OK, rsp.error);
298 EXPECT_EQ(0U, rsp.enforced.size());
299 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
300 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
301
302 // Check specified tags are all present in unenforced characteristics
303 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
304 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
305
306 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
307
308 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
309 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
310 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
311 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
312
313 // Verify that App ID, App data and ROT are NOT included.
314 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
315 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
316 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
317
318 // Just for giggles, check that some unexpected tags/values are NOT present.
319 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
320 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
321 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
322 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
323
324 // Now check that unspecified, defaulted tags are correct.
325 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
326 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
327
328 // Generator should have created DSA params.
329 keymaster_blob_t g, p, q;
330 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
331 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
332 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame^]333 EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]334 EXPECT_EQ(64U, p.data_length);
335 EXPECT_EQ(20U, q.data_length);
336}
337
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]338TEST_F(NewKeyGeneration, Ecdsa) {
339 keymaster_key_param_t params[] = {
340 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
341 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
342 Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
343 Authorization(TAG_KEY_SIZE, 256),
344 Authorization(TAG_USER_ID, 7),
345 Authorization(TAG_USER_AUTH_ID, 8),
346 Authorization(TAG_APPLICATION_ID, "app_id", 6),
347 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
348 Authorization(TAG_AUTH_TIMEOUT, 300),
349 };
350 GenerateKeyRequest req;
351 req.key_description.Reinitialize(params, array_length(params));
352 GenerateKeyResponse rsp;
353
354 device.GenerateKey(req, &rsp);
355
356 ASSERT_EQ(KM_ERROR_OK, rsp.error);
357 EXPECT_EQ(0U, rsp.enforced.size());
358 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
359 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
360
361 // Check specified tags are all present in unenforced characteristics
362 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
363 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
364
365 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
366
367 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
368 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
369 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
370 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
371
372 // Verify that App ID, App data and ROT are NOT included.
373 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
374 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
375 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
376
377 // Just for giggles, check that some unexpected tags/values are NOT present.
378 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
379 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
380 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
381 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
382
383 // Now check that unspecified, defaulted tags are correct.
384 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
385 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
386}
387
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]388typedef KeymasterTest GetKeyCharacteristics;
389TEST_F(GetKeyCharacteristics, SimpleRsa) {
390 keymaster_key_param_t params[] = {
391 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
392 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
393 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
394 Authorization(TAG_KEY_SIZE, 256),
395 Authorization(TAG_USER_ID, 7),
396 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]397 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]398 Authorization(TAG_AUTH_TIMEOUT, 300),
399 };
400
401 GenerateKeyRequest gen_req;
402 gen_req.key_description.Reinitialize(params, array_length(params));
403 GenerateKeyResponse gen_rsp;
404
405 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]406 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]407
408 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]409 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]410 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]411
412 GetKeyCharacteristicsResponse rsp;
413 device.GetKeyCharacteristics(req, &rsp);
414 ASSERT_EQ(KM_ERROR_OK, rsp.error);
415
416 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
417 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
418}
419
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]420/**
421 * Test class that provides some infrastructure for generating keys and signing messages.
422 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]423class SigningOperationsTest : public KeymasterTest {
424 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]425 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
426 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]427 keymaster_key_param_t params[] = {
428 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
429 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]430 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]431 Authorization(TAG_KEY_SIZE, key_size),
432 Authorization(TAG_USER_ID, 7),
433 Authorization(TAG_USER_AUTH_ID, 8),
434 Authorization(TAG_APPLICATION_ID, "app_id", 6),
435 Authorization(TAG_AUTH_TIMEOUT, 300),
436 };
437 GenerateKeyRequest generate_request;
438 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]439 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]440 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]441 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]442 generate_request.key_description.push_back(TAG_PADDING, padding);
443 device.GenerateKey(generate_request, &generate_response_);
444 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]445 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]446
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]447 void SignMessage(const void* message, size_t size) {
448 BeginOperationRequest begin_request;
449 BeginOperationResponse begin_response;
450 begin_request.SetKeyMaterial(generate_response_.key_blob);
451 begin_request.purpose = KM_PURPOSE_SIGN;
452 AddClientParams(&begin_request.additional_params);
453
454 device.BeginOperation(begin_request, &begin_response);
455 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
456
457 UpdateOperationRequest update_request;
458 UpdateOperationResponse update_response;
459 update_request.op_handle = begin_response.op_handle;
460 update_request.input.Reinitialize(message, size);
461 EXPECT_EQ(size, update_request.input.available_read());
462
463 device.UpdateOperation(update_request, &update_response);
464 ASSERT_EQ(KM_ERROR_OK, update_response.error);
465 EXPECT_EQ(0U, update_response.output.available_read());
466
467 FinishOperationRequest finish_request;
468 finish_request.op_handle = begin_response.op_handle;
469 device.FinishOperation(finish_request, &finish_response_);
470 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
471 EXPECT_GT(finish_response_.output.available_read(), 0U);
472 }
473
474 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
475
476 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
477 Buffer* signature() {
478 if (finish_response_.error == KM_ERROR_OK)
479 return &finish_response_.output;
480 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]481 }
482
483 private:
484 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]485 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]486};
487
488TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]489 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]490 const char message[] = "12345678901234567890123456789012";
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]491
492 BeginOperationRequest begin_request;
493 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]494 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]495 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]496 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]497
498 device.BeginOperation(begin_request, &begin_response);
499 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
500
501 UpdateOperationRequest update_request;
502 UpdateOperationResponse update_response;
503 update_request.op_handle = begin_response.op_handle;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]504 update_request.input.Reinitialize(message, array_size(message) - 1);
505 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]506
507 device.UpdateOperation(update_request, &update_response);
508 ASSERT_EQ(KM_ERROR_OK, update_response.error);
509 EXPECT_EQ(0U, update_response.output.available_read());
510
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]511 FinishOperationRequest finish_request;
512 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]513 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]514 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]515 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]516 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]517
518 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
519}
520
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]521TEST_F(SigningOperationsTest, DsaSuccess) {
522 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
523
524 BeginOperationRequest begin_request;
525 BeginOperationResponse begin_response;
526 begin_request.SetKeyMaterial(key_blob());
527 begin_request.purpose = KM_PURPOSE_SIGN;
528 AddClientParams(&begin_request.additional_params);
529
530 device.BeginOperation(begin_request, &begin_response);
531 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
532
533 UpdateOperationRequest update_request;
534 UpdateOperationResponse update_response;
535 update_request.op_handle = begin_response.op_handle;
536 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
537 EXPECT_EQ(48U, update_request.input.available_read());
538
539 device.UpdateOperation(update_request, &update_response);
540 ASSERT_EQ(KM_ERROR_OK, update_response.error);
541 EXPECT_EQ(0U, update_response.output.available_read());
542
543 FinishOperationRequest finish_request;
544 finish_request.op_handle = begin_response.op_handle;
545 FinishOperationResponse finish_response;
546 device.FinishOperation(finish_request, &finish_response);
547 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
548 EXPECT_GT(finish_response.output.available_read(), 0U);
549
550 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
551}
552
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]553TEST_F(SigningOperationsTest, EcdsaSuccess) {
554 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
555
556 BeginOperationRequest begin_request;
557 BeginOperationResponse begin_response;
558 begin_request.SetKeyMaterial(key_blob());
559 begin_request.purpose = KM_PURPOSE_SIGN;
560 AddClientParams(&begin_request.additional_params);
561
562 device.BeginOperation(begin_request, &begin_response);
563 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
564
565 UpdateOperationRequest update_request;
566 UpdateOperationResponse update_response;
567 update_request.op_handle = begin_response.op_handle;
568 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
569 EXPECT_EQ(48U, update_request.input.available_read());
570
571 device.UpdateOperation(update_request, &update_response);
572 ASSERT_EQ(KM_ERROR_OK, update_response.error);
573 EXPECT_EQ(0U, update_response.output.available_read());
574
575 FinishOperationRequest finish_request;
576 finish_request.op_handle = begin_response.op_handle;
577 FinishOperationResponse finish_response;
578 device.FinishOperation(finish_request, &finish_response);
579 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
580 EXPECT_GT(finish_response.output.available_read(), 0U);
581
582 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
583}
584
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]585TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]586 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]587
588 BeginOperationRequest begin_request;
589 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]590 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]591 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]592 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]593
594 device.BeginOperation(begin_request, &begin_response);
595 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
596
597 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
598
599 // Another abort should fail
600 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
601}
602
603TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]604 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]605
606 BeginOperationRequest begin_request;
607 BeginOperationResponse begin_response;
608 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]609 begin_request.SetKeyMaterial(key_blob());
610 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]611
612 device.BeginOperation(begin_request, &begin_response);
613 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
614
615 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
616}
617
618TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]619 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]620
621 BeginOperationRequest begin_request;
622 BeginOperationResponse begin_response;
623 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]624 begin_request.SetKeyMaterial(key_blob());
625 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]626
627 device.BeginOperation(begin_request, &begin_response);
628 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
629
630 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
631}
632
633TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]634 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
635 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]636
637 BeginOperationRequest begin_request;
638 BeginOperationResponse begin_response;
639 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]640 begin_request.SetKeyMaterial(key_blob());
641 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]642
643 device.BeginOperation(begin_request, &begin_response);
644 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
645
646 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
647}
648
649TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]650 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
651 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]652
653 BeginOperationRequest begin_request;
654 BeginOperationResponse begin_response;
655 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]656 begin_request.SetKeyMaterial(key_blob());
657 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]658
659 device.BeginOperation(begin_request, &begin_response);
660 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
661
662 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
663}
664
665TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]666 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]667
668 BeginOperationRequest begin_request;
669 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]670 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]671 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]672 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]673
674 device.BeginOperation(begin_request, &begin_response);
675 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
676
677 UpdateOperationRequest update_request;
678 UpdateOperationResponse update_response;
679 update_request.op_handle = begin_response.op_handle;
680 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
681 EXPECT_EQ(31U, update_request.input.available_read());
682
683 device.UpdateOperation(update_request, &update_response);
684 ASSERT_EQ(KM_ERROR_OK, update_response.error);
685 EXPECT_EQ(0U, update_response.output.available_read());
686
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]687 FinishOperationRequest finish_request;
688 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]689 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]690 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]691 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]692 EXPECT_EQ(0U, finish_response.output.available_read());
693
694 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
695}
696
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]697typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]698TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]699 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
700 const char message[] = "12345678901234567890123456789012";
701 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]702 ASSERT_TRUE(signature() != NULL);
703
704 BeginOperationRequest begin_request;
705 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]706 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]707 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]708 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]709
710 device.BeginOperation(begin_request, &begin_response);
711 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
712
713 UpdateOperationRequest update_request;
714 UpdateOperationResponse update_response;
715 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]716 update_request.input.Reinitialize(message, array_size(message) - 1);
717 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]718
719 device.UpdateOperation(update_request, &update_response);
720 ASSERT_EQ(KM_ERROR_OK, update_response.error);
721 EXPECT_EQ(0U, update_response.output.available_read());
722
723 FinishOperationRequest finish_request;
724 finish_request.op_handle = begin_response.op_handle;
725 finish_request.signature.Reinitialize(*signature());
726 FinishOperationResponse finish_response;
727 device.FinishOperation(finish_request, &finish_response);
728 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]729 EXPECT_EQ(0U, finish_response.output.available_read());
730
731 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
732}
733
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]734TEST_F(VerificationOperationsTest, DsaSuccess) {
735 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
736 const char message[] = "123456789012345678901234567890123456789012345678";
737 SignMessage(message, array_size(message) - 1);
738 ASSERT_TRUE(signature() != NULL);
739
740 BeginOperationRequest begin_request;
741 BeginOperationResponse begin_response;
742 begin_request.SetKeyMaterial(key_blob());
743 begin_request.purpose = KM_PURPOSE_VERIFY;
744 AddClientParams(&begin_request.additional_params);
745
746 device.BeginOperation(begin_request, &begin_response);
747 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
748
749 UpdateOperationRequest update_request;
750 UpdateOperationResponse update_response;
751 update_request.op_handle = begin_response.op_handle;
752 update_request.input.Reinitialize(message, array_size(message) - 1);
753 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
754
755 device.UpdateOperation(update_request, &update_response);
756 ASSERT_EQ(KM_ERROR_OK, update_response.error);
757 EXPECT_EQ(0U, update_response.output.available_read());
758
759 FinishOperationRequest finish_request;
760 finish_request.op_handle = begin_response.op_handle;
761 finish_request.signature.Reinitialize(*signature());
762 FinishOperationResponse finish_response;
763 device.FinishOperation(finish_request, &finish_response);
764 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
765 EXPECT_EQ(0U, finish_response.output.available_read());
766
767 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
768}
769
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]770TEST_F(VerificationOperationsTest, EcdsaSuccess) {
771 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
772 const char message[] = "123456789012345678901234567890123456789012345678";
773 SignMessage(message, array_size(message) - 1);
774 ASSERT_TRUE(signature() != NULL);
775
776 BeginOperationRequest begin_request;
777 BeginOperationResponse begin_response;
778 begin_request.SetKeyMaterial(key_blob());
779 begin_request.purpose = KM_PURPOSE_VERIFY;
780 AddClientParams(&begin_request.additional_params);
781
782 device.BeginOperation(begin_request, &begin_response);
783 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
784
785 UpdateOperationRequest update_request;
786 UpdateOperationResponse update_response;
787 update_request.op_handle = begin_response.op_handle;
788 update_request.input.Reinitialize(message, array_size(message) - 1);
789 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
790
791 device.UpdateOperation(update_request, &update_response);
792 ASSERT_EQ(KM_ERROR_OK, update_response.error);
793 EXPECT_EQ(0U, update_response.output.available_read());
794
795 FinishOperationRequest finish_request;
796 finish_request.op_handle = begin_response.op_handle;
797 finish_request.signature.Reinitialize(*signature());
798 FinishOperationResponse finish_response;
799 device.FinishOperation(finish_request, &finish_response);
800 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
801 EXPECT_EQ(0U, finish_response.output.available_read());
802
803 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
804}
805
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]806typedef SigningOperationsTest ExportKeyTest;
807TEST_F(ExportKeyTest, RsaSuccess) {
808 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
809 ASSERT_TRUE(signature() != NULL);
810
811 ExportKeyRequest request;
812 ExportKeyResponse response;
813 AddClientParams(&request.additional_params);
814 request.key_format = KM_KEY_FORMAT_X509;
815 request.SetKeyMaterial(key_blob());
816
817 device.ExportKey(request, &response);
818 ASSERT_EQ(KM_ERROR_OK, response.error);
819 EXPECT_TRUE(response.key_data != NULL);
820}
821
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]822} // namespace test
823} // namespace keymaster