Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / ebc99a15e324d9f1cfaf681a8c95676984f16f08 / . / android_keymaster_test.cpp
blob: 49cff6ee9525fae81604e35758e3e57615e7cc6e [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]17#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]18#include <string>
19#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]20
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]21#include <hardware/keymaster0.h>
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]22#include <keymaster/key_factory.h>
23#include <keymaster/soft_keymaster_context.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]24#include <keymaster/soft_keymaster_device.h>
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]25#include <keymaster/softkeymaster.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]27#include "android_keymaster_test_utils.h"
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]28#include "keymaster0_engine.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]29
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]30using std::ifstream;
31using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]32using std::string;
33using std::vector;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]34using std::unique_ptr;
35
36extern "C" {
37int __android_log_print(int prio, const char* tag, const char* fmt);
38int __android_log_print(int prio, const char* tag, const char* fmt) {
Chad Brubaker3e37f0a2015-06-03 10:39:00 -0700[diff] [blame]39 (void)prio, (void)tag, (void)fmt;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]40 return 0;
41}
42} // extern "C"
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]43
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]44namespace keymaster {
45namespace test {
46
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]47StdoutLogger logger;
48
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]49class TestKeymasterEnforcement : public KeymasterEnforcement {
50 public:
51 TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {}
52
53 virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; }
54 virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; }
55 virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */,
56 uint32_t /* timeout */) const {
57 return false;
58 }
59 virtual uint32_t get_current_time() const { return 0; }
60 virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; }
61};
62
63class TestKeymasterContext : public SoftKeymasterContext {
64 public:
65 TestKeymasterContext(keymaster0_device_t* keymaster0 = nullptr)
66 : SoftKeymasterContext(keymaster0) {}
67
68 KeymasterEnforcement* enforcement_policy() override { return &test_policy_; }
69
70 private:
71 TestKeymasterEnforcement test_policy_;
72};
73
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]74class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator {
75 public:
76 keymaster1_device_t* CreateDevice() const override {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]77 std::cerr << "Creating software-only device" << std::endl;
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]78 SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext);
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]79 return device->keymaster_device();
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]80 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]81
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]82 bool algorithm_in_hardware(keymaster_algorithm_t) const override { return false; }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]83 int keymaster0_calls() const override { return 0; }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]84};
85
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]86class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator {
87 public:
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]88 Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {}
89
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]90 keymaster1_device_t* CreateDevice() const {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]91 std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_
92 << ")." << std::endl;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]93 hw_device_t* softkeymaster_device;
94 EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER,
95 &softkeymaster_device));
96 // Make the software device pretend to be hardware
97 keymaster0_device_t* keymaster0_device =
98 reinterpret_cast<keymaster0_device_t*>(softkeymaster_device);
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]99 keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY;
100
101 if (!support_ec_) {
102 // Make the software device pretend not to support EC
103 keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC;
104 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]105
106 counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device);
107
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]108 SoftKeymasterDevice* keymaster =
109 new SoftKeymasterDevice(new TestKeymasterContext(counting_keymaster0_device_));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]110 return keymaster->keymaster_device();
111 }
112
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]113 bool algorithm_in_hardware(keymaster_algorithm_t algorithm) const override {
114 switch (algorithm) {
115 case KM_ALGORITHM_RSA:
116 return true;
117 case KM_ALGORITHM_EC:
118 return support_ec_;
119 default:
120 return false;
121 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]122 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]123 int keymaster0_calls() const override { return counting_keymaster0_device_->count(); }
124
125 private:
126 mutable Keymaster0CountingWrapper* counting_keymaster0_device_;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]127 bool support_ec_;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]128};
129
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]130static auto test_params = testing::Values(
131 InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator),
132 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
133 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)));
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]134
135typedef Keymaster1Test CheckSupported;
136INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params);
137
138TEST_P(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]139 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
140 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]141
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]142 size_t len;
143 keymaster_algorithm_t* algorithms;
144 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]145 EXPECT_TRUE(ResponseContains(
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]146 {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]147 free(algorithms);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]148
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]149 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]150}
151
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]152TEST_P(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]153 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
154 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
155 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]156
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]157 size_t len;
158 keymaster_block_mode_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]159 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]160 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]161 EXPECT_EQ(0U, len);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]162 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]163
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]164 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]165 device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]166 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]167
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]168 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]169 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]170 EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]171 free(modes);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]172
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]173 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]174}
175
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]176TEST_P(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]177 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
178 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
179 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]180
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]181 size_t len;
182 keymaster_padding_t* modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]183 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]184 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]185 EXPECT_TRUE(
186 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]187 free(modes);
188
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]189 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]190 KM_PURPOSE_ENCRYPT, &modes, &len));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]191 EXPECT_TRUE(
192 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]193 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]194
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]195 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]196 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]197 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]198 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]199
200 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
201 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
202 &modes, &len));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]203
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]204 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]205}
206
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]207TEST_P(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]208 EXPECT_EQ(
209 KM_ERROR_OUTPUT_PARAMETER_NULL,
210 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]211
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]212 size_t len;
213 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]214 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]215 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]216 EXPECT_TRUE(
217 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
218 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
219 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]220 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]221
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]222 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]223 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]224 EXPECT_TRUE(
225 ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
226 KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
227 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]228 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]229
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]230 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
231 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
232 &len));
233
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]234 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]235 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]236 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
237 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
238 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]239 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]240
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]241 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]242}
243
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]244TEST_P(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]245 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
246 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]247
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]248 size_t len;
249 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]251 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]252 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]253 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]254
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]255 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]256 device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len));
257 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
258 free(formats);
259
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]260 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]261 device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
262 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len));
263 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]264
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]265 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]266}
267
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]268TEST_P(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]269 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
270 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]271
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]272 size_t len;
273 keymaster_key_format_t* formats;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]274 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]275 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]276 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]277 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]278
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]279 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden9c65b2b2015-04-07 17:01:10 -0600[diff] [blame]280 device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]281 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]282 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]283
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]284 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]285 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]286 EXPECT_EQ(0U, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]287 free(formats);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]288
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]289 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]290 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]291 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]292 free(formats);
293
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]294 ASSERT_EQ(KM_ERROR_OK,
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]295 device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]296 EXPECT_EQ(0U, len);
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]297 free(formats);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]298
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]299 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]300}
301
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]302class NewKeyGeneration : public Keymaster1Test {
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]303 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]304 void CheckBaseParams() {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]305 AuthorizationSet auths = sw_enforced();
306 EXPECT_GT(auths.SerializedSize(), 12U);
307
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]308 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
309 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
310 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
Shawn Willdeneb63b972015-03-14 08:01:12 -0600[diff] [blame]311 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]312 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]313
314 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]315 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
316 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
317 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]318
319 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]320 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
321 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
322 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]323
324 // Now check that unspecified, defaulted tags are correct.
Shawn Willden0b2d3332015-04-07 17:46:18 -0600[diff] [blame]325 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]326 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]327 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]328};
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]329INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params);
330
331TEST_P(NewKeyGeneration, Rsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]332 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
333 .RsaSigningKey(256, 3)
334 .Digest(KM_DIGEST_NONE)
335 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]336 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]337
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]338 // Check specified tags are all present, and in the right set.
339 AuthorizationSet crypto_params;
340 AuthorizationSet non_crypto_params;
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]341 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]342 EXPECT_NE(0U, hw_enforced().size());
343 EXPECT_NE(0U, sw_enforced().size());
344 crypto_params.push_back(hw_enforced());
345 non_crypto_params.push_back(sw_enforced());
346 } else {
347 EXPECT_EQ(0U, hw_enforced().size());
348 EXPECT_NE(0U, sw_enforced().size());
349 crypto_params.push_back(sw_enforced());
350 }
351
352 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
353 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA));
354 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256));
355 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256));
356 EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
357 EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3));
358
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]359 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]360 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]361}
362
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]363TEST_P(NewKeyGeneration, RsaDefaultSize) {
Shawn Willden3b4e1652015-02-27 13:33:01 -0700[diff] [blame]364 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
365 GenerateKey(AuthorizationSetBuilder()
366 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
367 .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
368 .SigningKey()));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]369
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]370 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]371}
372
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]373TEST_P(NewKeyGeneration, Ecdsa) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]374 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]375 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]376 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]377
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]378 // Check specified tags are all present, and in the right set.
379 AuthorizationSet crypto_params;
380 AuthorizationSet non_crypto_params;
381 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) {
382 EXPECT_NE(0U, hw_enforced().size());
383 EXPECT_NE(0U, sw_enforced().size());
384 crypto_params.push_back(hw_enforced());
385 non_crypto_params.push_back(sw_enforced());
386 } else {
387 EXPECT_EQ(0U, hw_enforced().size());
388 EXPECT_NE(0U, sw_enforced().size());
389 crypto_params.push_back(sw_enforced());
390 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]391
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]392 EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
393 EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC));
394 EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224));
395 EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224));
396
397 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
398 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]399}
400
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]401TEST_P(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willden4f83b892015-05-26 12:52:54 -0600[diff] [blame]402 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
403 GenerateKey(AuthorizationSetBuilder()
404 .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
405 .SigningKey()
406 .Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]407
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]408 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]409}
410
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]411TEST_P(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]412 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
413 ASSERT_EQ(
414 KM_ERROR_UNKNOWN_ERROR,
415 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
416 else
417 ASSERT_EQ(
418 KM_ERROR_UNSUPPORTED_KEY_SIZE,
419 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]420
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]421 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
422 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]423}
424
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]425TEST_P(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]426 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]427 for (size_t size : valid_sizes) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]428 EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(
429 KM_DIGEST_NONE)))
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]430 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]431 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]432
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]433 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
434 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]435}
436
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]437TEST_P(NewKeyGeneration, HmacSha256) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]438 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]439 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]440
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]441 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]442}
443
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]444typedef Keymaster1Test GetKeyCharacteristics;
445INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params);
446
447TEST_P(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]448 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
449 .RsaSigningKey(256, 3)
450 .Digest(KM_DIGEST_NONE)
451 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]452 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]453
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]454 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
455 EXPECT_EQ(original, sw_enforced());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]456
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]457 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]458 EXPECT_EQ(1, GetParam()->keymaster0_calls());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]459}
460
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]461typedef Keymaster1Test SigningOperationsTest;
462INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params);
463
464TEST_P(SigningOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]465 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
466 .RsaSigningKey(256, 3)
467 .Digest(KM_DIGEST_NONE)
468 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]469 string message = "12345678901234567890123456789012";
470 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]471 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]472
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]473 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]474 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]475}
476
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]477TEST_P(SigningOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]478 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
479 .RsaSigningKey(512, 3)
480 .Digest(KM_DIGEST_SHA_2_256)
481 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]482 // Use large message, which won't work without digesting.
483 string message(1024, 'a');
484 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]485 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]486
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]487 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]488 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]489}
490
Shawn Willdenbfd9ed72015-06-11 10:51:12 -0600[diff] [blame]491TEST_P(SigningOperationsTest, RsaPaddingNoneAllowsOther) {
492 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
493 .RsaSigningKey(512, 3)
494 .Digest(KM_DIGEST_NONE)
495 .Padding(KM_PAD_NONE)));
496 string message = "12345678901234567890123456789012";
497 string signature;
498 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
499
500 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
501 EXPECT_EQ(3, GetParam()->keymaster0_calls());
502}
503
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]504TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]505 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
506 .RsaSigningKey(512, 3)
507 .Digest(KM_DIGEST_SHA_2_256)
508 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]509 string message(1024, 'a');
510 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]511 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]512
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]513 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]514 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]515}
516
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]517TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
518 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
519 .RsaSigningKey(512, 3)
520 .Digest(KM_DIGEST_NONE)
521 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
522 string message(53, 'a');
523 string signature;
524 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN);
525
526 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
527 EXPECT_EQ(3, GetParam()->keymaster0_calls());
528}
529
530TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) {
531 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
532 .RsaSigningKey(512, 3)
533 .Digest(KM_DIGEST_NONE)
534 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
535 string message(54, 'a');
536
537 AuthorizationSet begin_params(client_params());
538 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
539 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
540 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
541 string result;
542 size_t input_consumed;
543 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
544 string signature;
545 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
546
547 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
548 EXPECT_EQ(2, GetParam()->keymaster0_calls());
549}
550
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]551TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]552 // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so
553 // verify that nine bytes larger than hash won't work.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]554 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
555 .RsaSigningKey(256 + 9 * 8, 3)
556 .Digest(KM_DIGEST_SHA_2_256)
557 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]558 string message(1024, 'a');
559 string signature;
560
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]561 AuthorizationSet begin_params(client_params());
562 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]563 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]564 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]565}
566
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]567TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) {
568 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
569 .RsaSigningKey(256, 3)
570 .Digest(KM_DIGEST_NONE)
571 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
572 string message(64 * 1024, 'a');
573 string signature;
574 AuthorizationSet begin_params(client_params());
575 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
576 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
577 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
578 string result;
579 size_t input_consumed;
580 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
581
582 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
583 EXPECT_EQ(2, GetParam()->keymaster0_calls());
584}
585
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]586TEST_P(SigningOperationsTest, RsaAbort) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]587 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
588 .RsaSigningKey(256, 3)
589 .Digest(KM_DIGEST_NONE)
590 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]591 AuthorizationSet begin_params(client_params());
592 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]593 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]594 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]595 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
596 // Another abort should fail
597 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]598
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]599 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]600 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]601}
602
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]603TEST_P(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]604 GenerateKey(AuthorizationSetBuilder()
605 .RsaSigningKey(256, 3)
606 .Digest(KM_DIGEST_SHA_2_256 /* supported digest */)
607 .Padding(KM_PAD_PKCS7));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]608 AuthorizationSet begin_params(client_params());
609 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
610 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]611
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]612 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]613 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]614}
615
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]616TEST_P(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]617 // PSS requires a digest.
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]618 GenerateKey(AuthorizationSetBuilder()
619 .RsaSigningKey(256, 3)
620 .Digest(KM_DIGEST_NONE)
621 .Padding(KM_PAD_RSA_PSS));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]622 AuthorizationSet begin_params(client_params());
623 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]624 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]625 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]626
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]627 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]628 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]629}
630
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]631TEST_P(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]632 // Padding must be specified
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]633 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest(
634 KM_DIGEST_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]635 AuthorizationSet begin_params(client_params());
636 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
637 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]638
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]639 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]640 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]641}
642
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]643TEST_P(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]644 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
645 .RsaSigningKey(256, 3)
646 .Digest(KM_DIGEST_NONE)
647 .Padding(KM_PAD_NONE)));
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]648 AuthorizationSet begin_params(client_params());
649 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]650 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]651 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]652
653 string message = "1234567890123456789012345678901";
654 string result;
655 size_t input_consumed;
656 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
657 EXPECT_EQ(0U, result.size());
658 EXPECT_EQ(31U, input_consumed);
659
660 string signature;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]661 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature));
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]662 EXPECT_EQ(0U, signature.length());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]663
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]664 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]665 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]666}
667
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]668TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]669 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
670 .RsaEncryptionKey(256, 3)
671 .Digest(KM_DIGEST_NONE)
672 .Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]673 AuthorizationSet begin_params(client_params());
674 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
675 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
676 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]677
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]678 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]679 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]680}
681
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]682TEST_P(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]683 ASSERT_EQ(KM_ERROR_OK,
684 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]685 string message(224 / 8, 'a');
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]686 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]687 SignMessage(message, &signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]688
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]689 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
690 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]691}
692
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]693TEST_P(SigningOperationsTest, EcdsaSha256Success) {
694 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
695 KM_DIGEST_SHA_2_256)));
696 string message(1024, 'a');
697 string signature;
698 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
699
700 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
701 EXPECT_EQ(3, GetParam()->keymaster0_calls());
702}
703
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]704TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) {
705 ASSERT_EQ(KM_ERROR_OK,
706 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
707 string message(64 * 1024, 'a');
708 string signature;
709 AuthorizationSet begin_params(client_params());
710 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
711 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
712 string result;
713 size_t input_consumed;
714 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
715
716 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
717 EXPECT_EQ(2, GetParam()->keymaster0_calls());
718}
719
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]720TEST_P(SigningOperationsTest, AesEcbSign) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]721 ASSERT_EQ(KM_ERROR_OK,
722 GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
723 TAG_BLOCK_MODE, KM_MODE_ECB)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]724 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN));
725 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]726
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]727 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]728}
729
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]730TEST_P(SigningOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]731 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]732 string message = "12345678901234567890123456789012";
733 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]734 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]735 ASSERT_EQ(20U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]736
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]737 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]738}
739
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]740TEST_P(SigningOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]741 ASSERT_EQ(KM_ERROR_OK,
742 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]743 string message = "12345678901234567890123456789012";
744 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]745 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]746 ASSERT_EQ(28U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]747
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]748 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]749}
750
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]751TEST_P(SigningOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]752 ASSERT_EQ(KM_ERROR_OK,
753 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]754 string message = "12345678901234567890123456789012";
755 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]756 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]757 ASSERT_EQ(32U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]758
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]759 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]760}
761
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]762TEST_P(SigningOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]763 ASSERT_EQ(KM_ERROR_OK,
764 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384)));
765
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]766 string message = "12345678901234567890123456789012";
767 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]768 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]769 ASSERT_EQ(48U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]770
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]771 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]772}
773
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]774TEST_P(SigningOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]775 ASSERT_EQ(KM_ERROR_OK,
776 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]777 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]778 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]779 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]780 ASSERT_EQ(64U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]781
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]782 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]783}
784
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame^]785TEST_P(SigningOperationsTest, HmacAnyDigestSuccess) {
786 ASSERT_EQ(KM_ERROR_OK,
787 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
788 string message = "12345678901234567890123456789012";
789 string signature;
790
791 size_t len;
792 keymaster_digest_t* digests;
793 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
794 KM_PURPOSE_SIGN, &digests, &len));
795 for (size_t i = 0; i < len; ++i)
796 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
797 free(digests);
798
799 // Ensure that we can't actually try to do an HMAC with no digest
800 AuthorizationSet begin_params(client_params());
801 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
802 begin_params.push_back(TAG_MAC_LENGTH, 128);
803 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params));
804
805 EXPECT_EQ(0, GetParam()->keymaster0_calls());
806}
807
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]808TEST_P(SigningOperationsTest, HmacLengthInKey) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]809 // TODO(swillden): unified API should generate an error on key generation.
810 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
811 .HmacKey(128)
812 .Digest(KM_DIGEST_SHA_2_256)
813 .Authorization(TAG_MAC_LENGTH, 20)));
814 string message = "12345678901234567890123456789012";
815 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]816 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 240);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]817 // Size in key was ignored.
818 ASSERT_EQ(30U, signature.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]819
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]820 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]821}
822
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]823TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]824 uint8_t key_data[] = {
825 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
826 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
827 };
828 string message = "Hi There";
829 uint8_t sha_224_expected[] = {
830 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d,
831 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22,
832 };
833 uint8_t sha_256_expected[] = {
834 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf,
835 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83,
836 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7,
837 };
838 uint8_t sha_384_expected[] = {
839 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4,
840 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
841 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9,
842 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6,
843 };
844 uint8_t sha_512_expected[] = {
845 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a,
846 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0,
847 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7,
848 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e,
849 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54,
850 };
851
852 string key = make_string(key_data);
853
854 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
855 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
856 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
857 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]858
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]859 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]860}
861
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]862TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]863 string key = "Jefe";
864 string message = "what do ya want for nothing?";
865 uint8_t sha_224_expected[] = {
866 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e,
867 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44,
868 };
869 uint8_t sha_256_expected[] = {
870 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24,
871 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27,
872 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43,
873 };
874 uint8_t sha_384_expected[] = {
875 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2,
876 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
877 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca,
878 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49,
879 };
880 uint8_t sha_512_expected[] = {
881 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b,
882 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27,
883 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99,
884 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3,
885 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37,
886 };
887
888 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
889 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
890 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
891 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]892
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]893 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]894}
895
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]896TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]897 string key(20, 0xaa);
898 string message(50, 0xdd);
899 uint8_t sha_224_expected[] = {
900 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a,
901 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea,
902 };
903 uint8_t sha_256_expected[] = {
904 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8,
905 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8,
906 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe,
907 };
908 uint8_t sha_384_expected[] = {
909 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0,
910 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
911 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d,
912 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27,
913 };
914 uint8_t sha_512_expected[] = {
915 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c,
916 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8,
917 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22,
918 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37,
919 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb,
920 };
921
922 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
923 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
924 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
925 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]926
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]927 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]928}
929
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]930TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]931 uint8_t key_data[25] = {
932 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
933 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
934 };
935 string key = make_string(key_data);
936 string message(50, 0xcd);
937 uint8_t sha_224_expected[] = {
938 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82,
939 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a,
940 };
941 uint8_t sha_256_expected[] = {
942 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81,
943 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78,
944 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b,
945 };
946 uint8_t sha_384_expected[] = {
947 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62,
948 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
949 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23,
950 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb,
951 };
952 uint8_t sha_512_expected[] = {
953 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6,
954 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f,
955 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e,
956 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41,
957 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd,
958 };
959
960 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
961 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
962 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
963 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]964
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]965 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]966}
967
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]968TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]969 string key(20, 0x0c);
970 string message = "Test With Truncation";
971
972 uint8_t sha_224_expected[] = {
973 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37,
974 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8,
975 };
976 uint8_t sha_256_expected[] = {
977 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
978 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b,
979 };
980 uint8_t sha_384_expected[] = {
981 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
982 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97,
983 };
984 uint8_t sha_512_expected[] = {
985 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53,
986 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6,
987 };
988
989 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
990 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
991 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
992 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]993
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]994 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]995}
996
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]997TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]998 string key(131, 0xaa);
999 string message = "Test Using Larger Than Block-Size Key - Hash Key First";
1000
1001 uint8_t sha_224_expected[] = {
1002 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d,
1003 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e,
1004 };
1005 uint8_t sha_256_expected[] = {
1006 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26,
1007 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28,
1008 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54,
1009 };
1010 uint8_t sha_384_expected[] = {
1011 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a,
1012 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
1013 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab,
1014 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52,
1015 };
1016 uint8_t sha_512_expected[] = {
1017 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd,
1018 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b,
1019 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25,
1020 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73,
1021 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98,
1022 };
1023
1024 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1025 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1026 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1027 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1028
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1029 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1030}
1031
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1032TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1033 string key(131, 0xaa);
1034 string message = "This is a test using a larger than block-size key and a larger than "
1035 "block-size data. The key needs to be hashed before being used by the HMAC "
1036 "algorithm.";
1037
1038 uint8_t sha_224_expected[] = {
1039 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3,
1040 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1,
1041 };
1042 uint8_t sha_256_expected[] = {
1043 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f,
1044 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07,
1045 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2,
1046 };
1047 uint8_t sha_384_expected[] = {
1048 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25,
1049 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
1050 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31,
1051 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e,
1052 };
1053 uint8_t sha_512_expected[] = {
1054 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e,
1055 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5,
1056 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82,
1057 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb,
1058 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58,
1059 };
1060
1061 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected));
1062 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected));
1063 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected));
1064 CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1065
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1066 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1067}
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1068
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1069TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1070 ASSERT_EQ(KM_ERROR_OK,
1071 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256)));
1072 AuthorizationSet begin_params(client_params());
Shawn Willden0c60f6f2015-04-27 23:40:10 -0600[diff] [blame]1073 begin_params.push_back(TAG_MAC_LENGTH, 264);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1074 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1075 ASSERT_EQ(KM_ERROR_OK,
1076 BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */));
1077 string message = "1234567890123456789012345678901";
1078 string result;
1079 size_t input_consumed;
1080 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1081 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, FinishOperation(&result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1082
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1083 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1084}
1085
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1086// TODO(swillden): Add more verification failure tests.
1087
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1088typedef Keymaster1Test VerificationOperationsTest;
1089INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params);
1090
1091TEST_P(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1092 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1093 .RsaSigningKey(256, 3)
1094 .Digest(KM_DIGEST_NONE)
1095 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1096 string message = "12345678901234567890123456789012";
1097 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1098 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1099 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1100
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1101 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1102 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]1103}
1104
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1105TEST_P(VerificationOperationsTest, RsaPssSha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1106 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1107 .RsaSigningKey(512, 3)
1108 .Digest(KM_DIGEST_SHA_2_256)
1109 .Padding(KM_PAD_RSA_PSS)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1110 // Use large message, which won't work without digesting.
1111 string message(1024, 'a');
1112 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1113 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
1114 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1115
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1116 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1117 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1118}
1119
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1120TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1121 GenerateKey(AuthorizationSetBuilder()
1122 .RsaSigningKey(512, 3)
1123 .Digest(KM_DIGEST_SHA_2_256)
1124 .Padding(KM_PAD_RSA_PSS));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1125 string message(1024, 'a');
1126 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1127 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1128 ++signature[signature.size() / 2];
1129
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1130 AuthorizationSet begin_params(client_params());
1131 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1132 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1133 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1134
1135 string result;
1136 size_t input_consumed;
1137 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1138 EXPECT_EQ(message.size(), input_consumed);
1139 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1140
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1141 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1142 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1143}
1144
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1145TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1146 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1147 .RsaSigningKey(512, 3)
1148 .Digest(KM_DIGEST_SHA_2_256)
1149 .Padding(KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1150 // Use large message, which won't work without digesting.
1151 string message(1024, 'a');
1152 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1153 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS);
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1154 ++message[message.size() / 2];
1155
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1156 AuthorizationSet begin_params(client_params());
1157 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1158 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1159 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1160
1161 string result;
1162 size_t input_consumed;
1163 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1164 EXPECT_EQ(message.size(), input_consumed);
1165 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1166
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1167 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1168 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]1169}
1170
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1171TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1172 GenerateKey(AuthorizationSetBuilder()
1173 .RsaSigningKey(512, 3)
1174 .Digest(KM_DIGEST_SHA_2_256)
1175 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1176 string message(1024, 'a');
1177 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1178 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
1179 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1180
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1181 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1182 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1183}
1184
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1185TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1186 GenerateKey(AuthorizationSetBuilder()
1187 .RsaSigningKey(512, 3)
1188 .Digest(KM_DIGEST_SHA_2_256)
1189 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1190 string message(1024, 'a');
1191 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1192 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1193 ++signature[signature.size() / 2];
1194
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1195 AuthorizationSet begin_params(client_params());
1196 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1197 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1198 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1199
1200 string result;
1201 size_t input_consumed;
1202 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1203 EXPECT_EQ(message.size(), input_consumed);
1204 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1205
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1206 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1207 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1208}
1209
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1210TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1211 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1212 .RsaSigningKey(512, 3)
1213 .Digest(KM_DIGEST_SHA_2_256)
1214 .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1215 // Use large message, which won't work without digesting.
1216 string message(1024, 'a');
1217 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1218 SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1219 ++message[message.size() / 2];
1220
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1221 AuthorizationSet begin_params(client_params());
1222 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1223 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1224 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1225
1226 string result;
1227 size_t input_consumed;
1228 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1229 EXPECT_EQ(message.size(), input_consumed);
1230 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1231
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1232 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1233 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1234}
1235
1236template <typename T> vector<T> make_vector(const T* array, size_t len) {
1237 return vector<T>(array, array + len);
1238}
1239
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1240TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1241 // Get all supported digests and padding modes.
1242 size_t digests_len;
1243 keymaster_digest_t* digests;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1244 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1245 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
1246 &digests_len));
1247
1248 size_t padding_modes_len;
1249 keymaster_padding_t* padding_modes;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]1250 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1251 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
1252 &padding_modes, &padding_modes_len));
1253
1254 // Try them.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1255 int trial_count = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1256 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
1257 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1258 if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE)
1259 // Digesting requires padding
1260 continue;
1261
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1262 // Compute key & message size that will work.
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1263 size_t key_bits = 0;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1264 size_t message_len = 1000;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1265
1266 if (digest == KM_DIGEST_NONE) {
1267 key_bits = 256;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1268 switch (padding_mode) {
1269 case KM_PAD_NONE:
1270 // Match key size.
1271 message_len = key_bits / 8;
1272 break;
1273 case KM_PAD_RSA_PKCS1_1_5_SIGN:
1274 message_len = key_bits / 8 - 11;
1275 break;
1276 case KM_PAD_RSA_PSS:
1277 // PSS requires a digest.
1278 continue;
1279 default:
1280 FAIL() << "Missing padding";
1281 break;
1282 }
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1283 } else {
1284 size_t digest_bits;
1285 switch (digest) {
1286 case KM_DIGEST_MD5:
1287 digest_bits = 128;
1288 break;
1289 case KM_DIGEST_SHA1:
1290 digest_bits = 160;
1291 break;
1292 case KM_DIGEST_SHA_2_224:
1293 digest_bits = 224;
1294 break;
1295 case KM_DIGEST_SHA_2_256:
1296 digest_bits = 256;
1297 break;
1298 case KM_DIGEST_SHA_2_384:
1299 digest_bits = 384;
1300 break;
1301 case KM_DIGEST_SHA_2_512:
1302 digest_bits = 512;
1303 break;
1304 default:
1305 FAIL() << "Missing digest";
1306 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1307
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1308 switch (padding_mode) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1309 case KM_PAD_RSA_PKCS1_1_5_SIGN:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1310 key_bits = digest_bits + 8 * (11 + 19);
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1311 break;
1312 case KM_PAD_RSA_PSS:
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1313 key_bits = digest_bits + 8 * 10;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1314 break;
1315 default:
1316 FAIL() << "Missing padding";
1317 break;
1318 }
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1319 }
1320
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1321 GenerateKey(AuthorizationSetBuilder()
1322 .RsaSigningKey(key_bits, 3)
1323 .Digest(digest)
1324 .Padding(padding_mode));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1325 string message(message_len, 'a');
1326 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1327 SignMessage(message, &signature, digest, padding_mode);
1328 VerifyMessage(message, signature, digest, padding_mode);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1329 ++trial_count;
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1330 }
1331 }
1332
1333 free(padding_modes);
1334 free(digests);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1335
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1336 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]1337 EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls());
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame]1338}
1339
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1340TEST_P(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1341 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1342 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1343 string message = "12345678901234567890123456789012";
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1344 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1345 SignMessage(message, &signature, KM_DIGEST_NONE);
1346 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1347
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1348 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1349 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1350}
1351
Shawn Willden2101e9e2015-06-24 12:22:02 -0700[diff] [blame]1352TEST_P(VerificationOperationsTest, EcdsaTooShort) {
1353 ASSERT_EQ(KM_ERROR_OK,
1354 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1355 string message = "12345678901234567890";
1356 string signature;
1357 SignMessage(message, &signature, KM_DIGEST_NONE);
1358 VerifyMessage(message, signature, KM_DIGEST_NONE);
1359
1360 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1361 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1362}
1363
1364TEST_P(VerificationOperationsTest, EcdsaTooLong) {
1365 ASSERT_EQ(KM_ERROR_OK,
1366 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
1367 string message = "1234567890123456789012345678901234";
1368 string signature;
1369
1370 AuthorizationSet begin_params(client_params());
1371 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1372 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
1373 string output;
1374 size_t input_consumed;
1375 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
1376
1377 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1378 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1379}
1380
1381TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
1382 ASSERT_EQ(KM_ERROR_OK,
1383 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
1384
1385 string message(66, 'a');
1386 string signature;
1387 SignMessage(message, &signature, KM_DIGEST_NONE);
1388 VerifyMessage(message, signature, KM_DIGEST_NONE);
1389
1390 // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh.
1391 message[65] ^= 7;
1392 VerifyMessage(message, signature, KM_DIGEST_NONE);
1393
1394 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1395 EXPECT_EQ(5, GetParam()->keymaster0_calls());
1396}
1397
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1398TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
1399 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1400 .EcdsaSigningKey(256)
1401 .Digest(KM_DIGEST_SHA_2_256)
1402 .Digest(KM_DIGEST_NONE)));
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1403 string message = "12345678901234567890123456789012";
Shawn Willdenefbd7e42015-06-01 07:07:33 -0600[diff] [blame]1404 string signature;
1405 SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
1406 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
1407
1408 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1409 EXPECT_EQ(4, GetParam()->keymaster0_calls());
1410
1411 // Just for giggles, try verifying with the wrong digest.
1412 AuthorizationSet begin_params(client_params());
1413 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1414 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1415
1416 string result;
1417 size_t input_consumed;
1418 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1419 EXPECT_EQ(message.size(), input_consumed);
1420 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
1421}
1422
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1423TEST_P(VerificationOperationsTest, HmacSha1Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1424 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1425 string message = "123456789012345678901234567890123456789012345678";
1426 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1427 MacMessage(message, &signature, KM_DIGEST_SHA1, 160);
1428 VerifyMessage(message, signature, KM_DIGEST_SHA1);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1429
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1430 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1431}
1432
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1433TEST_P(VerificationOperationsTest, HmacSha224Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1434 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_224));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1435 string message = "123456789012345678901234567890123456789012345678";
1436 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1437 MacMessage(message, &signature, KM_DIGEST_SHA_2_224, 224);
1438 VerifyMessage(message, signature, KM_DIGEST_SHA_2_224);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1439
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1440 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1441}
1442
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1443TEST_P(VerificationOperationsTest, HmacSha256Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1444 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1445 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1446 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1447 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 256);
1448 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1449
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1450 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1451}
1452
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1453TEST_P(VerificationOperationsTest, HmacSha384Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1454 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_384));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1455 string message = "123456789012345678901234567890123456789012345678";
1456 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1457 MacMessage(message, &signature, KM_DIGEST_SHA_2_384, 384);
1458 VerifyMessage(message, signature, KM_DIGEST_SHA_2_384);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1459
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1460 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1461}
1462
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1463TEST_P(VerificationOperationsTest, HmacSha512Success) {
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]1464 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA_2_512));
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1465 string message = "123456789012345678901234567890123456789012345678";
1466 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1467 MacMessage(message, &signature, KM_DIGEST_SHA_2_512, 512);
1468 VerifyMessage(message, signature, KM_DIGEST_SHA_2_512);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1469
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1470 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1471}
1472
Shawn Willdenebc99a12015-06-26 12:21:56 -0700[diff] [blame^]1473TEST_P(VerificationOperationsTest, HmacAnyDigestSuccess) {
1474 ASSERT_EQ(KM_ERROR_OK,
1475 GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE)));
1476 string message = "12345678901234567890123456789012";
1477 string signature;
1478
1479 size_t len;
1480 keymaster_digest_t* digests;
1481 ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
1482 KM_PURPOSE_SIGN, &digests, &len));
1483 for (size_t i = 0; i < len; ++i) {
1484 MacMessage(message, &signature, digests[i], 128 /* small MAC to work with all digests */);
1485 VerifyMessage(message, signature, digests[i]);
1486 if (len > 1) {
1487 size_t wrong_digest_index = (i == 0) ? 1 : 0;
1488 AuthorizationSet begin_params(client_params());
1489 begin_params.push_back(TAG_DIGEST, digests[wrong_digest_index]);
1490 begin_params.push_back(TAG_MAC_LENGTH, 128);
1491 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
1492 string output;
1493 size_t input_consumed;
1494 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &output, &input_consumed));
1495 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &output));
1496 }
1497 }
1498 free(digests);
1499
1500 EXPECT_EQ(0, GetParam()->keymaster0_calls());
1501}
1502
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1503typedef Keymaster1Test ExportKeyTest;
1504INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params);
1505
1506TEST_P(ExportKeyTest, RsaSuccess) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1507 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1508 .RsaSigningKey(256, 3)
1509 .Digest(KM_DIGEST_NONE)
1510 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1511 string export_data;
1512 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1513 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1514
1515 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1516
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1517 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1518 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1519}
1520
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1521TEST_P(ExportKeyTest, EcdsaSuccess) {
Shawn Willden84b8da52015-03-11 07:21:32 -0600[diff] [blame]1522 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1523 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1524 string export_data;
1525 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1526 EXPECT_GT(export_data.length(), 0U);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1527
1528 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1529
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1530 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1531 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1532}
1533
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1534TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1535 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1536 .RsaSigningKey(256, 3)
1537 .Digest(KM_DIGEST_NONE)
1538 .Padding(KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1539 string export_data;
1540 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1541
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1542 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1543 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1544}
1545
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1546TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1547 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1548 .RsaSigningKey(256, 3)
1549 .Digest(KM_DIGEST_NONE)
1550 .Padding(KM_PAD_NONE)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1551 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1552 string export_data;
1553 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1554
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1555 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1556 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1557}
1558
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1559TEST_P(ExportKeyTest, AesKeyExportFails) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1560 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128)));
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1561 string export_data;
1562
1563 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1564 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
1565 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1566
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1567 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden7dad93b2015-02-05 10:20:47 -0700[diff] [blame]1568}
1569
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1570static string read_file(const string& file_name) {
1571 ifstream file_stream(file_name, std::ios::binary);
1572 istreambuf_iterator<char> file_begin(file_stream);
1573 istreambuf_iterator<char> file_end;
1574 return string(file_begin, file_end);
1575}
1576
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1577typedef Keymaster1Test ImportKeyTest;
1578INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params);
1579
1580TEST_P(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1581 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1582 ASSERT_EQ(633U, pk8_key.size());
1583
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1584 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1585 .RsaSigningKey(1024, 65537)
1586 .Digest(KM_DIGEST_NONE)
1587 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1588 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1589
1590 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1591 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1592 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1593 TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1594 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1595 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1596 TAG_KEY_SIZE, 1024));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1597 EXPECT_TRUE(contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA) ? hw_enforced()
1598 : sw_enforced(),
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1599 TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1600
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1601 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1602 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1603 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1604
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1605 string message(1024 / 8, 'a');
1606 string signature;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1607 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
1608 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1609
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1610 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1611 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1612}
1613
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1614TEST_P(ImportKeyTest, OldApiRsaSuccess) {
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1615 string pk8_key = read_file("rsa_privkey_pk8.der");
1616 ASSERT_EQ(633U, pk8_key.size());
1617
1618 // NOTE: This will break when the keymaster0 APIs are removed from keymaster1. But at that
1619 // point softkeymaster will no longer support keymaster0 APIs anyway.
1620 uint8_t* key_blob;
1621 size_t key_blob_length;
1622 ASSERT_EQ(0,
1623 device()->import_keypair(device(), reinterpret_cast<const uint8_t*>(pk8_key.data()),
1624 pk8_key.size(), &key_blob, &key_blob_length));
1625 set_key_blob(key_blob, key_blob_length);
1626
1627 string message(1024 / 8, 'a');
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1628 AuthorizationSet begin_params; // Don't use client data.
1629 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1630 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1631 AuthorizationSet update_params;
1632 AuthorizationSet output_params;
1633 string signature =
1634 ProcessMessage(KM_PURPOSE_SIGN, message, begin_params, update_params, &output_params);
1635 ProcessMessage(KM_PURPOSE_VERIFY, message, signature, begin_params, update_params,
1636 &output_params);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1637
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1638 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1639 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdend7a5c712015-04-09 16:33:52 -0600[diff] [blame]1640}
1641
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1642TEST_P(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1643 string pk8_key = read_file("rsa_privkey_pk8.der");
1644 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1645 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1646 ImportKey(AuthorizationSetBuilder()
1647 .RsaSigningKey(2048 /* Doesn't match key */, 3)
1648 .Digest(KM_DIGEST_NONE)
1649 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1650 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1651
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1652 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1653}
1654
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1655TEST_P(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1656 string pk8_key = read_file("rsa_privkey_pk8.der");
1657 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1658 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1659 ImportKey(AuthorizationSetBuilder()
1660 .RsaSigningKey(256, 3 /* Doesnt' match key */)
1661 .Digest(KM_DIGEST_NONE)
1662 .Padding(KM_PAD_NONE),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1663 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1664
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1665 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1666}
1667
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1668TEST_P(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1669 string pk8_key = read_file("ec_privkey_pk8.der");
1670 ASSERT_EQ(138U, pk8_key.size());
1671
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1672 ASSERT_EQ(KM_ERROR_OK,
1673 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1674 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1675
1676 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1677 EXPECT_TRUE(
1678 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1679 TAG_ALGORITHM, KM_ALGORITHM_EC));
1680 EXPECT_TRUE(
1681 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1682 TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1683
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1684 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1685 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1686 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1687
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1688 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1689 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1690 SignMessage(message, &signature, KM_DIGEST_NONE);
1691 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1692
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1693 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1694 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1695}
1696
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1697TEST_P(ImportKeyTest, EcdsaSizeSpecified) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1698 string pk8_key = read_file("ec_privkey_pk8.der");
1699 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1700
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1701 ASSERT_EQ(KM_ERROR_OK,
1702 ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE),
1703 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1704
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1705 // Check values derived from the key.
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1706 EXPECT_TRUE(
1707 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1708 TAG_ALGORITHM, KM_ALGORITHM_EC));
1709 EXPECT_TRUE(
1710 contains(GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC) ? hw_enforced() : sw_enforced(),
1711 TAG_KEY_SIZE, 256));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1712
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]1713 // And values provided by AndroidKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1714 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1715 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1716
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1717 string message(32, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1718 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1719 SignMessage(message, &signature, KM_DIGEST_NONE);
1720 VerifyMessage(message, signature, KM_DIGEST_NONE);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1721
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1722 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
1723 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1724}
1725
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1726TEST_P(ImportKeyTest, EcdsaSizeMismatch) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1727 string pk8_key = read_file("ec_privkey_pk8.der");
1728 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1729 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1730 ImportKey(AuthorizationSetBuilder()
1731 .EcdsaSigningKey(224 /* Doesn't match key */)
1732 .Digest(KM_DIGEST_NONE),
1733 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1734
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1735 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1736}
1737
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1738TEST_P(ImportKeyTest, AesKeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1739 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1740 string key(key_data, sizeof(key_data));
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1741 ASSERT_EQ(KM_ERROR_OK,
Shawn Willdenc47c88f2015-04-07 17:23:27 -0600[diff] [blame]1742 ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization(
1743 TAG_PADDING, KM_PAD_PKCS7),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1744 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1745
1746 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1747 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1748
1749 string message = "Hello World!";
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]1750 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
1751 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1752 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1753
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1754 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1755}
1756
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1757TEST_P(ImportKeyTest, HmacSha256KeySuccess) {
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1758 char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1759 string key(key_data, sizeof(key_data));
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1760 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
1761 .HmacKey(sizeof(key_data) * 8)
1762 .Digest(KM_DIGEST_SHA_2_256)
1763 .Authorization(TAG_MAC_LENGTH, 32),
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]1764 KM_KEY_FORMAT_RAW, key));
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1765
1766 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1767 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1768
1769 string message = "Hello World!";
1770 string signature;
Shawn Willden226746b2015-05-08 11:36:56 -0600[diff] [blame]1771 MacMessage(message, &signature, KM_DIGEST_SHA_2_256, 32);
1772 VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1773
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1774 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden3b702e22015-02-05 10:26:47 -0700[diff] [blame]1775}
1776
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1777typedef Keymaster1Test EncryptionOperationsTest;
1778INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params);
1779
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1780TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
1781 ASSERT_EQ(KM_ERROR_OK,
1782 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1783
1784 string message = "12345678901234567890123456789012";
1785 string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE);
1786 EXPECT_EQ(256U / 8, ciphertext1.size());
1787
1788 string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE);
1789 EXPECT_EQ(256U / 8, ciphertext2.size());
1790
1791 // Unpadded RSA is deterministic
1792 EXPECT_EQ(ciphertext1, ciphertext2);
1793
1794 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1795 EXPECT_EQ(3, GetParam()->keymaster0_calls());
1796}
1797
1798TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) {
1799 ASSERT_EQ(KM_ERROR_OK,
1800 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1801
1802 string message = "1234567890123456789012345678901";
1803
1804 AuthorizationSet begin_params(client_params());
1805 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1806 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1807
1808 string result;
1809 size_t input_consumed;
1810 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1811 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
1812 EXPECT_EQ(0U, result.size());
1813
1814 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1815 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1816}
1817
1818TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
1819 ASSERT_EQ(KM_ERROR_OK,
1820 GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE)));
1821
1822 string message = "123456789012345678901234567890123";
1823
1824 AuthorizationSet begin_params(client_params());
1825 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
1826 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1827
1828 string result;
1829 size_t input_consumed;
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]1830 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed));
Shawn Willden30160842015-06-01 08:31:00 -0600[diff] [blame]1831
1832 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1833 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1834}
1835
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1836TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1837 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1838 .RsaEncryptionKey(512, 3)
1839 .Padding(KM_PAD_RSA_OAEP)
1840 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1841
1842 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1843 string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1844 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1845
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1846 string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1847 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1848
1849 // OAEP randomizes padding so every result should be different.
1850 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1851
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1852 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1853 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1854}
1855
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1856TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1857 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1858 .RsaEncryptionKey(512, 3)
1859 .Padding(KM_PAD_RSA_OAEP)
1860 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1861 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1862 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1863 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1864
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1865 string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1866 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1867
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1868 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1869 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1870}
1871
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1872TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
1873 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1874 .RsaEncryptionKey(512, 3)
1875 .Padding(KM_PAD_RSA_OAEP)
1876 .Digest(KM_DIGEST_NONE)));
1877 string message = "Hello World!";
1878
1879 AuthorizationSet begin_params(client_params());
1880 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
1881 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
1882 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1883
1884 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1885 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1886}
1887
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1888TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1889 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1890 .RsaEncryptionKey(512, 3)
1891 .Padding(KM_PAD_RSA_OAEP)
1892 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1893 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1894 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1895 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1896
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1897 AuthorizationSet begin_params(client_params());
1898 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1899 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1900 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1901 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1902 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1903 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1904
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1905 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1906 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1907}
1908
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1909TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1910 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1911 .RsaEncryptionKey(512, 3)
1912 .Padding(KM_PAD_RSA_OAEP)
1913 .Digest(KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1914 string message = "Hello World!";
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1915 string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1916 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1917
1918 // Corrupt the ciphertext
1919 ciphertext[512 / 8 / 2]++;
1920
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1921 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1922 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1923 AuthorizationSet begin_params(client_params());
1924 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1925 begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1926 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1927 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1928 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1929 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1930
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1931 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1932 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1933}
1934
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1935TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1936 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1937 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1938 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1939 string ciphertext1 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1940 EXPECT_EQ(512U / 8, ciphertext1.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1941
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1942 string ciphertext2 = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1943 EXPECT_EQ(512U / 8, ciphertext2.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1944
1945 // PKCS1 v1.5 randomizes padding so every result should be different.
1946 EXPECT_NE(ciphertext1, ciphertext2);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1947
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1948 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1949 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1950}
1951
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1952TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1953 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1954 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1955 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1956 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1957 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1958
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1959 string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1960 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1961
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1962 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1963 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1964}
1965
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]1966TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]1967 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
1968 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willden7bae1322015-05-26 10:16:49 -0600[diff] [blame]1969 string message = "123456789012345678901234567890123456789012345678901234";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1970 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1971 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1972
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]1973 AuthorizationSet begin_params(client_params());
1974 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1975 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1976 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1977 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]1978 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1979
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]1980 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]1981 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1982}
1983
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]1984TEST_P(EncryptionOperationsTest, RsaPkcs1InvalidDigest) {
1985 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
1986 .RsaEncryptionKey(512, 3)
1987 .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT)
1988 .Digest(KM_DIGEST_NONE)));
1989 string message = "Hello World!";
1990 string result;
1991
1992 AuthorizationSet begin_params(client_params());
1993 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
1994 begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); // Any digest is invalid
1995 EXPECT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
1996
1997 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
1998 EXPECT_EQ(2, GetParam()->keymaster0_calls());
1999}
2000
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2001TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenaf533992015-04-15 13:48:28 -0600[diff] [blame]2002 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding(
2003 KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2004 string message = "Hello World!";
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2005 string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2006 EXPECT_EQ(512U / 8, ciphertext.size());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2007
2008 // Corrupt the ciphertext
2009 ciphertext[512 / 8 / 2]++;
2010
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2011 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]2012 size_t input_consumed;
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2013 AuthorizationSet begin_params(client_params());
2014 begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
2015 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]2016 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]2017 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2018 EXPECT_EQ(0U, result.size());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2019
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2020 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2021 EXPECT_EQ(4, GetParam()->keymaster0_calls());
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]2022}
2023
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2024TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) {
Shawn Willden0afa3c82015-06-22 10:39:21 -0600[diff] [blame]2025 ASSERT_EQ(KM_ERROR_OK,
2026 GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE)));
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2027
2028 AuthorizationSet begin_params(client_params());
2029 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2030 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2031
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2032 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2033 EXPECT_EQ(2, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2034}
2035
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2036TEST_P(EncryptionOperationsTest, EcdsaEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2037 ASSERT_EQ(KM_ERROR_OK,
2038 GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2039 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2040 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2041
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2042 if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
2043 EXPECT_EQ(3, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2044}
2045
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2046TEST_P(EncryptionOperationsTest, HmacEncrypt) {
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2047 ASSERT_EQ(
2048 KM_ERROR_OK,
2049 GenerateKey(
2050 AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_NONE).Padding(KM_PAD_NONE)));
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]2051 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT));
2052 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2053
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2054 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]2055}
2056
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2057TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2058 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2059 .AesEncryptionKey(128)
2060 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2061 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2062 // Two-block message.
2063 string message = "12345678901234567890123456789012";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2064 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2065 EXPECT_EQ(message.size(), ciphertext1.size());
2066
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2067 string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2068 EXPECT_EQ(message.size(), ciphertext2.size());
2069
2070 // ECB is deterministic.
2071 EXPECT_EQ(ciphertext1, ciphertext2);
2072
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2073 string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2074 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2075
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2076 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2077}
2078
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2079TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2080 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2081 .AesEncryptionKey(128)
2082 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2083 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2084 // Message is slightly shorter than two blocks.
2085 string message = "1234567890123456789012345678901";
2086
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2087 AuthorizationSet begin_params(client_params());
2088 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2089 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2090 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2091 string ciphertext;
2092 size_t input_consumed;
2093 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed));
2094 EXPECT_EQ(message.size(), input_consumed);
2095 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2096
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2097 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2098}
2099
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2100TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2101 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2102 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2103 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2104 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2105
2106 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2107 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2108 string message(i, 'a');
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2109 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2110 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2111 string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2112 EXPECT_EQ(message, plaintext);
2113 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2114
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2115 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2116}
2117
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2118TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2119 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2120 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2121 .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB)
2122 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2123
2124 string message = "a";
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2125 string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7);
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2126 EXPECT_EQ(16U, ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2127 EXPECT_NE(ciphertext, message);
2128 ++ciphertext[ciphertext.size() / 2];
2129
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2130 AuthorizationSet begin_params(client_params());
2131 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2132 begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2133 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2134 string plaintext;
2135 size_t input_consumed;
2136 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed));
2137 EXPECT_EQ(ciphertext.size(), input_consumed);
2138 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2139
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2140 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2141}
2142
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2143TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2144 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2145 .AesEncryptionKey(128)
2146 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2147 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2148 string message = "123";
2149 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2150 string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2151 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2152 EXPECT_EQ(16U, iv1.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2153
2154 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2155 string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2156 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willden72a5fdd2015-03-17 20:04:33 -0600[diff] [blame]2157 EXPECT_EQ(16U, iv2.size());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2158
2159 // IVs should be random, so ciphertexts should differ.
2160 EXPECT_NE(iv1, iv2);
2161 EXPECT_NE(ciphertext1, ciphertext2);
2162
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2163 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2164 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2165
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2166 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2167}
2168
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2169TEST_P(EncryptionOperationsTest, AesCtrIncremental) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2170 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2171 .AesEncryptionKey(128)
2172 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2173 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2174
2175 int increment = 15;
2176 string message(239, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2177 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2178 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2179 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2180 AuthorizationSet output_params;
2181 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2182
2183 string ciphertext;
2184 size_t input_consumed;
2185 for (size_t i = 0; i < message.size(); i += increment)
2186 EXPECT_EQ(KM_ERROR_OK,
2187 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2188 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2189 EXPECT_EQ(message.size(), ciphertext.size());
2190
2191 // Move TAG_NONCE into input_params
2192 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2193 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2194 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2195 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2196 output_params.Clear();
2197
2198 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
2199 string plaintext;
2200 for (size_t i = 0; i < ciphertext.size(); i += increment)
2201 EXPECT_EQ(KM_ERROR_OK,
2202 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2203 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2204 EXPECT_EQ(ciphertext.size(), plaintext.size());
2205 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2206
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2207 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2208}
2209
2210struct AesCtrSp80038aTestVector {
2211 const char* key;
2212 const char* nonce;
2213 const char* plaintext;
2214 const char* ciphertext;
2215};
2216
2217// These test vectors are taken from
2218// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5.
2219static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = {
2220 // AES-128
2221 {
2222 "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2223 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2224 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2225 "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff"
2226 "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee",
2227 },
2228 // AES-192
2229 {
2230 "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2231 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2232 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2233 "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
2234 "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050",
2235 },
2236 // AES-256
2237 {
2238 "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
2239 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
2240 "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51"
2241 "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
2242 "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
2243 "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6",
2244 },
2245};
2246
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2247TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2248 for (size_t i = 0; i < 3; i++) {
2249 const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
2250 const string key = hex2str(test.key);
2251 const string nonce = hex2str(test.nonce);
2252 const string plaintext = hex2str(test.plaintext);
2253 const string ciphertext = hex2str(test.ciphertext);
2254 CheckAesCtrTestVector(key, nonce, plaintext, ciphertext);
2255 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2256
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2257 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2258}
2259
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2260TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2261 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2262 .AesEncryptionKey(128)
2263 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
2264 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2265 AuthorizationSet begin_params(client_params());
2266 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2267 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2268 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2269
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2270 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2271}
2272
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2273TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) {
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2274 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2275 .AesEncryptionKey(128)
2276 .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2277 .Authorization(TAG_CALLER_NONCE)
2278 .Padding(KM_PAD_NONE)));
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2279
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2280 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2281 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2282 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2283 input_params.push_back(TAG_NONCE, "123", 3);
2284 EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2285
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2286 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Thai Duong20d725d2015-03-24 17:49:58 -0700[diff] [blame]2287}
2288
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2289TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2290 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2291 .AesEncryptionKey(128)
2292 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2293 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2294 // Two-block message.
2295 string message = "12345678901234567890123456789012";
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2296 string iv1;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2297 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2298 EXPECT_EQ(message.size(), ciphertext1.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2299
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2300 string iv2;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2301 string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2302 EXPECT_EQ(message.size(), ciphertext2.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2303
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2304 // IVs should be random, so ciphertexts should differ.
2305 EXPECT_NE(iv1, iv2);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2306 EXPECT_NE(ciphertext1, ciphertext2);
2307
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2308 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2309 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2310
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2311 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2312}
2313
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2314TEST_P(EncryptionOperationsTest, AesCallerNonce) {
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2315 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2316 .AesEncryptionKey(128)
2317 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2318 .Authorization(TAG_CALLER_NONCE)
2319 .Padding(KM_PAD_NONE)));
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2320 string message = "12345678901234567890123456789012";
2321 string iv1;
2322 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2323 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2324 EXPECT_EQ(message.size(), ciphertext1.size());
2325 EXPECT_EQ(16U, iv1.size());
2326
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2327 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2328 EXPECT_EQ(message, plaintext);
2329
2330 // Now specify a nonce, should also work.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2331 AuthorizationSet input_params(client_params());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2332 AuthorizationSet update_params;
2333 AuthorizationSet output_params;
2334 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2335 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2336 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2337 string ciphertext2 =
2338 ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params);
2339
2340 // Decrypt with correct nonce.
2341 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2342 &output_params);
2343 EXPECT_EQ(message, plaintext);
2344
2345 // Now try with wrong nonce.
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2346 input_params.Reinitialize(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2347 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2348 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2349 input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16);
2350 plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params,
2351 &output_params);
2352 EXPECT_NE(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2353
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2354 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden969aa382015-04-15 17:05:53 -0700[diff] [blame]2355}
2356
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2357TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2358 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2359 .AesEncryptionKey(128)
2360 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2361 .Padding(KM_PAD_NONE)));
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2362
2363 string message = "12345678901234567890123456789012";
2364 string iv1;
2365 // Don't specify nonce, should get a random one.
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2366 string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2367 EXPECT_EQ(message.size(), ciphertext1.size());
2368 EXPECT_EQ(16U, iv1.size());
2369
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2370 string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2371 EXPECT_EQ(message, plaintext);
2372
2373 // Now specify a nonce, should fail.
2374 AuthorizationSet input_params(client_params());
2375 AuthorizationSet update_params;
2376 AuthorizationSet output_params;
2377 input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16);
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2378 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2379 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2380
2381 EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
2382 BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2383
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2384 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden67706352015-04-28 00:43:19 -0600[diff] [blame]2385}
2386
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2387TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) {
Shawn Willden3ad5f052015-05-08 14:05:13 -0600[diff] [blame]2388 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2389 .AesEncryptionKey(128)
2390 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2391 .Padding(KM_PAD_NONE)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2392
2393 int increment = 15;
2394 string message(240, 'a');
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2395 AuthorizationSet input_params(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2396 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2397 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2398 AuthorizationSet output_params;
2399 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params));
2400
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2401 string ciphertext;
2402 size_t input_consumed;
2403 for (size_t i = 0; i < message.size(); i += increment)
2404 EXPECT_EQ(KM_ERROR_OK,
2405 UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
2406 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2407 EXPECT_EQ(message.size(), ciphertext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2408
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2409 // Move TAG_NONCE into input_params
2410 input_params.Reinitialize(output_params);
Shawn Willden09f25272015-04-15 13:49:49 -0600[diff] [blame]2411 input_params.push_back(client_params());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2412 input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC);
Shawn Willdenc4424672015-05-11 11:56:02 -0600[diff] [blame]2413 input_params.push_back(TAG_PADDING, KM_PAD_NONE);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2414 output_params.Clear();
2415
2416 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2417 string plaintext;
2418 for (size_t i = 0; i < ciphertext.size(); i += increment)
2419 EXPECT_EQ(KM_ERROR_OK,
2420 UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
2421 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2422 EXPECT_EQ(ciphertext.size(), plaintext.size());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2423 EXPECT_EQ(message, plaintext);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2424
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2425 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2426}
2427
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2428TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) {
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2429 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2430 .AesEncryptionKey(128)
Shawn Willden2c242002015-02-27 07:01:02 -0700[diff] [blame]2431 .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
2432 .Authorization(TAG_PADDING, KM_PAD_PKCS7)));
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2433
2434 // Try various message lengths; all should work.
Shawn Willdenc6096592015-03-17 15:53:14 -0600[diff] [blame]2435 for (size_t i = 0; i < 32; ++i) {
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2436 string message(i, 'a');
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2437 string iv;
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2438 string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv);
Shawn Willden7a62f5e2015-03-10 12:59:20 -0600[diff] [blame]2439 EXPECT_EQ(i + 16 - (i % 16), ciphertext.size());
Shawn Willden31e063f2015-05-08 14:31:22 -0600[diff] [blame]2440 string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv);
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2441 EXPECT_EQ(message, plaintext);
2442 }
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2443
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2444 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdenf0f68b92014-12-30 16:03:28 -0700[diff] [blame]2445}
2446
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2447TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) {
2448 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2449 .AesEncryptionKey(128)
2450 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2451 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2452 string aad = "foobar";
2453 string message = "123456789012345678901234567890123456";
2454 AuthorizationSet begin_params(client_params());
2455 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2456 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2457 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2458
2459 AuthorizationSet update_params;
2460 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2461
2462 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2463 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2464 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2465 string ciphertext;
2466 size_t input_consumed;
2467 AuthorizationSet update_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2468 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2469 &input_consumed));
2470 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2471 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2472
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2473 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2474 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2475 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2476
2477 // Decrypt.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2478 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2479 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2480 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2481 &plaintext, &input_consumed));
2482 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2483 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2484
2485 EXPECT_EQ(message, plaintext);
2486 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2487}
2488
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2489TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) {
2490 uint8_t nonce[] = {
2491 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f,
2492 };
2493 uint8_t ciphertext[] = {
2494 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16,
2495 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a,
2496 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76,
2497 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd,
2498 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0,
2499 };
2500 string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext));
2501
2502 AuthorizationSet begin_params(client_params());
2503 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2504 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2505 begin_params.push_back(TAG_MAC_LENGTH, 128);
2506 begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce));
2507
2508 string plaintext;
2509 size_t input_consumed;
2510
2511 // Import correct key and decrypt
2512 uint8_t good_key[] = {
2513 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2514 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2515 };
2516 string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key));
2517 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2518 .AesEncryptionKey(128)
2519 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2520 .Authorization(TAG_PADDING, KM_PAD_NONE)
2521 .Authorization(TAG_CALLER_NONCE),
2522 KM_KEY_FORMAT_RAW, good_key_str));
2523 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2524 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2525 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2526
2527 // Import bad key and decrypt
2528 uint8_t bad_key[] = {
2529 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d,
2530 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb,
2531 };
2532 string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key));
2533 ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
2534 .AesEncryptionKey(128)
2535 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2536 .Authorization(TAG_PADDING, KM_PAD_NONE),
2537 KM_KEY_FORMAT_RAW, bad_key_str));
2538 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2539 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed));
2540 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
2541
2542 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2543}
2544
2545TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {
2546 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2547 .AesEncryptionKey(128)
2548 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2549 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2550 string aad = "123456789012345678";
2551 string empty_message;
2552 AuthorizationSet begin_params(client_params());
2553 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2554 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2555 begin_params.push_back(TAG_MAC_LENGTH, 128);
2556
2557 AuthorizationSet update_params;
2558 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
2559
2560 // Encrypt
2561 AuthorizationSet begin_out_params;
2562 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2563 string ciphertext;
2564 size_t input_consumed;
2565 AuthorizationSet update_out_params;
2566 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params,
2567 &ciphertext, &input_consumed));
2568 EXPECT_EQ(0U, input_consumed);
2569 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2570
2571 // Grab nonce
2572 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2573 begin_params.push_back(begin_out_params);
2574
2575 // Decrypt.
2576 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2577 string plaintext;
2578 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2579 &plaintext, &input_consumed));
2580 EXPECT_EQ(ciphertext.size(), input_consumed);
2581 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2582
2583 EXPECT_EQ(empty_message, plaintext);
2584 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2585}
2586
2587TEST_P(EncryptionOperationsTest, AesGcmIncremental) {
2588 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2589 .AesEncryptionKey(128)
2590 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2591 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2592 AuthorizationSet begin_params(client_params());
2593 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2594 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2595 begin_params.push_back(TAG_MAC_LENGTH, 128);
2596
2597 AuthorizationSet update_params;
2598 update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1);
2599
2600 // Encrypt
2601 AuthorizationSet begin_out_params;
2602 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2603 string ciphertext;
2604 size_t input_consumed;
2605 AuthorizationSet update_out_params;
2606
2607 // Send AAD, incrementally
2608 for (int i = 0; i < 1000; ++i) {
2609 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext,
2610 &input_consumed));
2611 EXPECT_EQ(0U, input_consumed);
2612 EXPECT_EQ(0U, ciphertext.size());
2613 }
2614
2615 // Now send data, incrementally, no data.
2616 AuthorizationSet empty_params;
2617 for (int i = 0; i < 1000; ++i) {
2618 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext,
2619 &input_consumed));
2620 EXPECT_EQ(1U, input_consumed);
2621 }
2622 EXPECT_EQ(1000U, ciphertext.size());
2623
2624 // And finish.
2625 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
2626 EXPECT_EQ(1016U, ciphertext.size());
2627
2628 // Grab nonce
2629 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2630 begin_params.push_back(begin_out_params);
2631
2632 // Decrypt.
2633 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2634 string plaintext;
2635
2636 // Send AAD, incrementally, no data
2637 for (int i = 0; i < 1000; ++i) {
2638 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext,
2639 &input_consumed));
2640 EXPECT_EQ(0U, input_consumed);
2641 EXPECT_EQ(0U, plaintext.size());
2642 }
2643
2644 // Now send data, incrementally.
2645 for (size_t i = 0; i < ciphertext.length(); ++i) {
2646 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1),
2647 &update_out_params, &plaintext, &input_consumed));
2648 EXPECT_EQ(1U, input_consumed);
2649 }
2650 EXPECT_EQ(1000U, plaintext.size());
2651 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
2652
2653 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2654}
2655
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2656TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
2657 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2658 .AesEncryptionKey(128)
2659 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2660 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2661 string message = "123456789012345678901234567890123456";
2662 AuthorizationSet begin_params(client_params());
2663 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2664 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2665 begin_params.push_back(TAG_MAC_LENGTH, 128);
2666 AuthorizationSet begin_out_params;
2667
2668 AuthorizationSet update_params;
2669 update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2670
2671 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
2672
2673 // No data, AAD only.
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2674 string ciphertext;
2675 size_t input_consumed;
2676 AuthorizationSet update_out_params;
2677 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params,
2678 &ciphertext, &input_consumed));
2679 EXPECT_EQ(0U, input_consumed);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2680
2681 // AAD and data.
2682 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2683 &input_consumed));
2684 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2685 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2686
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2687 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2688 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2689 begin_params.push_back(begin_out_params);
2690
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2691 // Decrypt
2692 update_params.Clear();
2693 update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2694
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2695 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params));
2696 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2697 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2698 &plaintext, &input_consumed));
2699 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2700 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2701
2702 EXPECT_EQ(message, plaintext);
2703 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2704}
2705
2706TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
2707 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2708 .AesEncryptionKey(128)
2709 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2710 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2711 string message = "12345678901234567890123456789012";
2712 AuthorizationSet begin_params(client_params());
2713 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2714 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2715 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2716
2717 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2718 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2719
2720 AuthorizationSet finish_params;
2721 AuthorizationSet finish_out_params;
2722
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2723 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2724 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2725 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2726 AuthorizationSet update_out_params;
2727 string ciphertext;
2728 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2729 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2730 &input_consumed));
2731 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2732 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2733
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2734 // Grab nonce
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2735 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2736 begin_params.push_back(begin_out_params);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2737
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2738 update_params.Clear();
2739 update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2740
2741 // Decrypt.
2742 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2743 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2744 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2745 &plaintext, &input_consumed));
2746 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2747 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2748
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2749 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2750}
2751
2752TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
2753 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2754 .AesEncryptionKey(128)
2755 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2756 .Authorization(TAG_PADDING, KM_PAD_NONE)));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2757 string message = "12345678901234567890123456789012";
2758 AuthorizationSet begin_params(client_params());
2759 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2760 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2761 begin_params.push_back(TAG_MAC_LENGTH, 128);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2762
2763 AuthorizationSet update_params;
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2764 update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2765
2766 // Encrypt
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2767 AuthorizationSet begin_out_params;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2768 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2769 AuthorizationSet update_out_params;
2770 string ciphertext;
2771 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2772 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2773 &input_consumed));
2774 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2775 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2776
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2777 begin_params.push_back(TAG_NONCE, "123456789012", 12);
2778
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2779 // Decrypt
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2780 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2781 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2782 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2783 &plaintext, &input_consumed));
2784 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2785 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2786
2787 // With wrong nonce, should have gotten garbage plaintext.
2788 EXPECT_NE(message, plaintext);
2789 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2790}
2791
2792TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
2793 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2794 .AesEncryptionKey(128)
2795 .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM)
2796 .Authorization(TAG_PADDING, KM_PAD_NONE)));
2797 string aad = "foobar";
2798 string message = "123456789012345678901234567890123456";
2799 AuthorizationSet begin_params(client_params());
2800 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM);
2801 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2802 begin_params.push_back(TAG_MAC_LENGTH, 128);
2803 AuthorizationSet begin_out_params;
2804
2805 AuthorizationSet update_params;
2806 update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2807
2808 // Encrypt
2809 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2810 AuthorizationSet update_out_params;
2811 string ciphertext;
2812 size_t input_consumed;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2813 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext,
2814 &input_consumed));
2815 EXPECT_EQ(message.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2816 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2817
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2818 // Corrupt tag
2819 (*ciphertext.rbegin())++;
2820
2821 // Grab nonce.
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2822 EXPECT_NE(-1, begin_out_params.find(TAG_NONCE));
2823 begin_params.push_back(begin_out_params);
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2824
2825 // Decrypt.
2826 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params));
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2827 string plaintext;
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2828 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params,
2829 &plaintext, &input_consumed));
2830 EXPECT_EQ(ciphertext.size(), input_consumed);
Shawn Willden34419132015-06-08 23:10:44 -0600[diff] [blame]2831 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext));
Shawn Willden0f392562015-06-02 09:00:52 -0600[diff] [blame]2832
2833 EXPECT_EQ(message, plaintext);
2834 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2835}
2836
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]2837typedef Keymaster1Test MaxOperationsTest;
2838INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params);
2839
2840TEST_P(MaxOperationsTest, TestLimit) {
2841 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2842 .AesEncryptionKey(128)
2843 .EcbMode()
2844 .Authorization(TAG_PADDING, KM_PAD_NONE)
2845 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2846
2847 string message = "1234567890123456";
2848 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2849 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2850 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2851
2852 // Fourth time should fail.
2853 AuthorizationSet begin_params(client_params());
2854 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2855 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2856 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2857
2858 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2859}
2860
2861TEST_P(MaxOperationsTest, TestAbort) {
2862 ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
2863 .AesEncryptionKey(128)
2864 .EcbMode()
2865 .Authorization(TAG_PADDING, KM_PAD_NONE)
2866 .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
2867
2868 string message = "1234567890123456";
2869 string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2870 string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2871 string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE);
2872
2873 // Fourth time should fail.
2874 AuthorizationSet begin_params(client_params());
2875 begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
2876 begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
2877 EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
2878
2879 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2880}
2881
Shawn Willden58427c42015-05-20 13:00:42 -0600[diff] [blame]2882typedef Keymaster1Test AddEntropyTest;
2883INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params);
2884
2885TEST_P(AddEntropyTest, AddEntropy) {
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2886 // There's no obvious way to test that entropy is actually added, but we can test that the API
2887 // doesn't blow up or return an error.
2888 EXPECT_EQ(KM_ERROR_OK,
2889 device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2890
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2891 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2892}
2893
2894typedef Keymaster1Test Keymaster0AdapterTest;
2895INSTANTIATE_TEST_CASE_P(
2896 AndroidKeymasterTest, Keymaster0AdapterTest,
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2897 ::testing::Values(
2898 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)),
2899 InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */))));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2900
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2901TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2902 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2903 // key data.
2904 string km1_sw = read_file("km1_sw_rsa_512.blob");
2905 EXPECT_EQ(486U, km1_sw.length());
2906
2907 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2908 memcpy(key_data, km1_sw.data(), km1_sw.length());
2909 set_key_blob(key_data, km1_sw.length());
2910
2911 string message(64, 'a');
2912 string signature;
2913 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2914
2915 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2916}
2917
Shawn Willdenc7fe06d2015-06-11 15:50:04 -0600[diff] [blame]2918TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) {
2919 // Load and use an old-style Keymaster1 software key blob, without the version byte. These
2920 // blobs contain OCB-encrypted key data.
2921 string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob");
2922 EXPECT_EQ(477U, km1_sw.length());
2923
2924 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2925 memcpy(key_data, km1_sw.data(), km1_sw.length());
2926 set_key_blob(key_data, km1_sw.length());
2927
2928 string message(64, 'a');
2929 string signature;
2930 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2931
2932 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2933}
2934
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2935TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) {
2936 // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted
2937 // key data.
2938 string km1_sw = read_file("km1_sw_ecdsa_256.blob");
2939 EXPECT_EQ(270U, km1_sw.length());
2940
2941 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length()));
2942 memcpy(key_data, km1_sw.data(), km1_sw.length());
2943 set_key_blob(key_data, km1_sw.length());
2944
Shawn Willdend5303052015-06-22 05:25:59 -0600[diff] [blame]2945 string message(32, static_cast<char>(0xFF));
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2946 string signature;
2947 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2948
2949 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2950}
2951
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2952struct Malloc_Delete {
2953 void operator()(void* p) { free(p); }
2954};
2955
Shawn Willden6270aca2015-05-26 13:12:24 -0600[diff] [blame]2956TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) {
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]2957 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2958 string km0_sw = read_file("km0_sw_rsa_512.blob");
2959 EXPECT_EQ(333U, km0_sw.length());
2960
2961 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2962 memcpy(key_data, km0_sw.data(), km0_sw.length());
2963 set_key_blob(key_data, km0_sw.length());
2964
2965 string message(64, 'a');
2966 string signature;
2967 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
2968
2969 EXPECT_EQ(0, GetParam()->keymaster0_calls());
Shawn Willdencd695822015-01-26 14:06:32 -0700[diff] [blame]2970}
2971
Shawn Willdenccb84e92015-06-02 19:44:54 -0600[diff] [blame]2972TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) {
2973 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2974 string km0_sw = read_file("km0_sw_rsa_512.blob");
2975 EXPECT_EQ(333U, km0_sw.length());
2976
2977 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
2978 memcpy(key_data, km0_sw.data(), km0_sw.length());
2979 set_key_blob(key_data, km0_sw.length());
2980
2981 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
2982 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
2983 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
2984 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
2985 EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
2986 EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
2987 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
2988 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
2989 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
2990 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
2991
2992 EXPECT_EQ(0, GetParam()->keymaster0_calls());
2993}
2994
2995TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) {
2996 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
2997 string km0_sw = read_file("km0_sw_rsa_512.blob");
2998 EXPECT_EQ(333U, km0_sw.length());
2999
3000 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3001 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3002 EXPECT_EQ('P', km0_sw[0]);
3003 km0_sw[0] = 'Q';
3004
3005 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3006 memcpy(key_data, km0_sw.data(), km0_sw.length());
3007 set_key_blob(key_data, km0_sw.length());
3008
3009 string message(64, 'a');
3010 string signature;
3011 SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE);
3012 VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE);
3013
3014 EXPECT_EQ(5, GetParam()->keymaster0_calls());
3015}
3016
3017TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) {
3018 // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data.
3019 string km0_sw = read_file("km0_sw_rsa_512.blob");
3020 EXPECT_EQ(333U, km0_sw.length());
3021
3022 // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not
3023 // be recognized as a software key. Do the same here to pretend this is a hardware key.
3024 EXPECT_EQ('P', km0_sw[0]);
3025 km0_sw[0] = 'Q';
3026
3027 uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length()));
3028 memcpy(key_data, km0_sw.data(), km0_sw.length());
3029 set_key_blob(key_data, km0_sw.length());
3030
3031 EXPECT_EQ(KM_ERROR_OK, GetCharacteristics());
3032 EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3033 EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512));
3034 EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3035 EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3036 EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE));
3037 EXPECT_EQ(5U, hw_enforced().size());
3038
3039 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN));
3040 EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY));
3041 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS));
3042 EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED));
3043
3044 EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
3045 EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512));
3046 EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3));
3047 EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE));
3048 EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE));
3049
3050 EXPECT_EQ(1, GetParam()->keymaster0_calls());
3051}
3052
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]3053} // namespace test
3054} // namespace keymaster