Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / f268d742dbefe0e84b4046db7669c4ffbc110f7d / . / google_keymaster_test.cpp
blob: 5f1f016f222782f9578483085f728a772a13b6f4 [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]18
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]19#include <openssl/engine.h>
20
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]21#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include "google_keymaster_utils.h"
23#include "google_softkeymaster.h"
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]24#include "keymaster_tags.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]25
26int main(int argc, char** argv) {
27 ::testing::InitGoogleTest(&argc, argv);
28 int result = RUN_ALL_TESTS();
29 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
30 CRYPTO_cleanup_all_ex_data();
31 ERR_free_strings();
32 return result;
33}
34
35namespace keymaster {
36namespace test {
37
38class KeymasterTest : public testing::Test {
39 protected:
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]40 KeymasterTest() : device(5) { RAND_seed("foobar", 6); }
41 ~KeymasterTest() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]42
43 GoogleSoftKeymaster device;
44};
45
46template <keymaster_tag_t Tag, typename KeymasterEnum>
47bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM, Tag, KeymasterEnum> tag,
48 KeymasterEnum val) {
49 int pos = set.find(tag);
50 return pos != -1 && set[pos].enumerated == val;
51}
52
53template <keymaster_tag_t Tag, typename KeymasterEnum>
54bool contains(const AuthorizationSet& set, TypedEnumTag<KM_ENUM_REP, Tag, KeymasterEnum> tag,
55 KeymasterEnum val) {
56 int pos = -1;
57 while ((pos = set.find(tag, pos)) != -1)
58 if (set[pos].enumerated == val)
59 return true;
60 return false;
61}
62
63template <keymaster_tag_t Tag>
64bool contains(const AuthorizationSet& set, TypedTag<KM_INT, Tag> tag, uint32_t val) {
65 int pos = set.find(tag);
66 return pos != -1 && set[pos].integer == val;
67}
68
69template <keymaster_tag_t Tag>
70bool contains(const AuthorizationSet& set, TypedTag<KM_INT_REP, Tag> tag, uint32_t val) {
71 int pos = -1;
72 while ((pos = set.find(tag, pos)) != -1)
73 if (set[pos].integer == val)
74 return true;
75 return false;
76}
77
78template <keymaster_tag_t Tag>
79bool contains(const AuthorizationSet& set, TypedTag<KM_LONG, Tag> tag, uint64_t val) {
80 int pos = set.find(tag);
81 return pos != -1 && set[pos].long_integer == val;
82}
83
84template <keymaster_tag_t Tag>
85bool contains(const AuthorizationSet& set, TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
86 int pos = set.find(tag);
87 return pos != -1 &&
88 std::string(reinterpret_cast<const char*>(set[pos].blob.data),
89 set[pos].blob.data_length) == val;
90}
91
92inline bool contains(const AuthorizationSet& set, keymaster_tag_t tag) {
93 return set.find(tag) != -1;
94}
95
96typedef KeymasterTest CheckSupported;
97TEST_F(CheckSupported, SupportedAlgorithms) {
98 // Shouldn't blow up on NULL.
99 device.SupportedAlgorithms(NULL);
100
101 SupportedResponse<keymaster_algorithm_t> response;
102 device.SupportedAlgorithms(&response);
103 EXPECT_EQ(KM_ERROR_OK, response.error);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]104 EXPECT_EQ(3U, response.results_length);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]105 EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]106 EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]107 EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]108}
109
110TEST_F(CheckSupported, SupportedBlockModes) {
111 // Shouldn't blow up on NULL.
112 device.SupportedBlockModes(KM_ALGORITHM_RSA, NULL);
113
114 SupportedResponse<keymaster_block_mode_t> response;
115 device.SupportedBlockModes(KM_ALGORITHM_RSA, &response);
116 EXPECT_EQ(KM_ERROR_OK, response.error);
117 EXPECT_EQ(0U, response.results_length);
118
119 device.SupportedBlockModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]120 EXPECT_EQ(KM_ERROR_OK, response.error);
121 EXPECT_EQ(0U, response.results_length);
122
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]123 device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
124 EXPECT_EQ(KM_ERROR_OK, response.error);
125 EXPECT_EQ(0U, response.results_length);
126
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]127 device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]128 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
129}
130
131TEST_F(CheckSupported, SupportedPaddingModes) {
132 // Shouldn't blow up on NULL.
133 device.SupportedPaddingModes(KM_ALGORITHM_RSA, NULL);
134
135 SupportedResponse<keymaster_padding_t> response;
136 device.SupportedPaddingModes(KM_ALGORITHM_RSA, &response);
137 EXPECT_EQ(KM_ERROR_OK, response.error);
138 EXPECT_EQ(1U, response.results_length);
139 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
140
141 device.SupportedPaddingModes(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]142 EXPECT_EQ(KM_ERROR_OK, response.error);
143 EXPECT_EQ(1U, response.results_length);
144 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
145
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]146 device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
147 EXPECT_EQ(KM_ERROR_OK, response.error);
148 EXPECT_EQ(1U, response.results_length);
149 EXPECT_EQ(KM_PAD_NONE, response.results[0]);
150
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]151 device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]152 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
153}
154
155TEST_F(CheckSupported, SupportedDigests) {
156 // Shouldn't blow up on NULL.
157 device.SupportedDigests(KM_ALGORITHM_RSA, NULL);
158
159 SupportedResponse<keymaster_digest_t> response;
160 device.SupportedDigests(KM_ALGORITHM_RSA, &response);
161 EXPECT_EQ(KM_ERROR_OK, response.error);
162 EXPECT_EQ(1U, response.results_length);
163 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
164
165 device.SupportedDigests(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]166 EXPECT_EQ(KM_ERROR_OK, response.error);
167 EXPECT_EQ(1U, response.results_length);
168 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
169
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]170 device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
171 EXPECT_EQ(KM_ERROR_OK, response.error);
172 EXPECT_EQ(1U, response.results_length);
173 EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
174
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]175 device.SupportedDigests(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]176 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
177}
178
179TEST_F(CheckSupported, SupportedImportFormats) {
180 // Shouldn't blow up on NULL.
181 device.SupportedImportFormats(KM_ALGORITHM_RSA, NULL);
182
183 SupportedResponse<keymaster_key_format_t> response;
184 device.SupportedImportFormats(KM_ALGORITHM_RSA, &response);
185 EXPECT_EQ(KM_ERROR_OK, response.error);
186 EXPECT_EQ(1U, response.results_length);
187 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
188
189 device.SupportedImportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]190 EXPECT_EQ(KM_ERROR_OK, response.error);
191 EXPECT_EQ(1U, response.results_length);
192 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
193
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]194 device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
195 EXPECT_EQ(KM_ERROR_OK, response.error);
196 EXPECT_EQ(1U, response.results_length);
197 EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
198
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]199 device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]200 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
201}
202
203TEST_F(CheckSupported, SupportedExportFormats) {
204 // Shouldn't blow up on NULL.
205 device.SupportedExportFormats(KM_ALGORITHM_RSA, NULL);
206
207 SupportedResponse<keymaster_key_format_t> response;
208 device.SupportedExportFormats(KM_ALGORITHM_RSA, &response);
209 EXPECT_EQ(KM_ERROR_OK, response.error);
210 EXPECT_EQ(1U, response.results_length);
211 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
212
213 device.SupportedExportFormats(KM_ALGORITHM_DSA, &response);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]214 EXPECT_EQ(KM_ERROR_OK, response.error);
215 EXPECT_EQ(1U, response.results_length);
216 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
217
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]218 device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
219 EXPECT_EQ(KM_ERROR_OK, response.error);
220 EXPECT_EQ(1U, response.results_length);
221 EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
222
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]223 device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]224 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
225}
226
227typedef KeymasterTest NewKeyGeneration;
228TEST_F(NewKeyGeneration, Rsa) {
229 keymaster_key_param_t params[] = {
230 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
231 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
232 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]233 Authorization(TAG_KEY_SIZE, 256),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]234 Authorization(TAG_USER_ID, 7),
235 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]236 Authorization(TAG_APPLICATION_ID, "app_id", 6),
237 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]238 Authorization(TAG_AUTH_TIMEOUT, 300),
239 };
240 GenerateKeyRequest req;
241 req.key_description.Reinitialize(params, array_length(params));
242 GenerateKeyResponse rsp;
243
244 device.GenerateKey(req, &rsp);
245
246 ASSERT_EQ(KM_ERROR_OK, rsp.error);
247 EXPECT_EQ(0U, rsp.enforced.size());
Shawn Willden8d336ae2014-08-09 15:47:05 -0600[diff] [blame]248 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
249 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]250
251 // Check specified tags are all present in unenforced characteristics
252 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
253 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
254
255 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_RSA));
256
257 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
258 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]259 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]260 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
261
Shawn Willden39b970b2014-08-11 09:11:21 -0600[diff] [blame]262 // Verify that App ID, App data and ROT are NOT included.
263 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
264 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
265 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
266
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]267 // Just for giggles, check that some unexpected tags/values are NOT present.
268 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
269 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
270 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
271 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
272
273 // Now check that unspecified, defaulted tags are correct.
274 EXPECT_TRUE(contains(rsp.unenforced, TAG_RSA_PUBLIC_EXPONENT, 65537));
275 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
276 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]277}
278
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]279TEST_F(NewKeyGeneration, Dsa) {
280 keymaster_key_param_t params[] = {
281 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
282 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
283 Authorization(TAG_ALGORITHM, KM_ALGORITHM_DSA),
284 Authorization(TAG_KEY_SIZE, 256),
285 Authorization(TAG_USER_ID, 7),
286 Authorization(TAG_USER_AUTH_ID, 8),
287 Authorization(TAG_APPLICATION_ID, "app_id", 6),
288 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
289 Authorization(TAG_AUTH_TIMEOUT, 300),
290 };
291 GenerateKeyRequest req;
292 req.key_description.Reinitialize(params, array_length(params));
293 GenerateKeyResponse rsp;
294
295 device.GenerateKey(req, &rsp);
296
297 ASSERT_EQ(KM_ERROR_OK, rsp.error);
298 EXPECT_EQ(0U, rsp.enforced.size());
299 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
300 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
301
302 // Check specified tags are all present in unenforced characteristics
303 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
304 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
305
306 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_DSA));
307
308 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
309 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
310 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
311 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
312
313 // Verify that App ID, App data and ROT are NOT included.
314 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
315 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
316 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
317
318 // Just for giggles, check that some unexpected tags/values are NOT present.
319 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
320 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
321 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
322 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
323
324 // Now check that unspecified, defaulted tags are correct.
325 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
326 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
327
328 // Generator should have created DSA params.
329 keymaster_blob_t g, p, q;
330 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_GENERATOR, &g));
331 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_P, &p));
332 EXPECT_TRUE(rsp.unenforced.GetTagValue(TAG_DSA_Q, &q));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]333 EXPECT_TRUE(g.data_length >= 63 && g.data_length <= 64);
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]334 EXPECT_EQ(64U, p.data_length);
335 EXPECT_EQ(20U, q.data_length);
336}
337
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]338TEST_F(NewKeyGeneration, Ecdsa) {
339 keymaster_key_param_t params[] = {
340 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
341 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
342 Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
343 Authorization(TAG_KEY_SIZE, 256),
344 Authorization(TAG_USER_ID, 7),
345 Authorization(TAG_USER_AUTH_ID, 8),
346 Authorization(TAG_APPLICATION_ID, "app_id", 6),
347 Authorization(TAG_APPLICATION_DATA, "app_data", 8),
348 Authorization(TAG_AUTH_TIMEOUT, 300),
349 };
350 GenerateKeyRequest req;
351 req.key_description.Reinitialize(params, array_length(params));
352 GenerateKeyResponse rsp;
353
354 device.GenerateKey(req, &rsp);
355
356 ASSERT_EQ(KM_ERROR_OK, rsp.error);
357 EXPECT_EQ(0U, rsp.enforced.size());
358 EXPECT_EQ(12U, rsp.enforced.SerializedSize());
359 EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
360
361 // Check specified tags are all present in unenforced characteristics
362 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
363 EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
364
365 EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
366
367 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
368 EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
369 EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
370 EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
371
372 // Verify that App ID, App data and ROT are NOT included.
373 EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
374 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
375 EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
376
377 // Just for giggles, check that some unexpected tags/values are NOT present.
378 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
379 EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
380 EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
381 EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
382
383 // Now check that unspecified, defaulted tags are correct.
384 EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
385 EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
386}
387
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]388typedef KeymasterTest GetKeyCharacteristics;
389TEST_F(GetKeyCharacteristics, SimpleRsa) {
390 keymaster_key_param_t params[] = {
391 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
392 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
393 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
394 Authorization(TAG_KEY_SIZE, 256),
395 Authorization(TAG_USER_ID, 7),
396 Authorization(TAG_USER_AUTH_ID, 8),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]397 Authorization(TAG_APPLICATION_ID, "app_id", 6),
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]398 Authorization(TAG_AUTH_TIMEOUT, 300),
399 };
400
401 GenerateKeyRequest gen_req;
402 gen_req.key_description.Reinitialize(params, array_length(params));
403 GenerateKeyResponse gen_rsp;
404
405 device.GenerateKey(gen_req, &gen_rsp);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]406 ASSERT_EQ(KM_ERROR_OK, gen_rsp.error);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]407
408 GetKeyCharacteristicsRequest req;
Shawn Willdenda8485e2014-08-17 08:00:01 -0600[diff] [blame]409 req.SetKeyMaterial(gen_rsp.key_blob);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]410 req.additional_params.push_back(TAG_APPLICATION_ID, "app_id", 6);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]411
412 GetKeyCharacteristicsResponse rsp;
413 device.GetKeyCharacteristics(req, &rsp);
414 ASSERT_EQ(KM_ERROR_OK, rsp.error);
415
416 EXPECT_EQ(gen_rsp.enforced, rsp.enforced);
417 EXPECT_EQ(gen_rsp.unenforced, rsp.unenforced);
418}
419
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]420/**
421 * Test class that provides some infrastructure for generating keys and signing messages.
422 */
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]423class SigningOperationsTest : public KeymasterTest {
424 protected:
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]425 void GenerateKey(keymaster_algorithm_t algorithm, keymaster_digest_t digest,
426 keymaster_padding_t padding, uint32_t key_size) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]427 keymaster_key_param_t params[] = {
428 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
429 Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]430 Authorization(TAG_ALGORITHM, algorithm),
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]431 Authorization(TAG_KEY_SIZE, key_size),
432 Authorization(TAG_USER_ID, 7),
433 Authorization(TAG_USER_AUTH_ID, 8),
434 Authorization(TAG_APPLICATION_ID, "app_id", 6),
435 Authorization(TAG_AUTH_TIMEOUT, 300),
436 };
437 GenerateKeyRequest generate_request;
438 generate_request.key_description.Reinitialize(params, array_length(params));
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]439 if (static_cast<int>(digest) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]440 generate_request.key_description.push_back(TAG_DIGEST, digest);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]441 if (static_cast<int>(padding) != -1)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]442 generate_request.key_description.push_back(TAG_PADDING, padding);
443 device.GenerateKey(generate_request, &generate_response_);
444 EXPECT_EQ(KM_ERROR_OK, generate_response_.error);
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]445 }
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]446
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]447 void SignMessage(const void* message, size_t size) {
448 BeginOperationRequest begin_request;
449 BeginOperationResponse begin_response;
450 begin_request.SetKeyMaterial(generate_response_.key_blob);
451 begin_request.purpose = KM_PURPOSE_SIGN;
452 AddClientParams(&begin_request.additional_params);
453
454 device.BeginOperation(begin_request, &begin_response);
455 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
456
457 UpdateOperationRequest update_request;
458 UpdateOperationResponse update_response;
459 update_request.op_handle = begin_response.op_handle;
460 update_request.input.Reinitialize(message, size);
461 EXPECT_EQ(size, update_request.input.available_read());
462
463 device.UpdateOperation(update_request, &update_response);
464 ASSERT_EQ(KM_ERROR_OK, update_response.error);
465 EXPECT_EQ(0U, update_response.output.available_read());
466
467 FinishOperationRequest finish_request;
468 finish_request.op_handle = begin_response.op_handle;
469 device.FinishOperation(finish_request, &finish_response_);
470 ASSERT_EQ(KM_ERROR_OK, finish_response_.error);
471 EXPECT_GT(finish_response_.output.available_read(), 0U);
472 }
473
474 void AddClientParams(AuthorizationSet* set) { set->push_back(TAG_APPLICATION_ID, "app_id", 6); }
475
476 const keymaster_key_blob_t& key_blob() { return generate_response_.key_blob; }
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame^]477
478 const keymaster_key_blob_t& corrupt_key_blob() {
479 ++generate_response_.key_blob
480 .key_material[generate_response_.key_blob.key_material_size / 2];
481 return generate_response_.key_blob;
482 }
483
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]484 Buffer* signature() {
485 if (finish_response_.error == KM_ERROR_OK)
486 return &finish_response_.output;
487 return NULL;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]488 }
489
490 private:
491 GenerateKeyResponse generate_response_;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]492 FinishOperationResponse finish_response_;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]493};
494
495TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]496 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]497 const char message[] = "12345678901234567890123456789012";
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]498
499 BeginOperationRequest begin_request;
500 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]501 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]502 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]503 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]504
505 device.BeginOperation(begin_request, &begin_response);
506 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
507
508 UpdateOperationRequest update_request;
509 UpdateOperationResponse update_response;
510 update_request.op_handle = begin_response.op_handle;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]511 update_request.input.Reinitialize(message, array_size(message) - 1);
512 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]513
514 device.UpdateOperation(update_request, &update_response);
515 ASSERT_EQ(KM_ERROR_OK, update_response.error);
516 EXPECT_EQ(0U, update_response.output.available_read());
517
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]518 FinishOperationRequest finish_request;
519 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]520 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]521 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]522 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]523 EXPECT_GT(finish_response.output.available_read(), 0U);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]524
525 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
526}
527
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]528TEST_F(SigningOperationsTest, DsaSuccess) {
529 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
530
531 BeginOperationRequest begin_request;
532 BeginOperationResponse begin_response;
533 begin_request.SetKeyMaterial(key_blob());
534 begin_request.purpose = KM_PURPOSE_SIGN;
535 AddClientParams(&begin_request.additional_params);
536
537 device.BeginOperation(begin_request, &begin_response);
538 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
539
540 UpdateOperationRequest update_request;
541 UpdateOperationResponse update_response;
542 update_request.op_handle = begin_response.op_handle;
543 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
544 EXPECT_EQ(48U, update_request.input.available_read());
545
546 device.UpdateOperation(update_request, &update_response);
547 ASSERT_EQ(KM_ERROR_OK, update_response.error);
548 EXPECT_EQ(0U, update_response.output.available_read());
549
550 FinishOperationRequest finish_request;
551 finish_request.op_handle = begin_response.op_handle;
552 FinishOperationResponse finish_response;
553 device.FinishOperation(finish_request, &finish_response);
554 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
555 EXPECT_GT(finish_response.output.available_read(), 0U);
556
557 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
558}
559
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]560TEST_F(SigningOperationsTest, EcdsaSuccess) {
561 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
562
563 BeginOperationRequest begin_request;
564 BeginOperationResponse begin_response;
565 begin_request.SetKeyMaterial(key_blob());
566 begin_request.purpose = KM_PURPOSE_SIGN;
567 AddClientParams(&begin_request.additional_params);
568
569 device.BeginOperation(begin_request, &begin_response);
570 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
571
572 UpdateOperationRequest update_request;
573 UpdateOperationResponse update_response;
574 update_request.op_handle = begin_response.op_handle;
575 update_request.input.Reinitialize("123456789012345678901234567890123456789012345678", 48);
576 EXPECT_EQ(48U, update_request.input.available_read());
577
578 device.UpdateOperation(update_request, &update_response);
579 ASSERT_EQ(KM_ERROR_OK, update_response.error);
580 EXPECT_EQ(0U, update_response.output.available_read());
581
582 FinishOperationRequest finish_request;
583 finish_request.op_handle = begin_response.op_handle;
584 FinishOperationResponse finish_response;
585 device.FinishOperation(finish_request, &finish_response);
586 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
587 EXPECT_GT(finish_response.output.available_read(), 0U);
588
589 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
590}
591
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]592TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]593 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]594
595 BeginOperationRequest begin_request;
596 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]597 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]598 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]599 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]600
601 device.BeginOperation(begin_request, &begin_response);
602 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
603
604 EXPECT_EQ(KM_ERROR_OK, device.AbortOperation(begin_response.op_handle));
605
606 // Another abort should fail
607 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
608}
609
610TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]611 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_SHA_2_256, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]612
613 BeginOperationRequest begin_request;
614 BeginOperationResponse begin_response;
615 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]616 begin_request.SetKeyMaterial(key_blob());
617 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]618
619 device.BeginOperation(begin_request, &begin_response);
620 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
621
622 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
623}
624
625TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]626 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_RSA_OAEP, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]627
628 BeginOperationRequest begin_request;
629 BeginOperationResponse begin_response;
630 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]631 begin_request.SetKeyMaterial(key_blob());
632 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]633
634 device.BeginOperation(begin_request, &begin_response);
635 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
636
637 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
638}
639
640TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]641 GenerateKey(KM_ALGORITHM_RSA, static_cast<keymaster_digest_t>(-1), KM_PAD_NONE,
642 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]643
644 BeginOperationRequest begin_request;
645 BeginOperationResponse begin_response;
646 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]647 begin_request.SetKeyMaterial(key_blob());
648 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]649
650 device.BeginOperation(begin_request, &begin_response);
651 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, begin_response.error);
652
653 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
654}
655
656TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]657 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, static_cast<keymaster_padding_t>(-1),
658 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]659
660 BeginOperationRequest begin_request;
661 BeginOperationResponse begin_response;
662 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]663 begin_request.SetKeyMaterial(key_blob());
664 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]665
666 device.BeginOperation(begin_request, &begin_response);
667 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, begin_response.error);
668
669 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
670}
671
672TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]673 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]674
675 BeginOperationRequest begin_request;
676 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]677 begin_request.SetKeyMaterial(key_blob());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]678 begin_request.purpose = KM_PURPOSE_SIGN;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]679 AddClientParams(&begin_request.additional_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]680
681 device.BeginOperation(begin_request, &begin_response);
682 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
683
684 UpdateOperationRequest update_request;
685 UpdateOperationResponse update_response;
686 update_request.op_handle = begin_response.op_handle;
687 update_request.input.Reinitialize("01234567890123456789012345678901", 31);
688 EXPECT_EQ(31U, update_request.input.available_read());
689
690 device.UpdateOperation(update_request, &update_response);
691 ASSERT_EQ(KM_ERROR_OK, update_response.error);
692 EXPECT_EQ(0U, update_response.output.available_read());
693
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]694 FinishOperationRequest finish_request;
695 finish_request.op_handle = begin_response.op_handle;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]696 FinishOperationResponse finish_response;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]697 device.FinishOperation(finish_request, &finish_response);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]698 ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, finish_response.error);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]699 EXPECT_EQ(0U, finish_response.output.available_read());
700
701 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
702}
703
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]704typedef SigningOperationsTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]705TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]706 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
707 const char message[] = "12345678901234567890123456789012";
708 SignMessage(message, array_size(message) - 1);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]709 ASSERT_TRUE(signature() != NULL);
710
711 BeginOperationRequest begin_request;
712 BeginOperationResponse begin_response;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]713 begin_request.SetKeyMaterial(key_blob());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]714 begin_request.purpose = KM_PURPOSE_VERIFY;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]715 AddClientParams(&begin_request.additional_params);
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]716
717 device.BeginOperation(begin_request, &begin_response);
718 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
719
720 UpdateOperationRequest update_request;
721 UpdateOperationResponse update_response;
722 update_request.op_handle = begin_response.op_handle;
Shawn Willden61644f32014-08-18 13:43:14 -0600[diff] [blame]723 update_request.input.Reinitialize(message, array_size(message) - 1);
724 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]725
726 device.UpdateOperation(update_request, &update_response);
727 ASSERT_EQ(KM_ERROR_OK, update_response.error);
728 EXPECT_EQ(0U, update_response.output.available_read());
729
730 FinishOperationRequest finish_request;
731 finish_request.op_handle = begin_response.op_handle;
732 finish_request.signature.Reinitialize(*signature());
733 FinishOperationResponse finish_response;
734 device.FinishOperation(finish_request, &finish_response);
735 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]736 EXPECT_EQ(0U, finish_response.output.available_read());
737
738 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
739}
740
Shawn Willden5b41ca22014-08-18 14:29:14 -0600[diff] [blame]741TEST_F(VerificationOperationsTest, DsaSuccess) {
742 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
743 const char message[] = "123456789012345678901234567890123456789012345678";
744 SignMessage(message, array_size(message) - 1);
745 ASSERT_TRUE(signature() != NULL);
746
747 BeginOperationRequest begin_request;
748 BeginOperationResponse begin_response;
749 begin_request.SetKeyMaterial(key_blob());
750 begin_request.purpose = KM_PURPOSE_VERIFY;
751 AddClientParams(&begin_request.additional_params);
752
753 device.BeginOperation(begin_request, &begin_response);
754 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
755
756 UpdateOperationRequest update_request;
757 UpdateOperationResponse update_response;
758 update_request.op_handle = begin_response.op_handle;
759 update_request.input.Reinitialize(message, array_size(message) - 1);
760 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
761
762 device.UpdateOperation(update_request, &update_response);
763 ASSERT_EQ(KM_ERROR_OK, update_response.error);
764 EXPECT_EQ(0U, update_response.output.available_read());
765
766 FinishOperationRequest finish_request;
767 finish_request.op_handle = begin_response.op_handle;
768 finish_request.signature.Reinitialize(*signature());
769 FinishOperationResponse finish_response;
770 device.FinishOperation(finish_request, &finish_response);
771 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
772 EXPECT_EQ(0U, finish_response.output.available_read());
773
774 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
775}
776
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]777TEST_F(VerificationOperationsTest, EcdsaSuccess) {
778 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
779 const char message[] = "123456789012345678901234567890123456789012345678";
780 SignMessage(message, array_size(message) - 1);
781 ASSERT_TRUE(signature() != NULL);
782
783 BeginOperationRequest begin_request;
784 BeginOperationResponse begin_response;
785 begin_request.SetKeyMaterial(key_blob());
786 begin_request.purpose = KM_PURPOSE_VERIFY;
787 AddClientParams(&begin_request.additional_params);
788
789 device.BeginOperation(begin_request, &begin_response);
790 ASSERT_EQ(KM_ERROR_OK, begin_response.error);
791
792 UpdateOperationRequest update_request;
793 UpdateOperationResponse update_response;
794 update_request.op_handle = begin_response.op_handle;
795 update_request.input.Reinitialize(message, array_size(message) - 1);
796 EXPECT_EQ(array_size(message) - 1, update_request.input.available_read());
797
798 device.UpdateOperation(update_request, &update_response);
799 ASSERT_EQ(KM_ERROR_OK, update_response.error);
800 EXPECT_EQ(0U, update_response.output.available_read());
801
802 FinishOperationRequest finish_request;
803 finish_request.op_handle = begin_response.op_handle;
804 finish_request.signature.Reinitialize(*signature());
805 FinishOperationResponse finish_response;
806 device.FinishOperation(finish_request, &finish_response);
807 ASSERT_EQ(KM_ERROR_OK, finish_response.error);
808 EXPECT_EQ(0U, finish_response.output.available_read());
809
810 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, device.AbortOperation(begin_response.op_handle));
811}
812
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]813typedef SigningOperationsTest ExportKeyTest;
814TEST_F(ExportKeyTest, RsaSuccess) {
815 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256 /* key size */);
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]816
817 ExportKeyRequest request;
818 ExportKeyResponse response;
819 AddClientParams(&request.additional_params);
820 request.key_format = KM_KEY_FORMAT_X509;
821 request.SetKeyMaterial(key_blob());
822
823 device.ExportKey(request, &response);
824 ASSERT_EQ(KM_ERROR_OK, response.error);
825 EXPECT_TRUE(response.key_data != NULL);
826}
827
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame^]828TEST_F(ExportKeyTest, DsaSuccess) {
829 GenerateKey(KM_ALGORITHM_DSA, KM_DIGEST_NONE, KM_PAD_NONE, 1024 /* key size */);
830
831 ExportKeyRequest request;
832 ExportKeyResponse response;
833 AddClientParams(&request.additional_params);
834 request.key_format = KM_KEY_FORMAT_X509;
835 request.SetKeyMaterial(key_blob());
836
837 device.ExportKey(request, &response);
838 ASSERT_EQ(KM_ERROR_OK, response.error);
839 EXPECT_TRUE(response.key_data != NULL);
840}
841
842TEST_F(ExportKeyTest, EcdsaSuccess) {
843 GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
844
845 ExportKeyRequest request;
846 ExportKeyResponse response;
847 AddClientParams(&request.additional_params);
848 request.key_format = KM_KEY_FORMAT_X509;
849 request.SetKeyMaterial(key_blob());
850
851 device.ExportKey(request, &response);
852 ASSERT_EQ(KM_ERROR_OK, response.error);
853 EXPECT_TRUE(response.key_data != NULL);
854}
855
856TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
857 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
858
859 ExportKeyRequest request;
860 ExportKeyResponse response;
861 AddClientParams(&request.additional_params);
862
863 /* We have no other defined export formats defined. */
864 request.key_format = KM_KEY_FORMAT_PKCS8;
865 request.SetKeyMaterial(key_blob());
866
867 device.ExportKey(request, &response);
868 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, response.error);
869 EXPECT_TRUE(response.key_data == NULL);
870}
871
872TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
873 GenerateKey(KM_ALGORITHM_RSA, KM_DIGEST_NONE, KM_PAD_NONE, 256);
874
875 ExportKeyRequest request;
876 ExportKeyResponse response;
877 AddClientParams(&request.additional_params);
878 request.key_format = KM_KEY_FORMAT_X509;
879 request.SetKeyMaterial(corrupt_key_blob());
880
881 device.ExportKey(request, &response);
882 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, response.error);
883 ASSERT_TRUE(response.key_data == NULL);
884}
885
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]886} // namespace test
887} // namespace keymaster