Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / f90f235636cc3cbfb393e5006b673aef00df825a / . / google_keymaster_test.cpp
blob: 96081ea067e01e23cbcbdab1b54dae0ca97afedb [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]17#include <algorithm>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]18#include <fstream>
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]19#include <string>
20#include <vector>
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]21
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]22#include <gtest/gtest.h>
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]23
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]24#include <openssl/engine.h>
25
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]26#include <keymaster/google_keymaster_utils.h>
27#include <keymaster/keymaster_tags.h>
Shawn Willdenb7510332015-02-06 19:58:29 -0700[diff] [blame]28#include <keymaster/soft_keymaster_device.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]29
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]30#include "google_keymaster_test_utils.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]31
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]32using std::ifstream;
33using std::istreambuf_iterator;
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]34using std::string;
35using std::vector;
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]36
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]37int main(int argc, char** argv) {
38 ::testing::InitGoogleTest(&argc, argv);
39 int result = RUN_ALL_TESTS();
40 // Clean up stuff OpenSSL leaves around, so Valgrind doesn't complain.
41 CRYPTO_cleanup_all_ex_data();
Shawn Willden7c0a82b2014-09-17 12:57:32 -0600[diff] [blame]42 ERR_remove_thread_state(NULL);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]43 ERR_free_strings();
44 return result;
45}
46
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]47template <typename T> std::ostream& operator<<(std::ostream& os, const std::vector<T>& vec) {
48 os << "{ ";
49 bool first = true;
50 for (T t : vec) {
51 os << (first ? "" : ", ") << t;
52 if (first)
53 first = false;
54 }
55 os << " }";
56 return os;
57}
58
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]59namespace keymaster {
60namespace test {
61
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]62/**
63 * Utility class to make construction of AuthorizationSets easy, and readable. Use like:
64 *
65 * ParamBuilder()
66 * .Option(TAG_ALGORITHM, KM_ALGORITHM_RSA)
67 * .Option(TAG_KEY_SIZE, 512)
68 * .Option(TAG_DIGEST, KM_DIGEST_NONE)
69 * .Option(TAG_PADDING, KM_PAD_NONE)
70 * .Option(TAG_SINGLE_USE_PER_BOOT, true)
71 * .build();
72 *
73 * In addition there are methods that add common sets of parameters, like RsaSigningKey().
74 */
75class ParamBuilder {
76 public:
77 template <typename TagType, typename ValueType>
78 ParamBuilder& Option(TagType tag, ValueType value) {
79 set.push_back(tag, value);
80 return *this;
81 }
82
83 ParamBuilder& RsaKey(uint32_t key_size = 0, uint64_t public_exponent = 0) {
84 Option(TAG_ALGORITHM, KM_ALGORITHM_RSA);
85 if (key_size != 0)
86 Option(TAG_KEY_SIZE, key_size);
87 if (public_exponent != 0)
88 Option(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
89 return *this;
90 }
91
92 ParamBuilder& EcdsaKey(uint32_t key_size = 0) {
93 Option(TAG_ALGORITHM, KM_ALGORITHM_ECDSA);
94 if (key_size != 0)
95 Option(TAG_KEY_SIZE, key_size);
96 return *this;
97 }
98
99 ParamBuilder& AesKey(uint32_t key_size) {
100 Option(TAG_ALGORITHM, KM_ALGORITHM_AES);
101 return Option(TAG_KEY_SIZE, key_size);
102 }
103
104 ParamBuilder& HmacKey(uint32_t key_size, keymaster_digest_t digest, uint32_t mac_length) {
105 Option(TAG_ALGORITHM, KM_ALGORITHM_HMAC);
106 Option(TAG_KEY_SIZE, key_size);
107 SigningKey();
108 Option(TAG_DIGEST, digest);
109 return Option(TAG_MAC_LENGTH, mac_length);
110 }
111
112 ParamBuilder& RsaSigningKey(uint32_t key_size = 0, keymaster_digest_t digest = KM_DIGEST_NONE,
113 keymaster_padding_t padding = KM_PAD_NONE,
114 uint64_t public_exponent = 0) {
115 RsaKey(key_size, public_exponent);
116 SigningKey();
117 Option(TAG_DIGEST, digest);
118 return Option(TAG_PADDING, padding);
119 }
120
121 ParamBuilder& RsaEncryptionKey(uint32_t key_size = 0,
122 keymaster_padding_t padding = KM_PAD_RSA_OAEP,
123 uint64_t public_exponent = 0) {
124 RsaKey(key_size, public_exponent);
125 EncryptionKey();
126 return Option(TAG_PADDING, padding);
127 }
128
129 ParamBuilder& EcdsaSigningKey(uint32_t key_size = 0) {
130 EcdsaKey(key_size);
131 return SigningKey();
132 }
133
134 ParamBuilder& AesEncryptionKey(uint32_t key_size) {
135 AesKey(key_size);
136 return EncryptionKey();
137 }
138
139 ParamBuilder& SigningKey() {
140 Option(TAG_PURPOSE, KM_PURPOSE_SIGN);
141 return Option(TAG_PURPOSE, KM_PURPOSE_VERIFY);
142 }
143
144 ParamBuilder& EncryptionKey() {
145 Option(TAG_PURPOSE, KM_PURPOSE_ENCRYPT);
146 return Option(TAG_PURPOSE, KM_PURPOSE_DECRYPT);
147 }
148
149 ParamBuilder& NoDigestOrPadding() {
150 Option(TAG_DIGEST, KM_DIGEST_NONE);
151 return Option(TAG_PADDING, KM_PAD_NONE);
152 }
153
154 ParamBuilder& OcbMode(uint32_t chunk_length, uint32_t mac_length) {
155 Option(TAG_BLOCK_MODE, KM_MODE_OCB);
156 Option(TAG_CHUNK_LENGTH, chunk_length);
157 return Option(TAG_MAC_LENGTH, mac_length);
158 }
159
160 AuthorizationSet build() const { return set; }
161
162 private:
163 AuthorizationSet set;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]164};
165
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]166StdoutLogger logger;
167
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]168const uint64_t OP_HANDLE_SENTINEL = 0xFFFFFFFFFFFFFFFF;
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]169class KeymasterTest : public testing::Test {
170 protected:
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]171 KeymasterTest() : out_params_(NULL), op_handle_(OP_HANDLE_SENTINEL), characteristics_(NULL) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]172 blob_.key_material = NULL;
173 RAND_seed("foobar", 6);
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]174 blob_.key_material = 0;
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]175 }
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]176
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]177 ~KeymasterTest() {
178 FreeCharacteristics();
179 FreeKeyBlob();
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]180 }
181
Shawn Willden30255022015-02-24 14:00:21 -0700[diff] [blame]182 keymaster1_device_t* device() {
183 return reinterpret_cast<keymaster1_device_t*>(device_.hw_device());
184 }
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]185
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]186 keymaster_error_t GenerateKey(const ParamBuilder& builder) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]187 AuthorizationSet params(builder.build());
188 params.push_back(UserAuthParams());
189 params.push_back(ClientParams());
190
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]191 FreeKeyBlob();
192 FreeCharacteristics();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]193 return device()->generate_key(device(), params.data(), params.size(), &blob_,
194 &characteristics_);
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]195 }
196
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]197 keymaster_error_t ImportKey(const ParamBuilder& builder, keymaster_key_format_t format,
198 const string& key_material) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]199 AuthorizationSet params(builder.build());
200 params.push_back(UserAuthParams());
201 params.push_back(ClientParams());
202
203 FreeKeyBlob();
204 FreeCharacteristics();
205 return device()->import_key(device(), params.data(), params.size(), format,
206 reinterpret_cast<const uint8_t*>(key_material.c_str()),
207 key_material.length(), &blob_, &characteristics_);
208 }
209
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]210 AuthorizationSet UserAuthParams() {
211 AuthorizationSet set;
212 set.push_back(TAG_USER_ID, 7);
213 set.push_back(TAG_USER_AUTH_ID, 8);
214 set.push_back(TAG_AUTH_TIMEOUT, 300);
215 return set;
216 }
217
218 AuthorizationSet ClientParams() {
219 AuthorizationSet set;
220 set.push_back(TAG_APPLICATION_ID, "app_id", 6);
221 return set;
222 }
223
224 keymaster_error_t BeginOperation(keymaster_purpose_t purpose) {
225 return device()->begin(device(), purpose, &blob_, client_params_,
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]226 array_length(client_params_), &out_params_, &out_params_count_,
227 &op_handle_);
228 }
229
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]230 keymaster_error_t UpdateOperation(const string& message, string* output,
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]231 size_t* input_consumed) {
232 uint8_t* out_tmp = NULL;
233 size_t out_length;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]234 EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
235 keymaster_error_t error = device()->update(
Shawn Willden6bfbff02015-02-06 19:48:24 -0700[diff] [blame]236 device(), op_handle_, NULL /* additional_params */, 0 /* additional_params_count */,
237 reinterpret_cast<const uint8_t*>(message.c_str()), message.length(), input_consumed,
238 &out_tmp, &out_length);
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]239 if (out_tmp)
240 output->append(reinterpret_cast<char*>(out_tmp), out_length);
241 free(out_tmp);
242 return error;
243 }
244
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]245 keymaster_error_t FinishOperation(string* output) { return FinishOperation("", output); }
246
247 keymaster_error_t FinishOperation(const string& signature, string* output) {
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]248 uint8_t* out_tmp = NULL;
249 size_t out_length;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]250 keymaster_error_t error = device()->finish(
Shawn Willden6bfbff02015-02-06 19:48:24 -0700[diff] [blame]251 device(), op_handle_, NULL /* additional_params */, 0 /* additional_params_count */,
252 reinterpret_cast<const uint8_t*>(signature.c_str()), signature.length(), &out_tmp,
253 &out_length);
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]254 if (out_tmp)
255 output->append(reinterpret_cast<char*>(out_tmp), out_length);
256 free(out_tmp);
257 return error;
258 }
259
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]260 template <typename T>
261 bool ResponseContains(const vector<T>& expected, const T* values, size_t len) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]262 return expected.size() == len &&
263 std::is_permutation(values, values + len, expected.begin());
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]264 }
265
266 template <typename T> bool ResponseContains(T expected, const T* values, size_t len) {
267 return (len == 1 && *values == expected);
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]268 }
269
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]270 keymaster_error_t AbortOperation() { return device()->abort(device(), op_handle_); }
271
272 string ProcessMessage(keymaster_purpose_t purpose, const string& message) {
273 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose));
274
275 string result;
276 size_t input_consumed;
277 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
278 EXPECT_EQ(message.size(), input_consumed);
279 EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result));
280 return result;
281 }
282
283 string ProcessMessage(keymaster_purpose_t purpose, const string& message,
284 const string& signature) {
285 EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose));
286
287 string result;
288 size_t input_consumed;
289 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
290 EXPECT_EQ(message.size(), input_consumed);
291 EXPECT_EQ(KM_ERROR_OK, FinishOperation(signature, &result));
292 return result;
293 }
294
295 void SignMessage(const string& message, string* signature) {
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]296 SCOPED_TRACE("SignMessage");
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]297 *signature = ProcessMessage(KM_PURPOSE_SIGN, message);
298 EXPECT_GT(signature->size(), 0);
299 }
300
301 void VerifyMessage(const string& message, const string& signature) {
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]302 SCOPED_TRACE("VerifyMessage");
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]303 ProcessMessage(KM_PURPOSE_VERIFY, message, signature);
304 }
305
306 string EncryptMessage(const string& message) {
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]307 SCOPED_TRACE("EncryptMessage");
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]308 return ProcessMessage(KM_PURPOSE_ENCRYPT, message);
309 }
310
311 string DecryptMessage(const string& ciphertext) {
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]312 SCOPED_TRACE("DecryptMessage");
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]313 return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext);
314 }
315
316 keymaster_error_t GetCharacteristics() {
317 FreeCharacteristics();
318 return device()->get_key_characteristics(device(), &blob_, &client_id_, NULL /* app_data */,
319 &characteristics_);
320 }
321
322 keymaster_error_t ExportKey(keymaster_key_format_t format, string* export_data) {
323 uint8_t* export_data_tmp;
324 size_t export_data_length;
325
326 keymaster_error_t error =
327 device()->export_key(device(), format, &blob_, &client_id_, NULL /* app_data */,
328 &export_data_tmp, &export_data_length);
329
330 if (error != KM_ERROR_OK)
331 return error;
332
333 *export_data = string(reinterpret_cast<char*>(export_data_tmp), export_data_length);
334 free(export_data_tmp);
335 return error;
336 }
337
338 keymaster_error_t GetVersion(uint8_t* major, uint8_t* minor, uint8_t* subminor) {
339 GetVersionRequest request;
340 GetVersionResponse response;
341 device_.GetVersion(request, &response);
342 if (response.error != KM_ERROR_OK)
343 return response.error;
344 *major = response.major_ver;
345 *minor = response.minor_ver;
346 *subminor = response.subminor_ver;
347 return response.error;
348 }
349
350 AuthorizationSet hw_enforced() {
351 EXPECT_TRUE(characteristics_ != NULL);
352 return AuthorizationSet(characteristics_->hw_enforced);
353 }
354
355 AuthorizationSet sw_enforced() {
356 EXPECT_TRUE(characteristics_ != NULL);
357 return AuthorizationSet(characteristics_->sw_enforced);
358 }
359
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]360 void FreeCharacteristics() {
361 keymaster_free_characteristics(characteristics_);
362 free(characteristics_);
363 characteristics_ = NULL;
364 }
365
366 void FreeKeyBlob() {
367 free(const_cast<uint8_t*>(blob_.key_material));
368 blob_.key_material = NULL;
369 }
370
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]371 void corrupt_key_blob() {
372 assert(blob_.key_material);
373 uint8_t* tmp = const_cast<uint8_t*>(blob_.key_material);
374 ++tmp[blob_.key_material_size / 2];
375 }
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]376
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]377 private:
378 SoftKeymasterDevice device_;
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]379 keymaster_blob_t client_id_ = {.data = reinterpret_cast<const uint8_t*>("app_id"),
380 .data_length = 6};
381 keymaster_key_param_t client_params_[1] = {
382 Authorization(TAG_APPLICATION_ID, client_id_.data, client_id_.data_length)};
383
384 keymaster_key_param_t* out_params_;
385 size_t out_params_count_;
386 uint64_t op_handle_;
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]387
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]388 keymaster_key_blob_t blob_;
389 keymaster_key_characteristics_t* characteristics_;
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]390};
391
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]392typedef KeymasterTest CheckSupported;
393TEST_F(CheckSupported, SupportedAlgorithms) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]394 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
395 device()->get_supported_algorithms(device(), NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]396
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]397 size_t len;
398 keymaster_algorithm_t* algorithms;
399 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]400 EXPECT_TRUE(ResponseContains(
401 {KM_ALGORITHM_RSA, KM_ALGORITHM_ECDSA, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms,
402 len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]403 free(algorithms);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]404}
405
406TEST_F(CheckSupported, SupportedBlockModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]407 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
408 device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
409 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]410
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]411 size_t len;
412 keymaster_block_mode_t* modes;
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]413 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA,
414 KM_PURPOSE_ENCRYPT, &modes, &len));
415 EXPECT_EQ(0, len);
416 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]417
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]418 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]419 device()->get_supported_block_modes(device(), KM_ALGORITHM_DSA, KM_PURPOSE_ENCRYPT,
420 &modes, &len));
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]421
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]422 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]423 device()->get_supported_block_modes(device(), KM_ALGORITHM_ECDSA, KM_PURPOSE_ENCRYPT,
424 &modes, &len));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]425
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]426 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
427 KM_PURPOSE_ENCRYPT, &modes, &len));
428 EXPECT_TRUE(ResponseContains({KM_MODE_OCB}, modes, len));
429 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]430}
431
432TEST_F(CheckSupported, SupportedPaddingModes) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]433 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
434 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT,
435 NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]436
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]437 size_t len;
438 keymaster_padding_t* modes;
439 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
440 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]441 EXPECT_TRUE(
442 ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]443 free(modes);
444
445 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA,
446 KM_PURPOSE_ENCRYPT, &modes, &len));
447 EXPECT_TRUE(ResponseContains({KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]448 free(modes);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]449
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]450 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
451 device()->get_supported_padding_modes(device(), KM_ALGORITHM_DSA, KM_PURPOSE_SIGN,
452 &modes, &len));
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]453
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]454 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_ECDSA,
455 KM_PURPOSE_SIGN, &modes, &len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]456 EXPECT_EQ(0, len);
457 free(modes);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]458
459 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
460 device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN,
461 &modes, &len));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]462}
463
464TEST_F(CheckSupported, SupportedDigests) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]465 EXPECT_EQ(
466 KM_ERROR_OUTPUT_PARAMETER_NULL,
467 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]468
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]469 size_t len;
470 keymaster_digest_t* digests;
471 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA,
472 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]473 EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]474 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]475
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]476 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
477 device()->get_supported_digests(device(), KM_ALGORITHM_DSA, KM_PURPOSE_SIGN, &digests,
478 &len));
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]479
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]480 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_ECDSA,
481 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]482 EXPECT_EQ(0, len);
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]483 free(digests);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]484
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]485 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
486 device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests,
487 &len));
488
489 EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]490 KM_PURPOSE_SIGN, &digests, &len));
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]491 EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384,
492 KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1},
493 digests, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]494 free(digests);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]495}
496
497TEST_F(CheckSupported, SupportedImportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]498 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
499 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]500
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]501 size_t len;
502 keymaster_key_format_t* formats;
503 EXPECT_EQ(KM_ERROR_OK,
504 device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]505 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]506 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]507}
508
509TEST_F(CheckSupported, SupportedExportFormats) {
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]510 EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL,
511 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]512
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]513 size_t len;
514 keymaster_key_format_t* formats;
515 EXPECT_EQ(KM_ERROR_OK,
516 device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]517 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]518 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]519
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]520 EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]521 device()->get_supported_export_formats(device(), KM_ALGORITHM_DSA, &formats, &len));
Shawn Willden28e41472014-08-18 13:35:22 -0600[diff] [blame]522
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]523 EXPECT_EQ(KM_ERROR_OK,
524 device()->get_supported_export_formats(device(), KM_ALGORITHM_ECDSA, &formats, &len));
Shawn Willden76076ab2014-12-18 08:36:35 -0700[diff] [blame]525 EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]526 free(formats);
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]527
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]528 EXPECT_EQ(KM_ERROR_OK,
529 device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len));
530 EXPECT_EQ(0, len);
531 free(formats);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]532}
533
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]534class NewKeyGeneration : public KeymasterTest {
535 protected:
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]536 void CheckBaseParams() {
537 EXPECT_EQ(0U, hw_enforced().size());
538 EXPECT_EQ(12U, hw_enforced().SerializedSize());
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]539
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]540 AuthorizationSet auths = sw_enforced();
541 EXPECT_GT(auths.SerializedSize(), 12U);
542
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]543 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN));
544 EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY));
545 EXPECT_TRUE(contains(auths, TAG_USER_ID, 7));
546 EXPECT_TRUE(contains(auths, TAG_USER_AUTH_ID, 8));
547 EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]548
549 // Verify that App ID, App data and ROT are NOT included.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]550 EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST));
551 EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID));
552 EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]553
554 // Just for giggles, check that some unexpected tags/values are NOT present.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]555 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
556 EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
557 EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]558
559 // Now check that unspecified, defaulted tags are correct.
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]560 EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
561 EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
Shawn Willdend0772312014-09-18 12:27:57 -0600[diff] [blame]562 }
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame]563};
564
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]565TEST_F(NewKeyGeneration, Rsa) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]566 ASSERT_EQ(KM_ERROR_OK,
567 GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_NONE, KM_PAD_NONE, 3)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]568 CheckBaseParams();
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]569
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]570 // Check specified tags are all present in auths
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]571 AuthorizationSet auths(sw_enforced());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]572 EXPECT_TRUE(contains(auths, TAG_ALGORITHM, KM_ALGORITHM_RSA));
573 EXPECT_TRUE(contains(auths, TAG_KEY_SIZE, 256));
574 EXPECT_TRUE(contains(auths, TAG_RSA_PUBLIC_EXPONENT, 3));
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]575}
576
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]577TEST_F(NewKeyGeneration, RsaDefaultSize) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]578 // TODO(swillden): Remove support for defaulting RSA parameter size and pub exponent.
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]579 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey()));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]580 CheckBaseParams();
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]581
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]582 // Check specified tags are all present in unenforced characteristics
583 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]584
585 // Now check that unspecified, defaulted tags are correct.
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]586 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 65537));
587 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 2048));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]588}
589
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]590TEST_F(NewKeyGeneration, Ecdsa) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]591 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]592 CheckBaseParams();
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]593
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]594 // Check specified tags are all present in unenforced characteristics
595 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
596 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224));
Shawn Willdenc3864dd2014-08-18 15:20:01 -0600[diff] [blame]597}
598
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]599TEST_F(NewKeyGeneration, EcdsaDefaultSize) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]600 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey()));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]601 CheckBaseParams();
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]602
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]603 // Check specified tags are all present in unenforced characteristics
604 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]605
606 // Now check that unspecified, defaulted tags are correct.
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]607 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]608}
609
610TEST_F(NewKeyGeneration, EcdsaInvalidSize) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]611 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, GenerateKey(ParamBuilder().EcdsaSigningKey(190)));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]612}
613
614TEST_F(NewKeyGeneration, EcdsaAllValidSizes) {
Shawn Willden8c856c82014-09-26 09:34:36 -0600[diff] [blame]615 size_t valid_sizes[] = {224, 256, 384, 521};
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]616 for (size_t size : valid_sizes) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]617 EXPECT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(size)))
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]618 << "Failed to generate size: " << size;
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]619 }
620}
621
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]622TEST_F(NewKeyGeneration, AesOcb) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]623 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]624}
625
626TEST_F(NewKeyGeneration, AesOcbInvalidKeySize) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]627 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(136).OcbMode(4096, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]628 EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, BeginOperation(KM_PURPOSE_ENCRYPT));
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]629}
630
631TEST_F(NewKeyGeneration, AesOcbAllValidSizes) {
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]632 size_t valid_sizes[] = {128, 192, 256};
633 for (size_t size : valid_sizes) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]634 EXPECT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(size)))
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]635 << "Failed to generate size: " << size;
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]636 }
637}
638
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]639TEST_F(NewKeyGeneration, HmacSha256) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]640 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 16)));
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]641}
642
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]643typedef KeymasterTest GetKeyCharacteristics;
644TEST_F(GetKeyCharacteristics, SimpleRsa) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]645 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]646 AuthorizationSet original(sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]647
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]648 ASSERT_EQ(KM_ERROR_OK, GetCharacteristics());
649 EXPECT_EQ(original, sw_enforced());
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]650}
651
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]652typedef KeymasterTest SigningOperationsTest;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]653TEST_F(SigningOperationsTest, RsaSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]654 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]655 string message = "12345678901234567890123456789012";
656 string signature;
657 SignMessage(message, &signature);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]658}
659
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]660TEST_F(SigningOperationsTest, RsaSha256DigestSuccess) {
661 // Note that without padding, key size must exactly match digest size.
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]662 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256)));
663 string message(1024, 'a');
664 string signature;
665 SignMessage(message, &signature);
666}
667
668TEST_F(SigningOperationsTest, RsaPssSha256Success) {
669 ASSERT_EQ(KM_ERROR_OK,
670 GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]671 // Use large message, which won't work without digesting.
672 string message(1024, 'a');
673 string signature;
674 SignMessage(message, &signature);
675}
676
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]677TEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) {
678 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256,
679 KM_PAD_RSA_PKCS1_1_5_SIGN)));
680 string message(1024, 'a');
681 string signature;
682 SignMessage(message, &signature);
683}
684
685TEST_F(SigningOperationsTest, RsaPssSha256TooSmallKey) {
686 // Key must be at least 10 bytes larger than hash, to provide minimal random salt, so verify
687 // that 9 bytes larger than hash won't work.
688 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(
689 256 + 9 * 8, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS)));
690 string message(1024, 'a');
691 string signature;
692
693 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN));
694
695 string result;
696 size_t input_consumed;
697 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
698 EXPECT_EQ(message.size(), input_consumed);
699 EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, FinishOperation(signature, &result));
700}
701
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]702TEST_F(SigningOperationsTest, EcdsaSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]703 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]704 string message = "123456789012345678901234567890123456789012345678";
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]705 string signature;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]706 SignMessage(message, &signature);
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]707}
708
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]709TEST_F(SigningOperationsTest, RsaAbort) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]710 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]711 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN));
712 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
713 // Another abort should fail
714 EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation());
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]715}
716
717TEST_F(SigningOperationsTest, RsaUnsupportedDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]718 GenerateKey(
719 ParamBuilder().RsaSigningKey(256, KM_DIGEST_MD5, KM_PAD_RSA_PSS /* supported padding */));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]720 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]721}
722
723TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]724 GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256 /* supported digest */,
725 KM_PAD_PKCS7));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]726 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]727}
728
729TEST_F(SigningOperationsTest, RsaNoDigest) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]730 // Digest must be specified.
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]731 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaKey(256).SigningKey().Option(
732 TAG_PADDING, KM_PAD_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]733 ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]734 // PSS requires a digest.
735 GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_NONE, KM_PAD_RSA_PSS));
736 ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]737}
738
739TEST_F(SigningOperationsTest, RsaNoPadding) {
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]740 // Padding must be specified
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]741 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaKey(256).SigningKey().Option(
742 TAG_DIGEST, KM_DIGEST_NONE)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]743 ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]744}
745
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]746TEST_F(SigningOperationsTest, HmacSha1Success) {
747 GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA1, 20));
748 string message = "12345678901234567890123456789012";
749 string signature;
750 SignMessage(message, &signature);
751 ASSERT_EQ(20, signature.size());
752}
753
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]754TEST_F(SigningOperationsTest, HmacSha224Success) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]755 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_224, 28)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]756 string message = "12345678901234567890123456789012";
757 string signature;
758 SignMessage(message, &signature);
759 ASSERT_EQ(28, signature.size());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]760}
761
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]762TEST_F(SigningOperationsTest, HmacSha256Success) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]763 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 32)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]764 string message = "12345678901234567890123456789012";
765 string signature;
766 SignMessage(message, &signature);
767 ASSERT_EQ(32, signature.size());
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]768}
769
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]770TEST_F(SigningOperationsTest, HmacSha384Success) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]771 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_384, 48)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]772 string message = "12345678901234567890123456789012";
773 string signature;
774 SignMessage(message, &signature);
775 ASSERT_EQ(48, signature.size());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]776}
777
778TEST_F(SigningOperationsTest, HmacSha512Success) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]779 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_512, 64)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]780 string message = "12345678901234567890123456789012";
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]781 string signature;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]782 SignMessage(message, &signature);
783 ASSERT_EQ(64, signature.size());
Shawn Willden62c22862014-12-17 08:36:20 -0700[diff] [blame]784}
785
786// TODO(swillden): Add HMACSHA{224|256|384|512} tests that validates against the test vectors from
787// RFC4231. Doing that requires being able to import keys, rather than just
788// generate them randomly.
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]789
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]790TEST_F(SigningOperationsTest, HmacSha256NoMacLength) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]791 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder()
792 .Option(TAG_ALGORITHM, KM_ALGORITHM_HMAC)
793 .Option(TAG_KEY_SIZE, 128)
794 .SigningKey()
795 .Option(TAG_DIGEST, KM_DIGEST_SHA_2_256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]796 EXPECT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]797}
798
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]799TEST_F(SigningOperationsTest, HmacSha256TooLargeMacLength) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]800 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 33)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]801 ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]802}
803
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]804TEST_F(SigningOperationsTest, RsaTooShortMessage) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]805 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]806 ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]807
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]808 string message = "1234567890123456789012345678901";
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]809 string result;
810 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]811 ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]812 EXPECT_EQ(0U, result.size());
813 EXPECT_EQ(31U, input_consumed);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]814
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]815 string signature;
816 ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature));
817 EXPECT_EQ(0U, signature.length());
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]818}
819
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]820// TODO(swillden): Add more verification failure tests.
821
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]822typedef KeymasterTest VerificationOperationsTest;
Shawn Willden43e999e2014-08-13 13:29:50 -0600[diff] [blame]823TEST_F(VerificationOperationsTest, RsaSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]824 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]825 string message = "12345678901234567890123456789012";
826 string signature;
827 SignMessage(message, &signature);
828 VerifyMessage(message, signature);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]829}
830
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]831TEST_F(VerificationOperationsTest, RsaSha256DigestSuccess) {
832 // Note that without padding, key size must exactly match digest size.
833 GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]834 string message(1024, 'a');
835 string signature;
836 SignMessage(message, &signature);
837 VerifyMessage(message, signature);
838}
839
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]840TEST_F(VerificationOperationsTest, RsaSha256CorruptSignature) {
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]841 GenerateKey(ParamBuilder().RsaSigningKey(256, KM_DIGEST_SHA_2_256));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]842 string message(1024, 'a');
843 string signature;
844 SignMessage(message, &signature);
845 ++signature[signature.size() / 2];
846
847 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY));
848
849 string result;
850 size_t input_consumed;
851 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
852 EXPECT_EQ(message.size(), input_consumed);
853 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
854}
855
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]856TEST_F(VerificationOperationsTest, RsaPssSha256Success) {
857 ASSERT_EQ(KM_ERROR_OK,
858 GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS)));
859 // Use large message, which won't work without digesting.
860 string message(1024, 'a');
861 string signature;
862 SignMessage(message, &signature);
863 VerifyMessage(message, signature);
864}
865
866TEST_F(VerificationOperationsTest, RsaPssSha256CorruptSignature) {
867 GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS));
868 string message(1024, 'a');
869 string signature;
870 SignMessage(message, &signature);
871 ++signature[signature.size() / 2];
872
873 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY));
874
875 string result;
876 size_t input_consumed;
877 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
878 EXPECT_EQ(message.size(), input_consumed);
879 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
880}
881
882TEST_F(VerificationOperationsTest, RsaPssSha256CorruptInput) {
883 ASSERT_EQ(KM_ERROR_OK,
884 GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS)));
Shawn Willden61902362014-12-18 10:33:24 -0700[diff] [blame]885 // Use large message, which won't work without digesting.
886 string message(1024, 'a');
887 string signature;
888 SignMessage(message, &signature);
889 ++message[message.size() / 2];
890
891 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY));
892
893 string result;
894 size_t input_consumed;
895 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
896 EXPECT_EQ(message.size(), input_consumed);
897 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
898}
899
Shawn Willdenf90f2352014-12-18 23:01:15 -0700[diff] [blame^]900TEST_F(VerificationOperationsTest, RsaPkcs1Sha256Success) {
901 GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN));
902 string message(1024, 'a');
903 string signature;
904 SignMessage(message, &signature);
905 VerifyMessage(message, signature);
906}
907
908TEST_F(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) {
909 GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN));
910 string message(1024, 'a');
911 string signature;
912 SignMessage(message, &signature);
913 ++signature[signature.size() / 2];
914
915 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY));
916
917 string result;
918 size_t input_consumed;
919 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
920 EXPECT_EQ(message.size(), input_consumed);
921 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
922}
923
924TEST_F(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) {
925 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(512, KM_DIGEST_SHA_2_256,
926 KM_PAD_RSA_PKCS1_1_5_SIGN)));
927 // Use large message, which won't work without digesting.
928 string message(1024, 'a');
929 string signature;
930 SignMessage(message, &signature);
931 ++message[message.size() / 2];
932
933 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY));
934
935 string result;
936 size_t input_consumed;
937 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
938 EXPECT_EQ(message.size(), input_consumed);
939 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
940}
941
942template <typename T> vector<T> make_vector(const T* array, size_t len) {
943 return vector<T>(array, array + len);
944}
945
946TEST_F(VerificationOperationsTest, RsaAllDigestAndPadCombinations) {
947 // Get all supported digests and padding modes.
948 size_t digests_len;
949 keymaster_digest_t* digests;
950 EXPECT_EQ(KM_ERROR_OK,
951 device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, &digests,
952 &digests_len));
953
954 size_t padding_modes_len;
955 keymaster_padding_t* padding_modes;
956 EXPECT_EQ(KM_ERROR_OK,
957 device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN,
958 &padding_modes, &padding_modes_len));
959
960 // Try them.
961 for (keymaster_padding_t padding_mode : make_vector(padding_modes, padding_modes_len)) {
962 for (keymaster_digest_t digest : make_vector(digests, digests_len)) {
963 // Compute key & message size that will work.
964 size_t key_bits = 256;
965 size_t message_len = 1000;
966 switch (digest) {
967 case KM_DIGEST_NONE:
968 switch (padding_mode) {
969 case KM_PAD_NONE:
970 // Match key size.
971 message_len = key_bits / 8;
972 break;
973 case KM_PAD_RSA_PKCS1_1_5_SIGN:
974 message_len = key_bits / 8 - 11;
975 break;
976 case KM_PAD_RSA_PSS:
977 // PSS requires a digest.
978 continue;
979 default:
980 FAIL() << "Missing padding";
981 break;
982 }
983 break;
984
985 case KM_DIGEST_SHA_2_256:
986 switch (padding_mode) {
987 case KM_PAD_NONE:
988 // Key size matches digest size
989 break;
990 case KM_PAD_RSA_PKCS1_1_5_SIGN:
991 key_bits += 8 * 11;
992 break;
993 case KM_PAD_RSA_PSS:
994 key_bits += 8 * 10;
995 break;
996 default:
997 FAIL() << "Missing padding";
998 break;
999 }
1000 break;
1001 default:
1002 FAIL() << "Missing digest";
1003 }
1004
1005 GenerateKey(ParamBuilder().RsaSigningKey(key_bits, digest, padding_mode));
1006 string message(message_len, 'a');
1007 string signature;
1008 SignMessage(message, &signature);
1009 VerifyMessage(message, signature);
1010 }
1011 }
1012
1013 free(padding_modes);
1014 free(digests);
1015}
1016
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1017TEST_F(VerificationOperationsTest, EcdsaSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1018 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1019 string message = "123456789012345678901234567890123456789012345678";
1020 string signature;
1021 SignMessage(message, &signature);
1022 VerifyMessage(message, signature);
Shawn Willden5ac2f8f2014-08-18 15:33:10 -0600[diff] [blame]1023}
1024
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1025TEST_F(VerificationOperationsTest, HmacSha1Success) {
1026 GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA1, 16));
1027 string message = "123456789012345678901234567890123456789012345678";
1028 string signature;
1029 SignMessage(message, &signature);
1030 VerifyMessage(message, signature);
1031}
1032
1033TEST_F(VerificationOperationsTest, HmacSha224Success) {
1034 GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_224, 16));
1035 string message = "123456789012345678901234567890123456789012345678";
1036 string signature;
1037 SignMessage(message, &signature);
1038 VerifyMessage(message, signature);
1039}
1040
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1041TEST_F(VerificationOperationsTest, HmacSha256Success) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1042 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_256, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1043 string message = "123456789012345678901234567890123456789012345678";
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1044 string signature;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1045 SignMessage(message, &signature);
1046 VerifyMessage(message, signature);
Shawn Willden0d560bf2014-12-15 17:44:02 -0700[diff] [blame]1047}
1048
Shawn Willden51d5e0e2014-12-18 10:44:03 -0700[diff] [blame]1049TEST_F(VerificationOperationsTest, HmacSha384Success) {
1050 GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_384, 16));
1051 string message = "123456789012345678901234567890123456789012345678";
1052 string signature;
1053 SignMessage(message, &signature);
1054 VerifyMessage(message, signature);
1055}
1056
1057TEST_F(VerificationOperationsTest, HmacSha512Success) {
1058 GenerateKey(ParamBuilder().HmacKey(128, KM_DIGEST_SHA_2_512, 16));
1059 string message = "123456789012345678901234567890123456789012345678";
1060 string signature;
1061 SignMessage(message, &signature);
1062 VerifyMessage(message, signature);
1063}
1064
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1065typedef VerificationOperationsTest ExportKeyTest;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1066TEST_F(ExportKeyTest, RsaSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1067 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1068 string export_data;
1069 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1070 EXPECT_GT(export_data.length(), 0);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1071
1072 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]1073}
1074
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1075TEST_F(ExportKeyTest, EcdsaSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1076 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().EcdsaSigningKey(224)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1077 string export_data;
1078 ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
1079 EXPECT_GT(export_data.length(), 0);
Shawn Willdene46a43f2014-08-27 10:35:36 -0600[diff] [blame]1080
1081 // TODO(swillden): Verify that the exported key is actually usable to verify signatures.
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1082}
1083
1084TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1085 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1086 string export_data;
1087 ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data));
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1088}
1089
1090TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1091 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaSigningKey(256)));
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1092 corrupt_key_blob();
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1093 string export_data;
1094 ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data));
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]1095}
1096
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1097static string read_file(const string& file_name) {
1098 ifstream file_stream(file_name, std::ios::binary);
1099 istreambuf_iterator<char> file_begin(file_stream);
1100 istreambuf_iterator<char> file_end;
1101 return string(file_begin, file_end);
1102}
1103
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1104typedef VerificationOperationsTest ImportKeyTest;
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1105TEST_F(ImportKeyTest, RsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1106 string pk8_key = read_file("rsa_privkey_pk8.der");
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1107 ASSERT_EQ(633U, pk8_key.size());
1108
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]1109 ASSERT_EQ(KM_ERROR_OK, ImportKey(ParamBuilder().RsaSigningKey().NoDigestOrPadding(),
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1110 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1111
1112 // Check values derived from the key.
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1113 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
1114 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 1024));
1115 EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 65537U));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1116
1117 // And values provided by GoogleKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1118 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1119 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1120
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1121 string message(1024 / 8, 'a');
1122 string signature;
1123 SignMessage(message, &signature);
1124 VerifyMessage(message, signature);
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]1125}
1126
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1127TEST_F(ImportKeyTest, RsaKeySizeMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1128 string pk8_key = read_file("rsa_privkey_pk8.der");
1129 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1130 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1131 ImportKey(ParamBuilder()
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]1132 .RsaSigningKey(2048) // Size doesn't match key
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1133 .NoDigestOrPadding(),
1134 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1135}
1136
1137TEST_F(ImportKeyTest, RsaPublicExponenMismatch) {
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1138 string pk8_key = read_file("rsa_privkey_pk8.der");
1139 ASSERT_EQ(633U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1140 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1141 ImportKey(ParamBuilder()
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]1142 .RsaSigningKey()
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1143 .Option(TAG_RSA_PUBLIC_EXPONENT, 3) // Doesn't match key
1144 .NoDigestOrPadding(),
1145 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1146}
1147
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1148TEST_F(ImportKeyTest, EcdsaSuccess) {
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1149 string pk8_key = read_file("ec_privkey_pk8.der");
1150 ASSERT_EQ(138U, pk8_key.size());
1151
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]1152 ASSERT_EQ(KM_ERROR_OK,
1153 ImportKey(ParamBuilder().EcdsaSigningKey(), KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1154
1155 // Check values derived from the key.
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1156 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
1157 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1158
1159 // And values provided by GoogleKeymaster
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1160 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1161 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1162
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1163 string message(1024 / 8, 'a');
1164 string signature;
1165 SignMessage(message, &signature);
1166 VerifyMessage(message, signature);
Shawn Willden81effc62014-08-27 10:08:46 -0600[diff] [blame]1167}
1168
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1169TEST_F(ImportKeyTest, EcdsaSizeSpecified) {
1170 string pk8_key = read_file("ec_privkey_pk8.der");
1171 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1172
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]1173 ASSERT_EQ(KM_ERROR_OK,
1174 ImportKey(ParamBuilder().EcdsaSigningKey(256), KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1175
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1176 // Check values derived from the key.
1177 EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
1178 EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256));
1179
1180 // And values provided by GoogleKeymaster
1181 EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
1182 EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
1183
1184 string message(1024 / 8, 'a');
1185 string signature;
1186 SignMessage(message, &signature);
1187 VerifyMessage(message, signature);
1188}
1189
1190TEST_F(ImportKeyTest, EcdsaSizeMismatch) {
1191 string pk8_key = read_file("ec_privkey_pk8.der");
1192 ASSERT_EQ(138U, pk8_key.size());
Shawn Willden5b53c992015-02-02 08:05:25 -0700[diff] [blame]1193 ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]1194 ImportKey(ParamBuilder().EcdsaSigningKey(224), // Size does not match key
1195 KM_KEY_FORMAT_PKCS8, pk8_key));
Shawn Willden6bbe6782014-09-18 11:26:15 -0600[diff] [blame]1196}
1197
Shawn Willden2665e862014-11-24 14:46:21 -0700[diff] [blame]1198typedef KeymasterTest VersionTest;
1199TEST_F(VersionTest, GetVersion) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1200 uint8_t major, minor, subminor;
1201 ASSERT_EQ(KM_ERROR_OK, GetVersion(&major, &minor, &subminor));
1202 EXPECT_EQ(1, major);
1203 EXPECT_EQ(0, minor);
1204 EXPECT_EQ(0, subminor);
Shawn Willden2665e862014-11-24 14:46:21 -0700[diff] [blame]1205}
1206
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1207typedef KeymasterTest EncryptionOperationsTest;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1208TEST_F(EncryptionOperationsTest, RsaOaepSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1209 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1210
1211 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1212 string ciphertext1 = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1213 EXPECT_EQ(512 / 8, ciphertext1.size());
1214
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1215 string ciphertext2 = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1216 EXPECT_EQ(512 / 8, ciphertext2.size());
1217
1218 // OAEP randomizes padding so every result should be different.
1219 EXPECT_NE(ciphertext1, ciphertext2);
1220}
1221
1222TEST_F(EncryptionOperationsTest, RsaOaepRoundTrip) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1223 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1224 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1225 string ciphertext = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1226 EXPECT_EQ(512 / 8, ciphertext.size());
1227
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1228 string plaintext = DecryptMessage(ciphertext);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1229 EXPECT_EQ(message, plaintext);
1230}
1231
1232TEST_F(EncryptionOperationsTest, RsaOaepTooLarge) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1233 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1234 string message = "12345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1235 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1236 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1237
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1238 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT));
1239 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1240 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1241 EXPECT_EQ(0, result.size());
1242}
1243
1244TEST_F(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1245 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_OAEP)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1246 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1247 string ciphertext = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1248 EXPECT_EQ(512 / 8, ciphertext.size());
1249
1250 // Corrupt the ciphertext
1251 ciphertext[512 / 8 / 2]++;
1252
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1253 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1254 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1255 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
1256 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1257 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1258 EXPECT_EQ(0, result.size());
1259}
1260
1261TEST_F(EncryptionOperationsTest, RsaPkcs1Success) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1262 ASSERT_EQ(KM_ERROR_OK,
1263 GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1264 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1265 string ciphertext1 = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1266 EXPECT_EQ(512 / 8, ciphertext1.size());
1267
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1268 string ciphertext2 = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1269 EXPECT_EQ(512 / 8, ciphertext2.size());
1270
1271 // PKCS1 v1.5 randomizes padding so every result should be different.
1272 EXPECT_NE(ciphertext1, ciphertext2);
1273}
1274
1275TEST_F(EncryptionOperationsTest, RsaPkcs1RoundTrip) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1276 ASSERT_EQ(KM_ERROR_OK,
1277 GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1278 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1279 string ciphertext = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1280 EXPECT_EQ(512 / 8, ciphertext.size());
1281
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1282 string plaintext = DecryptMessage(ciphertext);
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1283 EXPECT_EQ(message, plaintext);
1284}
1285
1286TEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1287 ASSERT_EQ(KM_ERROR_OK,
1288 GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1289 string message = "12345678901234567890123456789012345678901234567890123";
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1290 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1291 size_t input_consumed;
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1292
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1293 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT));
1294 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1295 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1296 EXPECT_EQ(0, result.size());
1297}
1298
1299TEST_F(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1300 ASSERT_EQ(KM_ERROR_OK,
1301 GenerateKey(ParamBuilder().RsaEncryptionKey(512, KM_PAD_RSA_PKCS1_1_5_ENCRYPT)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1302 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1303 string ciphertext = EncryptMessage(string(message));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1304 EXPECT_EQ(512 / 8, ciphertext.size());
1305
1306 // Corrupt the ciphertext
1307 ciphertext[512 / 8 / 2]++;
1308
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1309 string result;
Shawn Willdenb7361132014-12-08 08:15:14 -0700[diff] [blame]1310 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1311 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
1312 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1313 EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result));
Shawn Willden4200f212014-12-02 07:01:21 -0700[diff] [blame]1314 EXPECT_EQ(0, result.size());
1315}
1316
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]1317TEST_F(EncryptionOperationsTest, AesOcbSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1318 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1319 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1320 string ciphertext1 = EncryptMessage(string(message));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1321 EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext1.size());
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]1322
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1323 string ciphertext2 = EncryptMessage(string(message));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1324 EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext2.size());
Shawn Willden907c3012014-12-08 15:51:55 -0700[diff] [blame]1325
1326 // OCB uses a random nonce, so every output should be different
1327 EXPECT_NE(ciphertext1, ciphertext2);
1328}
1329
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1330TEST_F(EncryptionOperationsTest, AesOcbRoundTripSuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1331 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1332 string message = "Hello World!";
1333 string ciphertext = EncryptMessage(message);
1334 EXPECT_EQ(12 /* nonce */ + message.length() + 16 /* tag */, ciphertext.size());
1335
1336 string plaintext = DecryptMessage(ciphertext);
1337 EXPECT_EQ(message, plaintext);
1338}
1339
1340TEST_F(EncryptionOperationsTest, AesOcbRoundTripCorrupted) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1341 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1342 string message = "Hello World!";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1343 string ciphertext = EncryptMessage(string(message));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1344 EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext.size());
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1345
1346 ciphertext[ciphertext.size() / 2]++;
1347
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1348 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1349
1350 string result;
1351 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1352 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1353 EXPECT_EQ(ciphertext.length(), input_consumed);
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1354 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&result));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1355}
1356
1357TEST_F(EncryptionOperationsTest, AesDecryptGarbage) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1358 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1359 string ciphertext(128, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1360 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1361
1362 string result;
1363 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1364 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1365 EXPECT_EQ(ciphertext.length(), input_consumed);
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1366 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&result));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1367}
1368
1369TEST_F(EncryptionOperationsTest, AesDecryptTooShort) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1370 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1371
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1372 // Try decrypting garbage ciphertext that is too short to be valid (< nonce + tag).
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1373 string ciphertext(12 + 15, 'a');
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1374 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1375
1376 string result;
1377 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1378 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1379 EXPECT_EQ(ciphertext.length(), input_consumed);
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1380 EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1381}
1382
1383TEST_F(EncryptionOperationsTest, AesOcbRoundTripEmptySuccess) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1384 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1385 string message = "";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1386 string ciphertext = EncryptMessage(string(message));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1387 EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext.size());
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1388
1389 string plaintext = DecryptMessage(ciphertext);
1390 EXPECT_EQ(message, plaintext);
1391}
1392
1393TEST_F(EncryptionOperationsTest, AesOcbRoundTripEmptyCorrupted) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1394 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1395 string message = "";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1396 string ciphertext = EncryptMessage(string(message));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1397 EXPECT_EQ(12 /* nonce */ + message.size() + 16 /* tag */, ciphertext.size());
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1398
1399 ciphertext[ciphertext.size() / 2]++;
1400
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1401 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1402
1403 string result;
1404 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1405 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1406 EXPECT_EQ(ciphertext.length(), input_consumed);
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]1407 EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&result));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1408}
1409
1410TEST_F(EncryptionOperationsTest, AesOcbFullChunk) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1411 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1412 string message(4096, 'a');
1413 string ciphertext = EncryptMessage(message);
1414 EXPECT_EQ(12 /* nonce */ + message.length() + 16 /* tag */, ciphertext.size());
1415
1416 string plaintext = DecryptMessage(ciphertext);
1417 EXPECT_EQ(message, plaintext);
1418}
1419
1420TEST_F(EncryptionOperationsTest, AesOcbVariousChunkLengths) {
1421 for (unsigned chunk_length = 1; chunk_length <= 128; ++chunk_length) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1422 ASSERT_EQ(KM_ERROR_OK,
1423 GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(chunk_length, 16)));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1424 string message(128, 'a');
1425 string ciphertext = EncryptMessage(message);
1426 int expected_tag_count = (message.length() + chunk_length - 1) / chunk_length;
1427 EXPECT_EQ(12 /* nonce */ + message.length() + 16 * expected_tag_count, ciphertext.size())
1428 << "Unexpected ciphertext size for chunk length " << chunk_length
1429 << " expected tag count was " << expected_tag_count
1430 << " but actual tag count was probably "
1431 << (ciphertext.size() - message.length() - 12) / 16;
1432
1433 string plaintext = DecryptMessage(ciphertext);
1434 EXPECT_EQ(message, plaintext);
1435 }
1436}
1437
1438TEST_F(EncryptionOperationsTest, AesOcbAbort) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1439 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1440 string message = "Hello";
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1441
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1442 EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT));
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1443
1444 string result;
1445 size_t input_consumed;
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1446 EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
1447 EXPECT_EQ(message.length(), input_consumed);
1448 EXPECT_EQ(KM_ERROR_OK, AbortOperation());
Shawn Willden6dde87c2014-12-11 14:08:48 -0700[diff] [blame]1449}
1450
Shawn Willdenbe4a2a32014-12-15 14:51:10 -0700[diff] [blame]1451TEST_F(EncryptionOperationsTest, AesOcbNoChunkLength) {
Shawn Willdenc24c1102014-12-22 15:30:09 -0700[diff] [blame]1452 EXPECT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder()
1453 .AesEncryptionKey(128)
1454 .Option(TAG_BLOCK_MODE, KM_MODE_OCB)
1455 .Option(TAG_MAC_LENGTH, 16)));
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1456 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, BeginOperation(KM_PURPOSE_ENCRYPT));
Shawn Willdenbe4a2a32014-12-15 14:51:10 -0700[diff] [blame]1457}
1458
1459TEST_F(EncryptionOperationsTest, AesEcbUnsupported) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1460 GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE, KM_MODE_ECB));
1461 EXPECT_EQ(KM_ERROR_UNSUPPORTED_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT));
Shawn Willdenbe4a2a32014-12-15 14:51:10 -0700[diff] [blame]1462}
1463
1464TEST_F(EncryptionOperationsTest, AesOcbPaddingUnsupported) {
Shawn Willdenb15d77e2014-12-17 16:44:29 -0700[diff] [blame]1465 GenerateKey(
1466 ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 16).Option(TAG_PADDING, KM_PAD_ZERO));
1467 EXPECT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT));
Shawn Willdenbe4a2a32014-12-15 14:51:10 -0700[diff] [blame]1468}
1469
1470TEST_F(EncryptionOperationsTest, AesOcbInvalidMacLength) {
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]1471 ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).OcbMode(4096, 17)));
1472 EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, BeginOperation(KM_PURPOSE_ENCRYPT));
Shawn Willdenbe4a2a32014-12-15 14:51:10 -0700[diff] [blame]1473}
1474
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1475} // namespace test
1476} // namespace keymaster