Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 17 | #include <fstream> |
Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 18 | #include <string> |
| 19 | #include <vector> |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 20 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 21 | #include <openssl/evp.h> |
| 22 | #include <openssl/x509.h> |
| 23 | |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 24 | #include <hardware/keymaster0.h> |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 25 | #include <keymaster/key_factory.h> |
| 26 | #include <keymaster/soft_keymaster_context.h> |
Shawn Willden | b751033 | 2015-02-06 19:58:29 -0700 | [diff] [blame] | 27 | #include <keymaster/soft_keymaster_device.h> |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 28 | #include <keymaster/softkeymaster.h> |
Shawn Willden | 98d9b92 | 2014-08-26 08:14:10 -0600 | [diff] [blame] | 29 | |
Shawn Willden | b6837e7 | 2015-05-16 09:20:59 -0600 | [diff] [blame] | 30 | #include "android_keymaster_test_utils.h" |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 31 | #include "keymaster0_engine.h" |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 32 | #include "openssl_utils.h" |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 33 | |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 34 | using std::ifstream; |
| 35 | using std::istreambuf_iterator; |
Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 36 | using std::string; |
| 37 | using std::vector; |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 38 | using std::unique_ptr; |
| 39 | |
| 40 | extern "C" { |
| 41 | int __android_log_print(int prio, const char* tag, const char* fmt); |
| 42 | int __android_log_print(int prio, const char* tag, const char* fmt) { |
Chad Brubaker | 3e37f0a | 2015-06-03 10:39:00 -0700 | [diff] [blame] | 43 | (void)prio, (void)tag, (void)fmt; |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 44 | return 0; |
| 45 | } |
| 46 | } // extern "C" |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 47 | |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 48 | namespace keymaster { |
| 49 | namespace test { |
| 50 | |
Shawn Willden | 567a4a0 | 2014-12-31 12:14:46 -0700 | [diff] [blame] | 51 | StdoutLogger logger; |
| 52 | |
Shawn Willden | 0d061c8 | 2015-07-08 17:12:16 -0600 | [diff] [blame] | 53 | template <typename T> vector<T> make_vector(const T* array, size_t len) { |
| 54 | return vector<T>(array, array + len); |
| 55 | } |
| 56 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 57 | /** |
| 58 | * KeymasterEnforcement class for use in testing. It's permissive in the sense that it doesn't |
| 59 | * check cryptoperiods, but restrictive in the sense that the clock never advances (so rate-limited |
| 60 | * keys will only work once). |
| 61 | */ |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 62 | class TestKeymasterEnforcement : public KeymasterEnforcement { |
| 63 | public: |
| 64 | TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {} |
| 65 | |
| 66 | virtual bool activation_date_valid(uint64_t /* activation_date */) const { return true; } |
| 67 | virtual bool expiration_date_passed(uint64_t /* expiration_date */) const { return false; } |
| 68 | virtual bool auth_token_timed_out(const hw_auth_token_t& /* token */, |
| 69 | uint32_t /* timeout */) const { |
| 70 | return false; |
| 71 | } |
| 72 | virtual uint32_t get_current_time() const { return 0; } |
| 73 | virtual bool ValidateTokenSignature(const hw_auth_token_t& /* token */) const { return true; } |
| 74 | }; |
| 75 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 76 | /** |
| 77 | * Variant of SoftKeymasterContext that provides a TestKeymasterEnforcement. |
| 78 | */ |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 79 | class TestKeymasterContext : public SoftKeymasterContext { |
| 80 | public: |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 81 | TestKeymasterContext() {} |
| 82 | TestKeymasterContext(const string& root_of_trust) : SoftKeymasterContext(root_of_trust) {} |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 83 | |
| 84 | KeymasterEnforcement* enforcement_policy() override { return &test_policy_; } |
| 85 | |
| 86 | private: |
| 87 | TestKeymasterEnforcement test_policy_; |
| 88 | }; |
| 89 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 90 | /** |
| 91 | * Test instance creator that builds a pure software keymaster1 implementations. |
| 92 | */ |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 93 | class SoftKeymasterTestInstanceCreator : public Keymaster1TestInstanceCreator { |
| 94 | public: |
| 95 | keymaster1_device_t* CreateDevice() const override { |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 96 | std::cerr << "Creating software-only device" << std::endl; |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 97 | SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext); |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 98 | return device->keymaster_device(); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 99 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 100 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 101 | bool algorithm_in_km0_hardware(keymaster_algorithm_t) const override { return false; } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 102 | int keymaster0_calls() const override { return 0; } |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 103 | }; |
| 104 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 105 | /** |
| 106 | * Test instance creator that builds keymaster1 instances which wrap a faked hardware keymaster0 |
| 107 | * instance, with or without EC support. |
| 108 | */ |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 109 | class Keymaster0AdapterTestInstanceCreator : public Keymaster1TestInstanceCreator { |
| 110 | public: |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 111 | Keymaster0AdapterTestInstanceCreator(bool support_ec) : support_ec_(support_ec) {} |
| 112 | |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 113 | keymaster1_device_t* CreateDevice() const { |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 114 | std::cerr << "Creating keymaster0-backed device (with ec: " << std::boolalpha << support_ec_ |
| 115 | << ")." << std::endl; |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 116 | hw_device_t* softkeymaster_device; |
| 117 | EXPECT_EQ(0, openssl_open(&softkeymaster_module.common, KEYSTORE_KEYMASTER, |
| 118 | &softkeymaster_device)); |
| 119 | // Make the software device pretend to be hardware |
| 120 | keymaster0_device_t* keymaster0_device = |
| 121 | reinterpret_cast<keymaster0_device_t*>(softkeymaster_device); |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 122 | keymaster0_device->flags &= ~KEYMASTER_SOFTWARE_ONLY; |
| 123 | |
| 124 | if (!support_ec_) { |
| 125 | // Make the software device pretend not to support EC |
| 126 | keymaster0_device->flags &= ~KEYMASTER_SUPPORTS_EC; |
| 127 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 128 | |
| 129 | counting_keymaster0_device_ = new Keymaster0CountingWrapper(keymaster0_device); |
| 130 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 131 | SoftKeymasterDevice* keymaster = new SoftKeymasterDevice(new TestKeymasterContext); |
| 132 | keymaster->SetHardwareDevice(counting_keymaster0_device_); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 133 | return keymaster->keymaster_device(); |
| 134 | } |
| 135 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 136 | bool algorithm_in_km0_hardware(keymaster_algorithm_t algorithm) const override { |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 137 | switch (algorithm) { |
| 138 | case KM_ALGORITHM_RSA: |
| 139 | return true; |
| 140 | case KM_ALGORITHM_EC: |
| 141 | return support_ec_; |
| 142 | default: |
| 143 | return false; |
| 144 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 145 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 146 | int keymaster0_calls() const override { return counting_keymaster0_device_->count(); } |
| 147 | |
| 148 | private: |
| 149 | mutable Keymaster0CountingWrapper* counting_keymaster0_device_; |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 150 | bool support_ec_; |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 151 | }; |
| 152 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 153 | /** |
| 154 | * Test instance creator that builds a SoftKeymasterDevice which wraps a fake hardware keymaster1 |
| 155 | * instance, with minimal digest support. |
| 156 | */ |
| 157 | class Sha256OnlyKeymaster1TestInstanceCreator : public Keymaster1TestInstanceCreator { |
| 158 | keymaster1_device_t* CreateDevice() const { |
| 159 | std::cerr << "Creating keymaster1-backed device that supports only SHA256"; |
| 160 | |
| 161 | // fake_device doesn't leak because device (below) takes ownership of it. |
| 162 | keymaster1_device_t* fake_device = make_device_sha256_only( |
| 163 | (new SoftKeymasterDevice(new TestKeymasterContext("PseudoHW")))->keymaster_device()); |
| 164 | |
| 165 | // device doesn't leak; it's cleaned up by device->keymaster_device()->common.close(). |
| 166 | SoftKeymasterDevice* device = new SoftKeymasterDevice(new TestKeymasterContext); |
| 167 | device->SetHardwareDevice(fake_device); |
| 168 | |
| 169 | return device->keymaster_device(); |
| 170 | } |
| 171 | |
| 172 | bool algorithm_in_km0_hardware(keymaster_algorithm_t) const override { return false; } |
| 173 | int keymaster0_calls() const override { return 0; } |
| 174 | int minimal_digest_set() const override { return true; } |
| 175 | }; |
| 176 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 177 | static auto test_params = testing::Values( |
| 178 | InstanceCreatorPtr(new SoftKeymasterTestInstanceCreator), |
| 179 | InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)), |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 180 | InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)), |
| 181 | InstanceCreatorPtr(new Sha256OnlyKeymaster1TestInstanceCreator)); |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 182 | |
| 183 | typedef Keymaster1Test CheckSupported; |
| 184 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, CheckSupported, test_params); |
| 185 | |
| 186 | TEST_P(CheckSupported, SupportedAlgorithms) { |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 187 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 188 | device()->get_supported_algorithms(device(), NULL, NULL)); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 189 | |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 190 | size_t len; |
| 191 | keymaster_algorithm_t* algorithms; |
| 192 | EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len)); |
Shawn Willden | a278f61 | 2014-12-23 11:22:21 -0700 | [diff] [blame] | 193 | EXPECT_TRUE(ResponseContains( |
Shawn Willden | 9c65b2b | 2015-04-07 17:01:10 -0600 | [diff] [blame] | 194 | {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len)); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 195 | free(algorithms); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 196 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 197 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 198 | } |
| 199 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 200 | TEST_P(CheckSupported, SupportedBlockModes) { |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 201 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 202 | device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT, |
| 203 | NULL, NULL)); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 204 | |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 205 | size_t len; |
| 206 | keymaster_block_mode_t* modes; |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 207 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_RSA, |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 208 | KM_PURPOSE_ENCRYPT, &modes, &len)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 209 | EXPECT_EQ(0U, len); |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 210 | free(modes); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 211 | |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 212 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, |
Shawn Willden | 9c65b2b | 2015-04-07 17:01:10 -0600 | [diff] [blame] | 213 | device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 214 | &modes, &len)); |
Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 215 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 216 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES, |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 217 | KM_PURPOSE_ENCRYPT, &modes, &len)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 218 | EXPECT_TRUE(ResponseContains({KM_MODE_ECB, KM_MODE_CBC, KM_MODE_CTR, KM_MODE_GCM}, modes, len)); |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 219 | free(modes); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 220 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 221 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 222 | } |
| 223 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 224 | TEST_P(CheckSupported, SupportedPaddingModes) { |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 225 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 226 | device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, KM_PURPOSE_ENCRYPT, |
| 227 | NULL, NULL)); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 228 | |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 229 | size_t len; |
| 230 | keymaster_padding_t* modes; |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 231 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 232 | KM_PURPOSE_SIGN, &modes, &len)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 233 | EXPECT_TRUE( |
| 234 | ResponseContains({KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS}, modes, len)); |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 235 | free(modes); |
| 236 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 237 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_RSA, |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 238 | KM_PURPOSE_ENCRYPT, &modes, &len)); |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 239 | EXPECT_TRUE( |
| 240 | ResponseContains({KM_PAD_NONE, KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len)); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 241 | free(modes); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 242 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 243 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 244 | KM_PURPOSE_SIGN, &modes, &len)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 245 | EXPECT_EQ(0U, len); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 246 | free(modes); |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 247 | |
| 248 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, |
| 249 | device()->get_supported_padding_modes(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, |
| 250 | &modes, &len)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 251 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 252 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 253 | } |
| 254 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 255 | TEST_P(CheckSupported, SupportedDigests) { |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 256 | EXPECT_EQ( |
| 257 | KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 258 | device()->get_supported_digests(device(), KM_ALGORITHM_RSA, KM_PURPOSE_SIGN, NULL, NULL)); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 259 | |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 260 | size_t len; |
| 261 | keymaster_digest_t* digests; |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 262 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 263 | KM_PURPOSE_SIGN, &digests, &len)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 264 | if (GetParam()->minimal_digest_set()) { |
| 265 | EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len)); |
| 266 | } else { |
| 267 | EXPECT_TRUE( |
| 268 | ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, |
| 269 | KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512}, |
| 270 | digests, len)); |
| 271 | } |
| 272 | free(digests); |
| 273 | |
| 274 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_RSA, |
| 275 | KM_PURPOSE_ENCRYPT, &digests, &len)); |
| 276 | if (GetParam()->minimal_digest_set()) { |
| 277 | EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len)); |
| 278 | } else { |
| 279 | EXPECT_TRUE( |
| 280 | ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, |
| 281 | KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512}, |
| 282 | digests, len)); |
| 283 | } |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 284 | free(digests); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 285 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 286 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 287 | KM_PURPOSE_SIGN, &digests, &len)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 288 | if (GetParam()->minimal_digest_set()) { |
| 289 | EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len)); |
| 290 | } else { |
| 291 | EXPECT_TRUE( |
| 292 | ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, |
| 293 | KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512}, |
| 294 | digests, len)); |
| 295 | } |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 296 | free(digests); |
Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 297 | |
Shawn Willden | 63ac043 | 2014-12-29 14:07:08 -0700 | [diff] [blame] | 298 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, |
| 299 | device()->get_supported_digests(device(), KM_ALGORITHM_AES, KM_PURPOSE_SIGN, &digests, |
| 300 | &len)); |
| 301 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 302 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_HMAC, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 303 | KM_PURPOSE_SIGN, &digests, &len)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 304 | if (GetParam()->minimal_digest_set()) { |
Shawn Willden | 35619fd | 2015-08-13 23:23:05 -0600 | [diff] [blame] | 305 | EXPECT_TRUE(ResponseContains(KM_DIGEST_SHA_2_256, digests, len)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 306 | } else { |
| 307 | EXPECT_TRUE(ResponseContains({KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, |
| 308 | KM_DIGEST_SHA_2_512, KM_DIGEST_SHA1}, |
| 309 | digests, len)); |
| 310 | } |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 311 | free(digests); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 312 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 313 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 314 | } |
| 315 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 316 | TEST_P(CheckSupported, SupportedImportFormats) { |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 317 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 318 | device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, NULL, NULL)); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 319 | |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 320 | size_t len; |
| 321 | keymaster_key_format_t* formats; |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 322 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 323 | device()->get_supported_import_formats(device(), KM_ALGORITHM_RSA, &formats, &len)); |
Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 324 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_PKCS8, formats, len)); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 325 | free(formats); |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 326 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 327 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 328 | device()->get_supported_import_formats(device(), KM_ALGORITHM_AES, &formats, &len)); |
| 329 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len)); |
| 330 | free(formats); |
| 331 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 332 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 333 | device()->get_supported_import_formats(device(), KM_ALGORITHM_HMAC, &formats, &len)); |
| 334 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_RAW, formats, len)); |
| 335 | free(formats); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 336 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 337 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 338 | } |
| 339 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 340 | TEST_P(CheckSupported, SupportedExportFormats) { |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 341 | EXPECT_EQ(KM_ERROR_OUTPUT_PARAMETER_NULL, |
| 342 | device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, NULL, NULL)); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 343 | |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 344 | size_t len; |
| 345 | keymaster_key_format_t* formats; |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 346 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 347 | device()->get_supported_export_formats(device(), KM_ALGORITHM_RSA, &formats, &len)); |
Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 348 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len)); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 349 | free(formats); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 350 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 351 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 9c65b2b | 2015-04-07 17:01:10 -0600 | [diff] [blame] | 352 | device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len)); |
Shawn Willden | 76076ab | 2014-12-18 08:36:35 -0700 | [diff] [blame] | 353 | EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len)); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 354 | free(formats); |
Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 355 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 356 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 357 | device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 358 | EXPECT_EQ(0U, len); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 359 | free(formats); |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 360 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 361 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 362 | device()->get_supported_export_formats(device(), KM_ALGORITHM_AES, &formats, &len)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 363 | EXPECT_EQ(0U, len); |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 364 | free(formats); |
| 365 | |
Shawn Willden | 0cb6942 | 2015-05-26 08:31:37 -0600 | [diff] [blame] | 366 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 367 | device()->get_supported_export_formats(device(), KM_ALGORITHM_HMAC, &formats, &len)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 368 | EXPECT_EQ(0U, len); |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 369 | free(formats); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 370 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 371 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 372 | } |
| 373 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 374 | class NewKeyGeneration : public Keymaster1Test { |
Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 375 | protected: |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 376 | void CheckBaseParams() { |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 377 | AuthorizationSet auths = sw_enforced(); |
| 378 | EXPECT_GT(auths.SerializedSize(), 12U); |
| 379 | |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 380 | EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_SIGN)); |
| 381 | EXPECT_TRUE(contains(auths, TAG_PURPOSE, KM_PURPOSE_VERIFY)); |
| 382 | EXPECT_TRUE(contains(auths, TAG_USER_ID, 7)); |
Shawn Willden | eb63b97 | 2015-03-14 08:01:12 -0600 | [diff] [blame] | 383 | EXPECT_TRUE(contains(auths, TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD)); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 384 | EXPECT_TRUE(contains(auths, TAG_AUTH_TIMEOUT, 300)); |
Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 385 | |
| 386 | // Verify that App ID, App data and ROT are NOT included. |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 387 | EXPECT_FALSE(contains(auths, TAG_ROOT_OF_TRUST)); |
| 388 | EXPECT_FALSE(contains(auths, TAG_APPLICATION_ID)); |
| 389 | EXPECT_FALSE(contains(auths, TAG_APPLICATION_DATA)); |
Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 390 | |
| 391 | // Just for giggles, check that some unexpected tags/values are NOT present. |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 392 | EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_ENCRYPT)); |
| 393 | EXPECT_FALSE(contains(auths, TAG_PURPOSE, KM_PURPOSE_DECRYPT)); |
| 394 | EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301)); |
Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 395 | |
| 396 | // Now check that unspecified, defaulted tags are correct. |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 397 | EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME)); |
Shawn Willden | d077231 | 2014-09-18 12:27:57 -0600 | [diff] [blame] | 398 | } |
Shawn Willden | 2079ae8 | 2015-01-22 13:42:31 -0700 | [diff] [blame] | 399 | }; |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 400 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, NewKeyGeneration, test_params); |
| 401 | |
| 402 | TEST_P(NewKeyGeneration, Rsa) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 403 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 404 | .RsaSigningKey(256, 3) |
| 405 | .Digest(KM_DIGEST_NONE) |
| 406 | .Padding(KM_PAD_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 407 | CheckBaseParams(); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 408 | |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 409 | // Check specified tags are all present, and in the right set. |
| 410 | AuthorizationSet crypto_params; |
| 411 | AuthorizationSet non_crypto_params; |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 412 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) { |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 413 | EXPECT_NE(0U, hw_enforced().size()); |
| 414 | EXPECT_NE(0U, sw_enforced().size()); |
| 415 | crypto_params.push_back(hw_enforced()); |
| 416 | non_crypto_params.push_back(sw_enforced()); |
| 417 | } else { |
| 418 | EXPECT_EQ(0U, hw_enforced().size()); |
| 419 | EXPECT_NE(0U, sw_enforced().size()); |
| 420 | crypto_params.push_back(sw_enforced()); |
| 421 | } |
| 422 | |
| 423 | EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| 424 | EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| 425 | EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 256)); |
| 426 | EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 256)); |
| 427 | EXPECT_TRUE(contains(crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3)); |
| 428 | EXPECT_FALSE(contains(non_crypto_params, TAG_RSA_PUBLIC_EXPONENT, 3)); |
| 429 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 430 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 431 | EXPECT_EQ(1, GetParam()->keymaster0_calls()); |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 432 | } |
| 433 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 434 | TEST_P(NewKeyGeneration, RsaDefaultSize) { |
Shawn Willden | 3b4e165 | 2015-02-27 13:33:01 -0700 | [diff] [blame] | 435 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, |
| 436 | GenerateKey(AuthorizationSetBuilder() |
| 437 | .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA) |
| 438 | .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3) |
| 439 | .SigningKey())); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 440 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 441 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 442 | } |
| 443 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 444 | TEST_P(NewKeyGeneration, Ecdsa) { |
Shawn Willden | 84b8da5 | 2015-03-11 07:21:32 -0600 | [diff] [blame] | 445 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 446 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 447 | CheckBaseParams(); |
Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 448 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 449 | // Check specified tags are all present, and in the right set. |
| 450 | AuthorizationSet crypto_params; |
| 451 | AuthorizationSet non_crypto_params; |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 452 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) { |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 453 | EXPECT_NE(0U, hw_enforced().size()); |
| 454 | EXPECT_NE(0U, sw_enforced().size()); |
| 455 | crypto_params.push_back(hw_enforced()); |
| 456 | non_crypto_params.push_back(sw_enforced()); |
| 457 | } else { |
| 458 | EXPECT_EQ(0U, hw_enforced().size()); |
| 459 | EXPECT_NE(0U, sw_enforced().size()); |
| 460 | crypto_params.push_back(sw_enforced()); |
| 461 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 462 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 463 | EXPECT_TRUE(contains(crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC)); |
| 464 | EXPECT_FALSE(contains(non_crypto_params, TAG_ALGORITHM, KM_ALGORITHM_EC)); |
| 465 | EXPECT_TRUE(contains(crypto_params, TAG_KEY_SIZE, 224)); |
| 466 | EXPECT_FALSE(contains(non_crypto_params, TAG_KEY_SIZE, 224)); |
| 467 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 468 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 469 | EXPECT_EQ(1, GetParam()->keymaster0_calls()); |
Shawn Willden | c3864dd | 2014-08-18 15:20:01 -0600 | [diff] [blame] | 470 | } |
| 471 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 472 | TEST_P(NewKeyGeneration, EcdsaDefaultSize) { |
Shawn Willden | 4f83b89 | 2015-05-26 12:52:54 -0600 | [diff] [blame] | 473 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE, |
| 474 | GenerateKey(AuthorizationSetBuilder() |
| 475 | .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC) |
| 476 | .SigningKey() |
| 477 | .Digest(KM_DIGEST_NONE))); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 478 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 479 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 480 | } |
| 481 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 482 | TEST_P(NewKeyGeneration, EcdsaInvalidSize) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 483 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 484 | ASSERT_EQ( |
| 485 | KM_ERROR_UNKNOWN_ERROR, |
| 486 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE))); |
| 487 | else |
| 488 | ASSERT_EQ( |
| 489 | KM_ERROR_UNSUPPORTED_KEY_SIZE, |
| 490 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(KM_DIGEST_NONE))); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 491 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 492 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 493 | EXPECT_EQ(1, GetParam()->keymaster0_calls()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 494 | } |
| 495 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 496 | TEST_P(NewKeyGeneration, EcdsaAllValidSizes) { |
Shawn Willden | 8c856c8 | 2014-09-26 09:34:36 -0600 | [diff] [blame] | 497 | size_t valid_sizes[] = {224, 256, 384, 521}; |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 498 | for (size_t size : valid_sizes) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 499 | EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest( |
| 500 | KM_DIGEST_NONE))) |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 501 | << "Failed to generate size: " << size; |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 502 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 503 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 504 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 505 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 506 | } |
| 507 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 508 | TEST_P(NewKeyGeneration, HmacSha256) { |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 509 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 510 | .HmacKey(128) |
| 511 | .Digest(KM_DIGEST_SHA_2_256) |
| 512 | .Authorization(TAG_MIN_MAC_LENGTH, 256))); |
| 513 | |
| 514 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 515 | } |
| 516 | |
| 517 | TEST_P(NewKeyGeneration, HmacMultipleDigests) { |
| 518 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, |
| 519 | GenerateKey(AuthorizationSetBuilder() |
| 520 | .HmacKey(128) |
| 521 | .Digest(KM_DIGEST_SHA1) |
| 522 | .Digest(KM_DIGEST_SHA_2_256) |
| 523 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
| 524 | |
| 525 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 526 | } |
| 527 | |
| 528 | TEST_P(NewKeyGeneration, HmacDigestNone) { |
| 529 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_DIGEST, |
| 530 | GenerateKey(AuthorizationSetBuilder() |
| 531 | .HmacKey(128) |
| 532 | .Digest(KM_DIGEST_NONE) |
| 533 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
| 534 | |
| 535 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 536 | } |
| 537 | |
| 538 | TEST_P(NewKeyGeneration, HmacSha256TooShortMacLength) { |
| 539 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH, |
| 540 | GenerateKey(AuthorizationSetBuilder() |
| 541 | .HmacKey(128) |
| 542 | .Digest(KM_DIGEST_SHA_2_256) |
| 543 | .Authorization(TAG_MIN_MAC_LENGTH, 48))); |
| 544 | |
| 545 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 546 | } |
| 547 | |
| 548 | TEST_P(NewKeyGeneration, HmacSha256NonIntegralOctetMacLength) { |
| 549 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH, |
| 550 | GenerateKey(AuthorizationSetBuilder() |
| 551 | .HmacKey(128) |
| 552 | .Digest(KM_DIGEST_SHA_2_256) |
| 553 | .Authorization(TAG_MIN_MAC_LENGTH, 130))); |
| 554 | |
| 555 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 556 | } |
| 557 | |
| 558 | TEST_P(NewKeyGeneration, HmacSha256TooLongMacLength) { |
| 559 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH, |
| 560 | GenerateKey(AuthorizationSetBuilder() |
| 561 | .HmacKey(128) |
| 562 | .Digest(KM_DIGEST_SHA_2_256) |
| 563 | .Authorization(TAG_MIN_MAC_LENGTH, 384))); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 564 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 565 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 566 | } |
| 567 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 568 | typedef Keymaster1Test GetKeyCharacteristics; |
| 569 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, GetKeyCharacteristics, test_params); |
| 570 | |
| 571 | TEST_P(GetKeyCharacteristics, SimpleRsa) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 572 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 573 | .RsaSigningKey(256, 3) |
| 574 | .Digest(KM_DIGEST_NONE) |
| 575 | .Padding(KM_PAD_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 576 | AuthorizationSet original(sw_enforced()); |
Shawn Willden | 7636471 | 2014-08-11 17:48:04 -0600 | [diff] [blame] | 577 | |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 578 | ASSERT_EQ(KM_ERROR_OK, GetCharacteristics()); |
| 579 | EXPECT_EQ(original, sw_enforced()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 580 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 581 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 582 | EXPECT_EQ(1, GetParam()->keymaster0_calls()); |
Shawn Willden | 7636471 | 2014-08-11 17:48:04 -0600 | [diff] [blame] | 583 | } |
| 584 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 585 | typedef Keymaster1Test SigningOperationsTest; |
| 586 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, SigningOperationsTest, test_params); |
| 587 | |
| 588 | TEST_P(SigningOperationsTest, RsaSuccess) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 589 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 590 | .RsaSigningKey(256, 3) |
| 591 | .Digest(KM_DIGEST_NONE) |
| 592 | .Padding(KM_PAD_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 593 | string message = "12345678901234567890123456789012"; |
| 594 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 595 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 596 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 597 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 598 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 599 | } |
| 600 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 601 | TEST_P(SigningOperationsTest, RsaPssSha256Success) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 602 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 603 | .RsaSigningKey(512, 3) |
| 604 | .Digest(KM_DIGEST_SHA_2_256) |
| 605 | .Padding(KM_PAD_RSA_PSS))); |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 606 | // Use large message, which won't work without digesting. |
| 607 | string message(1024, 'a'); |
| 608 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 609 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 610 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 611 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 612 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 613 | } |
| 614 | |
Shawn Willden | 5cf4502 | 2015-07-20 09:10:32 -0600 | [diff] [blame] | 615 | TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) { |
Shawn Willden | bfd9ed7 | 2015-06-11 10:51:12 -0600 | [diff] [blame] | 616 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 617 | .RsaSigningKey(512, 3) |
| 618 | .Digest(KM_DIGEST_NONE) |
| 619 | .Padding(KM_PAD_NONE))); |
| 620 | string message = "12345678901234567890123456789012"; |
| 621 | string signature; |
Shawn Willden | bfd9ed7 | 2015-06-11 10:51:12 -0600 | [diff] [blame] | 622 | |
Shawn Willden | 5cf4502 | 2015-07-20 09:10:32 -0600 | [diff] [blame] | 623 | AuthorizationSet begin_params(client_params()); |
| 624 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 625 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| 626 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 627 | |
| 628 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
| 629 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | bfd9ed7 | 2015-06-11 10:51:12 -0600 | [diff] [blame] | 630 | } |
| 631 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 632 | TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 633 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 634 | .RsaSigningKey(512, 3) |
| 635 | .Digest(KM_DIGEST_SHA_2_256) |
| 636 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 637 | string message(1024, 'a'); |
| 638 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 639 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 640 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 641 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 642 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 643 | } |
| 644 | |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 645 | TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) { |
| 646 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 647 | .RsaSigningKey(512, 3) |
| 648 | .Digest(KM_DIGEST_NONE) |
| 649 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); |
| 650 | string message(53, 'a'); |
| 651 | string signature; |
| 652 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| 653 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 654 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 655 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
| 656 | } |
| 657 | |
| 658 | TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) { |
| 659 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 660 | .RsaSigningKey(512, 3) |
| 661 | .Digest(KM_DIGEST_NONE) |
| 662 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); |
| 663 | string message(54, 'a'); |
| 664 | |
| 665 | AuthorizationSet begin_params(client_params()); |
| 666 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 667 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| 668 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
| 669 | string result; |
| 670 | size_t input_consumed; |
| 671 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 672 | string signature; |
| 673 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature)); |
| 674 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 675 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 676 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
| 677 | } |
| 678 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 679 | TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) { |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 680 | // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so |
| 681 | // verify that nine bytes larger than hash won't work. |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 682 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 683 | .RsaSigningKey(256 + 9 * 8, 3) |
| 684 | .Digest(KM_DIGEST_SHA_2_256) |
| 685 | .Padding(KM_PAD_RSA_PSS))); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 686 | string message(1024, 'a'); |
| 687 | string signature; |
| 688 | |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 689 | AuthorizationSet begin_params(client_params()); |
| 690 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 691 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS); |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 692 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 693 | } |
| 694 | |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 695 | TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) { |
| 696 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 697 | .RsaSigningKey(256, 3) |
| 698 | .Digest(KM_DIGEST_NONE) |
| 699 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); |
| 700 | string message(64 * 1024, 'a'); |
| 701 | string signature; |
| 702 | AuthorizationSet begin_params(client_params()); |
| 703 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 704 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| 705 | ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
| 706 | string result; |
| 707 | size_t input_consumed; |
| 708 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed)); |
| 709 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 710 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 711 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
| 712 | } |
| 713 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 714 | TEST_P(SigningOperationsTest, RsaAbort) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 715 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 716 | .RsaSigningKey(256, 3) |
| 717 | .Digest(KM_DIGEST_NONE) |
| 718 | .Padding(KM_PAD_NONE))); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 719 | AuthorizationSet begin_params(client_params()); |
| 720 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 721 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 722 | ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 723 | EXPECT_EQ(KM_ERROR_OK, AbortOperation()); |
| 724 | // Another abort should fail |
| 725 | EXPECT_EQ(KM_ERROR_INVALID_OPERATION_HANDLE, AbortOperation()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 726 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 727 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 728 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 729 | } |
| 730 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 731 | TEST_P(SigningOperationsTest, RsaUnsupportedPadding) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 732 | GenerateKey(AuthorizationSetBuilder() |
| 733 | .RsaSigningKey(256, 3) |
| 734 | .Digest(KM_DIGEST_SHA_2_256 /* supported digest */) |
| 735 | .Padding(KM_PAD_PKCS7)); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 736 | AuthorizationSet begin_params(client_params()); |
| 737 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
| 738 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 739 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 740 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 741 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 742 | } |
| 743 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 744 | TEST_P(SigningOperationsTest, RsaNoDigest) { |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 745 | // PSS requires a digest. |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 746 | GenerateKey(AuthorizationSetBuilder() |
| 747 | .RsaSigningKey(256, 3) |
| 748 | .Digest(KM_DIGEST_NONE) |
| 749 | .Padding(KM_PAD_RSA_PSS)); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 750 | AuthorizationSet begin_params(client_params()); |
| 751 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 752 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 753 | ASSERT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 754 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 755 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 756 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 757 | } |
| 758 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 759 | TEST_P(SigningOperationsTest, RsaNoPadding) { |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 760 | // Padding must be specified |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 761 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaKey(256, 3).SigningKey().Digest( |
| 762 | KM_DIGEST_NONE))); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 763 | AuthorizationSet begin_params(client_params()); |
| 764 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 765 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 766 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 767 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 768 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 769 | } |
| 770 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 771 | TEST_P(SigningOperationsTest, RsaTooShortMessage) { |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 772 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 773 | .RsaSigningKey(256, 3) |
| 774 | .Digest(KM_DIGEST_NONE) |
| 775 | .Padding(KM_PAD_NONE))); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 776 | string message = "1234567890123456789012345678901"; |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 777 | string signature; |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 778 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 779 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 780 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 781 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 782 | } |
| 783 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 784 | TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) { |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 785 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 786 | .RsaEncryptionKey(256, 3) |
| 787 | .Digest(KM_DIGEST_NONE) |
| 788 | .Padding(KM_PAD_NONE))); |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 789 | AuthorizationSet begin_params(client_params()); |
| 790 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 791 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 792 | ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 793 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 794 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 294a2db | 2015-06-17 11:20:56 -0600 | [diff] [blame] | 795 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 796 | } |
| 797 | |
Shawn Willden | 39ba76d | 2015-10-23 10:11:40 -0600 | [diff] [blame] | 798 | TEST_P(SigningOperationsTest, RsaSignTooLargeMessage) { |
| 799 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 800 | .RsaSigningKey(256, 3) |
| 801 | .Digest(KM_DIGEST_NONE) |
| 802 | .Padding(KM_PAD_NONE))); |
| 803 | string message(256 / 8, static_cast<char>(0xff)); |
| 804 | string signature; |
| 805 | AuthorizationSet begin_params(client_params()); |
| 806 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 807 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 808 | ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
| 809 | string result; |
| 810 | size_t input_consumed; |
| 811 | ASSERT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 812 | ASSERT_EQ(message.size(), input_consumed); |
| 813 | string output; |
| 814 | ASSERT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&output)); |
| 815 | |
| 816 | |
| 817 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
| 818 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
| 819 | } |
| 820 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 821 | TEST_P(SigningOperationsTest, EcdsaSuccess) { |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 822 | ASSERT_EQ(KM_ERROR_OK, |
| 823 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE))); |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 824 | string message(224 / 8, 'a'); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 825 | string signature; |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 826 | SignMessage(message, &signature, KM_DIGEST_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 827 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 828 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 829 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 830 | } |
| 831 | |
Shawn Willden | efbd7e4 | 2015-06-01 07:07:33 -0600 | [diff] [blame] | 832 | TEST_P(SigningOperationsTest, EcdsaSha256Success) { |
| 833 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest( |
| 834 | KM_DIGEST_SHA_2_256))); |
| 835 | string message(1024, 'a'); |
| 836 | string signature; |
| 837 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256); |
| 838 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 839 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
| 840 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
| 841 | } |
| 842 | |
| 843 | TEST_P(SigningOperationsTest, EcdsaSha384Success) { |
| 844 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest( |
| 845 | KM_DIGEST_SHA_2_384))); |
| 846 | string message(1024, 'a'); |
| 847 | string signature; |
| 848 | SignMessage(message, &signature, KM_DIGEST_SHA_2_384); |
| 849 | |
| 850 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | efbd7e4 | 2015-06-01 07:07:33 -0600 | [diff] [blame] | 851 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
| 852 | } |
| 853 | |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 854 | TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) { |
| 855 | ASSERT_EQ(KM_ERROR_OK, |
| 856 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE))); |
| 857 | string message(64 * 1024, 'a'); |
| 858 | string signature; |
| 859 | AuthorizationSet begin_params(client_params()); |
| 860 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 861 | ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); |
| 862 | string result; |
| 863 | size_t input_consumed; |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 864 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 865 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 866 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 867 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
| 868 | } |
| 869 | |
Shawn Willden | 0d061c8 | 2015-07-08 17:12:16 -0600 | [diff] [blame] | 870 | TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) { |
| 871 | size_t len; |
| 872 | keymaster_digest_t* digest_arr; |
| 873 | ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC, |
| 874 | KM_PURPOSE_SIGN, &digest_arr, &len)); |
| 875 | vector<int> key_sizes = {224, 256, 384, 521}; |
| 876 | vector<keymaster_digest_t> digests = make_vector(digest_arr, len); |
| 877 | free(digest_arr); |
| 878 | |
| 879 | for (int key_size : key_sizes) { |
| 880 | for (keymaster_digest_t digest : digests) { |
| 881 | ASSERT_EQ( |
| 882 | KM_ERROR_OK, |
| 883 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest))); |
| 884 | |
| 885 | string message(1024, 'a'); |
| 886 | string signature; |
| 887 | if (digest == KM_DIGEST_NONE) |
| 888 | message.resize(key_size / 8); |
| 889 | SignMessage(message, &signature, digest); |
| 890 | } |
| 891 | } |
| 892 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 893 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 0d061c8 | 2015-07-08 17:12:16 -0600 | [diff] [blame] | 894 | EXPECT_EQ(digests.size() * key_sizes.size() * 3, |
| 895 | static_cast<size_t>(GetParam()->keymaster0_calls())); |
| 896 | } |
| 897 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 898 | TEST_P(SigningOperationsTest, AesEcbSign) { |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 899 | ASSERT_EQ(KM_ERROR_OK, |
| 900 | GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization( |
| 901 | TAG_BLOCK_MODE, KM_MODE_ECB))); |
Shawn Willden | 294a2db | 2015-06-17 11:20:56 -0600 | [diff] [blame] | 902 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_SIGN)); |
| 903 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_VERIFY)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 904 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 905 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 906 | } |
| 907 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 908 | TEST_P(SigningOperationsTest, HmacSha1Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 909 | if (GetParam()->minimal_digest_set()) |
| 910 | // Can't emulate other digests for HMAC. |
| 911 | return; |
| 912 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 913 | GenerateKey(AuthorizationSetBuilder() |
| 914 | .HmacKey(128) |
| 915 | .Digest(KM_DIGEST_SHA1) |
| 916 | .Authorization(TAG_MIN_MAC_LENGTH, 160)); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 917 | string message = "12345678901234567890123456789012"; |
| 918 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 919 | MacMessage(message, &signature, 160); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 920 | ASSERT_EQ(20U, signature.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 921 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 922 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 923 | } |
| 924 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 925 | TEST_P(SigningOperationsTest, HmacSha224Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 926 | if (GetParam()->minimal_digest_set()) |
| 927 | // Can't emulate other digests for HMAC. |
| 928 | return; |
| 929 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 930 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 931 | .HmacKey(128) |
| 932 | .Digest(KM_DIGEST_SHA_2_224) |
| 933 | .Authorization(TAG_MIN_MAC_LENGTH, 160))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 934 | string message = "12345678901234567890123456789012"; |
| 935 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 936 | MacMessage(message, &signature, 224); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 937 | ASSERT_EQ(28U, signature.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 938 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 939 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 940 | } |
| 941 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 942 | TEST_P(SigningOperationsTest, HmacSha256Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 943 | if (GetParam()->minimal_digest_set()) |
| 944 | // Can't emulate other digests for HMAC. |
| 945 | return; |
| 946 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 947 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 948 | .HmacKey(128) |
| 949 | .Digest(KM_DIGEST_SHA_2_256) |
| 950 | .Authorization(TAG_MIN_MAC_LENGTH, 256))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 951 | string message = "12345678901234567890123456789012"; |
| 952 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 953 | MacMessage(message, &signature, 256); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 954 | ASSERT_EQ(32U, signature.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 955 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 956 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 957 | } |
| 958 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 959 | TEST_P(SigningOperationsTest, HmacSha384Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 960 | if (GetParam()->minimal_digest_set()) |
| 961 | // Can't emulate other digests for HMAC. |
| 962 | return; |
| 963 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 964 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 965 | .HmacKey(128) |
| 966 | .Digest(KM_DIGEST_SHA_2_384) |
| 967 | .Authorization(TAG_MIN_MAC_LENGTH, 384))); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 968 | |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 969 | string message = "12345678901234567890123456789012"; |
| 970 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 971 | MacMessage(message, &signature, 384); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 972 | ASSERT_EQ(48U, signature.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 973 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 974 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 62c2286 | 2014-12-17 08:36:20 -0700 | [diff] [blame] | 975 | } |
| 976 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 977 | TEST_P(SigningOperationsTest, HmacSha512Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 978 | if (GetParam()->minimal_digest_set()) |
| 979 | // Can't emulate other digests for HMAC. |
| 980 | return; |
| 981 | |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 982 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 983 | .HmacKey(128) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 984 | .Digest(KM_DIGEST_SHA_2_512) |
Shawn Willden | 5cf4502 | 2015-07-20 09:10:32 -0600 | [diff] [blame] | 985 | .Authorization(TAG_MIN_MAC_LENGTH, 384))); |
| 986 | string message = "12345678901234567890123456789012"; |
| 987 | string signature; |
| 988 | MacMessage(message, &signature, 512); |
| 989 | ASSERT_EQ(64U, signature.size()); |
| 990 | |
| 991 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 992 | } |
| 993 | |
| 994 | TEST_P(SigningOperationsTest, HmacLengthInKey) { |
| 995 | // TODO(swillden): unified API should generate an error on key generation. |
| 996 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 997 | .HmacKey(128) |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 998 | .Digest(KM_DIGEST_SHA_2_256) |
| 999 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 1000 | string message = "12345678901234567890123456789012"; |
| 1001 | string signature; |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1002 | MacMessage(message, &signature, 160); |
| 1003 | ASSERT_EQ(20U, signature.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1004 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1005 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 1006 | } |
| 1007 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1008 | TEST_P(SigningOperationsTest, HmacRfc4231TestCase1) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1009 | uint8_t key_data[] = { |
| 1010 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 1011 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 1012 | }; |
| 1013 | string message = "Hi There"; |
| 1014 | uint8_t sha_224_expected[] = { |
| 1015 | 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, |
| 1016 | 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22, |
| 1017 | }; |
| 1018 | uint8_t sha_256_expected[] = { |
| 1019 | 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, |
| 1020 | 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, |
| 1021 | 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7, |
| 1022 | }; |
| 1023 | uint8_t sha_384_expected[] = { |
| 1024 | 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, |
| 1025 | 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, |
| 1026 | 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9, |
| 1027 | 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6, |
| 1028 | }; |
| 1029 | uint8_t sha_512_expected[] = { |
| 1030 | 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a, |
| 1031 | 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0, |
| 1032 | 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, |
| 1033 | 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e, |
| 1034 | 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54, |
| 1035 | }; |
| 1036 | |
| 1037 | string key = make_string(key_data); |
| 1038 | |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1039 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1040 | if (!GetParam()->minimal_digest_set()) { |
| 1041 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected)); |
| 1042 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected)); |
| 1043 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected)); |
| 1044 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1045 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1046 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1047 | } |
| 1048 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1049 | TEST_P(SigningOperationsTest, HmacRfc4231TestCase2) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1050 | string key = "Jefe"; |
| 1051 | string message = "what do ya want for nothing?"; |
| 1052 | uint8_t sha_224_expected[] = { |
| 1053 | 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf, 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e, |
| 1054 | 0x6d, 0x0f, 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00, 0x8f, 0xd0, 0x5e, 0x44, |
| 1055 | }; |
| 1056 | uint8_t sha_256_expected[] = { |
| 1057 | 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, 0x6a, 0x04, 0x24, |
| 1058 | 0x26, 0x08, 0x95, 0x75, 0xc7, 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, |
| 1059 | 0x39, 0x83, 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43, |
| 1060 | }; |
| 1061 | uint8_t sha_384_expected[] = { |
| 1062 | 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31, 0x61, 0x7f, 0x78, 0xd2, |
| 1063 | 0xb5, 0x8a, 0x6b, 0x1b, 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47, |
| 1064 | 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e, 0x8e, 0x22, 0x40, 0xca, |
| 1065 | 0x5e, 0x69, 0xe2, 0xc7, 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49, |
| 1066 | }; |
| 1067 | uint8_t sha_512_expected[] = { |
| 1068 | 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2, 0xe3, 0x95, 0xfb, 0xe7, 0x3b, |
| 1069 | 0x56, 0xe0, 0xa3, 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6, 0x10, 0x27, |
| 1070 | 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54, 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99, |
| 1071 | 0x4a, 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd, 0xca, 0xea, 0xb1, 0xa3, |
| 1072 | 0x4d, 0x4a, 0x6b, 0x4b, 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37, |
| 1073 | }; |
| 1074 | |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1075 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1076 | if (!GetParam()->minimal_digest_set()) { |
| 1077 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected)); |
| 1078 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
| 1079 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected)); |
| 1080 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected)); |
| 1081 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1082 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1083 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1084 | } |
| 1085 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1086 | TEST_P(SigningOperationsTest, HmacRfc4231TestCase3) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1087 | string key(20, 0xaa); |
| 1088 | string message(50, 0xdd); |
| 1089 | uint8_t sha_224_expected[] = { |
| 1090 | 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a, |
| 1091 | 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea, |
| 1092 | }; |
| 1093 | uint8_t sha_256_expected[] = { |
| 1094 | 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, |
| 1095 | 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, |
| 1096 | 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe, |
| 1097 | }; |
| 1098 | uint8_t sha_384_expected[] = { |
| 1099 | 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0, |
| 1100 | 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, |
| 1101 | 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d, |
| 1102 | 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27, |
| 1103 | }; |
| 1104 | uint8_t sha_512_expected[] = { |
| 1105 | 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c, |
| 1106 | 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8, |
| 1107 | 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22, |
| 1108 | 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37, |
| 1109 | 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb, |
| 1110 | }; |
| 1111 | |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1112 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1113 | if (!GetParam()->minimal_digest_set()) { |
| 1114 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected)); |
| 1115 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
| 1116 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected)); |
| 1117 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected)); |
| 1118 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1119 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1120 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1121 | } |
| 1122 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1123 | TEST_P(SigningOperationsTest, HmacRfc4231TestCase4) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1124 | uint8_t key_data[25] = { |
| 1125 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, |
| 1126 | 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, |
| 1127 | }; |
| 1128 | string key = make_string(key_data); |
| 1129 | string message(50, 0xcd); |
| 1130 | uint8_t sha_224_expected[] = { |
| 1131 | 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac, 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82, |
| 1132 | 0x62, 0x7c, 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d, 0xe7, 0xaf, 0xec, 0x5a, |
| 1133 | }; |
| 1134 | uint8_t sha_256_expected[] = { |
| 1135 | 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, 0xa4, 0xcc, 0x81, |
| 1136 | 0x98, 0x99, 0xf2, 0x08, 0x3a, 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, |
| 1137 | 0xf8, 0x07, 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b, |
| 1138 | }; |
| 1139 | uint8_t sha_384_expected[] = { |
| 1140 | 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85, 0x19, 0x33, 0xab, 0x62, |
| 1141 | 0x90, 0xaf, 0x6c, 0xa7, 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c, |
| 1142 | 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e, 0x68, 0x01, 0xdd, 0x23, |
| 1143 | 0xc4, 0xa7, 0xd6, 0x79, 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb, |
| 1144 | }; |
| 1145 | uint8_t sha_512_expected[] = { |
| 1146 | 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69, 0x90, 0xe5, 0xa8, 0xc5, 0xf6, |
| 1147 | 0x1d, 0x4a, 0xf7, 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d, 0xe7, 0x6f, |
| 1148 | 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb, 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e, |
| 1149 | 0xb4, 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63, 0xa5, 0xf1, 0x97, 0x41, |
| 1150 | 0x12, 0x0c, 0x4f, 0x2d, 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd, |
| 1151 | }; |
| 1152 | |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1153 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1154 | if (!GetParam()->minimal_digest_set()) { |
| 1155 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected)); |
| 1156 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
| 1157 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected)); |
| 1158 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected)); |
| 1159 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1160 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1161 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1162 | } |
| 1163 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1164 | TEST_P(SigningOperationsTest, HmacRfc4231TestCase5) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1165 | string key(20, 0x0c); |
| 1166 | string message = "Test With Truncation"; |
| 1167 | |
| 1168 | uint8_t sha_224_expected[] = { |
| 1169 | 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37, |
| 1170 | 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8, |
| 1171 | }; |
| 1172 | uint8_t sha_256_expected[] = { |
| 1173 | 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0, |
| 1174 | 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b, |
| 1175 | }; |
| 1176 | uint8_t sha_384_expected[] = { |
| 1177 | 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23, |
| 1178 | 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97, |
| 1179 | }; |
| 1180 | uint8_t sha_512_expected[] = { |
| 1181 | 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53, |
| 1182 | 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6, |
| 1183 | }; |
| 1184 | |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1185 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1186 | if (!GetParam()->minimal_digest_set()) { |
| 1187 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected)); |
| 1188 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected)); |
| 1189 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected)); |
| 1190 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1191 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1192 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1193 | } |
| 1194 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1195 | TEST_P(SigningOperationsTest, HmacRfc4231TestCase6) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1196 | string key(131, 0xaa); |
| 1197 | string message = "Test Using Larger Than Block-Size Key - Hash Key First"; |
| 1198 | |
| 1199 | uint8_t sha_224_expected[] = { |
| 1200 | 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d, |
| 1201 | 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e, |
| 1202 | }; |
| 1203 | uint8_t sha_256_expected[] = { |
| 1204 | 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, |
| 1205 | 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, |
| 1206 | 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54, |
| 1207 | }; |
| 1208 | uint8_t sha_384_expected[] = { |
| 1209 | 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a, |
| 1210 | 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, |
| 1211 | 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab, |
| 1212 | 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52, |
| 1213 | }; |
| 1214 | uint8_t sha_512_expected[] = { |
| 1215 | 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd, |
| 1216 | 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b, |
| 1217 | 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, |
| 1218 | 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73, |
| 1219 | 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98, |
| 1220 | }; |
| 1221 | |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1222 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1223 | if (!GetParam()->minimal_digest_set()) { |
| 1224 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected)); |
| 1225 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected)); |
| 1226 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected)); |
| 1227 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1228 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1229 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1230 | } |
| 1231 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1232 | TEST_P(SigningOperationsTest, HmacRfc4231TestCase7) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1233 | string key(131, 0xaa); |
| 1234 | string message = "This is a test using a larger than block-size key and a larger than " |
| 1235 | "block-size data. The key needs to be hashed before being used by the HMAC " |
| 1236 | "algorithm."; |
| 1237 | |
| 1238 | uint8_t sha_224_expected[] = { |
| 1239 | 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3, |
| 1240 | 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1, |
| 1241 | }; |
| 1242 | uint8_t sha_256_expected[] = { |
| 1243 | 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, |
| 1244 | 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, |
| 1245 | 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2, |
| 1246 | }; |
| 1247 | uint8_t sha_384_expected[] = { |
| 1248 | 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25, |
| 1249 | 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, |
| 1250 | 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31, |
| 1251 | 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e, |
| 1252 | }; |
| 1253 | uint8_t sha_512_expected[] = { |
| 1254 | 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, |
| 1255 | 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5, |
| 1256 | 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, |
| 1257 | 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb, |
| 1258 | 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58, |
| 1259 | }; |
| 1260 | |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1261 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_256, make_string(sha_256_expected)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1262 | if (!GetParam()->minimal_digest_set()) { |
| 1263 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_224, make_string(sha_224_expected)); |
| 1264 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_384, make_string(sha_384_expected)); |
| 1265 | CheckHmacTestVector(key, message, KM_DIGEST_SHA_2_512, make_string(sha_512_expected)); |
| 1266 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1267 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1268 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 1269 | } |
Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 1270 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1271 | TEST_P(SigningOperationsTest, HmacSha256TooLargeMacLength) { |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1272 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1273 | .HmacKey(128) |
| 1274 | .Digest(KM_DIGEST_SHA_2_256) |
| 1275 | .Authorization(TAG_MIN_MAC_LENGTH, 256))); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 1276 | AuthorizationSet begin_params(client_params()); |
Shawn Willden | 0c60f6f | 2015-04-27 23:40:10 -0600 | [diff] [blame] | 1277 | begin_params.push_back(TAG_MAC_LENGTH, 264); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1278 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1279 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_MAC_LENGTH, |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 1280 | BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */)); |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1281 | |
| 1282 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 1283 | } |
| 1284 | |
| 1285 | TEST_P(SigningOperationsTest, HmacSha256TooSmallMacLength) { |
| 1286 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1287 | .HmacKey(128) |
| 1288 | .Digest(KM_DIGEST_SHA_2_256) |
| 1289 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
| 1290 | AuthorizationSet begin_params(client_params()); |
| 1291 | begin_params.push_back(TAG_MAC_LENGTH, 120); |
| 1292 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
| 1293 | ASSERT_EQ(KM_ERROR_INVALID_MAC_LENGTH, |
| 1294 | BeginOperation(KM_PURPOSE_SIGN, begin_params, nullptr /* output_params */)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1295 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1296 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 1297 | } |
| 1298 | |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 1299 | // TODO(swillden): Add more verification failure tests. |
| 1300 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1301 | typedef Keymaster1Test VerificationOperationsTest; |
| 1302 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, VerificationOperationsTest, test_params); |
| 1303 | |
| 1304 | TEST_P(VerificationOperationsTest, RsaSuccess) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1305 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1306 | .RsaSigningKey(256, 3) |
| 1307 | .Digest(KM_DIGEST_NONE) |
| 1308 | .Padding(KM_PAD_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1309 | string message = "12345678901234567890123456789012"; |
| 1310 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1311 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 1312 | VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1313 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1314 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1315 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 1615f2e | 2014-08-13 10:37:40 -0600 | [diff] [blame] | 1316 | } |
| 1317 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1318 | TEST_P(VerificationOperationsTest, RsaPssSha256Success) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1319 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1320 | .RsaSigningKey(512, 3) |
| 1321 | .Digest(KM_DIGEST_SHA_2_256) |
| 1322 | .Padding(KM_PAD_RSA_PSS))); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1323 | // Use large message, which won't work without digesting. |
| 1324 | string message(1024, 'a'); |
| 1325 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1326 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS); |
| 1327 | VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1328 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1329 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1330 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1331 | } |
| 1332 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1333 | TEST_P(VerificationOperationsTest, RsaPssSha224Success) { |
| 1334 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1335 | .RsaSigningKey(512, 3) |
| 1336 | .Digest(KM_DIGEST_SHA_2_224) |
| 1337 | .Padding(KM_PAD_RSA_PSS))); |
| 1338 | // Use large message, which won't work without digesting. |
| 1339 | string message(1024, 'a'); |
| 1340 | string signature; |
| 1341 | SignMessage(message, &signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PSS); |
| 1342 | VerifyMessage(message, signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PSS); |
| 1343 | |
| 1344 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
| 1345 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 1346 | |
| 1347 | // Verify with OpenSSL. |
| 1348 | string pubkey; |
| 1349 | EXPECT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &pubkey)); |
| 1350 | |
| 1351 | const uint8_t* p = reinterpret_cast<const uint8_t*>(pubkey.data()); |
| 1352 | unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey( |
| 1353 | d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size())); |
| 1354 | ASSERT_TRUE(pkey.get()); |
| 1355 | |
| 1356 | EVP_MD_CTX digest_ctx; |
| 1357 | EVP_MD_CTX_init(&digest_ctx); |
| 1358 | EVP_PKEY_CTX* pkey_ctx; |
| 1359 | EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, EVP_sha224(), nullptr /* engine */, |
| 1360 | pkey.get())); |
| 1361 | EXPECT_EQ(1, EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)); |
| 1362 | EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size())); |
| 1363 | EXPECT_EQ(1, |
| 1364 | EVP_DigestVerifyFinal(&digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()), |
| 1365 | signature.size())); |
| 1366 | EVP_MD_CTX_cleanup(&digest_ctx); |
| 1367 | } |
| 1368 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1369 | TEST_P(VerificationOperationsTest, RsaPssSha256CorruptSignature) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1370 | GenerateKey(AuthorizationSetBuilder() |
| 1371 | .RsaSigningKey(512, 3) |
| 1372 | .Digest(KM_DIGEST_SHA_2_256) |
| 1373 | .Padding(KM_PAD_RSA_PSS)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1374 | string message(1024, 'a'); |
| 1375 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1376 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1377 | ++signature[signature.size() / 2]; |
| 1378 | |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1379 | AuthorizationSet begin_params(client_params()); |
| 1380 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1381 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1382 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1383 | |
| 1384 | string result; |
| 1385 | size_t input_consumed; |
| 1386 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1387 | EXPECT_EQ(message.size(), input_consumed); |
| 1388 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1389 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1390 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1391 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1392 | } |
| 1393 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1394 | TEST_P(VerificationOperationsTest, RsaPssSha256CorruptInput) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1395 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1396 | .RsaSigningKey(512, 3) |
| 1397 | .Digest(KM_DIGEST_SHA_2_256) |
| 1398 | .Padding(KM_PAD_RSA_PSS))); |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 1399 | // Use large message, which won't work without digesting. |
| 1400 | string message(1024, 'a'); |
| 1401 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1402 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PSS); |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 1403 | ++message[message.size() / 2]; |
| 1404 | |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1405 | AuthorizationSet begin_params(client_params()); |
| 1406 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1407 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PSS); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1408 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params)); |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 1409 | |
| 1410 | string result; |
| 1411 | size_t input_consumed; |
| 1412 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1413 | EXPECT_EQ(message.size(), input_consumed); |
| 1414 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1415 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1416 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1417 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 6190236 | 2014-12-18 10:33:24 -0700 | [diff] [blame] | 1418 | } |
| 1419 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1420 | TEST_P(VerificationOperationsTest, RsaPkcs1Sha256Success) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1421 | GenerateKey(AuthorizationSetBuilder() |
| 1422 | .RsaSigningKey(512, 3) |
| 1423 | .Digest(KM_DIGEST_SHA_2_256) |
| 1424 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1425 | string message(1024, 'a'); |
| 1426 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1427 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| 1428 | VerifyMessage(message, signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1429 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1430 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1431 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1432 | } |
| 1433 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1434 | TEST_P(VerificationOperationsTest, RsaPks1Sha224Success) { |
| 1435 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1436 | .RsaSigningKey(512, 3) |
| 1437 | .Digest(KM_DIGEST_SHA_2_224) |
| 1438 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); |
| 1439 | // Use large message, which won't work without digesting. |
| 1440 | string message(1024, 'a'); |
| 1441 | string signature; |
| 1442 | SignMessage(message, &signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| 1443 | VerifyMessage(message, signature, KM_DIGEST_SHA_2_224, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| 1444 | |
| 1445 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
| 1446 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 1447 | |
| 1448 | // Verify with OpenSSL. |
| 1449 | string pubkey; |
| 1450 | EXPECT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &pubkey)); |
| 1451 | |
| 1452 | const uint8_t* p = reinterpret_cast<const uint8_t*>(pubkey.data()); |
| 1453 | unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey( |
| 1454 | d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size())); |
| 1455 | ASSERT_TRUE(pkey.get()); |
| 1456 | |
| 1457 | EVP_MD_CTX digest_ctx; |
| 1458 | EVP_MD_CTX_init(&digest_ctx); |
| 1459 | EVP_PKEY_CTX* pkey_ctx; |
| 1460 | EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, EVP_sha224(), nullptr /* engine */, |
| 1461 | pkey.get())); |
| 1462 | EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size())); |
| 1463 | EXPECT_EQ(1, |
| 1464 | EVP_DigestVerifyFinal(&digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()), |
| 1465 | signature.size())); |
| 1466 | EVP_MD_CTX_cleanup(&digest_ctx); |
| 1467 | } |
| 1468 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1469 | TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptSignature) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1470 | GenerateKey(AuthorizationSetBuilder() |
| 1471 | .RsaSigningKey(512, 3) |
| 1472 | .Digest(KM_DIGEST_SHA_2_256) |
| 1473 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1474 | string message(1024, 'a'); |
| 1475 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1476 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1477 | ++signature[signature.size() / 2]; |
| 1478 | |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1479 | AuthorizationSet begin_params(client_params()); |
| 1480 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1481 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1482 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1483 | |
| 1484 | string result; |
| 1485 | size_t input_consumed; |
| 1486 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1487 | EXPECT_EQ(message.size(), input_consumed); |
| 1488 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1489 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1490 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1491 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1492 | } |
| 1493 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1494 | TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1495 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1496 | .RsaSigningKey(512, 3) |
| 1497 | .Digest(KM_DIGEST_SHA_2_256) |
| 1498 | .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1499 | // Use large message, which won't work without digesting. |
| 1500 | string message(1024, 'a'); |
| 1501 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1502 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256, KM_PAD_RSA_PKCS1_1_5_SIGN); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1503 | ++message[message.size() / 2]; |
| 1504 | |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1505 | AuthorizationSet begin_params(client_params()); |
| 1506 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1507 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1508 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1509 | |
| 1510 | string result; |
| 1511 | size_t input_consumed; |
| 1512 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1513 | EXPECT_EQ(message.size(), input_consumed); |
| 1514 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1515 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1516 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1517 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1518 | } |
| 1519 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1520 | TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1521 | vector<keymaster_digest_t> digests = { |
| 1522 | KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, |
| 1523 | KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512, |
| 1524 | }; |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1525 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1526 | vector<keymaster_padding_t> padding_modes{ |
| 1527 | KM_PAD_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN, KM_PAD_RSA_PSS, |
| 1528 | }; |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1529 | |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1530 | int trial_count = 0; |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1531 | for (keymaster_padding_t padding_mode : padding_modes) { |
| 1532 | for (keymaster_digest_t digest : digests) { |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1533 | if (digest != KM_DIGEST_NONE && padding_mode == KM_PAD_NONE) |
| 1534 | // Digesting requires padding |
| 1535 | continue; |
| 1536 | |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1537 | // Compute key & message size that will work. |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1538 | size_t key_bits = 0; |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1539 | size_t message_len = 1000; |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1540 | |
| 1541 | if (digest == KM_DIGEST_NONE) { |
| 1542 | key_bits = 256; |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1543 | switch (padding_mode) { |
| 1544 | case KM_PAD_NONE: |
| 1545 | // Match key size. |
| 1546 | message_len = key_bits / 8; |
| 1547 | break; |
| 1548 | case KM_PAD_RSA_PKCS1_1_5_SIGN: |
| 1549 | message_len = key_bits / 8 - 11; |
| 1550 | break; |
| 1551 | case KM_PAD_RSA_PSS: |
| 1552 | // PSS requires a digest. |
| 1553 | continue; |
| 1554 | default: |
| 1555 | FAIL() << "Missing padding"; |
| 1556 | break; |
| 1557 | } |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1558 | } else { |
| 1559 | size_t digest_bits; |
| 1560 | switch (digest) { |
| 1561 | case KM_DIGEST_MD5: |
| 1562 | digest_bits = 128; |
| 1563 | break; |
| 1564 | case KM_DIGEST_SHA1: |
| 1565 | digest_bits = 160; |
| 1566 | break; |
| 1567 | case KM_DIGEST_SHA_2_224: |
| 1568 | digest_bits = 224; |
| 1569 | break; |
| 1570 | case KM_DIGEST_SHA_2_256: |
| 1571 | digest_bits = 256; |
| 1572 | break; |
| 1573 | case KM_DIGEST_SHA_2_384: |
| 1574 | digest_bits = 384; |
| 1575 | break; |
| 1576 | case KM_DIGEST_SHA_2_512: |
| 1577 | digest_bits = 512; |
| 1578 | break; |
| 1579 | default: |
| 1580 | FAIL() << "Missing digest"; |
| 1581 | } |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1582 | |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1583 | switch (padding_mode) { |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1584 | case KM_PAD_RSA_PKCS1_1_5_SIGN: |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1585 | key_bits = digest_bits + 8 * (11 + 19); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1586 | break; |
| 1587 | case KM_PAD_RSA_PSS: |
Shawn Willden | 53488c6 | 2015-07-16 18:15:45 -0600 | [diff] [blame] | 1588 | key_bits = digest_bits + 22 * 8; |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1589 | break; |
| 1590 | default: |
| 1591 | FAIL() << "Missing padding"; |
| 1592 | break; |
| 1593 | } |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1594 | } |
| 1595 | |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1596 | GenerateKey(AuthorizationSetBuilder() |
| 1597 | .RsaSigningKey(key_bits, 3) |
| 1598 | .Digest(digest) |
| 1599 | .Padding(padding_mode)); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1600 | string message(message_len, 'a'); |
| 1601 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1602 | SignMessage(message, &signature, digest, padding_mode); |
| 1603 | VerifyMessage(message, signature, digest, padding_mode); |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1604 | ++trial_count; |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1605 | } |
| 1606 | } |
| 1607 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1608 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2bf4ad3 | 2015-06-01 07:33:51 -0600 | [diff] [blame] | 1609 | EXPECT_EQ(trial_count * 4, GetParam()->keymaster0_calls()); |
Shawn Willden | f90f235 | 2014-12-18 23:01:15 -0700 | [diff] [blame] | 1610 | } |
| 1611 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1612 | TEST_P(VerificationOperationsTest, EcdsaSuccess) { |
Shawn Willden | 84b8da5 | 2015-03-11 07:21:32 -0600 | [diff] [blame] | 1613 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1614 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE))); |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 1615 | string message = "12345678901234567890123456789012"; |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1616 | string signature; |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 1617 | SignMessage(message, &signature, KM_DIGEST_NONE); |
| 1618 | VerifyMessage(message, signature, KM_DIGEST_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1619 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1620 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1621 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 5ac2f8f | 2014-08-18 15:33:10 -0600 | [diff] [blame] | 1622 | } |
| 1623 | |
Shawn Willden | 2101e9e | 2015-06-24 12:22:02 -0700 | [diff] [blame] | 1624 | TEST_P(VerificationOperationsTest, EcdsaTooShort) { |
| 1625 | ASSERT_EQ(KM_ERROR_OK, |
| 1626 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE))); |
| 1627 | string message = "12345678901234567890"; |
| 1628 | string signature; |
| 1629 | SignMessage(message, &signature, KM_DIGEST_NONE); |
| 1630 | VerifyMessage(message, signature, KM_DIGEST_NONE); |
| 1631 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1632 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 2101e9e | 2015-06-24 12:22:02 -0700 | [diff] [blame] | 1633 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 1634 | } |
| 1635 | |
Shawn Willden | 2101e9e | 2015-06-24 12:22:02 -0700 | [diff] [blame] | 1636 | TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) { |
| 1637 | ASSERT_EQ(KM_ERROR_OK, |
| 1638 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE))); |
| 1639 | |
| 1640 | string message(66, 'a'); |
| 1641 | string signature; |
| 1642 | SignMessage(message, &signature, KM_DIGEST_NONE); |
| 1643 | VerifyMessage(message, signature, KM_DIGEST_NONE); |
| 1644 | |
| 1645 | // Modifying low-order bits doesn't matter, because they didn't get signed. Ugh. |
| 1646 | message[65] ^= 7; |
| 1647 | VerifyMessage(message, signature, KM_DIGEST_NONE); |
| 1648 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1649 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 2101e9e | 2015-06-24 12:22:02 -0700 | [diff] [blame] | 1650 | EXPECT_EQ(5, GetParam()->keymaster0_calls()); |
| 1651 | } |
| 1652 | |
Shawn Willden | efbd7e4 | 2015-06-01 07:07:33 -0600 | [diff] [blame] | 1653 | TEST_P(VerificationOperationsTest, EcdsaSha256Success) { |
| 1654 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1655 | .EcdsaSigningKey(256) |
| 1656 | .Digest(KM_DIGEST_SHA_2_256) |
| 1657 | .Digest(KM_DIGEST_NONE))); |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 1658 | string message = "12345678901234567890123456789012"; |
Shawn Willden | efbd7e4 | 2015-06-01 07:07:33 -0600 | [diff] [blame] | 1659 | string signature; |
| 1660 | SignMessage(message, &signature, KM_DIGEST_SHA_2_256); |
| 1661 | VerifyMessage(message, signature, KM_DIGEST_SHA_2_256); |
| 1662 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1663 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | efbd7e4 | 2015-06-01 07:07:33 -0600 | [diff] [blame] | 1664 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 1665 | |
| 1666 | // Just for giggles, try verifying with the wrong digest. |
| 1667 | AuthorizationSet begin_params(client_params()); |
| 1668 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 1669 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params)); |
| 1670 | |
| 1671 | string result; |
| 1672 | size_t input_consumed; |
| 1673 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1674 | EXPECT_EQ(message.size(), input_consumed); |
| 1675 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
| 1676 | } |
| 1677 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1678 | TEST_P(VerificationOperationsTest, EcdsaSha224Success) { |
| 1679 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest( |
| 1680 | KM_DIGEST_SHA_2_224))); |
| 1681 | |
| 1682 | string message = "12345678901234567890123456789012"; |
| 1683 | string signature; |
| 1684 | SignMessage(message, &signature, KM_DIGEST_SHA_2_224); |
| 1685 | VerifyMessage(message, signature, KM_DIGEST_SHA_2_224); |
| 1686 | |
| 1687 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
| 1688 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 1689 | |
| 1690 | // Just for giggles, try verifying with the wrong digest. |
| 1691 | AuthorizationSet begin_params(client_params()); |
| 1692 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 1693 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params)); |
| 1694 | |
| 1695 | string result; |
| 1696 | size_t input_consumed; |
| 1697 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1698 | EXPECT_EQ(message.size(), input_consumed); |
| 1699 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result)); |
| 1700 | } |
| 1701 | |
| 1702 | TEST_P(VerificationOperationsTest, EcdsaAllDigestsAndKeySizes) { |
| 1703 | keymaster_digest_t digests[] = { |
| 1704 | KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, KM_DIGEST_SHA_2_256, |
| 1705 | KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512, |
| 1706 | }; |
| 1707 | size_t key_sizes[] = {224, 256, 384, 521}; |
| 1708 | |
| 1709 | string message = "1234567890"; |
| 1710 | string signature; |
| 1711 | |
| 1712 | for (auto key_size : key_sizes) { |
| 1713 | AuthorizationSetBuilder builder; |
| 1714 | builder.EcdsaSigningKey(key_size); |
| 1715 | for (auto digest : digests) |
| 1716 | builder.Digest(digest); |
| 1717 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(builder)); |
| 1718 | |
| 1719 | for (auto digest : digests) { |
| 1720 | SignMessage(message, &signature, digest); |
| 1721 | VerifyMessage(message, signature, digest); |
| 1722 | } |
| 1723 | } |
| 1724 | |
| 1725 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
| 1726 | EXPECT_EQ(static_cast<int>(array_length(key_sizes) * (1 + 3 * array_length(digests))), |
| 1727 | GetParam()->keymaster0_calls()); |
| 1728 | } |
| 1729 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1730 | TEST_P(VerificationOperationsTest, HmacSha1Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1731 | if (GetParam()->minimal_digest_set()) |
| 1732 | // Can't emulate missing digests for HMAC. |
| 1733 | return; |
| 1734 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1735 | GenerateKey(AuthorizationSetBuilder() |
| 1736 | .HmacKey(128) |
| 1737 | .Digest(KM_DIGEST_SHA1) |
| 1738 | .Authorization(TAG_MIN_MAC_LENGTH, 128)); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1739 | string message = "123456789012345678901234567890123456789012345678"; |
| 1740 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1741 | MacMessage(message, &signature, 160); |
| 1742 | VerifyMac(message, signature); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1743 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1744 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1745 | } |
| 1746 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1747 | TEST_P(VerificationOperationsTest, HmacSha224Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1748 | if (GetParam()->minimal_digest_set()) |
| 1749 | // Can't emulate missing digests for HMAC. |
| 1750 | return; |
| 1751 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1752 | GenerateKey(AuthorizationSetBuilder() |
| 1753 | .HmacKey(128) |
| 1754 | .Digest(KM_DIGEST_SHA_2_224) |
| 1755 | .Authorization(TAG_MIN_MAC_LENGTH, 128)); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1756 | string message = "123456789012345678901234567890123456789012345678"; |
| 1757 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1758 | MacMessage(message, &signature, 224); |
| 1759 | VerifyMac(message, signature); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1760 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1761 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1762 | } |
| 1763 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1764 | TEST_P(VerificationOperationsTest, HmacSha256Success) { |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1765 | GenerateKey(AuthorizationSetBuilder() |
| 1766 | .HmacKey(128) |
| 1767 | .Digest(KM_DIGEST_SHA_2_256) |
| 1768 | .Authorization(TAG_MIN_MAC_LENGTH, 128)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1769 | string message = "123456789012345678901234567890123456789012345678"; |
Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 1770 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1771 | MacMessage(message, &signature, 256); |
| 1772 | VerifyMac(message, signature); |
| 1773 | |
| 1774 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 1775 | } |
| 1776 | |
| 1777 | TEST_P(VerificationOperationsTest, HmacSha256TooShortMac) { |
| 1778 | GenerateKey(AuthorizationSetBuilder() |
| 1779 | .HmacKey(128) |
| 1780 | .Digest(KM_DIGEST_SHA_2_256) |
| 1781 | .Authorization(TAG_MIN_MAC_LENGTH, 128)); |
| 1782 | string message = "123456789012345678901234567890123456789012345678"; |
| 1783 | string signature; |
| 1784 | MacMessage(message, &signature, 256); |
| 1785 | |
| 1786 | // Shorten to 128 bits, should still work. |
| 1787 | signature.resize(128 / 8); |
| 1788 | VerifyMac(message, signature); |
| 1789 | |
| 1790 | // Drop one more byte. |
| 1791 | signature.resize(signature.length() - 1); |
| 1792 | |
| 1793 | AuthorizationSet begin_params(client_params()); |
| 1794 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params)); |
| 1795 | string result; |
| 1796 | size_t input_consumed; |
| 1797 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 1798 | EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, FinishOperation(signature, &result)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1799 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1800 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 0d560bf | 2014-12-15 17:44:02 -0700 | [diff] [blame] | 1801 | } |
| 1802 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1803 | TEST_P(VerificationOperationsTest, HmacSha384Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1804 | if (GetParam()->minimal_digest_set()) |
| 1805 | // Can't emulate missing digests for HMAC. |
| 1806 | return; |
| 1807 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1808 | GenerateKey(AuthorizationSetBuilder() |
| 1809 | .HmacKey(128) |
| 1810 | .Digest(KM_DIGEST_SHA_2_384) |
| 1811 | .Authorization(TAG_MIN_MAC_LENGTH, 128)); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1812 | string message = "123456789012345678901234567890123456789012345678"; |
| 1813 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1814 | MacMessage(message, &signature, 384); |
| 1815 | VerifyMac(message, signature); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1816 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1817 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1818 | } |
| 1819 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1820 | TEST_P(VerificationOperationsTest, HmacSha512Success) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1821 | if (GetParam()->minimal_digest_set()) |
| 1822 | // Can't emulate missing digests for HMAC. |
| 1823 | return; |
| 1824 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1825 | GenerateKey(AuthorizationSetBuilder() |
| 1826 | .HmacKey(128) |
| 1827 | .Digest(KM_DIGEST_SHA_2_512) |
| 1828 | .Authorization(TAG_MIN_MAC_LENGTH, 128)); |
Shawn Willden | 51d5e0e | 2014-12-18 10:44:03 -0700 | [diff] [blame] | 1829 | string message = "123456789012345678901234567890123456789012345678"; |
| 1830 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 1831 | MacMessage(message, &signature, 512); |
| 1832 | VerifyMac(message, signature); |
Shawn Willden | ebc99a1 | 2015-06-26 12:21:56 -0700 | [diff] [blame] | 1833 | |
| 1834 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 1835 | } |
| 1836 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1837 | typedef Keymaster1Test ExportKeyTest; |
| 1838 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ExportKeyTest, test_params); |
| 1839 | |
| 1840 | TEST_P(ExportKeyTest, RsaSuccess) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1841 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1842 | .RsaSigningKey(256, 3) |
| 1843 | .Digest(KM_DIGEST_NONE) |
| 1844 | .Padding(KM_PAD_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1845 | string export_data; |
| 1846 | ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 1847 | EXPECT_GT(export_data.length(), 0U); |
Shawn Willden | e46a43f | 2014-08-27 10:35:36 -0600 | [diff] [blame] | 1848 | |
| 1849 | // TODO(swillden): Verify that the exported key is actually usable to verify signatures. |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1850 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1851 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1852 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | ffd790c | 2014-08-18 21:20:06 -0600 | [diff] [blame] | 1853 | } |
| 1854 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1855 | TEST_P(ExportKeyTest, EcdsaSuccess) { |
Shawn Willden | 84b8da5 | 2015-03-11 07:21:32 -0600 | [diff] [blame] | 1856 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1857 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1858 | string export_data; |
| 1859 | ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 1860 | EXPECT_GT(export_data.length(), 0U); |
Shawn Willden | e46a43f | 2014-08-27 10:35:36 -0600 | [diff] [blame] | 1861 | |
| 1862 | // TODO(swillden): Verify that the exported key is actually usable to verify signatures. |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1863 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1864 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1865 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame] | 1866 | } |
| 1867 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1868 | TEST_P(ExportKeyTest, RsaUnsupportedKeyFormat) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1869 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1870 | .RsaSigningKey(256, 3) |
| 1871 | .Digest(KM_DIGEST_NONE) |
| 1872 | .Padding(KM_PAD_NONE))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1873 | string export_data; |
| 1874 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1875 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1876 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1877 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame] | 1878 | } |
| 1879 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1880 | TEST_P(ExportKeyTest, RsaCorruptedKeyBlob) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1881 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 1882 | .RsaSigningKey(256, 3) |
| 1883 | .Digest(KM_DIGEST_NONE) |
| 1884 | .Padding(KM_PAD_NONE))); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1885 | corrupt_key_blob(); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1886 | string export_data; |
| 1887 | ASSERT_EQ(KM_ERROR_INVALID_KEY_BLOB, ExportKey(KM_KEY_FORMAT_X509, &export_data)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1888 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1889 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1890 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | f268d74 | 2014-08-19 15:36:26 -0600 | [diff] [blame] | 1891 | } |
| 1892 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1893 | TEST_P(ExportKeyTest, AesKeyExportFails) { |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 1894 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128))); |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 1895 | string export_data; |
| 1896 | |
| 1897 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_X509, &export_data)); |
| 1898 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_PKCS8, &export_data)); |
| 1899 | EXPECT_EQ(KM_ERROR_UNSUPPORTED_KEY_FORMAT, ExportKey(KM_KEY_FORMAT_RAW, &export_data)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1900 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1901 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 7dad93b | 2015-02-05 10:20:47 -0700 | [diff] [blame] | 1902 | } |
| 1903 | |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1904 | static string read_file(const string& file_name) { |
| 1905 | ifstream file_stream(file_name, std::ios::binary); |
| 1906 | istreambuf_iterator<char> file_begin(file_stream); |
| 1907 | istreambuf_iterator<char> file_end; |
| 1908 | return string(file_begin, file_end); |
| 1909 | } |
| 1910 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1911 | typedef Keymaster1Test ImportKeyTest; |
| 1912 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, ImportKeyTest, test_params); |
| 1913 | |
| 1914 | TEST_P(ImportKeyTest, RsaSuccess) { |
Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1915 | string pk8_key = read_file("rsa_privkey_pk8.der"); |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1916 | ASSERT_EQ(633U, pk8_key.size()); |
| 1917 | |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1918 | ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder() |
| 1919 | .RsaSigningKey(1024, 65537) |
| 1920 | .Digest(KM_DIGEST_NONE) |
| 1921 | .Padding(KM_PAD_NONE), |
Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1922 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1923 | |
| 1924 | // Check values derived from the key. |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1925 | EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA) ? hw_enforced() |
| 1926 | : sw_enforced(), |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1927 | TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1928 | EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA) ? hw_enforced() |
| 1929 | : sw_enforced(), |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1930 | TAG_KEY_SIZE, 1024)); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1931 | EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA) ? hw_enforced() |
| 1932 | : sw_enforced(), |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1933 | TAG_RSA_PUBLIC_EXPONENT, 65537U)); |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1934 | |
Shawn Willden | b6837e7 | 2015-05-16 09:20:59 -0600 | [diff] [blame] | 1935 | // And values provided by AndroidKeymaster |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1936 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 34f09c5 | 2015-07-23 23:17:39 +0000 | [diff] [blame] | 1937 | EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN)); |
| 1938 | else |
| 1939 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1940 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
Shawn Willden | 437fbd1 | 2014-08-20 11:59:49 -0600 | [diff] [blame] | 1941 | |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1942 | string message(1024 / 8, 'a'); |
| 1943 | string signature; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 1944 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 1945 | VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1946 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1947 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1948 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | d7a5c71 | 2015-04-09 16:33:52 -0600 | [diff] [blame] | 1949 | } |
| 1950 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1951 | TEST_P(ImportKeyTest, RsaKeySizeMismatch) { |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1952 | string pk8_key = read_file("rsa_privkey_pk8.der"); |
| 1953 | ASSERT_EQ(633U, pk8_key.size()); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1954 | ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1955 | ImportKey(AuthorizationSetBuilder() |
| 1956 | .RsaSigningKey(2048 /* Doesn't match key */, 3) |
| 1957 | .Digest(KM_DIGEST_NONE) |
| 1958 | .Padding(KM_PAD_NONE), |
Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1959 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1960 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1961 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1962 | } |
| 1963 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1964 | TEST_P(ImportKeyTest, RsaPublicExponenMismatch) { |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1965 | string pk8_key = read_file("rsa_privkey_pk8.der"); |
| 1966 | ASSERT_EQ(633U, pk8_key.size()); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 1967 | ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1968 | ImportKey(AuthorizationSetBuilder() |
| 1969 | .RsaSigningKey(256, 3 /* Doesnt' match key */) |
| 1970 | .Digest(KM_DIGEST_NONE) |
| 1971 | .Padding(KM_PAD_NONE), |
Shawn Willden | c24c110 | 2014-12-22 15:30:09 -0700 | [diff] [blame] | 1972 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 1973 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 1974 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 1975 | } |
| 1976 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 1977 | TEST_P(ImportKeyTest, EcdsaSuccess) { |
Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1978 | string pk8_key = read_file("ec_privkey_pk8.der"); |
| 1979 | ASSERT_EQ(138U, pk8_key.size()); |
| 1980 | |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 1981 | ASSERT_EQ(KM_ERROR_OK, |
| 1982 | ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE), |
| 1983 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1984 | |
| 1985 | // Check values derived from the key. |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1986 | EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced() |
| 1987 | : sw_enforced(), |
| 1988 | TAG_ALGORITHM, KM_ALGORITHM_EC)); |
| 1989 | EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced() |
| 1990 | : sw_enforced(), |
| 1991 | TAG_KEY_SIZE, 256)); |
Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1992 | |
Shawn Willden | b6837e7 | 2015-05-16 09:20:59 -0600 | [diff] [blame] | 1993 | // And values provided by AndroidKeymaster |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 1994 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 34f09c5 | 2015-07-23 23:17:39 +0000 | [diff] [blame] | 1995 | EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN)); |
| 1996 | else |
| 1997 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 1998 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 1999 | |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 2000 | string message(32, 'a'); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2001 | string signature; |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 2002 | SignMessage(message, &signature, KM_DIGEST_NONE); |
| 2003 | VerifyMessage(message, signature, KM_DIGEST_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2004 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2005 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2006 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 81effc6 | 2014-08-27 10:08:46 -0600 | [diff] [blame] | 2007 | } |
| 2008 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2009 | TEST_P(ImportKeyTest, EcdsaSizeSpecified) { |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2010 | string pk8_key = read_file("ec_privkey_pk8.der"); |
| 2011 | ASSERT_EQ(138U, pk8_key.size()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 2012 | |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 2013 | ASSERT_EQ(KM_ERROR_OK, |
| 2014 | ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE), |
| 2015 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 2016 | |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2017 | // Check values derived from the key. |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2018 | EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced() |
| 2019 | : sw_enforced(), |
| 2020 | TAG_ALGORITHM, KM_ALGORITHM_EC)); |
| 2021 | EXPECT_TRUE(contains(GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC) ? hw_enforced() |
| 2022 | : sw_enforced(), |
| 2023 | TAG_KEY_SIZE, 256)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2024 | |
Shawn Willden | b6837e7 | 2015-05-16 09:20:59 -0600 | [diff] [blame] | 2025 | // And values provided by AndroidKeymaster |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2026 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 34f09c5 | 2015-07-23 23:17:39 +0000 | [diff] [blame] | 2027 | EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN)); |
| 2028 | else |
| 2029 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2030 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
| 2031 | |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 2032 | string message(32, 'a'); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2033 | string signature; |
Shawn Willden | 226746b | 2015-05-08 11:36:56 -0600 | [diff] [blame] | 2034 | SignMessage(message, &signature, KM_DIGEST_NONE); |
| 2035 | VerifyMessage(message, signature, KM_DIGEST_NONE); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2036 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2037 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2038 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2039 | } |
| 2040 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2041 | TEST_P(ImportKeyTest, EcdsaSizeMismatch) { |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2042 | string pk8_key = read_file("ec_privkey_pk8.der"); |
| 2043 | ASSERT_EQ(138U, pk8_key.size()); |
Shawn Willden | 5b53c99 | 2015-02-02 08:05:25 -0700 | [diff] [blame] | 2044 | ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH, |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 2045 | ImportKey(AuthorizationSetBuilder() |
| 2046 | .EcdsaSigningKey(224 /* Doesn't match key */) |
| 2047 | .Digest(KM_DIGEST_NONE), |
| 2048 | KM_KEY_FORMAT_PKCS8, pk8_key)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2049 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2050 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 6bbe678 | 2014-09-18 11:26:15 -0600 | [diff] [blame] | 2051 | } |
| 2052 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2053 | TEST_P(ImportKeyTest, AesKeySuccess) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 2054 | char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
| 2055 | string key(key_data, sizeof(key_data)); |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2056 | ASSERT_EQ(KM_ERROR_OK, |
Shawn Willden | c47c88f | 2015-04-07 17:23:27 -0600 | [diff] [blame] | 2057 | ImportKey(AuthorizationSetBuilder().AesEncryptionKey(128).EcbMode().Authorization( |
| 2058 | TAG_PADDING, KM_PAD_PKCS7), |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2059 | KM_KEY_FORMAT_RAW, key)); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 2060 | |
| 2061 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
| 2062 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
| 2063 | |
| 2064 | string message = "Hello World!"; |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2065 | string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7); |
| 2066 | string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 2067 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2068 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2069 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 2070 | } |
| 2071 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2072 | TEST_P(ImportKeyTest, HmacSha256KeySuccess) { |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 2073 | char key_data[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
| 2074 | string key(key_data, sizeof(key_data)); |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 2075 | ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder() |
| 2076 | .HmacKey(sizeof(key_data) * 8) |
| 2077 | .Digest(KM_DIGEST_SHA_2_256) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 2078 | .Authorization(TAG_MIN_MAC_LENGTH, 256), |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2079 | KM_KEY_FORMAT_RAW, key)); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 2080 | |
| 2081 | EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); |
| 2082 | EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); |
| 2083 | |
| 2084 | string message = "Hello World!"; |
| 2085 | string signature; |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 2086 | MacMessage(message, &signature, 256); |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2087 | VerifyMac(message, signature); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2088 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2089 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 3b702e2 | 2015-02-05 10:26:47 -0700 | [diff] [blame] | 2090 | } |
| 2091 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2092 | typedef Keymaster1Test EncryptionOperationsTest; |
| 2093 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, EncryptionOperationsTest, test_params); |
| 2094 | |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2095 | TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) { |
| 2096 | ASSERT_EQ(KM_ERROR_OK, |
| 2097 | GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE))); |
| 2098 | |
| 2099 | string message = "12345678901234567890123456789012"; |
| 2100 | string ciphertext1 = EncryptMessage(string(message), KM_PAD_NONE); |
| 2101 | EXPECT_EQ(256U / 8, ciphertext1.size()); |
| 2102 | |
| 2103 | string ciphertext2 = EncryptMessage(string(message), KM_PAD_NONE); |
| 2104 | EXPECT_EQ(256U / 8, ciphertext2.size()); |
| 2105 | |
| 2106 | // Unpadded RSA is deterministic |
| 2107 | EXPECT_EQ(ciphertext1, ciphertext2); |
| 2108 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2109 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2110 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
| 2111 | } |
| 2112 | |
| 2113 | TEST_P(EncryptionOperationsTest, RsaNoPaddingTooShort) { |
| 2114 | ASSERT_EQ(KM_ERROR_OK, |
| 2115 | GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE))); |
| 2116 | |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 2117 | string message = "1"; |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2118 | |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 2119 | string ciphertext = EncryptMessage(message, KM_PAD_NONE); |
| 2120 | EXPECT_EQ(256U / 8, ciphertext.size()); |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2121 | |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 2122 | string expected_plaintext = string(256 / 8 - 1, 0) + message; |
| 2123 | string plaintext = DecryptMessage(ciphertext, KM_PAD_NONE); |
| 2124 | |
| 2125 | EXPECT_EQ(expected_plaintext, plaintext); |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2126 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2127 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 2128 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2129 | } |
| 2130 | |
| 2131 | TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) { |
| 2132 | ASSERT_EQ(KM_ERROR_OK, |
| 2133 | GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE))); |
| 2134 | |
| 2135 | string message = "123456789012345678901234567890123"; |
| 2136 | |
| 2137 | AuthorizationSet begin_params(client_params()); |
| 2138 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 2139 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
| 2140 | |
| 2141 | string result; |
| 2142 | size_t input_consumed; |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 2143 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed)); |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2144 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2145 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 3016084 | 2015-06-01 08:31:00 -0600 | [diff] [blame] | 2146 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
| 2147 | } |
| 2148 | |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 2149 | TEST_P(EncryptionOperationsTest, RsaNoPaddingLargerThanModulus) { |
| 2150 | ASSERT_EQ(KM_ERROR_OK, |
| 2151 | GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(256, 3).Padding(KM_PAD_NONE))); |
| 2152 | |
| 2153 | string exported; |
| 2154 | ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &exported)); |
| 2155 | |
| 2156 | const uint8_t* p = reinterpret_cast<const uint8_t*>(exported.data()); |
| 2157 | unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey( |
| 2158 | d2i_PUBKEY(nullptr /* alloc new */, &p, exported.size())); |
| 2159 | unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pkey.get())); |
| 2160 | |
| 2161 | size_t modulus_len = BN_num_bytes(rsa->n); |
| 2162 | ASSERT_EQ(256U / 8, modulus_len); |
| 2163 | unique_ptr<uint8_t> modulus_buf(new uint8_t[modulus_len]); |
| 2164 | BN_bn2bin(rsa->n, modulus_buf.get()); |
| 2165 | |
| 2166 | // The modulus is too big to encrypt. |
| 2167 | string message(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len); |
| 2168 | |
| 2169 | AuthorizationSet begin_params(client_params()); |
| 2170 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 2171 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
| 2172 | |
| 2173 | string result; |
| 2174 | size_t input_consumed; |
| 2175 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 2176 | EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&result)); |
| 2177 | |
| 2178 | // One smaller than the modulus is okay. |
| 2179 | BN_sub(rsa->n, rsa->n, BN_value_one()); |
| 2180 | modulus_len = BN_num_bytes(rsa->n); |
| 2181 | ASSERT_EQ(256U / 8, modulus_len); |
| 2182 | BN_bn2bin(rsa->n, modulus_buf.get()); |
| 2183 | message = string(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len); |
| 2184 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
| 2185 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
| 2186 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&result)); |
| 2187 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2188 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | c0a6380 | 2015-07-29 16:43:17 -0600 | [diff] [blame] | 2189 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 2190 | } |
| 2191 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2192 | TEST_P(EncryptionOperationsTest, RsaOaepSuccess) { |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2193 | size_t key_size = 768; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2194 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2195 | .RsaEncryptionKey(key_size, 3) |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2196 | .Padding(KM_PAD_RSA_OAEP) |
| 2197 | .Digest(KM_DIGEST_SHA_2_256))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2198 | |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2199 | string message = "Hello"; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2200 | string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP); |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2201 | EXPECT_EQ(key_size / 8, ciphertext1.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2202 | |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2203 | string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP); |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2204 | EXPECT_EQ(key_size / 8, ciphertext2.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2205 | |
| 2206 | // OAEP randomizes padding so every result should be different. |
| 2207 | EXPECT_NE(ciphertext1, ciphertext2); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2208 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2209 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
| 2210 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
| 2211 | } |
| 2212 | |
| 2213 | TEST_P(EncryptionOperationsTest, RsaOaepSha224Success) { |
| 2214 | size_t key_size = 768; |
| 2215 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2216 | .RsaEncryptionKey(key_size, 3) |
| 2217 | .Padding(KM_PAD_RSA_OAEP) |
| 2218 | .Digest(KM_DIGEST_SHA_2_224))); |
| 2219 | |
| 2220 | string message = "Hello"; |
| 2221 | string ciphertext1 = EncryptMessage(string(message), KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP); |
| 2222 | EXPECT_EQ(key_size / 8, ciphertext1.size()); |
| 2223 | |
| 2224 | string ciphertext2 = EncryptMessage(string(message), KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP); |
| 2225 | EXPECT_EQ(key_size / 8, ciphertext2.size()); |
| 2226 | |
| 2227 | // OAEP randomizes padding so every result should be different. |
| 2228 | EXPECT_NE(ciphertext1, ciphertext2); |
| 2229 | |
| 2230 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2231 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2232 | } |
| 2233 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2234 | TEST_P(EncryptionOperationsTest, RsaOaepRoundTrip) { |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2235 | size_t key_size = 768; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2236 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2237 | .RsaEncryptionKey(key_size, 3) |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2238 | .Padding(KM_PAD_RSA_OAEP) |
| 2239 | .Digest(KM_DIGEST_SHA_2_256))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2240 | string message = "Hello World!"; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2241 | string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP); |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2242 | EXPECT_EQ(key_size / 8, ciphertext.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2243 | |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2244 | string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2245 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2246 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2247 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
| 2248 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 2249 | } |
| 2250 | |
| 2251 | TEST_P(EncryptionOperationsTest, RsaOaepSha224RoundTrip) { |
| 2252 | size_t key_size = 768; |
| 2253 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2254 | .RsaEncryptionKey(key_size, 3) |
| 2255 | .Padding(KM_PAD_RSA_OAEP) |
| 2256 | .Digest(KM_DIGEST_SHA_2_224))); |
| 2257 | string message = "Hello World!"; |
| 2258 | string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP); |
| 2259 | EXPECT_EQ(key_size / 8, ciphertext.size()); |
| 2260 | |
| 2261 | string plaintext = DecryptMessage(ciphertext, KM_DIGEST_SHA_2_224, KM_PAD_RSA_OAEP); |
| 2262 | EXPECT_EQ(message, plaintext); |
| 2263 | |
| 2264 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2265 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2266 | } |
| 2267 | |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2268 | TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) { |
| 2269 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2270 | .RsaEncryptionKey(512, 3) |
| 2271 | .Padding(KM_PAD_RSA_OAEP) |
| 2272 | .Digest(KM_DIGEST_NONE))); |
| 2273 | string message = "Hello World!"; |
| 2274 | |
| 2275 | AuthorizationSet begin_params(client_params()); |
| 2276 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP); |
| 2277 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| 2278 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
| 2279 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2280 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2281 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
| 2282 | } |
| 2283 | |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2284 | TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2285 | if (GetParam()->minimal_digest_set()) |
| 2286 | // We don't have two supported digests, so we can't try authorizing one and using another. |
| 2287 | return; |
| 2288 | |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2289 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
Shawn Willden | 34f09c5 | 2015-07-23 23:17:39 +0000 | [diff] [blame] | 2290 | .RsaEncryptionKey(512, 3) |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2291 | .Padding(KM_PAD_RSA_OAEP) |
| 2292 | .Digest(KM_DIGEST_SHA_2_256))); |
| 2293 | string message = "Hello World!"; |
| 2294 | // Works because encryption is a public key operation. |
| 2295 | EncryptMessage(string(message), KM_DIGEST_SHA1, KM_PAD_RSA_OAEP); |
| 2296 | |
| 2297 | AuthorizationSet begin_params(client_params()); |
| 2298 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP); |
| 2299 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1); |
| 2300 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 2301 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2302 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2303 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
| 2304 | } |
| 2305 | |
| 2306 | TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) { |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2307 | if (GetParam()->minimal_digest_set()) |
| 2308 | // We don't have two supported digests, so we can't try encrypting with one and decrypting |
| 2309 | // with another. |
| 2310 | return; |
| 2311 | |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2312 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2313 | .RsaEncryptionKey(768, 3) |
| 2314 | .Padding(KM_PAD_RSA_OAEP) |
| 2315 | .Digest(KM_DIGEST_SHA_2_256) |
| 2316 | .Digest(KM_DIGEST_SHA_2_384))); |
| 2317 | string message = "Hello World!"; |
| 2318 | string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP); |
| 2319 | |
| 2320 | string result; |
| 2321 | size_t input_consumed; |
| 2322 | AuthorizationSet begin_params(client_params()); |
| 2323 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP); |
| 2324 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384); |
| 2325 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 2326 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
| 2327 | EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result)); |
| 2328 | EXPECT_EQ(0U, result.size()); |
| 2329 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2330 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2331 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
| 2332 | } |
| 2333 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2334 | TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) { |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2335 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2336 | .RsaEncryptionKey(512, 3) |
| 2337 | .Padding(KM_PAD_RSA_OAEP) |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2338 | .Digest(KM_DIGEST_SHA1))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2339 | string message = "12345678901234567890123"; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2340 | string result; |
Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 2341 | size_t input_consumed; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2342 | |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2343 | AuthorizationSet begin_params(client_params()); |
| 2344 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP); |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2345 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA1); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2346 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2347 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 2348 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2349 | EXPECT_EQ(0U, result.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2350 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2351 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2352 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2353 | } |
| 2354 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2355 | TEST_P(EncryptionOperationsTest, RsaOaepCorruptedDecrypt) { |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2356 | size_t key_size = 768; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2357 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2358 | .RsaEncryptionKey(768, 3) |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2359 | .Padding(KM_PAD_RSA_OAEP) |
| 2360 | .Digest(KM_DIGEST_SHA_2_256))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2361 | string message = "Hello World!"; |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2362 | string ciphertext = EncryptMessage(string(message), KM_DIGEST_SHA_2_256, KM_PAD_RSA_OAEP); |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2363 | EXPECT_EQ(key_size / 8, ciphertext.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2364 | |
| 2365 | // Corrupt the ciphertext |
Shawn Willden | 7d05d88 | 2015-07-10 14:03:14 -0600 | [diff] [blame] | 2366 | ciphertext[key_size / 8 / 2]++; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2367 | |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2368 | string result; |
Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 2369 | size_t input_consumed; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2370 | AuthorizationSet begin_params(client_params()); |
| 2371 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_OAEP); |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2372 | begin_params.push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2373 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2374 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 2375 | EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2376 | EXPECT_EQ(0U, result.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2377 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2378 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2379 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2380 | } |
| 2381 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2382 | TEST_P(EncryptionOperationsTest, RsaPkcs1Success) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 2383 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding( |
| 2384 | KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2385 | string message = "Hello World!"; |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2386 | string ciphertext1 = EncryptMessage(message, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2387 | EXPECT_EQ(512U / 8, ciphertext1.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2388 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2389 | string ciphertext2 = EncryptMessage(message, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2390 | EXPECT_EQ(512U / 8, ciphertext2.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2391 | |
| 2392 | // PKCS1 v1.5 randomizes padding so every result should be different. |
| 2393 | EXPECT_NE(ciphertext1, ciphertext2); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2394 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2395 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2396 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2397 | } |
| 2398 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2399 | TEST_P(EncryptionOperationsTest, RsaPkcs1RoundTrip) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 2400 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding( |
| 2401 | KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2402 | string message = "Hello World!"; |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2403 | string ciphertext = EncryptMessage(message, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2404 | EXPECT_EQ(512U / 8, ciphertext.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2405 | |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2406 | string plaintext = DecryptMessage(ciphertext, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2407 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2408 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2409 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2410 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2411 | } |
| 2412 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2413 | TEST_P(EncryptionOperationsTest, RsaRoundTripAllCombinations) { |
| 2414 | size_t key_size = 2048; |
| 2415 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2416 | .RsaEncryptionKey(key_size, 3) |
| 2417 | .Padding(KM_PAD_RSA_PKCS1_1_5_ENCRYPT) |
| 2418 | .Padding(KM_PAD_RSA_OAEP) |
| 2419 | .Digest(KM_DIGEST_NONE) |
| 2420 | .Digest(KM_DIGEST_MD5) |
| 2421 | .Digest(KM_DIGEST_SHA1) |
| 2422 | .Digest(KM_DIGEST_SHA_2_224) |
| 2423 | .Digest(KM_DIGEST_SHA_2_256) |
| 2424 | .Digest(KM_DIGEST_SHA_2_384) |
| 2425 | .Digest(KM_DIGEST_SHA_2_512))); |
| 2426 | |
| 2427 | string message = "Hello World!"; |
| 2428 | |
| 2429 | keymaster_padding_t padding_modes[] = {KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}; |
| 2430 | keymaster_digest_t digests[] = { |
| 2431 | KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, |
| 2432 | KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512, |
| 2433 | }; |
| 2434 | |
| 2435 | for (auto padding : padding_modes) |
| 2436 | for (auto digest : digests) { |
| 2437 | if (padding == KM_PAD_RSA_OAEP && digest == KM_DIGEST_NONE) |
| 2438 | // OAEP requires a digest. |
| 2439 | continue; |
| 2440 | |
| 2441 | string ciphertext = EncryptMessage(message, digest, padding); |
| 2442 | EXPECT_EQ(key_size / 8, ciphertext.size()); |
| 2443 | |
| 2444 | string plaintext = DecryptMessage(ciphertext, digest, padding); |
| 2445 | EXPECT_EQ(message, plaintext); |
| 2446 | } |
| 2447 | |
| 2448 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
| 2449 | EXPECT_EQ(40, GetParam()->keymaster0_calls()); |
| 2450 | } |
| 2451 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2452 | TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 2453 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding( |
| 2454 | KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
Shawn Willden | 7bae132 | 2015-05-26 10:16:49 -0600 | [diff] [blame] | 2455 | string message = "123456789012345678901234567890123456789012345678901234"; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2456 | string result; |
Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 2457 | size_t input_consumed; |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2458 | |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2459 | AuthorizationSet begin_params(client_params()); |
| 2460 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
| 2461 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2462 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); |
Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 2463 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2464 | EXPECT_EQ(0U, result.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2465 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2466 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2467 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
| 2468 | } |
| 2469 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2470 | TEST_P(EncryptionOperationsTest, RsaPkcs1CorruptedDecrypt) { |
Shawn Willden | af53399 | 2015-04-15 13:48:28 -0600 | [diff] [blame] | 2471 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().RsaEncryptionKey(512, 3).Padding( |
| 2472 | KM_PAD_RSA_PKCS1_1_5_ENCRYPT))); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2473 | string message = "Hello World!"; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2474 | string ciphertext = EncryptMessage(string(message), KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2475 | EXPECT_EQ(512U / 8, ciphertext.size()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2476 | |
| 2477 | // Corrupt the ciphertext |
| 2478 | ciphertext[512 / 8 / 2]++; |
| 2479 | |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2480 | string result; |
Shawn Willden | b736113 | 2014-12-08 08:15:14 -0700 | [diff] [blame] | 2481 | size_t input_consumed; |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2482 | AuthorizationSet begin_params(client_params()); |
| 2483 | begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
| 2484 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
Shawn Willden | b15d77e | 2014-12-17 16:44:29 -0700 | [diff] [blame] | 2485 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &result, &input_consumed)); |
Shawn Willden | d6cd7e3 | 2014-12-17 08:01:26 -0700 | [diff] [blame] | 2486 | EXPECT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&result)); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2487 | EXPECT_EQ(0U, result.size()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2488 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2489 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2490 | EXPECT_EQ(4, GetParam()->keymaster0_calls()); |
Shawn Willden | 4200f21 | 2014-12-02 07:01:21 -0700 | [diff] [blame] | 2491 | } |
| 2492 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2493 | TEST_P(EncryptionOperationsTest, RsaEncryptWithSigningKey) { |
Shawn Willden | 0afa3c8 | 2015-06-22 10:39:21 -0600 | [diff] [blame] | 2494 | ASSERT_EQ(KM_ERROR_OK, |
| 2495 | GenerateKey(AuthorizationSetBuilder().RsaSigningKey(256, 3).Padding(KM_PAD_NONE))); |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 2496 | |
| 2497 | AuthorizationSet begin_params(client_params()); |
| 2498 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 2499 | ASSERT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2500 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2501 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_RSA)) |
Shawn Willden | 294a2db | 2015-06-17 11:20:56 -0600 | [diff] [blame] | 2502 | EXPECT_EQ(2, GetParam()->keymaster0_calls()); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 2503 | } |
| 2504 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2505 | TEST_P(EncryptionOperationsTest, EcdsaEncrypt) { |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 2506 | ASSERT_EQ(KM_ERROR_OK, |
| 2507 | GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE))); |
Shawn Willden | 294a2db | 2015-06-17 11:20:56 -0600 | [diff] [blame] | 2508 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| 2509 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2510 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 2511 | if (GetParam()->algorithm_in_km0_hardware(KM_ALGORITHM_EC)) |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2512 | EXPECT_EQ(3, GetParam()->keymaster0_calls()); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 2513 | } |
| 2514 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2515 | TEST_P(EncryptionOperationsTest, HmacEncrypt) { |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 2516 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2517 | .HmacKey(128) |
| 2518 | .Digest(KM_DIGEST_SHA_2_256) |
| 2519 | .Padding(KM_PAD_NONE) |
| 2520 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 294a2db | 2015-06-17 11:20:56 -0600 | [diff] [blame] | 2521 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_ENCRYPT)); |
| 2522 | ASSERT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, BeginOperation(KM_PURPOSE_DECRYPT)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2523 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2524 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | edb7994 | 2015-05-08 06:46:44 -0600 | [diff] [blame] | 2525 | } |
| 2526 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2527 | TEST_P(EncryptionOperationsTest, AesEcbRoundTripSuccess) { |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2528 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2529 | .AesEncryptionKey(128) |
| 2530 | .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB) |
| 2531 | .Padding(KM_PAD_NONE))); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2532 | // Two-block message. |
| 2533 | string message = "12345678901234567890123456789012"; |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2534 | string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2535 | EXPECT_EQ(message.size(), ciphertext1.size()); |
| 2536 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2537 | string ciphertext2 = EncryptMessage(string(message), KM_MODE_ECB, KM_PAD_NONE); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2538 | EXPECT_EQ(message.size(), ciphertext2.size()); |
| 2539 | |
| 2540 | // ECB is deterministic. |
| 2541 | EXPECT_EQ(ciphertext1, ciphertext2); |
| 2542 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2543 | string plaintext = DecryptMessage(ciphertext1, KM_MODE_ECB, KM_PAD_NONE); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2544 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2545 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2546 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2547 | } |
| 2548 | |
Shawn Willden | e23a2c9 | 2015-07-06 15:52:45 -0600 | [diff] [blame] | 2549 | TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) { |
| 2550 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2551 | .AesEncryptionKey(128) |
| 2552 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC) |
| 2553 | .Padding(KM_PAD_NONE))); |
| 2554 | // Two-block message. |
| 2555 | string message = "12345678901234567890123456789012"; |
| 2556 | AuthorizationSet begin_params(client_params()); |
| 2557 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB); |
| 2558 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 2559 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
| 2560 | |
| 2561 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 2562 | } |
| 2563 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2564 | TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) { |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2565 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2566 | .AesEncryptionKey(128) |
| 2567 | .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB) |
| 2568 | .Padding(KM_PAD_NONE))); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2569 | // Message is slightly shorter than two blocks. |
| 2570 | string message = "1234567890123456789012345678901"; |
| 2571 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2572 | AuthorizationSet begin_params(client_params()); |
| 2573 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2574 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2575 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2576 | string ciphertext; |
| 2577 | size_t input_consumed; |
| 2578 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &ciphertext, &input_consumed)); |
| 2579 | EXPECT_EQ(message.size(), input_consumed); |
| 2580 | EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&ciphertext)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2581 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2582 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2583 | } |
| 2584 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2585 | TEST_P(EncryptionOperationsTest, AesEcbPkcs7Padding) { |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2586 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2587 | .AesEncryptionKey(128) |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2588 | .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB) |
| 2589 | .Authorization(TAG_PADDING, KM_PAD_PKCS7))); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2590 | |
| 2591 | // Try various message lengths; all should work. |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2592 | for (size_t i = 0; i < 32; ++i) { |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2593 | string message(i, 'a'); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2594 | string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2595 | EXPECT_EQ(i + 16 - (i % 16), ciphertext.size()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2596 | string plaintext = DecryptMessage(ciphertext, KM_MODE_ECB, KM_PAD_PKCS7); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2597 | EXPECT_EQ(message, plaintext); |
| 2598 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2599 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2600 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2601 | } |
| 2602 | |
Shawn Willden | 5532a08 | 2015-07-01 12:58:08 -0600 | [diff] [blame] | 2603 | TEST_P(EncryptionOperationsTest, AesEcbNoPaddingKeyWithPkcs7Padding) { |
| 2604 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2605 | .AesEncryptionKey(128) |
| 2606 | .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB) |
| 2607 | .Authorization(TAG_PADDING, KM_PAD_NONE))); |
| 2608 | |
Shawn Willden | 5cf4502 | 2015-07-20 09:10:32 -0600 | [diff] [blame] | 2609 | // Try various message lengths; all should fail. |
Shawn Willden | 5532a08 | 2015-07-01 12:58:08 -0600 | [diff] [blame] | 2610 | for (size_t i = 0; i < 32; ++i) { |
Shawn Willden | 5cf4502 | 2015-07-20 09:10:32 -0600 | [diff] [blame] | 2611 | AuthorizationSet begin_params(client_params()); |
| 2612 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB); |
| 2613 | begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7); |
| 2614 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, |
| 2615 | BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
Shawn Willden | 5532a08 | 2015-07-01 12:58:08 -0600 | [diff] [blame] | 2616 | } |
| 2617 | |
| 2618 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 2619 | } |
| 2620 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2621 | TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) { |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2622 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2623 | .AesEncryptionKey(128) |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2624 | .Authorization(TAG_BLOCK_MODE, KM_MODE_ECB) |
| 2625 | .Authorization(TAG_PADDING, KM_PAD_PKCS7))); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2626 | |
| 2627 | string message = "a"; |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2628 | string ciphertext = EncryptMessage(message, KM_MODE_ECB, KM_PAD_PKCS7); |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2629 | EXPECT_EQ(16U, ciphertext.size()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2630 | EXPECT_NE(ciphertext, message); |
| 2631 | ++ciphertext[ciphertext.size() / 2]; |
| 2632 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2633 | AuthorizationSet begin_params(client_params()); |
| 2634 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2635 | begin_params.push_back(TAG_PADDING, KM_PAD_PKCS7); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2636 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2637 | string plaintext; |
| 2638 | size_t input_consumed; |
| 2639 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext, &plaintext, &input_consumed)); |
| 2640 | EXPECT_EQ(ciphertext.size(), input_consumed); |
| 2641 | EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, FinishOperation(&plaintext)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2642 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2643 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2644 | } |
| 2645 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2646 | TEST_P(EncryptionOperationsTest, AesCtrRoundTripSuccess) { |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2647 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2648 | .AesEncryptionKey(128) |
| 2649 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR) |
| 2650 | .Padding(KM_PAD_NONE))); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2651 | string message = "123"; |
| 2652 | string iv1; |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2653 | string ciphertext1 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv1); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2654 | EXPECT_EQ(message.size(), ciphertext1.size()); |
Shawn Willden | 72a5fdd | 2015-03-17 20:04:33 -0600 | [diff] [blame] | 2655 | EXPECT_EQ(16U, iv1.size()); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2656 | |
| 2657 | string iv2; |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2658 | string ciphertext2 = EncryptMessage(message, KM_MODE_CTR, KM_PAD_NONE, &iv2); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2659 | EXPECT_EQ(message.size(), ciphertext2.size()); |
Shawn Willden | 72a5fdd | 2015-03-17 20:04:33 -0600 | [diff] [blame] | 2660 | EXPECT_EQ(16U, iv2.size()); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2661 | |
| 2662 | // IVs should be random, so ciphertexts should differ. |
| 2663 | EXPECT_NE(iv1, iv2); |
| 2664 | EXPECT_NE(ciphertext1, ciphertext2); |
| 2665 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2666 | string plaintext = DecryptMessage(ciphertext1, KM_MODE_CTR, KM_PAD_NONE, iv1); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2667 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2668 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2669 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2670 | } |
| 2671 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2672 | TEST_P(EncryptionOperationsTest, AesCtrIncremental) { |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2673 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2674 | .AesEncryptionKey(128) |
| 2675 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR) |
| 2676 | .Padding(KM_PAD_NONE))); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2677 | |
| 2678 | int increment = 15; |
| 2679 | string message(239, 'a'); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 2680 | AuthorizationSet input_params(client_params()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2681 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2682 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2683 | AuthorizationSet output_params; |
| 2684 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params)); |
| 2685 | |
| 2686 | string ciphertext; |
| 2687 | size_t input_consumed; |
| 2688 | for (size_t i = 0; i < message.size(); i += increment) |
| 2689 | EXPECT_EQ(KM_ERROR_OK, |
| 2690 | UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed)); |
| 2691 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
| 2692 | EXPECT_EQ(message.size(), ciphertext.size()); |
| 2693 | |
| 2694 | // Move TAG_NONCE into input_params |
| 2695 | input_params.Reinitialize(output_params); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 2696 | input_params.push_back(client_params()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2697 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2698 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2699 | output_params.Clear(); |
| 2700 | |
| 2701 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params)); |
| 2702 | string plaintext; |
| 2703 | for (size_t i = 0; i < ciphertext.size(); i += increment) |
| 2704 | EXPECT_EQ(KM_ERROR_OK, |
| 2705 | UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed)); |
| 2706 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
| 2707 | EXPECT_EQ(ciphertext.size(), plaintext.size()); |
| 2708 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2709 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2710 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2711 | } |
| 2712 | |
| 2713 | struct AesCtrSp80038aTestVector { |
| 2714 | const char* key; |
| 2715 | const char* nonce; |
| 2716 | const char* plaintext; |
| 2717 | const char* ciphertext; |
| 2718 | }; |
| 2719 | |
| 2720 | // These test vectors are taken from |
| 2721 | // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5. |
| 2722 | static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = { |
| 2723 | // AES-128 |
| 2724 | { |
| 2725 | "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", |
| 2726 | "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" |
| 2727 | "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", |
| 2728 | "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff" |
| 2729 | "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee", |
| 2730 | }, |
| 2731 | // AES-192 |
| 2732 | { |
| 2733 | "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", |
| 2734 | "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" |
| 2735 | "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", |
| 2736 | "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94" |
| 2737 | "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050", |
| 2738 | }, |
| 2739 | // AES-256 |
| 2740 | { |
| 2741 | "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", |
| 2742 | "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", |
| 2743 | "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" |
| 2744 | "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", |
| 2745 | "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5" |
| 2746 | "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6", |
| 2747 | }, |
| 2748 | }; |
| 2749 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2750 | TEST_P(EncryptionOperationsTest, AesCtrSp80038aTestVector) { |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2751 | for (size_t i = 0; i < 3; i++) { |
| 2752 | const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]); |
| 2753 | const string key = hex2str(test.key); |
| 2754 | const string nonce = hex2str(test.nonce); |
| 2755 | const string plaintext = hex2str(test.plaintext); |
| 2756 | const string ciphertext = hex2str(test.ciphertext); |
| 2757 | CheckAesCtrTestVector(key, nonce, plaintext, ciphertext); |
| 2758 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2759 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2760 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2761 | } |
| 2762 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2763 | TEST_P(EncryptionOperationsTest, AesCtrInvalidPaddingMode) { |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2764 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2765 | .AesEncryptionKey(128) |
| 2766 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR) |
| 2767 | .Authorization(TAG_PADDING, KM_PAD_PKCS7))); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2768 | AuthorizationSet begin_params(client_params()); |
| 2769 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2770 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2771 | EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PADDING_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2772 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2773 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2774 | } |
| 2775 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2776 | TEST_P(EncryptionOperationsTest, AesCtrInvalidCallerNonce) { |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2777 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2778 | .AesEncryptionKey(128) |
| 2779 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CTR) |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2780 | .Authorization(TAG_CALLER_NONCE) |
| 2781 | .Padding(KM_PAD_NONE))); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2782 | |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 2783 | AuthorizationSet input_params(client_params()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2784 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CTR); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2785 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2786 | input_params.push_back(TAG_NONCE, "123", 3); |
| 2787 | EXPECT_EQ(KM_ERROR_INVALID_NONCE, BeginOperation(KM_PURPOSE_ENCRYPT, input_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2788 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2789 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Thai Duong | 20d725d | 2015-03-24 17:49:58 -0700 | [diff] [blame] | 2790 | } |
| 2791 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2792 | TEST_P(EncryptionOperationsTest, AesCbcRoundTripSuccess) { |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2793 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2794 | .AesEncryptionKey(128) |
| 2795 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC) |
| 2796 | .Padding(KM_PAD_NONE))); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2797 | // Two-block message. |
| 2798 | string message = "12345678901234567890123456789012"; |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2799 | string iv1; |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2800 | string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2801 | EXPECT_EQ(message.size(), ciphertext1.size()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2802 | |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2803 | string iv2; |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2804 | string ciphertext2 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv2); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2805 | EXPECT_EQ(message.size(), ciphertext2.size()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2806 | |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2807 | // IVs should be random, so ciphertexts should differ. |
| 2808 | EXPECT_NE(iv1, iv2); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2809 | EXPECT_NE(ciphertext1, ciphertext2); |
| 2810 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2811 | string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2812 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2813 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2814 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2815 | } |
| 2816 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2817 | TEST_P(EncryptionOperationsTest, AesCallerNonce) { |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2818 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2819 | .AesEncryptionKey(128) |
| 2820 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC) |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2821 | .Authorization(TAG_CALLER_NONCE) |
| 2822 | .Padding(KM_PAD_NONE))); |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2823 | string message = "12345678901234567890123456789012"; |
| 2824 | string iv1; |
| 2825 | // Don't specify nonce, should get a random one. |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2826 | string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1); |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2827 | EXPECT_EQ(message.size(), ciphertext1.size()); |
| 2828 | EXPECT_EQ(16U, iv1.size()); |
| 2829 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2830 | string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1); |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2831 | EXPECT_EQ(message, plaintext); |
| 2832 | |
| 2833 | // Now specify a nonce, should also work. |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 2834 | AuthorizationSet input_params(client_params()); |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2835 | AuthorizationSet update_params; |
| 2836 | AuthorizationSet output_params; |
| 2837 | input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2838 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2839 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2840 | string ciphertext2 = |
| 2841 | ProcessMessage(KM_PURPOSE_ENCRYPT, message, input_params, update_params, &output_params); |
| 2842 | |
| 2843 | // Decrypt with correct nonce. |
| 2844 | plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params, |
| 2845 | &output_params); |
| 2846 | EXPECT_EQ(message, plaintext); |
| 2847 | |
| 2848 | // Now try with wrong nonce. |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 2849 | input_params.Reinitialize(client_params()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2850 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2851 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2852 | input_params.push_back(TAG_NONCE, "aaaaaaaaaaaaaaaa", 16); |
| 2853 | plaintext = ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext2, input_params, update_params, |
| 2854 | &output_params); |
| 2855 | EXPECT_NE(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2856 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2857 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 969aa38 | 2015-04-15 17:05:53 -0700 | [diff] [blame] | 2858 | } |
| 2859 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2860 | TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) { |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2861 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2862 | .AesEncryptionKey(128) |
| 2863 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC) |
| 2864 | .Padding(KM_PAD_NONE))); |
Shawn Willden | 6770635 | 2015-04-28 00:43:19 -0600 | [diff] [blame] | 2865 | |
| 2866 | string message = "12345678901234567890123456789012"; |
| 2867 | string iv1; |
| 2868 | // Don't specify nonce, should get a random one. |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2869 | string ciphertext1 = EncryptMessage(message, KM_MODE_CBC, KM_PAD_NONE, &iv1); |
Shawn Willden | 6770635 | 2015-04-28 00:43:19 -0600 | [diff] [blame] | 2870 | EXPECT_EQ(message.size(), ciphertext1.size()); |
| 2871 | EXPECT_EQ(16U, iv1.size()); |
| 2872 | |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2873 | string plaintext = DecryptMessage(ciphertext1, KM_MODE_CBC, KM_PAD_NONE, iv1); |
Shawn Willden | 6770635 | 2015-04-28 00:43:19 -0600 | [diff] [blame] | 2874 | EXPECT_EQ(message, plaintext); |
| 2875 | |
| 2876 | // Now specify a nonce, should fail. |
| 2877 | AuthorizationSet input_params(client_params()); |
| 2878 | AuthorizationSet update_params; |
| 2879 | AuthorizationSet output_params; |
| 2880 | input_params.push_back(TAG_NONCE, "abcdefghijklmnop", 16); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2881 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2882 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 6770635 | 2015-04-28 00:43:19 -0600 | [diff] [blame] | 2883 | |
| 2884 | EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED, |
| 2885 | BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2886 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2887 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 6770635 | 2015-04-28 00:43:19 -0600 | [diff] [blame] | 2888 | } |
| 2889 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2890 | TEST_P(EncryptionOperationsTest, AesCbcIncrementalNoPadding) { |
Shawn Willden | 3ad5f05 | 2015-05-08 14:05:13 -0600 | [diff] [blame] | 2891 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2892 | .AesEncryptionKey(128) |
| 2893 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC) |
| 2894 | .Padding(KM_PAD_NONE))); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2895 | |
| 2896 | int increment = 15; |
| 2897 | string message(240, 'a'); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 2898 | AuthorizationSet input_params(client_params()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2899 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2900 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2901 | AuthorizationSet output_params; |
| 2902 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, input_params, &output_params)); |
| 2903 | |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2904 | string ciphertext; |
| 2905 | size_t input_consumed; |
| 2906 | for (size_t i = 0; i < message.size(); i += increment) |
| 2907 | EXPECT_EQ(KM_ERROR_OK, |
| 2908 | UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed)); |
| 2909 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2910 | EXPECT_EQ(message.size(), ciphertext.size()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2911 | |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2912 | // Move TAG_NONCE into input_params |
| 2913 | input_params.Reinitialize(output_params); |
Shawn Willden | 09f2527 | 2015-04-15 13:49:49 -0600 | [diff] [blame] | 2914 | input_params.push_back(client_params()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2915 | input_params.push_back(TAG_BLOCK_MODE, KM_MODE_CBC); |
Shawn Willden | c442467 | 2015-05-11 11:56:02 -0600 | [diff] [blame] | 2916 | input_params.push_back(TAG_PADDING, KM_PAD_NONE); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2917 | output_params.Clear(); |
| 2918 | |
| 2919 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, input_params, &output_params)); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2920 | string plaintext; |
| 2921 | for (size_t i = 0; i < ciphertext.size(); i += increment) |
| 2922 | EXPECT_EQ(KM_ERROR_OK, |
| 2923 | UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed)); |
| 2924 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2925 | EXPECT_EQ(ciphertext.size(), plaintext.size()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2926 | EXPECT_EQ(message, plaintext); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2927 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2928 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2929 | } |
| 2930 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 2931 | TEST_P(EncryptionOperationsTest, AesCbcPkcs7Padding) { |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2932 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2933 | .AesEncryptionKey(128) |
Shawn Willden | 2c24200 | 2015-02-27 07:01:02 -0700 | [diff] [blame] | 2934 | .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC) |
| 2935 | .Authorization(TAG_PADDING, KM_PAD_PKCS7))); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2936 | |
| 2937 | // Try various message lengths; all should work. |
Shawn Willden | c609659 | 2015-03-17 15:53:14 -0600 | [diff] [blame] | 2938 | for (size_t i = 0; i < 32; ++i) { |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2939 | string message(i, 'a'); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2940 | string iv; |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2941 | string ciphertext = EncryptMessage(message, KM_MODE_CBC, KM_PAD_PKCS7, &iv); |
Shawn Willden | 7a62f5e | 2015-03-10 12:59:20 -0600 | [diff] [blame] | 2942 | EXPECT_EQ(i + 16 - (i % 16), ciphertext.size()); |
Shawn Willden | 31e063f | 2015-05-08 14:31:22 -0600 | [diff] [blame] | 2943 | string plaintext = DecryptMessage(ciphertext, KM_MODE_CBC, KM_PAD_PKCS7, iv); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2944 | EXPECT_EQ(message, plaintext); |
| 2945 | } |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 2946 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 2947 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | f0f68b9 | 2014-12-30 16:03:28 -0700 | [diff] [blame] | 2948 | } |
| 2949 | |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2950 | TEST_P(EncryptionOperationsTest, AesGcmRoundTripSuccess) { |
| 2951 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2952 | .AesEncryptionKey(128) |
| 2953 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 2954 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 2955 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2956 | string aad = "foobar"; |
| 2957 | string message = "123456789012345678901234567890123456"; |
| 2958 | AuthorizationSet begin_params(client_params()); |
| 2959 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 2960 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 2961 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2962 | |
| 2963 | AuthorizationSet update_params; |
| 2964 | update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2965 | |
| 2966 | // Encrypt |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 2967 | AuthorizationSet begin_out_params; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2968 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 2969 | string ciphertext; |
| 2970 | size_t input_consumed; |
| 2971 | AuthorizationSet update_out_params; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2972 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext, |
| 2973 | &input_consumed)); |
| 2974 | EXPECT_EQ(message.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 2975 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2976 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 2977 | // Grab nonce |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2978 | EXPECT_NE(-1, begin_out_params.find(TAG_NONCE)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2979 | begin_params.push_back(begin_out_params); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2980 | |
| 2981 | // Decrypt. |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 2982 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 2983 | string plaintext; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2984 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params, |
| 2985 | &plaintext, &input_consumed)); |
| 2986 | EXPECT_EQ(ciphertext.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 2987 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 2988 | |
| 2989 | EXPECT_EQ(message, plaintext); |
| 2990 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 2991 | } |
| 2992 | |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 2993 | TEST_P(EncryptionOperationsTest, AesGcmTooShortTag) { |
| 2994 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 2995 | .AesEncryptionKey(128) |
| 2996 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
| 2997 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 2998 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
| 2999 | string aad = "foobar"; |
| 3000 | string message = "123456789012345678901234567890123456"; |
| 3001 | AuthorizationSet begin_params(client_params()); |
| 3002 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3003 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3004 | begin_params.push_back(TAG_MAC_LENGTH, 96); |
| 3005 | |
| 3006 | AuthorizationSet update_params; |
| 3007 | update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); |
| 3008 | |
| 3009 | AuthorizationSet begin_out_params; |
| 3010 | EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, |
| 3011 | BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
| 3012 | |
| 3013 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3014 | } |
| 3015 | |
| 3016 | TEST_P(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) { |
| 3017 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3018 | .AesEncryptionKey(128) |
| 3019 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
| 3020 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3021 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
| 3022 | string aad = "foobar"; |
| 3023 | string message = "123456789012345678901234567890123456"; |
| 3024 | AuthorizationSet begin_params(client_params()); |
| 3025 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3026 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3027 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
| 3028 | |
| 3029 | AuthorizationSet update_params; |
| 3030 | update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); |
| 3031 | |
| 3032 | // Encrypt |
| 3033 | AuthorizationSet begin_out_params; |
| 3034 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
| 3035 | string ciphertext; |
| 3036 | size_t input_consumed; |
| 3037 | AuthorizationSet update_out_params; |
| 3038 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext, |
| 3039 | &input_consumed)); |
| 3040 | EXPECT_EQ(message.size(), input_consumed); |
| 3041 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
| 3042 | |
| 3043 | // Grab nonce |
| 3044 | EXPECT_NE(-1, begin_out_params.find(TAG_NONCE)); |
| 3045 | begin_params.Reinitialize(client_params()); |
| 3046 | begin_params.push_back(begin_out_params); |
| 3047 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3048 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3049 | begin_params.push_back(TAG_MAC_LENGTH, 96); |
| 3050 | |
| 3051 | // Decrypt. |
| 3052 | EXPECT_EQ(KM_ERROR_INVALID_MAC_LENGTH, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 3053 | |
| 3054 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3055 | } |
| 3056 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3057 | TEST_P(EncryptionOperationsTest, AesGcmCorruptKey) { |
| 3058 | uint8_t nonce[] = { |
| 3059 | 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f, |
| 3060 | }; |
| 3061 | uint8_t ciphertext[] = { |
| 3062 | 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16, |
| 3063 | 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a, |
| 3064 | 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76, |
| 3065 | 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd, |
| 3066 | 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0, |
| 3067 | }; |
| 3068 | string ciphertext_str(reinterpret_cast<char*>(ciphertext), sizeof(ciphertext)); |
| 3069 | |
| 3070 | AuthorizationSet begin_params(client_params()); |
| 3071 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3072 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3073 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
| 3074 | begin_params.push_back(TAG_NONCE, nonce, sizeof(nonce)); |
| 3075 | |
| 3076 | string plaintext; |
| 3077 | size_t input_consumed; |
| 3078 | |
| 3079 | // Import correct key and decrypt |
| 3080 | uint8_t good_key[] = { |
| 3081 | 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d, |
| 3082 | 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb, |
| 3083 | }; |
| 3084 | string good_key_str(reinterpret_cast<char*>(good_key), sizeof(good_key)); |
| 3085 | ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder() |
| 3086 | .AesEncryptionKey(128) |
| 3087 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
| 3088 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3089 | .Authorization(TAG_CALLER_NONCE) |
| 3090 | .Authorization(TAG_MIN_MAC_LENGTH, 128), |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3091 | KM_KEY_FORMAT_RAW, good_key_str)); |
| 3092 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 3093 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed)); |
| 3094 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
| 3095 | |
| 3096 | // Import bad key and decrypt |
| 3097 | uint8_t bad_key[] = { |
| 3098 | 0xbb, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d, |
| 3099 | 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb, |
| 3100 | }; |
| 3101 | string bad_key_str(reinterpret_cast<char*>(bad_key), sizeof(bad_key)); |
| 3102 | ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder() |
| 3103 | .AesEncryptionKey(128) |
| 3104 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3105 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3106 | .Authorization(TAG_MIN_MAC_LENGTH, 128), |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3107 | KM_KEY_FORMAT_RAW, bad_key_str)); |
| 3108 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 3109 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(ciphertext_str, &plaintext, &input_consumed)); |
| 3110 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext)); |
| 3111 | |
| 3112 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3113 | } |
| 3114 | |
| 3115 | TEST_P(EncryptionOperationsTest, AesGcmAadNoData) { |
| 3116 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3117 | .AesEncryptionKey(128) |
| 3118 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3119 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3120 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3121 | string aad = "123456789012345678"; |
| 3122 | string empty_message; |
| 3123 | AuthorizationSet begin_params(client_params()); |
| 3124 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3125 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3126 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
| 3127 | |
| 3128 | AuthorizationSet update_params; |
| 3129 | update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); |
| 3130 | |
| 3131 | // Encrypt |
| 3132 | AuthorizationSet begin_out_params; |
| 3133 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
| 3134 | string ciphertext; |
| 3135 | size_t input_consumed; |
| 3136 | AuthorizationSet update_out_params; |
| 3137 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, empty_message, &update_out_params, |
| 3138 | &ciphertext, &input_consumed)); |
| 3139 | EXPECT_EQ(0U, input_consumed); |
| 3140 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
| 3141 | |
| 3142 | // Grab nonce |
| 3143 | EXPECT_NE(-1, begin_out_params.find(TAG_NONCE)); |
| 3144 | begin_params.push_back(begin_out_params); |
| 3145 | |
| 3146 | // Decrypt. |
| 3147 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 3148 | string plaintext; |
| 3149 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params, |
| 3150 | &plaintext, &input_consumed)); |
| 3151 | EXPECT_EQ(ciphertext.size(), input_consumed); |
| 3152 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
| 3153 | |
| 3154 | EXPECT_EQ(empty_message, plaintext); |
| 3155 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3156 | } |
| 3157 | |
| 3158 | TEST_P(EncryptionOperationsTest, AesGcmIncremental) { |
| 3159 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3160 | .AesEncryptionKey(128) |
| 3161 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3162 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3163 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3164 | AuthorizationSet begin_params(client_params()); |
| 3165 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3166 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3167 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
| 3168 | |
| 3169 | AuthorizationSet update_params; |
| 3170 | update_params.push_back(TAG_ASSOCIATED_DATA, "b", 1); |
| 3171 | |
| 3172 | // Encrypt |
| 3173 | AuthorizationSet begin_out_params; |
| 3174 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
| 3175 | string ciphertext; |
| 3176 | size_t input_consumed; |
| 3177 | AuthorizationSet update_out_params; |
| 3178 | |
| 3179 | // Send AAD, incrementally |
| 3180 | for (int i = 0; i < 1000; ++i) { |
| 3181 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &ciphertext, |
| 3182 | &input_consumed)); |
| 3183 | EXPECT_EQ(0U, input_consumed); |
| 3184 | EXPECT_EQ(0U, ciphertext.size()); |
| 3185 | } |
| 3186 | |
| 3187 | // Now send data, incrementally, no data. |
| 3188 | AuthorizationSet empty_params; |
| 3189 | for (int i = 0; i < 1000; ++i) { |
| 3190 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, "a", &update_out_params, &ciphertext, |
| 3191 | &input_consumed)); |
| 3192 | EXPECT_EQ(1U, input_consumed); |
| 3193 | } |
| 3194 | EXPECT_EQ(1000U, ciphertext.size()); |
| 3195 | |
| 3196 | // And finish. |
| 3197 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
| 3198 | EXPECT_EQ(1016U, ciphertext.size()); |
| 3199 | |
| 3200 | // Grab nonce |
| 3201 | EXPECT_NE(-1, begin_out_params.find(TAG_NONCE)); |
| 3202 | begin_params.push_back(begin_out_params); |
| 3203 | |
| 3204 | // Decrypt. |
| 3205 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 3206 | string plaintext; |
| 3207 | |
| 3208 | // Send AAD, incrementally, no data |
| 3209 | for (int i = 0; i < 1000; ++i) { |
| 3210 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "", &update_out_params, &plaintext, |
| 3211 | &input_consumed)); |
| 3212 | EXPECT_EQ(0U, input_consumed); |
| 3213 | EXPECT_EQ(0U, plaintext.size()); |
| 3214 | } |
| 3215 | |
| 3216 | // Now send data, incrementally. |
| 3217 | for (size_t i = 0; i < ciphertext.length(); ++i) { |
| 3218 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(empty_params, string(ciphertext.data() + i, 1), |
| 3219 | &update_out_params, &plaintext, &input_consumed)); |
| 3220 | EXPECT_EQ(1U, input_consumed); |
| 3221 | } |
| 3222 | EXPECT_EQ(1000U, plaintext.size()); |
| 3223 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
| 3224 | |
| 3225 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3226 | } |
| 3227 | |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3228 | TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) { |
| 3229 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3230 | .AesEncryptionKey(128) |
| 3231 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3232 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3233 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3234 | string message = "123456789012345678901234567890123456"; |
| 3235 | AuthorizationSet begin_params(client_params()); |
| 3236 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3237 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3238 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
| 3239 | AuthorizationSet begin_out_params; |
| 3240 | |
| 3241 | AuthorizationSet update_params; |
| 3242 | update_params.push_back(TAG_ASSOCIATED_DATA, "foo", 3); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3243 | |
| 3244 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
| 3245 | |
| 3246 | // No data, AAD only. |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3247 | string ciphertext; |
| 3248 | size_t input_consumed; |
| 3249 | AuthorizationSet update_out_params; |
| 3250 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, "" /* message */, &update_out_params, |
| 3251 | &ciphertext, &input_consumed)); |
| 3252 | EXPECT_EQ(0U, input_consumed); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3253 | |
| 3254 | // AAD and data. |
| 3255 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext, |
| 3256 | &input_consumed)); |
| 3257 | EXPECT_EQ(message.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3258 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3259 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3260 | // Grab nonce. |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3261 | EXPECT_NE(-1, begin_out_params.find(TAG_NONCE)); |
| 3262 | begin_params.push_back(begin_out_params); |
| 3263 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3264 | // Decrypt |
| 3265 | update_params.Clear(); |
| 3266 | update_params.push_back(TAG_ASSOCIATED_DATA, "foofoo", 6); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3267 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3268 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params)); |
| 3269 | string plaintext; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3270 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params, |
| 3271 | &plaintext, &input_consumed)); |
| 3272 | EXPECT_EQ(ciphertext.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3273 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3274 | |
| 3275 | EXPECT_EQ(message, plaintext); |
| 3276 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3277 | } |
| 3278 | |
| 3279 | TEST_P(EncryptionOperationsTest, AesGcmBadAad) { |
| 3280 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3281 | .AesEncryptionKey(128) |
| 3282 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3283 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3284 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3285 | string message = "12345678901234567890123456789012"; |
| 3286 | AuthorizationSet begin_params(client_params()); |
| 3287 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3288 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3289 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3290 | |
| 3291 | AuthorizationSet update_params; |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3292 | update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3293 | |
| 3294 | AuthorizationSet finish_params; |
| 3295 | AuthorizationSet finish_out_params; |
| 3296 | |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3297 | // Encrypt |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3298 | AuthorizationSet begin_out_params; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3299 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3300 | AuthorizationSet update_out_params; |
| 3301 | string ciphertext; |
| 3302 | size_t input_consumed; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3303 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext, |
| 3304 | &input_consumed)); |
| 3305 | EXPECT_EQ(message.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3306 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3307 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3308 | // Grab nonce |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3309 | EXPECT_NE(-1, begin_out_params.find(TAG_NONCE)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3310 | begin_params.push_back(begin_out_params); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3311 | |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3312 | update_params.Clear(); |
| 3313 | update_params.push_back(TAG_ASSOCIATED_DATA, "barfoo" /* Wrong AAD */, 6); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3314 | |
| 3315 | // Decrypt. |
| 3316 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params)); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3317 | string plaintext; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3318 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params, |
| 3319 | &plaintext, &input_consumed)); |
| 3320 | EXPECT_EQ(ciphertext.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3321 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3322 | |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3323 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3324 | } |
| 3325 | |
| 3326 | TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) { |
| 3327 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3328 | .AesEncryptionKey(128) |
| 3329 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3330 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3331 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3332 | string message = "12345678901234567890123456789012"; |
| 3333 | AuthorizationSet begin_params(client_params()); |
| 3334 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3335 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3336 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3337 | |
| 3338 | AuthorizationSet update_params; |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3339 | update_params.push_back(TAG_ASSOCIATED_DATA, "foobar", 6); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3340 | |
| 3341 | // Encrypt |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3342 | AuthorizationSet begin_out_params; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3343 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3344 | AuthorizationSet update_out_params; |
| 3345 | string ciphertext; |
| 3346 | size_t input_consumed; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3347 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext, |
| 3348 | &input_consumed)); |
| 3349 | EXPECT_EQ(message.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3350 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3351 | |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3352 | begin_params.push_back(TAG_NONCE, "123456789012", 12); |
| 3353 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3354 | // Decrypt |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3355 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params)); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3356 | string plaintext; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3357 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params, |
| 3358 | &plaintext, &input_consumed)); |
| 3359 | EXPECT_EQ(ciphertext.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3360 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3361 | |
| 3362 | // With wrong nonce, should have gotten garbage plaintext. |
| 3363 | EXPECT_NE(message, plaintext); |
| 3364 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3365 | } |
| 3366 | |
| 3367 | TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) { |
| 3368 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3369 | .AesEncryptionKey(128) |
| 3370 | .Authorization(TAG_BLOCK_MODE, KM_MODE_GCM) |
Shawn Willden | 33ab038 | 2015-07-08 08:47:25 -0600 | [diff] [blame] | 3371 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3372 | .Authorization(TAG_MIN_MAC_LENGTH, 128))); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3373 | string aad = "foobar"; |
| 3374 | string message = "123456789012345678901234567890123456"; |
| 3375 | AuthorizationSet begin_params(client_params()); |
| 3376 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_GCM); |
| 3377 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3378 | begin_params.push_back(TAG_MAC_LENGTH, 128); |
| 3379 | AuthorizationSet begin_out_params; |
| 3380 | |
| 3381 | AuthorizationSet update_params; |
| 3382 | update_params.push_back(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3383 | |
| 3384 | // Encrypt |
| 3385 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params, &begin_out_params)); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3386 | AuthorizationSet update_out_params; |
| 3387 | string ciphertext; |
| 3388 | size_t input_consumed; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3389 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, message, &update_out_params, &ciphertext, |
| 3390 | &input_consumed)); |
| 3391 | EXPECT_EQ(message.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3392 | EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3393 | |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3394 | // Corrupt tag |
| 3395 | (*ciphertext.rbegin())++; |
| 3396 | |
| 3397 | // Grab nonce. |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3398 | EXPECT_NE(-1, begin_out_params.find(TAG_NONCE)); |
| 3399 | begin_params.push_back(begin_out_params); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3400 | |
| 3401 | // Decrypt. |
| 3402 | EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT, begin_params, &begin_out_params)); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3403 | string plaintext; |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3404 | EXPECT_EQ(KM_ERROR_OK, UpdateOperation(update_params, ciphertext, &update_out_params, |
| 3405 | &plaintext, &input_consumed)); |
| 3406 | EXPECT_EQ(ciphertext.size(), input_consumed); |
Shawn Willden | 3441913 | 2015-06-08 23:10:44 -0600 | [diff] [blame] | 3407 | EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(&plaintext)); |
Shawn Willden | 0f39256 | 2015-06-02 09:00:52 -0600 | [diff] [blame] | 3408 | |
| 3409 | EXPECT_EQ(message, plaintext); |
| 3410 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3411 | } |
| 3412 | |
Shawn Willden | ada4850 | 2015-06-25 06:26:05 -0700 | [diff] [blame] | 3413 | typedef Keymaster1Test MaxOperationsTest; |
| 3414 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, MaxOperationsTest, test_params); |
| 3415 | |
| 3416 | TEST_P(MaxOperationsTest, TestLimit) { |
| 3417 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3418 | .AesEncryptionKey(128) |
| 3419 | .EcbMode() |
| 3420 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3421 | .Authorization(TAG_MAX_USES_PER_BOOT, 3))); |
| 3422 | |
| 3423 | string message = "1234567890123456"; |
| 3424 | string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE); |
| 3425 | string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE); |
| 3426 | string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE); |
| 3427 | |
| 3428 | // Fourth time should fail. |
| 3429 | AuthorizationSet begin_params(client_params()); |
| 3430 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB); |
| 3431 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3432 | EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
| 3433 | |
| 3434 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3435 | } |
| 3436 | |
| 3437 | TEST_P(MaxOperationsTest, TestAbort) { |
| 3438 | ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() |
| 3439 | .AesEncryptionKey(128) |
| 3440 | .EcbMode() |
| 3441 | .Authorization(TAG_PADDING, KM_PAD_NONE) |
| 3442 | .Authorization(TAG_MAX_USES_PER_BOOT, 3))); |
| 3443 | |
| 3444 | string message = "1234567890123456"; |
| 3445 | string ciphertext1 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE); |
| 3446 | string ciphertext2 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE); |
| 3447 | string ciphertext3 = EncryptMessage(message, KM_MODE_ECB, KM_PAD_NONE); |
| 3448 | |
| 3449 | // Fourth time should fail. |
| 3450 | AuthorizationSet begin_params(client_params()); |
| 3451 | begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB); |
| 3452 | begin_params.push_back(TAG_PADDING, KM_PAD_NONE); |
| 3453 | EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params)); |
| 3454 | |
| 3455 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3456 | } |
| 3457 | |
Shawn Willden | 58427c4 | 2015-05-20 13:00:42 -0600 | [diff] [blame] | 3458 | typedef Keymaster1Test AddEntropyTest; |
| 3459 | INSTANTIATE_TEST_CASE_P(AndroidKeymasterTest, AddEntropyTest, test_params); |
| 3460 | |
| 3461 | TEST_P(AddEntropyTest, AddEntropy) { |
Shawn Willden | cd69582 | 2015-01-26 14:06:32 -0700 | [diff] [blame] | 3462 | // There's no obvious way to test that entropy is actually added, but we can test that the API |
| 3463 | // doesn't blow up or return an error. |
| 3464 | EXPECT_EQ(KM_ERROR_OK, |
| 3465 | device()->add_rng_entropy(device(), reinterpret_cast<const uint8_t*>("foo"), 3)); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 3466 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 3467 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 3468 | } |
| 3469 | |
| 3470 | typedef Keymaster1Test Keymaster0AdapterTest; |
| 3471 | INSTANTIATE_TEST_CASE_P( |
| 3472 | AndroidKeymasterTest, Keymaster0AdapterTest, |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 3473 | ::testing::Values( |
| 3474 | InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(true /* support_ec */)), |
| 3475 | InstanceCreatorPtr(new Keymaster0AdapterTestInstanceCreator(false /* support_ec */)))); |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 3476 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 3477 | TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1RsaBlob) { |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 3478 | // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted |
| 3479 | // key data. |
| 3480 | string km1_sw = read_file("km1_sw_rsa_512.blob"); |
| 3481 | EXPECT_EQ(486U, km1_sw.length()); |
| 3482 | |
| 3483 | uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length())); |
| 3484 | memcpy(key_data, km1_sw.data(), km1_sw.length()); |
| 3485 | set_key_blob(key_data, km1_sw.length()); |
| 3486 | |
| 3487 | string message(64, 'a'); |
| 3488 | string signature; |
| 3489 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 3490 | |
| 3491 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3492 | } |
| 3493 | |
Shawn Willden | c7fe06d | 2015-06-11 15:50:04 -0600 | [diff] [blame] | 3494 | TEST_P(Keymaster0AdapterTest, UnversionedSoftwareKeymaster1RsaBlob) { |
| 3495 | // Load and use an old-style Keymaster1 software key blob, without the version byte. These |
| 3496 | // blobs contain OCB-encrypted key data. |
| 3497 | string km1_sw = read_file("km1_sw_rsa_512_unversioned.blob"); |
| 3498 | EXPECT_EQ(477U, km1_sw.length()); |
| 3499 | |
| 3500 | uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length())); |
| 3501 | memcpy(key_data, km1_sw.data(), km1_sw.length()); |
| 3502 | set_key_blob(key_data, km1_sw.length()); |
| 3503 | |
| 3504 | string message(64, 'a'); |
| 3505 | string signature; |
| 3506 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 3507 | |
| 3508 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3509 | } |
| 3510 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 3511 | TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) { |
| 3512 | // Load and use an old-style Keymaster1 software key blob. These blobs contain OCB-encrypted |
| 3513 | // key data. |
| 3514 | string km1_sw = read_file("km1_sw_ecdsa_256.blob"); |
| 3515 | EXPECT_EQ(270U, km1_sw.length()); |
| 3516 | |
| 3517 | uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km1_sw.length())); |
| 3518 | memcpy(key_data, km1_sw.data(), km1_sw.length()); |
| 3519 | set_key_blob(key_data, km1_sw.length()); |
| 3520 | |
Shawn Willden | d530305 | 2015-06-22 05:25:59 -0600 | [diff] [blame] | 3521 | string message(32, static_cast<char>(0xFF)); |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 3522 | string signature; |
| 3523 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 3524 | |
| 3525 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3526 | } |
| 3527 | |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 3528 | struct Malloc_Delete { |
| 3529 | void operator()(void* p) { free(p); } |
| 3530 | }; |
| 3531 | |
Shawn Willden | 6270aca | 2015-05-26 13:12:24 -0600 | [diff] [blame] | 3532 | TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster0RsaBlob) { |
Shawn Willden | 2beb628 | 2015-05-20 16:36:24 -0600 | [diff] [blame] | 3533 | // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data. |
| 3534 | string km0_sw = read_file("km0_sw_rsa_512.blob"); |
| 3535 | EXPECT_EQ(333U, km0_sw.length()); |
| 3536 | |
| 3537 | uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length())); |
| 3538 | memcpy(key_data, km0_sw.data(), km0_sw.length()); |
| 3539 | set_key_blob(key_data, km0_sw.length()); |
| 3540 | |
| 3541 | string message(64, 'a'); |
| 3542 | string signature; |
| 3543 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 3544 | |
| 3545 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
Shawn Willden | cd69582 | 2015-01-26 14:06:32 -0700 | [diff] [blame] | 3546 | } |
| 3547 | |
Shawn Willden | ccb84e9 | 2015-06-02 19:44:54 -0600 | [diff] [blame] | 3548 | TEST_P(Keymaster0AdapterTest, OldSwKeymaster0RsaBlobGetCharacteristics) { |
| 3549 | // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data. |
| 3550 | string km0_sw = read_file("km0_sw_rsa_512.blob"); |
| 3551 | EXPECT_EQ(333U, km0_sw.length()); |
| 3552 | |
| 3553 | uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length())); |
| 3554 | memcpy(key_data, km0_sw.data(), km0_sw.length()); |
| 3555 | set_key_blob(key_data, km0_sw.length()); |
| 3556 | |
| 3557 | EXPECT_EQ(KM_ERROR_OK, GetCharacteristics()); |
| 3558 | EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| 3559 | EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 512)); |
| 3560 | EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3)); |
| 3561 | EXPECT_TRUE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE)); |
| 3562 | EXPECT_TRUE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE)); |
| 3563 | EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN)); |
| 3564 | EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY)); |
| 3565 | EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS)); |
| 3566 | EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED)); |
| 3567 | |
| 3568 | EXPECT_EQ(0, GetParam()->keymaster0_calls()); |
| 3569 | } |
| 3570 | |
| 3571 | TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlob) { |
| 3572 | // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data. |
| 3573 | string km0_sw = read_file("km0_sw_rsa_512.blob"); |
| 3574 | EXPECT_EQ(333U, km0_sw.length()); |
| 3575 | |
| 3576 | // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not |
| 3577 | // be recognized as a software key. Do the same here to pretend this is a hardware key. |
| 3578 | EXPECT_EQ('P', km0_sw[0]); |
| 3579 | km0_sw[0] = 'Q'; |
| 3580 | |
| 3581 | uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length())); |
| 3582 | memcpy(key_data, km0_sw.data(), km0_sw.length()); |
| 3583 | set_key_blob(key_data, km0_sw.length()); |
| 3584 | |
| 3585 | string message(64, 'a'); |
| 3586 | string signature; |
| 3587 | SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 3588 | VerifyMessage(message, signature, KM_DIGEST_NONE, KM_PAD_NONE); |
| 3589 | |
| 3590 | EXPECT_EQ(5, GetParam()->keymaster0_calls()); |
| 3591 | } |
| 3592 | |
| 3593 | TEST_P(Keymaster0AdapterTest, OldHwKeymaster0RsaBlobGetCharacteristics) { |
| 3594 | // Load and use an old softkeymaster blob. These blobs contain PKCS#8 key data. |
| 3595 | string km0_sw = read_file("km0_sw_rsa_512.blob"); |
| 3596 | EXPECT_EQ(333U, km0_sw.length()); |
| 3597 | |
| 3598 | // The keymaster0 wrapper swaps the old softkeymaster leading 'P' for a 'Q' to make the key not |
| 3599 | // be recognized as a software key. Do the same here to pretend this is a hardware key. |
| 3600 | EXPECT_EQ('P', km0_sw[0]); |
| 3601 | km0_sw[0] = 'Q'; |
| 3602 | |
| 3603 | uint8_t* key_data = reinterpret_cast<uint8_t*>(malloc(km0_sw.length())); |
| 3604 | memcpy(key_data, km0_sw.data(), km0_sw.length()); |
| 3605 | set_key_blob(key_data, km0_sw.length()); |
| 3606 | |
| 3607 | EXPECT_EQ(KM_ERROR_OK, GetCharacteristics()); |
| 3608 | EXPECT_TRUE(contains(hw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| 3609 | EXPECT_TRUE(contains(hw_enforced(), TAG_KEY_SIZE, 512)); |
| 3610 | EXPECT_TRUE(contains(hw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3)); |
| 3611 | EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_NONE)); |
Shawn Willden | 5cf4502 | 2015-07-20 09:10:32 -0600 | [diff] [blame] | 3612 | EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_MD5)); |
| 3613 | EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA1)); |
| 3614 | EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_224)); |
| 3615 | EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_256)); |
| 3616 | EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_384)); |
| 3617 | EXPECT_TRUE(contains(hw_enforced(), TAG_DIGEST, KM_DIGEST_SHA_2_512)); |
Shawn Willden | ccb84e9 | 2015-06-02 19:44:54 -0600 | [diff] [blame] | 3618 | EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_NONE)); |
Shawn Willden | 5cf4502 | 2015-07-20 09:10:32 -0600 | [diff] [blame] | 3619 | EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT)); |
| 3620 | EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN)); |
| 3621 | EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_OAEP)); |
| 3622 | EXPECT_TRUE(contains(hw_enforced(), TAG_PADDING, KM_PAD_RSA_PSS)); |
| 3623 | EXPECT_EQ(15U, hw_enforced().size()); |
Shawn Willden | ccb84e9 | 2015-06-02 19:44:54 -0600 | [diff] [blame] | 3624 | |
| 3625 | EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_SIGN)); |
| 3626 | EXPECT_TRUE(contains(sw_enforced(), TAG_PURPOSE, KM_PURPOSE_VERIFY)); |
| 3627 | EXPECT_TRUE(sw_enforced().GetTagValue(TAG_ALL_USERS)); |
| 3628 | EXPECT_TRUE(sw_enforced().GetTagValue(TAG_NO_AUTH_REQUIRED)); |
| 3629 | |
| 3630 | EXPECT_FALSE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA)); |
| 3631 | EXPECT_FALSE(contains(sw_enforced(), TAG_KEY_SIZE, 512)); |
| 3632 | EXPECT_FALSE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 3)); |
| 3633 | EXPECT_FALSE(contains(sw_enforced(), TAG_DIGEST, KM_DIGEST_NONE)); |
| 3634 | EXPECT_FALSE(contains(sw_enforced(), TAG_PADDING, KM_PAD_NONE)); |
| 3635 | |
| 3636 | EXPECT_EQ(1, GetParam()->keymaster0_calls()); |
| 3637 | } |
| 3638 | |
Shawn Willden | d599b15 | 2015-07-27 16:58:30 -0600 | [diff] [blame] | 3639 | TEST(SoftKeymasterWrapperTest, CheckKeymaster1Device) { |
| 3640 | // Make a good fake device, and wrap it. |
| 3641 | SoftKeymasterDevice* good_fake(new SoftKeymasterDevice(new TestKeymasterContext)); |
| 3642 | |
| 3643 | // Wrap it and check it. |
| 3644 | SoftKeymasterDevice* good_fake_wrapper(new SoftKeymasterDevice(new TestKeymasterContext)); |
| 3645 | good_fake_wrapper->SetHardwareDevice(good_fake->keymaster_device()); |
| 3646 | EXPECT_TRUE(good_fake_wrapper->Keymaster1DeviceIsGood()); |
| 3647 | |
| 3648 | // Close and clean up wrapper and wrapped |
| 3649 | good_fake_wrapper->keymaster_device()->common.close(good_fake_wrapper->hw_device()); |
| 3650 | |
| 3651 | // Make a "bad" (doesn't support all digests) device; |
| 3652 | keymaster1_device_t* sha256_only_fake = make_device_sha256_only( |
| 3653 | (new SoftKeymasterDevice(new TestKeymasterContext("256")))->keymaster_device()); |
| 3654 | |
| 3655 | // Wrap it and check it. |
| 3656 | SoftKeymasterDevice* sha256_only_fake_wrapper( |
| 3657 | (new SoftKeymasterDevice(new TestKeymasterContext))); |
| 3658 | sha256_only_fake_wrapper->SetHardwareDevice(sha256_only_fake); |
| 3659 | EXPECT_FALSE(sha256_only_fake_wrapper->Keymaster1DeviceIsGood()); |
| 3660 | |
| 3661 | // Close and clean up wrapper and wrapped |
| 3662 | sha256_only_fake_wrapper->keymaster_device()->common.close( |
| 3663 | sha256_only_fake_wrapper->hw_device()); |
| 3664 | } |
| 3665 | |
Shawn Willden | 128ffe0 | 2014-08-06 12:31:33 -0600 | [diff] [blame] | 3666 | } // namespace test |
| 3667 | } // namespace keymaster |