11e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Copyright (C) 2017 The Android Open Source Project 31e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 41e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 51e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * you may not use this file except in compliance with the License. 61e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * You may obtain a copy of the License at 71e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 81e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * http://www.apache.org/licenses/LICENSE-2.0 91e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Unless required by applicable law or agreed to in writing, software 111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * See the License for the specific language governing permissions and 141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * limitations under the License. 151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#define LOG_TAG "keymaster_hidl_hal_test" 181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <cutils/log.h> 191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <iostream> 211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <openssl/evp.h> 23fd547ab6ce39423fc99524f391d709f428673d1fHung-ying Tyan#include <openssl/mem.h> 241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <openssl/x509.h> 251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <cutils/properties.h> 271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymasterV4_0/attestation_record.h> 291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymasterV4_0/key_param_output.h> 301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymasterV4_0/openssl_utils.h> 311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32252233df69c298655f7c562f66dac31fab743e38Shawn Willden#include "KeymasterHidlTest.h" 331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstatic bool arm_deleteAllKeys = false; 351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstatic bool dump_Attestations = false; 361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace android { 381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace hardware { 391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <typename T> 411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool operator==(const hidl_vec<T>& a, const hidl_vec<T>& b) { 421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (a.size() != b.size()) { 431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return false; 441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < a.size(); ++i) { 461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (a[i] != b[i]) { 471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return false; 481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return true; 511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace keymaster { 541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace V4_0 { 551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool operator==(const AuthorizationSet& a, const AuthorizationSet& b) { 571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin()); 581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool operator==(const KeyCharacteristics& a, const KeyCharacteristics& b) { 611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // This isn't very efficient. Oh, well. 621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet a_sw(a.softwareEnforced); 631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet b_sw(b.softwareEnforced); 641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet a_tee(b.hardwareEnforced); 651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet b_tee(b.hardwareEnforced); 661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden a_sw.Sort(); 681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b_sw.Sort(); 691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden a_tee.Sort(); 701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b_tee.Sort(); 711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a_sw == b_sw && a_tee == b_tee; 731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace test { 761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace { 771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <TagType tag_type, Tag tag, typename ValueT> 791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool contains(hidl_vec<KeyParameter>& set, TypedTag<tag_type, tag> ttag, ValueT expected_value) { 801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t count = std::count_if(set.begin(), set.end(), [&](const KeyParameter& param) { 811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return param.tag == tag && accessTagValue(ttag, param) == expected_value; 821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }); 831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return count == 1; 841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <TagType tag_type, Tag tag> 871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool contains(hidl_vec<KeyParameter>& set, TypedTag<tag_type, tag>) { 881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t count = std::count_if(set.begin(), set.end(), 891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](const KeyParameter& param) { return param.tag == tag; }); 901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return count > 0; 911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenconstexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9' 971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F' 981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f' 1001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 1091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring hex2str(string a) { 1111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string b; 1121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t num = a.size() / 2; 1131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b.resize(num); 1141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < num; i++) { 1151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); 1161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 1171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return b; 1181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenchar nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', 1211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; 1221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring bin2hex(const hidl_vec<uint8_t>& data) { 1241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string retval; 1251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden retval.reserve(data.size() * 2 + 1); 1261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (uint8_t byte : data) { 1271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden retval.push_back(nibble2hex[0x0F & (byte >> 4)]); 1281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden retval.push_back(nibble2hex[0x0F & byte]); 1291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 1301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return retval; 1311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring rsa_key = hex2str( 1341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30820275020100300d06092a864886f70d01010105000482025f3082025b" 1351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "02010002818100c6095409047d8634812d5a218176e45c41d60a75b13901" 1361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "f234226cffe776521c5a77b9e389417b71c0b6a44d13afe4e4a2805d46c9" 1371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "da2935adb1ff0c1f24ea06e62b20d776430a4d435157233c6f916783c30e" 1381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "310fcbd89b85c2d56771169785ac12bca244abda72bfb19fc44d27c81e1d" 1391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "92de284f4061edfd99280745ea6d2502030100010281801be0f04d9cae37" 1401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "18691f035338308e91564b55899ffb5084d2460e6630257e05b3ceab0297" 1411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "2dfabcd6ce5f6ee2589eb67911ed0fac16e43a444b8c861e544a05933657" 1421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "72f8baf6b22fc9e3c5f1024b063ac080a7b2234cf8aee8f6c47bbf4fd3ac" 1431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "e7240290bef16c0b3f7f3cdd64ce3ab5912cf6e32f39ab188358afcccd80" 1441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "81024100e4b49ef50f765d3b24dde01aceaaf130f2c76670a91a61ae08af" 1451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "497b4a82be6dee8fcdd5e3f7ba1cfb1f0c926b88f88c92bfab137fba2285" 1461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "227b83c342ff7c55024100ddabb5839c4c7f6bf3d4183231f005b31aa58a" 1471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "ffdda5c79e4cce217f6bc930dbe563d480706c24e9ebfcab28a6cdefd324" 1481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "b77e1bf7251b709092c24ff501fd91024023d4340eda3445d8cd26c14411" 1491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "da6fdca63c1ccd4b80a98ad52b78cc8ad8beb2842c1d280405bc2f6c1bea" 1501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "214a1d742ab996b35b63a82a5e470fa88dbf823cdd02401b7b57449ad30d" 1511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1518249a5f56bb98294d4b6ac12ffc86940497a5a5837a6cf946262b4945" 1521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "26d328c11e1126380fde04c24f916dec250892db09a6d77cdba351024077" 1531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "62cd8f4d050da56bd591adb515d24d7ccd32cca0d05f866d583514bd7324" 1541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "d5f33645e8ed8b4a1cb3cc4a1d67987399f2a09f5b3fb68c88d5e5d90ac3" 1551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "3492d6"); 1561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring ec_256_key = hex2str( 1581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "308187020100301306072a8648ce3d020106082a8648ce3d030107046d30" 1591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6b0201010420737c2ecd7b8d1940bf2930aa9b4ed3ff941eed09366bc032" 1601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "99986481f3a4d859a14403420004bf85d7720d07c25461683bc648b4778a" 1611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "9a14dd8a024e3bdd8c7ddd9ab2b528bbc7aa1b51f14ebbbb0bd0ce21bcc4" 1621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1c6eb00083cf3376d11fd44949e0b2183bfe"); 1631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring ec_521_key = hex2str( 1651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "3081EE020100301006072A8648CE3D020106052B810400230481D63081D3" 1661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "02010104420011458C586DB5DAA92AFAB03F4FE46AA9D9C3CE9A9B7A006A" 1671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "8384BEC4C78E8E9D18D7D08B5BCFA0E53C75B064AD51C449BAE0258D54B9" 1681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "4B1E885DED08ED4FB25CE9A1818903818600040149EC11C6DF0FA122C6A9" 1691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "AFD9754A4FA9513A627CA329E349535A5629875A8ADFBE27DCB932C05198" 1701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6377108D054C28C6F39B6F2C9AF81802F9F326B842FF2E5F3C00AB7635CF" 1711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "B36157FC0882D574A10D839C1A0C049DC5E0D775E2EE50671A208431BB45" 1721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "E78E70BEFE930DB34818EE4D5C26259F5C6B8E28A652950F9F88D7B4B2C9" 1731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "D9"); 1741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstruct RSA_Delete { 1761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void operator()(RSA* p) { RSA_free(p); } 1771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 1781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenX509* parse_cert_blob(const hidl_vec<uint8_t>& blob) { 1801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = blob.data(); 1811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return d2i_X509(nullptr, &p, blob.size()); 1821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) { 1851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < chain.size() - 1; ++i) { 1861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_Ptr key_cert(parse_cert_blob(chain[i])); 1871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_Ptr signing_cert; 1881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (i < chain.size() - 1) { 1891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signing_cert.reset(parse_cert_blob(chain[i + 1])); 1901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 1911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signing_cert.reset(parse_cert_blob(chain[i])); 1921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 1931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!key_cert.get() && !!signing_cert.get()); 1941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!key_cert.get() || !signing_cert.get()) return false; 1951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr signing_pubkey(X509_get_pubkey(signing_cert.get())); 1971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!signing_pubkey.get()); 1981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!signing_pubkey.get()) return false; 1991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, X509_verify(key_cert.get(), signing_pubkey.get())) 2011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Verification of certificate " << i << " failed"; 2021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char* cert_issuer = // 2041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_NAME_oneline(X509_get_issuer_name(key_cert.get()), nullptr, 0); 2051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char* signer_subj = 2061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_NAME_oneline(X509_get_subject_name(signing_cert.get()), nullptr, 0); 2071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_STREQ(cert_issuer, signer_subj) << "Cert " << i << " has wrong issuer."; 2081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (i == 0) { 2091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char* cert_sub = X509_NAME_oneline(X509_get_subject_name(key_cert.get()), nullptr, 0); 2101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_STREQ("/CN=Android Keystore Key", cert_sub) 2111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Cert " << i << " has wrong subject."; 212fd547ab6ce39423fc99524f391d709f428673d1fHung-ying Tyan OPENSSL_free(cert_sub); 2131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 2141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 215fd547ab6ce39423fc99524f391d709f428673d1fHung-ying Tyan OPENSSL_free(cert_issuer); 216fd547ab6ce39423fc99524f391d709f428673d1fHung-ying Tyan OPENSSL_free(signer_subj); 2171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (dump_Attestations) std::cout << bin2hex(chain[i]) << std::endl; 2191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 2201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return true; 2221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// Extract attestation record from cert. Returned object is still part of cert; don't free it 2251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// separately. 2261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenASN1_OCTET_STRING* get_attestation_record(X509* certificate) { 2271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASN1_OBJECT_Ptr oid(OBJ_txt2obj(kAttestionRecordOid, 1 /* dotted string format */)); 2281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!oid.get()); 2291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!oid.get()) return nullptr; 2301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden int location = X509_get_ext_by_OBJ(certificate, oid.get(), -1 /* search from beginning */); 2321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(-1, location) << "Attestation extension not found in certificate"; 2331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (location == -1) return nullptr; 2341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_EXTENSION* attest_rec_ext = X509_get_ext(certificate, location); 2361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!attest_rec_ext) 2371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Found attestation extension but couldn't retrieve it? Probably a BoringSSL bug."; 2381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!attest_rec_ext) return nullptr; 2391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASN1_OCTET_STRING* attest_rec = X509_EXTENSION_get_data(attest_rec_ext); 2411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!attest_rec) << "Attestation extension contained no data"; 2421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return attest_rec; 2431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool tag_in_list(const KeyParameter& entry) { 2461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Attestations don't contain everything in key authorization lists, so we need to filter 2471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // the key lists to produce the lists that we expect to match the attestations. 2481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto tag_list = { 2491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, 2501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Tag::EC_CURVE /* Tag::EC_CURVE will be included by KM2 implementations */, 2511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 2521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return std::find(tag_list.begin(), tag_list.end(), entry.tag) != tag_list.end(); 2531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenAuthorizationSet filter_tags(const AuthorizationSet& set) { 2561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet filtered; 2571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden std::remove_copy_if(set.begin(), set.end(), std::back_inserter(filtered), tag_in_list); 2581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return filtered; 2591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstd::string make_string(const uint8_t* data, size_t length) { 2621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return std::string(reinterpret_cast<const char*>(data), length); 2631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <size_t N> 2661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstd::string make_string(const uint8_t (&a)[N]) { 2671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return make_string(a, N); 2681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace 2711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool verify_attestation_record(const string& challenge, const string& app_id, 2731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet expected_sw_enforced, 2741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet expected_tee_enforced, 2751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const hidl_vec<uint8_t>& attestation_cert) { 2761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_Ptr cert(parse_cert_blob(attestation_cert)); 2771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!cert.get()); 2781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!cert.get()) return false; 2791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get()); 2811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!attest_rec); 2821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!attest_rec) return false; 2831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet att_sw_enforced; 2851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet att_tee_enforced; 2861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint32_t att_attestation_version; 2871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint32_t att_keymaster_version; 2881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SecurityLevel att_attestation_security_level; 2891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SecurityLevel att_keymaster_security_level; 2901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf att_challenge; 2911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf att_unique_id; 2921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf att_app_id; 2931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 2941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden parse_attestation_record(attest_rec->data, // 2951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden attest_rec->length, // 2961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_attestation_version, // 2971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_attestation_security_level, // 2981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_keymaster_version, // 2991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_keymaster_security_level, // 3001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_challenge, // 3011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_sw_enforced, // 3021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_tee_enforced, // 3031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_unique_id)); 3041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(att_attestation_version == 1 || att_attestation_version == 2); 3061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, HidlBuf(app_id)); 3081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GE(att_keymaster_version, 3U); 3101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT 3111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden : SecurityLevel::SOFTWARE, 3121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_keymaster_security_level); 3131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT 3141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden : SecurityLevel::SOFTWARE, 3151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_attestation_security_level); 3161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(challenge.length(), att_challenge.size()); 3181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); 3191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_sw_enforced.Sort(); 3211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden expected_sw_enforced.Sort(); 3221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(filter_tags(expected_sw_enforced), filter_tags(att_sw_enforced)); 3231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_tee_enforced.Sort(); 3251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden expected_tee_enforced.Sort(); 3261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(filter_tags(expected_tee_enforced), filter_tags(att_tee_enforced)); 3271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return true; 3291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 3301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenclass NewKeyGenerationTest : public KeymasterHidlTest { 3321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden protected: 3331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckBaseParams(const KeyCharacteristics& keyCharacteristics) { 3341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // TODO(swillden): Distinguish which params should be in which auth list. 3351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet auths(keyCharacteristics.hardwareEnforced); 3371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auths.push_back(AuthorizationSet(keyCharacteristics.softwareEnforced)); 3381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::GENERATED)); 3401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN)); 3411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::VERIFY)); 3421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verify that App ID, App data and ROT are NOT included. 3441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_ROOT_OF_TRUST)); 3451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_APPLICATION_ID)); 3461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_APPLICATION_DATA)); 3471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Check that some unexpected tags/values are NOT present. 3491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::ENCRYPT)); 3501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::DECRYPT)); 3511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_AUTH_TIMEOUT, 301U)); 3521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now check that unspecified, defaulted tags are correct. 3541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_CREATION_DATETIME)); 3551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version())) 3571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "OS version is " << os_version() << " key reported " 3581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << auths.GetTagValue(TAG_OS_VERSION); 3591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level())) 3601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "OS patch level is " << os_patch_level() << " key reported " 3611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << auths.GetTagValue(TAG_OS_PATCHLEVEL); 3621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckCharacteristics(const HidlBuf& key_blob, 3651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const KeyCharacteristics& key_characteristics) { 3661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics retrieved_chars; 3671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GetCharacteristics(key_blob, &retrieved_chars)); 3681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(key_characteristics, retrieved_chars); 3691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 3711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 3731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.Rsa 3741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 3751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster can generate all required RSA key sizes, and that the resulting keys have 3761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct characteristics. 3771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 3781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, Rsa) { 3798a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto key_size : ValidKeySizes(Algorithm::RSA)) { 3801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf key_blob; 3811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics key_characteristics; 3821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(key_size, 3) 3841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 3851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE), 3861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &key_blob, &key_characteristics)); 3871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_GT(key_blob.size(), 0U); 3891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckBaseParams(key_characteristics); 3901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob, key_characteristics); 3911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet crypto_params; 3931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 3941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.hardwareEnforced; 3951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 3961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.softwareEnforced; 3971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::RSA)); 4001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) 4011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 4021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 3U)); 4031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&key_blob); 4051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 4071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 4098a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu * NewKeyGenerationTest.NoInvalidRsaSizes 4108a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu * 4118a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu * Verifies that keymaster cannot generate any RSA key sizes that are designated as invalid. 4128a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu */ 4138a678bca72cd4ce498da57c33bb651862de7ecebnagendra modaduguTEST_F(NewKeyGenerationTest, NoInvalidRsaSizes) { 4148a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto key_size : InvalidKeySizes(Algorithm::RSA)) { 4158a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu HidlBuf key_blob; 4168a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu KeyCharacteristics key_characteristics; 4178a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, GenerateKey(AuthorizationSetBuilder() 4188a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .RsaSigningKey(key_size, 3) 4198a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .Digest(Digest::NONE) 4208a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .Padding(PaddingMode::NONE), 4218a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu &key_blob, &key_characteristics)); 4228a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu } 4238a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu} 4248a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 4258a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu/* 4261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.RsaNoDefaultSize 4271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 4281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that failing to specify a key size for RSA key generation returns UNSUPPORTED_KEY_SIZE. 4291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 4301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, RsaNoDefaultSize) { 4311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 4321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 4331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::RSA) 4341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3U) 4351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey())); 4361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 4371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 4391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.Ecdsa 4401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 4411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster can generate all required EC key sizes, and that the resulting keys have 4421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct characteristics. 4431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 4441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, Ecdsa) { 4458a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto key_size : ValidKeySizes(Algorithm::EC)) { 4461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf key_blob; 4471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics key_characteristics; 4481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 4491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 4501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE), 4511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &key_blob, &key_characteristics)); 4521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_GT(key_blob.size(), 0U); 4531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckBaseParams(key_characteristics); 4541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob, key_characteristics); 4551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet crypto_params; 4571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 4581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.hardwareEnforced; 4591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 4601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.softwareEnforced; 4611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::EC)); 4641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) 4651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 4661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&key_blob); 4681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 4701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 4721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaDefaultSize 4731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 4741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that failing to specify a key size for EC key generation returns UNSUPPORTED_KEY_SIZE. 4751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 4761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaDefaultSize) { 4771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 4781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 4791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::EC) 4801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey() 4811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 4821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 4831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 4851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaInvalidSize 4861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 4878a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu * Verifies that specifying an invalid key size for EC key generation returns UNSUPPORTED_KEY_SIZE. 4881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 4891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaInvalidSize) { 4908a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto key_size : InvalidKeySizes(Algorithm::EC)) { 4918a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu HidlBuf key_blob; 4928a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu KeyCharacteristics key_characteristics; 4938a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu ASSERT_EQ( 4948a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu ErrorCode::UNSUPPORTED_KEY_SIZE, 4958a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE), 4968a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu &key_blob, &key_characteristics)); 4978a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu } 4988a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 4991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 5001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(Digest::NONE))); 5011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 5021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 5041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaMismatchKeySize 5051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 5061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that specifying mismatched key size and curve for EC key generation returns 5071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * INVALID_ARGUMENT. 5081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 5091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaMismatchKeySize) { 5108a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu if (SecLevel() == SecurityLevel::STRONGBOX) return; 5118a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 5121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INVALID_ARGUMENT, 5131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 5141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(224) 5151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_EC_CURVE, EcCurve::P_256) 5161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 5171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 5181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 5201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaAllValidSizes 5211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 5221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all required EC key sizes. 5231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 5241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaAllValidSizes) { 5258a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu auto valid_sizes = ValidKeySizes(Algorithm::EC); 5261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t size : valid_sizes) { 5271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 5281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(Digest::NONE))) 5291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate size: " << size; 5301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 5311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 5321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 5341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 5368a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu * NewKeyGenerationTest.EcdsaInvalidCurves 5371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 5388a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu * Verifies that keymaster does not support any curve designated as unsupported. 5391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 5401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaAllValidCurves) { 5418a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto curve : ValidCurves()) { 5421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 5431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 5441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(curve).Digest(Digest::SHA_2_512))) 5451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate key on curve: " << curve; 5461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 5471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 5481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 5501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 5521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.Hmac 5531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 5541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all required digests, and that the resulting keys have correct 5551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * characteristics. 5561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 5571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, Hmac) { 5588a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto digest : ValidDigests(false /* withNone */, true /* withMD5 */)) { 5591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf key_blob; 5601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics key_characteristics; 5611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden constexpr size_t key_size = 128; 5621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 5631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 5641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().HmacKey(key_size).Digest(digest).Authorization( 5651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden TAG_MIN_MAC_LENGTH, 128), 5661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &key_blob, &key_characteristics)); 5671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_GT(key_blob.size(), 0U); 5691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckBaseParams(key_characteristics); 5701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob, key_characteristics); 5711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced = key_characteristics.hardwareEnforced; 5731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet softwareEnforced = key_characteristics.softwareEnforced; 5741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 5751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(hardwareEnforced.Contains(TAG_ALGORITHM, Algorithm::HMAC)); 5761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(hardwareEnforced.Contains(TAG_KEY_SIZE, key_size)) 5771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 5781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 5791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(softwareEnforced.Contains(TAG_ALGORITHM, Algorithm::HMAC)); 5801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(softwareEnforced.Contains(TAG_KEY_SIZE, key_size)) 5811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 5821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&key_blob); 5851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 5871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 5891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacCheckKeySizes 5901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 5911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all key sizes, and rejects all invalid key sizes. 5921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 5931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacCheckKeySizes) { 5941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t key_size = 0; key_size <= 512; ++key_size) { 5951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (key_size < 64 || key_size % 8 != 0) { 5961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // To keep this test from being very slow, we only test a random fraction of non-byte 5971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // key sizes. We test only ~10% of such cases. Since there are 392 of them, we expect 5981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // to run ~40 of them in each run. 5991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (key_size % 8 == 0 || random() % 10 == 0) { 6001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 6011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 6021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(key_size) 6031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 6041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256))) 6051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "HMAC key size " << key_size << " invalid"; 6061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 6081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 6091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(key_size) 6101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 6111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256))) 6121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate HMAC key of size " << key_size; 6131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 6141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 6151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 6181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 6201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacCheckMinMacLengths 6211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 6221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all required MAC lengths and rejects all invalid lengths. This 6231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * test is probabilistic in order to keep the runtime down, but any failure prints out the specific 6241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * MAC length that failed, so reproducing a failed run will be easy. 6251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 6261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacCheckMinMacLengths) { 6271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t min_mac_length = 0; min_mac_length <= 256; ++min_mac_length) { 6281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (min_mac_length < 64 || min_mac_length % 8 != 0) { 6291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // To keep this test from being very long, we only test a random fraction of non-byte 6301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // lengths. We test only ~10% of such cases. Since there are 172 of them, we expect to 6311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // run ~17 of them in each run. 6321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (min_mac_length % 8 == 0 || random() % 10 == 0) { 6331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH, 6341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 6351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 6361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 6371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, min_mac_length))) 6381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "HMAC min mac length " << min_mac_length << " invalid."; 6391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 6411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 6421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 6431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 6441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 6451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, min_mac_length))) 6461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate HMAC key with min MAC length " << min_mac_length; 6471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 6481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 6491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 6521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 6541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacMultipleDigests 6551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 6561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects HMAC key generation with multiple specified digest algorithms. 6571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 6581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacMultipleDigests) { 6598a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu if (SecLevel() == SecurityLevel::STRONGBOX) return; 6608a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 6611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, 6621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 6631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 6641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1) 6651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 6661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 6671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 6681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 6701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacDigestNone 6711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 6721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects HMAC key generation with no digest or Digest::NONE 6731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 6741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacDigestNone) { 6751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 6761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::UNSUPPORTED_DIGEST, 6771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().HmacKey(128).Authorization(TAG_MIN_MAC_LENGTH, 128))); 6781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, 6801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 6811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 6821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 6831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 6841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 6851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest SigningOperationsTest; 6871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 6891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaSuccess 6901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 6911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA signature operations succeed. 6921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 6931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaSuccess) { 6941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 6958a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .RsaSigningKey(2048, 65537) 6961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 6971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 6981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 6991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 7001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 7011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 7021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 7031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 7051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssSha256Success 7061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 7071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-PSS signature operations succeed. 7081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 7091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPssSha256Success) { 7101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 7118a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .RsaSigningKey(2048, 65537) 7121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 7131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS) 7141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 7151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Use large message, which won't work without digesting. 7161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 7171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 7181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS)); 7191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 7201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 7221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPaddingNoneDoesNotAllowOther 7231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 7241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects signature operations that specify a padding mode when the key 7251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * supports only unpadded operations. 7261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 7271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) { 7281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 7298a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .RsaSigningKey(2048, 65537) 7301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 7311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 7321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 7331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 7341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature; 7351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, 7371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 7381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 7391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 7401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 7411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 743129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden * SigningOperationsTest.NoUserConfirmation 744129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden * 745129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden * Verifies that keymaster rejects signing operations for keys with 746129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden * TRUSTED_CONFIRMATION_REQUIRED and no valid confirmation token 747129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden * presented. 748129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden */ 749129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn WilldenTEST_F(SigningOperationsTest, NoUserConfirmation) { 750129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 751a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 752129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden .Digest(Digest::NONE) 753129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden .Padding(PaddingMode::NONE) 754129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 755129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden .Authorization(TAG_TRUSTED_CONFIRMATION_REQUIRED))); 756129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden 757129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden const string message = "12345678901234567890123456789012"; 758129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden EXPECT_EQ(ErrorCode::OK, 759129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden Begin(KeyPurpose::SIGN, 760129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))); 761129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden string signature; 762129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden EXPECT_EQ(ErrorCode::NO_USER_CONFIRMATION, Finish(message, &signature)); 763129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden} 764129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden 765129629bde4c1833cc2ee0fe1f5060c045b82bbd2Shawn Willden/* 7661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPkcs1Sha256Success 7671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 7681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that digested RSA-PKCS1 signature operations succeed. 7691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 7701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) { 7711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 772a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 7731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 7741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 7751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 7761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 7771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, AuthorizationSetBuilder() 7781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 7791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); 7801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 7811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 7831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPkcs1NoDigestSuccess 7841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 7851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that undigested RSA-PKCS1 signature operations succeed. 7861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 7871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPkcs1NoDigestSuccess) { 7881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 789a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 7901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 7911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 7921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 7931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(53, 'a'); 7941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 7951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, 7961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); 7971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 7981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 8001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPkcs1NoDigestTooLarge 8011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 8021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that undigested RSA-PKCS1 signature operations fail with the correct error code when 8031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * given a too-long message. 8041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 8051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPkcs1NoDigestTooLong) { 8061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 807a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 8081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 8091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 8101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 8111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(129, 'a'); 8121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 8141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 8151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 8161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 8171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature; 8181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &signature)); 8191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 8201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 8221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssSha512TooSmallKey 8231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 8241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that undigested RSA-PSS signature operations fail with the correct error code when 8251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * used with a key that is too small for the message. 8261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 8271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * A PSS-padded message is of length salt_size + digest_size + 16 (sizes in bits), and the keymaster 8281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * specification requires that salt_size == digest_size, so the message will be digest_size * 2 + 8291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16. Such a message can only be signed by a given key if the key is at least that size. This test 8301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * uses SHA512, which has a digest_size == 512, so the message size is 1040 bits, too large for a 8311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 1024-bit key. 8321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 8331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPssSha512TooSmallKey) { 8341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 835a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 8361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_512) 8371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 8381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS))); 8391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 8401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::INCOMPATIBLE_DIGEST, 8411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 8421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_512).Padding(PaddingMode::RSA_PSS))); 8431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 8441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 8461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaNoPaddingTooLong 8471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 8481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA signature operations fail with the correct error code when 8491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * given a too-long message. 8501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 8511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaNoPaddingTooLong) { 8521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 853a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 8541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 8551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 8561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 8571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // One byte too long 8581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 + 1, 'a'); 8591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 8601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 8611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 8621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 8631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 8641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode finish_error_code = Finish(message, &result); 8651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_error_code == ErrorCode::INVALID_INPUT_LENGTH || 8661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_error_code == ErrorCode::INVALID_ARGUMENT); 8671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Very large message that should exceed the transfer buffer size of any reasonable TEE. 8691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = string(128 * 1024, 'a'); 8701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 8711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 8721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 8731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 8741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_error_code = Finish(message, &result); 8751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_error_code == ErrorCode::INVALID_INPUT_LENGTH || 8761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_error_code == ErrorCode::INVALID_ARGUMENT); 8771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 8781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 8801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaAbort 8811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 8821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that operations can be aborted correctly. Uses an RSA signing operation for the test, 8831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * but the behavior should be algorithm and purpose-independent. 8841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 8851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaAbort) { 8861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 887a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 8881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 8891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 8901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 8911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 8931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 8941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))); 8951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Abort(op_handle_)); 8961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Another abort should fail 8981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_OPERATION_HANDLE, Abort(op_handle_)); 8991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Set to sentinel, so TearDown() doesn't try to abort again. 9011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; 9021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 9031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 9051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaUnsupportedPadding 9061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 9071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA operations fail with the correct error (but key gen succeeds) when used with a 9081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * padding mode inappropriate for RSA. 9091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 9101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaUnsupportedPadding) { 9111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 912a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 9131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 9141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256 /* supported digest */) 9151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 9161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 9171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::UNSUPPORTED_PADDING_MODE, 9181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 9191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::PKCS7))); 9201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 9211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 9231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssNoDigest 9241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 9251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA PSS operations fail when no digest is used. PSS requires a digest. 9261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 9271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaNoDigest) { 9281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 929a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 9301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 9311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 9321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS))); 9331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, 9341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 9351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::RSA_PSS))); 9361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, 9381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Padding(PaddingMode::RSA_PSS))); 9391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 9401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 9421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssNoDigest 9431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 9441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA operations fail when no padding mode is specified. PaddingMode::NONE is 9451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * supported in some cases (as validated in other tests), but a mode must be specified. 9461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 9471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaNoPadding) { 9481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Padding must be specified 9491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 950a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaKey(1024, 65537) 9511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 9521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey() 9531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 9541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PADDING_MODE, 9551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE))); 9561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 9571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 9591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaShortMessage 9601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 9611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA signatures succeed with a message shorter than the key size. 9621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 9631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaTooShortMessage) { 9641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 9651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 966a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 9671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 9681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 9691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Barely shorter 9711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 - 1, 'a'); 9721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 9731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Much shorter 9751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = "a"; 9761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 9771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 9781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 9801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaSignWithEncryptionKey 9811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 9821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA encryption keys cannot be used to sign. 9831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 9841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaSignWithEncryptionKey) { 9851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 9861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 987a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 9881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 9891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 9901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, 9911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 9921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))); 9931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 9941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 9961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaSignTooLargeMessage 9971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 9981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting a raw signature of a message which is the same length as the key, but 9991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * numerically larger than the public modulus, fails with the correct error. 10001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaSignTooLargeMessage) { 10021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 10031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 1004a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 10051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 10061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 10071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Largest possible message will always be larger than the public modulus. 10091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8, static_cast<char>(0xff)); 10101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 10111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 10121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 10131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 10141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature; 10151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &signature)); 10161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.EcdsaAllSizesAndHashes 10201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that ECDSA operations succeed with all possible key sizes and hashes. 10221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, EcdsaAllSizesAndHashes) { 10248a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto key_size : ValidKeySizes(Algorithm::EC)) { 10258a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto digest : ValidDigests(false /* withNone */, false /* withMD5 */)) { 10261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = GenerateKey(AuthorizationSetBuilder() 10271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 10281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(key_size) 10291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digest)); 10301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with size " << key_size 10311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << " and digest " << digest; 10321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) continue; 10331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 10351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (digest == Digest::NONE) message.resize(key_size / 8); 10361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(digest)); 10371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 10381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 10391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 10401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.EcdsaAllCurves 10441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that ECDSA operations succeed with all possible curves. 10461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, EcdsaAllCurves) { 10488a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto curve : ValidCurves()) { 10491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = GenerateKey(AuthorizationSetBuilder() 10501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 10511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(curve) 10521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256)); 10531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with curve " << curve; 10541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) continue; 10551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 10571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); 10581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 10591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 10601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.EcdsaNoDigestHugeData 10641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that ECDSA operations support very large messages, even without digesting. This should 10661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * work because ECDSA actually only signs the leftmost L_n bits of the message, however large it may 10671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * be. Not using digesting is a bad idea, but in some cases digesting is done by the framework. 10681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, EcdsaNoDigestHugeData) { 10701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 10711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 1072a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .EcdsaSigningKey(256) 10731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 1074a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu string message(1 * 1024, 'a'); 10751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE)); 10761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.AesEcbSign 10801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempts to use AES keys to sign fail in the correct way. 10821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, AesEcbSign) { 10841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 10851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 10861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey() 10871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 10881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB))); 10891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 10911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, 10921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSet() /* in_params */, &out_params)); 10931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, 10941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, AuthorizationSet() /* in_params */, &out_params)); 10951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacAllDigests 10991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that HMAC works with all digests. 11011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacAllDigests) { 11038a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto digest : ValidDigests(false /* withNone */, false /* withMD5 */)) { 11041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 11051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 11061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 11071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digest) 11081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 160))) 11091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to create HMAC key with digest " << digest; 11101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 11111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = MacMessage(message, digest, 160); 11121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(160U / 8U, signature.size()) 11131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to sign with HMAC key with digest " << digest; 11141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 11151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 11161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacSha256TooLargeMacLength 11201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that HMAC fails in the correct way when asked to generate a MAC larger than the digest 11221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * size. 11231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacSha256TooLargeMacLength) { 11251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 11261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 11271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 11281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 11291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256))); 11301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet output_params; 11311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 11321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::UNSUPPORTED_MAC_LENGTH, 11331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin( 11341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyPurpose::SIGN, key_blob_, 11351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Authorization(TAG_MAC_LENGTH, 264), 11361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &output_params, &op_handle_)); 11371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacSha256TooSmallMacLength 11411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that HMAC fails in the correct way when asked to generate a MAC smaller than the 11431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * specified minimum MAC length. 11441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacSha256TooSmallMacLength) { 11461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 11471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 11481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 11491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 11501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 11511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet output_params; 11521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 11531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::INVALID_MAC_LENGTH, 11541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin( 11551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyPurpose::SIGN, key_blob_, 11561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Authorization(TAG_MAC_LENGTH, 120), 11571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &output_params, &op_handle_)); 11581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase3 11621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 3. 11641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase3) { 11661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(20, 0xaa); 11671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(50, 0xdd); 11681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 11691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a, 11701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea, 11711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 11721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 11731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 11741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 11751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe, 11761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 11771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 11781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0, 11791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, 11801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d, 11811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27, 11821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 11831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 11841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c, 11851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8, 11861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22, 11871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37, 11881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb, 11891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 11901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 11921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 11931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 11941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 11951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase5 11991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 12001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 5. 12011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 12021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase5) { 12031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(20, 0x0c); 12041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Test With Truncation"; 12051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 12071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37, 12081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8, 12091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 12111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0, 12121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b, 12131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 12151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23, 12161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97, 12171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 12191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53, 12201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6, 12211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 12241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 12251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 12261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 12271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 12281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 12301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase6 12311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 12321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 6. 12331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 12341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase6) { 12351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(131, 0xaa); 12361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Test Using Larger Than Block-Size Key - Hash Key First"; 12371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 12391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d, 12401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e, 12411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 12431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 12441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 12451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54, 12461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 12481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a, 12491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, 12501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab, 12511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52, 12521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 12541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd, 12551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b, 12561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, 12571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73, 12581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98, 12591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 12621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 12631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 12641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 12651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 12661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 12681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase7 12691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 12701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 7. 12711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 12721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase7) { 12731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(131, 0xaa); 12741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = 12751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "This is a test using a larger than block-size key and a larger than " 12761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "block-size data. The key needs to be hashed before being used by the HMAC " 12771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "algorithm."; 12781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 12801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3, 12811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1, 12821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 12841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 12851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 12861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2, 12871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 12891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25, 12901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, 12911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31, 12921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e, 12931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 12941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 12951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, 12961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5, 12971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, 12981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb, 12991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58, 13001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 13011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 13031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 13041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 13051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 13061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 13071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest VerificationOperationsTest; 13091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 13111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.RsaSuccess 13121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that a simple RSA signature/verification sequence succeeds. 13141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 13151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, RsaSuccess) { 13161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 13171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 1318a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 13191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 13201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 13211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 13221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 13231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 13241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, 13251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 13261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 13271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 13291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.RsaSuccess 13301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies RSA signature/verification for all padding modes and digests. 13321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 13331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, RsaAllPaddingsAndDigests) { 13348a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu auto authorizations = AuthorizationSetBuilder() 13351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 1336a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(2048, 65537) 13378a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .Digest(ValidDigests(true /* withNone */, true /* withMD5 */)) 13381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 13391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS) 13408a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN); 13418a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 13428a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu ASSERT_EQ(ErrorCode::OK, GenerateKey(authorizations)); 13431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(128, 'a'); 13451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_message(message); 13461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupt_message[corrupt_message.size() / 2]; 13471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto padding : 13491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden {PaddingMode::NONE, PaddingMode::RSA_PSS, PaddingMode::RSA_PKCS1_1_5_SIGN}) { 13508a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto digest : ValidDigests(true /* withNone */, true /* withMD5 */)) { 13511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (padding == PaddingMode::NONE && digest != Digest::NONE) { 13521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Digesting only makes sense with padding. 13531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden continue; 13541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 13551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (padding == PaddingMode::RSA_PSS && digest == Digest::NONE) { 13571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // PSS requires digesting. 13581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden continue; 13591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 13601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = 13621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(digest).Padding(padding)); 13631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, 13641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(digest).Padding(padding)); 13651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (digest != Digest::NONE) { 13671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verify with OpenSSL. 13681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf pubkey; 13691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &pubkey)); 13701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = pubkey.data(); 13721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size())); 13731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(pkey.get()); 13741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX digest_ctx; 13761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_init(&digest_ctx); 13771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_CTX* pkey_ctx; 13781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const EVP_MD* md = openssl_digest(digest); 13791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_NE(md, nullptr); 13801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, md, nullptr /* engine */, 13811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden pkey.get())); 13821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (padding) { 13841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case PaddingMode::RSA_PSS: 13851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GT(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING), 0); 13861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GT(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, EVP_MD_size(md)), 0); 13871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 13881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case PaddingMode::RSA_PKCS1_1_5_SIGN: 13891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // PKCS1 is the default; don't need to set anything. 13901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 13911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden default: 13921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden FAIL(); 13931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 13941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 13951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size())); 13971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyFinal( 13981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()), 13991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signature.size())); 14001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_cleanup(&digest_ctx); 14011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 14021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt signature shouldn't verify. 14041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_signature(signature); 14051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupt_signature[corrupt_signature.size() / 2]; 14061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 14081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, 14091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(digest).Padding(padding))); 14101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 14111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(message, corrupt_signature, &result)); 14121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt message shouldn't verify 14141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 14151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, 14161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(digest).Padding(padding))); 14171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(corrupt_message, signature, &result)); 14181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 14191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 14201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 14211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 14231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.RsaSuccess 14241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 14251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies ECDSA signature/verification for all digests and curves. 14261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 14271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, EcdsaAllDigestsAndCurves) { 14288a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu auto digests = ValidDigests(true /* withNone */, false /* withMD5 */); 14291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1234567890"; 14311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_message = "2234567890"; 14328a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu for (auto curve : ValidCurves()) { 14331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = GenerateKey(AuthorizationSetBuilder() 14341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 14351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(curve) 14361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digests)); 14371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate key for EC curve " << curve; 14381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 14391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden continue; 14401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 14411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : digests) { 14431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, AuthorizationSetBuilder().Digest(digest)); 14441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(digest)); 14451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verify with OpenSSL 14471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (digest != Digest::NONE) { 14481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf pubkey; 14491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &pubkey)) 14501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = pubkey.data(); 14531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size())); 14541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(pkey.get()); 14551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX digest_ctx; 14571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_init(&digest_ctx); 14581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_CTX* pkey_ctx; 14591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const EVP_MD* md = openssl_digest(digest); 14601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, md, nullptr /* engine */, 14621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden pkey.get())) 14631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size())) 14661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyFinal( 14691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()), 14701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signature.size())) 14711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_cleanup(&digest_ctx); 14741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 14751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt signature shouldn't verify. 14771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_signature(signature); 14781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupt_signature[corrupt_signature.size() / 2]; 14791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 14811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, AuthorizationSetBuilder().Digest(digest))) 14821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 14851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(message, corrupt_signature, &result)) 14861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt message shouldn't verify 14891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 14901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, AuthorizationSetBuilder().Digest(digest))) 14911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(corrupt_message, signature, &result)) 14941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 14951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 14961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto rc = DeleteKey(); 14981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED); 14991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 15001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.HmacSigningKeyCannotVerify 15041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies HMAC signing and verification, but that a signing key cannot be used to verify. 15061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, HmacSigningKeyCannotVerify) { 15081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key_material = "HelloThisIsAKey"; 15091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf signing_key, verification_key; 15111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics signing_key_chars, verification_key_chars; 15121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 15131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 15141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::HMAC) 15161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_PURPOSE, KeyPurpose::SIGN) 15171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1) 15181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 160), 15191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key_material, &signing_key, &signing_key_chars)); 15201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 15211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 15221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::HMAC) 15241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_PURPOSE, KeyPurpose::VERIFY) 15251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1) 15261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 160), 15271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key_material, &verification_key, &verification_key_chars)); 15281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "This is a message."; 15301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 15311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signing_key, message, 15321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1).Authorization(TAG_MAC_LENGTH, 160)); 15331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Signing key should not work. 15351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 15361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, 15371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, signing_key, AuthorizationSetBuilder().Digest(Digest::SHA1), 15381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &out_params, &op_handle_)); 15391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verification key should work. 15411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(verification_key, message, signature, 15421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1)); 15431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&signing_key); 15451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&verification_key); 15461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest ExportKeyTest; 15491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.RsaUnsupportedKeyFormat 15521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export RSA keys in PKCS#8 format fails with the correct error. 15541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) { 15561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 1557a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 15581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 15591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 15601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 15611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::PKCS8, &export_data)); 15621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.RsaCorruptedKeyBlob 15661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export RSA keys from corrupted key blobs fails. This is essentially 15681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * a poor-man's key blob fuzzer. 15691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, RsaCorruptedKeyBlob) { 15711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 15721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 1573a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 15741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 15751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 15761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < key_blob_.size(); ++i) { 15771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf corrupted(key_blob_); 15781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupted[i]; 15791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 15811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 15821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ExportKey(KeyFormat::X509, corrupted, HidlBuf(), HidlBuf(), &export_data)) 15831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Blob corrupted at offset " << i << " erroneously accepted as valid"; 15841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 15851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.RsaCorruptedKeyBlob 15891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export ECDSA keys from corrupted key blobs fails. This is 15911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * essentially a poor-man's key blob fuzzer. 15921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, EcCorruptedKeyBlob) { 15941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 15951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_256) 15971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 15981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < key_blob_.size(); ++i) { 15991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf corrupted(key_blob_); 16001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupted[i]; 16011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 16031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 16041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ExportKey(KeyFormat::X509, corrupted, HidlBuf(), HidlBuf(), &export_data)) 16051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Blob corrupted at offset " << i << " erroneously accepted as valid"; 16061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.AesKeyUnexportable 16111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export AES keys fails in the expected way. 16131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, AesKeyUnexportable) { 16151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 16161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 16171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 16181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 16191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 16201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 16221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::X509, &export_data)); 16231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::PKCS8, &export_data)); 16241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::RAW, &export_data)); 16251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenclass ImportKeyTest : public KeymasterHidlTest { 16281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden public: 16291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden template <TagType tag_type, Tag tag, typename ValueT> 16301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckCryptoParam(TypedTag<tag_type, tag> ttag, ValueT expected) { 16311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("CheckCryptoParam"); 16321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 16331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(contains(key_characteristics_.hardwareEnforced, ttag, expected)) 16341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " with value " << expected << " not found"; 16351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(contains(key_characteristics_.softwareEnforced, ttag)) 16361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " found"; 16371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 16381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(contains(key_characteristics_.softwareEnforced, ttag, expected)) 16391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " with value " << expected << " not found"; 16401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(contains(key_characteristics_.hardwareEnforced, ttag)) 16411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " found"; 16421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckOrigin() { 16461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("CheckOrigin"); 16471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 16481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 16491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden contains(key_characteristics_.hardwareEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); 16501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 16511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 16521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden contains(key_characteristics_.softwareEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); 16531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 16561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.RsaSuccess 16591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an RSA key pair works correctly. 16611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, RsaSuccess) { 16631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 16641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 16651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 65537) 16661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 16671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS), 16681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, rsa_key)); 16691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::RSA); 16711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 1024U); 16721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_RSA_PUBLIC_EXPONENT, 65537U); 16731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 16741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_PADDING, PaddingMode::RSA_PSS); 16751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 16761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8, 'a'); 16781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS); 16791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, params); 16801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, params); 16811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.RsaKeySizeMismatch 16851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an RSA key pair with a size that doesn't match the key fails in the 16871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct way. 16881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, RsaKeySizeMismatch) { 16901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 16911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 16921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(2048 /* Doesn't match key */, 65537) 16931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 16941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE), 16951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, rsa_key)); 16961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.RsaPublicExponentMismatch 17001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an RSA key pair with a public exponent that doesn't match the key fails 17021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * in the correct way. 17031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, RsaPublicExponentMismatch) { 17051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 17061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 17071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3 /* Doesn't match key */) 17081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 17091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE), 17101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, rsa_key)); 17111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.EcdsaSuccess 17151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an ECDSA P-256 key pair works correctly. 17171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, EcdsaSuccess) { 17191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 17201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 17211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(256) 17221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256), 17231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_256_key)); 17241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); 17261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 256U); 17271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 17281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_256); 17291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 17311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(32, 'a'); 17331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); 17341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, params); 17351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, params); 17361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.Ecdsa521Success 17401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an ECDSA P-521 key pair works correctly. 17421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, Ecdsa521Success) { 17448a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu if (SecLevel() == SecurityLevel::STRONGBOX) return; 17451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 17461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 17471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(521) 17481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256), 17491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_521_key)); 17501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); 17521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 521U); 17531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 17541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_521); 17551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 17561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(32, 'a'); 17581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); 17591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, params); 17601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, params); 17611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.EcdsaSizeMismatch 17651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an ECDSA key pair with a size that doesn't match the key fails in the 17671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct way. 17681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, EcdsaSizeMismatch) { 17701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 17711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 17721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(224 /* Doesn't match key */) 17731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE), 17741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_256_key)); 17751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.EcdsaCurveMismatch 17791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an ECDSA key pair with a curve that doesn't match the key fails in the 17811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct way. 17821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, EcdsaCurveMismatch) { 17841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 17851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 17861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_224 /* Doesn't match key */) 17871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE), 17881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_256_key)); 17891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.AesSuccess 17931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an AES key works. 17951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, AesSuccess) { 17971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 17981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 17991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 18001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(key.size() * 8) 18011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 18021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7), 18031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key)); 18041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::AES); 18061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 128U); 18071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_PADDING, PaddingMode::PKCS7); 18081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_BLOCK_MODE, BlockMode::ECB); 18091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 18101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 18121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 18131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 18141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 18151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 18161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 18171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 18191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.AesSuccess 18201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 18211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an HMAC key works. 18221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 18231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, HmacKeySuccess) { 18241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 18251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 18261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 18271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(key.size() * 8) 18281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 18291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256), 18301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key)); 18311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::HMAC); 18331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 128U); 18341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 18351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 18361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 18381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = MacMessage(message, Digest::SHA_2_256, 256); 18391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); 18401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 18411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1842ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salimauto wrapped_key = hex2str( 184344f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "3082017902010004820100A0E69B1395D382354FC0E7F74AC068C5818279D76D46745C7274997D045BAA8B9763B3F3" 184444f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "09E5E59ECA99273AAAE0A37449DA9B1E67B66EC4E42BB62C25346683A43A9F2ACBCA6D350B25551CC53CE0721D29BE" 184544f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "90F60686877478F82B3BB111C5EAC0BAE9310D7AD11F5A82948B31C322820F24E20DDB0FBD07D1566DAEAA058D4645" 184644f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "2607352699E1F631D2ABAF60B13E41ED5EDBB90D252331BDB9CDB1B672E871F37CAC009FE9028B3B1E0ACE8F6F0678" 184744f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "3F581B860620BDD478969EDE3101AAEFF65C6DB03E143E586167DC87D0CCE39E9119782F7B60A7A1CF2B7EE234E013" 184844f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "E3DE6C56F0D51F30C389D31FA37C5F2875ACB44434E82EF40B316C93DE129BA0040CD796B02C370F1FA4CC0124F130" 184944f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "2E0201033029A1083106020100020101A203020120A30402020100A4053103020101A6053103020140BF8377020500" 185044f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "0420CCD540855F833A5E1480BFD2D36FAF3AEEE15DF5BEABE2691BC82DDE2A7AA910041064C9F689C60FF6223AB6E6" 185144f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "999E0EB6E5"); 1852ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1853ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salimauto wrapped_key_masked = hex2str( 185444f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "30820179020100048201001EF5320D3C920D7614688A439409ACE4318C48395ABB7247A68671BD4B7156A7773B31A4" 185544f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "4459B73858625988A312E4D8855138F555678F525E4C52D91444FDC936BE6AEB63FD73FD84201EF46F88A0B622F528" 185644f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "956C92C9C731EB65BCBC6A03BEAB45959B54A768E2842D2CE174EE542EF2A15DCAA7542F3574BEEB1A991F95439466" 185744f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "E1960A9CE9E4CBC77DB23765191E4758C850908BCC74E158B77AB774141F171262C1AC771FDFA2E942F2F7633E97E8" 185844f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "0BD492C3E821361AC6B4F568DE351C816C8C997212C707F728FB3BCAAA796EA6B8E7A80BE010970B380122940277E9" 185944f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "4C5E9288F7CB6878A4C4CC1E83AB85A81FD68E43B14F1F81AD21E0D3545D70EE040C6D9721D08589581AB49204A330" 186044f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "2E0201033029A1083106020100020101A203020120A30402020100A4053103020101A6053103020140BF8377020500" 186144f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "0420A61C6E247E25B3E6E69AA78EB03C2D4AC20D1F99A9A024A76F35C8E2CAB9B68D04102560C70109AE67C030F00B" 186244f8b71874191d34ea07a7247364432f368ee2fbShawn Willden "98B512A670"); 1863ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1864ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salimauto wrapping_key = hex2str( 1865ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "308204be020100300d06092a864886f70d0101010500048204a8308204a40201000282010100aec367931d8900ce56" 1866ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "b0067f7d70e1fc653f3f34d194c1fed50018fb43db937b06e673a837313d56b1c725150a3fef86acbddc41bb759c28" 1867ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "54eae32d35841efb5c18d82bc90a1cb5c1d55adf245b02911f0b7cda88c421ff0ebafe7c0d23be312d7bd5921ffaea" 1868ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "1347c157406fef718f682643e4e5d33c6703d61c0cf7ac0bf4645c11f5c1374c3886427411c449796792e0bef75dec" 1869ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "858a2123c36753e02a95a96d7c454b504de385a642e0dfc3e60ac3a7ee4991d0d48b0172a95f9536f02ba13cecccb9" 1870ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "2b727db5c27e5b2f5cec09600b286af5cf14c42024c61ddfe71c2a8d7458f185234cb00e01d282f10f8fc6721d2aed" 1871ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "3f4833cca2bd8fa62821dd55020301000102820100431447b6251908112b1ee76f99f3711a52b6630960046c2de70d" 1872ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "e188d833f8b8b91e4d785caeeeaf4f0f74414e2cda40641f7fe24f14c67a88959bdb27766df9e710b630a03adc683b" 1873ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "5d2c43080e52bee71e9eaeb6de297a5fea1072070d181c822bccff087d63c940ba8a45f670feb29fb4484d1c95e6d2" 1874ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "579ba02aae0a00900c3ebf490e3d2cd7ee8d0e20c536e4dc5a5097272888cddd7e91f228b1c4d7474c55b8fcd618c4" 1875ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "a957bbddd5ad7407cc312d8d98a5caf7e08f4a0d6b45bb41c652659d5a5ba05b663737a8696281865ba20fbdd7f851" 1876ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "e6c56e8cbe0ddbbf24dc03b2d2cb4c3d540fb0af52e034a2d06698b128e5f101e3b51a34f8d8b4f8618102818100de" 1877ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "392e18d682c829266cc3454e1d6166242f32d9a1d10577753e904ea7d08bff841be5bac82a164c5970007047b8c517" 1878ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "db8f8f84e37bd5988561bdf503d4dc2bdb38f885434ae42c355f725c9a60f91f0788e1f1a97223b524b5357fdf72e2" 1879ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "f696bab7d78e32bf92ba8e1864eab1229e91346130748a6e3c124f9149d71c743502818100c95387c0f9d35f137b57" 1880ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "d0d65c397c5e21cc251e47008ed62a542409c8b6b6ac7f8967b3863ca645fcce49582a9aa17349db6c4a95affdae0d" 1881ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "ae612e1afac99ed39a2d934c880440aed8832f9843163a47f27f392199dc1202f9a0f9bd08308007cb1e4e7f583093" 1882ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "66a7de25f7c3c9b880677c068e1be936e81288815252a8a102818057ff8ca1895080b2cae486ef0adfd791fb0235c0" 1883ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "b8b36cd6c136e52e4085f4ea5a063212a4f105a3764743e53281988aba073f6e0027298e1c4378556e0efca0e14ece" 1884ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "1af76ad0b030f27af6f0ab35fb73a060d8b1a0e142fa2647e93b32e36d8282ae0a4de50ab7afe85500a16f43a64719" 1885ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "d6e2b9439823719cd08bcd03178102818100ba73b0bb28e3f81e9bd1c568713b101241acc607976c4ddccc90e65b65" 1886ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "56ca31516058f92b6e09f3b160ff0e374ec40d78ae4d4979fde6ac06a1a400c61dd31254186af30b22c10582a8a43e" 1887ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "34fe949c5f3b9755bae7baa7b7b7a6bd03b38cef55c86885fc6c1978b9cee7ef33da507c9df6b9277cff1e6aaa5d57" 1888ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "aca528466102818100c931617c77829dfb1270502be9195c8f2830885f57dba869536811e6864236d0c4736a0008a1" 1889ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "45af36b8357a7c3d139966d04c4e00934ea1aede3bb6b8ec841dc95e3f579751e2bfdfe27ae778983f959356210723" 1890ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim "287b0affcc9f727044d48c373f1babde0724fa17a4fd4da0902c7c9b9bf27ba61be6ad02dfddda8f4e6822"); 1891ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1892ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salimstring zero_masking_key = 1893ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim hex2str("0000000000000000000000000000000000000000000000000000000000000000"); 1894ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salimstring masking_key = hex2str("D796B02C370F1FA4CC0124F14EC8CBEBE987E825246265050F399A51FD477DFC"); 1895ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1896ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salimclass ImportWrappedKeyTest : public KeymasterHidlTest {}; 1897ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1898ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank SalimTEST_F(ImportWrappedKeyTest, Success) { 1899ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim auto wrapping_key_desc = AuthorizationSetBuilder() 1900ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .RsaEncryptionKey(2048, 65537) 1901ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Digest(Digest::SHA1) 1902ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Padding(PaddingMode::RSA_OAEP) 1903ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); 1904ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1905ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim ASSERT_EQ(ErrorCode::OK, 19068d28efa9b81a717fb839111e13ba51104269877aShawn Willden ImportWrappedKey( 19078d28efa9b81a717fb839111e13ba51104269877aShawn Willden wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key, 19088d28efa9b81a717fb839111e13ba51104269877aShawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP))); 1909ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1910ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim string message = "Hello World!"; 1911ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 1912ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim string ciphertext = EncryptMessage(message, params); 1913ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim string plaintext = DecryptMessage(ciphertext, params); 1914ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim EXPECT_EQ(message, plaintext); 1915ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim} 1916ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1917ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank SalimTEST_F(ImportWrappedKeyTest, SuccessMasked) { 1918ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim auto wrapping_key_desc = AuthorizationSetBuilder() 1919ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .RsaEncryptionKey(2048, 65537) 1920ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Digest(Digest::SHA1) 1921ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Padding(PaddingMode::RSA_OAEP) 1922ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); 1923ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1924ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim ASSERT_EQ(ErrorCode::OK, 19258d28efa9b81a717fb839111e13ba51104269877aShawn Willden ImportWrappedKey( 19268d28efa9b81a717fb839111e13ba51104269877aShawn Willden wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key, 19278d28efa9b81a717fb839111e13ba51104269877aShawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP))); 1928ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim} 1929ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1930ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank SalimTEST_F(ImportWrappedKeyTest, WrongMask) { 1931ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim auto wrapping_key_desc = AuthorizationSetBuilder() 1932ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .RsaEncryptionKey(2048, 65537) 1933ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Digest(Digest::SHA1) 1934ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Padding(PaddingMode::RSA_OAEP) 1935ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); 1936ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 19378d28efa9b81a717fb839111e13ba51104269877aShawn Willden ASSERT_EQ(ErrorCode::VERIFICATION_FAILED, 19388d28efa9b81a717fb839111e13ba51104269877aShawn Willden ImportWrappedKey( 19398d28efa9b81a717fb839111e13ba51104269877aShawn Willden wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key, 19408d28efa9b81a717fb839111e13ba51104269877aShawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP))); 1941ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim} 1942ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 1943ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank SalimTEST_F(ImportWrappedKeyTest, WrongPurpose) { 1944ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim auto wrapping_key_desc = AuthorizationSetBuilder() 1945ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .RsaEncryptionKey(2048, 65537) 1946ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Digest(Digest::SHA1) 1947ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim .Padding(PaddingMode::RSA_OAEP); 1948ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 19498d28efa9b81a717fb839111e13ba51104269877aShawn Willden ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, 19508d28efa9b81a717fb839111e13ba51104269877aShawn Willden ImportWrappedKey( 19518d28efa9b81a717fb839111e13ba51104269877aShawn Willden wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key, 19528d28efa9b81a717fb839111e13ba51104269877aShawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP))); 1953ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim} 1954ad57fa93fb7b235a11d2c91a180ab8c3f8e5b6feFrank Salim 19551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest EncryptionOperationsTest; 19561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 19581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingSuccess 19591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 19601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption works. 19611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 19621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingSuccess) { 19631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 19641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 1965a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 19661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 19671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = string(1024 / 8, 'a'); 19691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 19701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 19711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext1.size()); 19721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params); 19741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext2.size()); 19751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Unpadded RSA is deterministic 19771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext1, ciphertext2); 19781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 19791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 19811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingShortMessage 19821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 19831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption of short messages works. 19841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 19851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingShortMessage) { 19861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 19871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 1988a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 19891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 19901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1"; 19921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 19931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 19951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext.size()); 19961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string expected_plaintext = string(1024 / 8 - 1, 0) + message; 19981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 19991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(expected_plaintext, plaintext); 20011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Degenerate case, encrypting a numeric 1 yields 0x00..01 as the ciphertext. 20031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = static_cast<char>(1); 20041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext = EncryptMessage(message, params); 20051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext.size()); 20061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext, string(1024 / 8 - 1, 0) + message); 20071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 20081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 20101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingTooLong 20111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 20121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption of too-long messages fails in the expected way. 20131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 20141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingTooLong) { 20151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 20161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2017a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 20181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 20191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 + 1, 'a'); 20211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 20231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 20241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 20261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &result)); 20271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 20281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 20301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingTooLarge 20311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 20321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption of too-large (numerically) messages fails in the expected way. 20331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 20341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingTooLarge) { 20351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 20361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2037a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 20381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 20391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf exported; 20411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &exported)); 20421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = exported.data(); 20441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr /* alloc new */, &p, exported.size())); 20451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden RSA_Ptr rsa(EVP_PKEY_get1_RSA(pkey.get())); 20461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t modulus_len = BN_num_bytes(rsa->n); 20481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(1024U / 8, modulus_len); 20491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden std::unique_ptr<uint8_t[]> modulus_buf(new uint8_t[modulus_len]); 20501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BN_bn2bin(rsa->n, modulus_buf.get()); 20511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // The modulus is too big to encrypt. 20531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len); 20541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 20561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 20571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 20591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &result)); 20601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // One smaller than the modulus is okay. 20621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BN_sub(rsa->n, rsa->n, BN_value_one()); 20631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden modulus_len = BN_num_bytes(rsa->n); 20641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(1024U / 8, modulus_len); 20651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BN_bn2bin(rsa->n, modulus_buf.get()); 20661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = string(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len); 20671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 20681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(message, &result)); 20691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 20701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 20721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepSuccess 20731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 20741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations work, with all digests. 20751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 20761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepSuccess) { 20778a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu auto digests = ValidDigests(false /* withNone */, true /* withMD5 */); 20781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t key_size = 2048; // Need largish key for SHA-512 test. 20801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 20811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2082a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(key_size, 65537) 20831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 20841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digests))); 20851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello"; 20871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : digests) { 20891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(digest).Padding(PaddingMode::RSA_OAEP); 20901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 20911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (HasNonfatalFailure()) std::cout << "-->" << digest << std::endl; 20921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(key_size / 8, ciphertext1.size()); 20931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params); 20951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(key_size / 8, ciphertext2.size()); 20961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // OAEP randomizes padding so every result should be different (with astronomically high 20981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // probability). 20991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 21001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext1 = DecryptMessage(ciphertext1, params); 21021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext1) << "RSA-OAEP failed with digest " << digest; 21031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext2 = DecryptMessage(ciphertext2, params); 21041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext2) << "RSA-OAEP failed with digest " << digest; 21051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypting corrupted ciphertext should fail. 21071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t offset_to_corrupt = random() % ciphertext1.size(); 21081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char corrupt_byte; 21091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden do { 21101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden corrupt_byte = static_cast<char>(random() % 256); 21111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } while (corrupt_byte == ciphertext1[offset_to_corrupt]); 21121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext1[offset_to_corrupt] = corrupt_byte; 21131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 21151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 21161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result)); 21171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 21181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 21191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepInvalidDigest 21231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to operate 21251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * without a digest. 21261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepInvalidDigest) { 21281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2130a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 21311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 21321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 21331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 21341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::NONE); 21361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, Begin(KeyPurpose::ENCRYPT, params)); 21371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepInvalidDigest 21411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to decrypt with a 21431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * different digest than was used to encrypt. 21441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) { 21461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2148a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 21491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 21501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256, Digest::SHA_2_224))); 21511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 21521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage( 21531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, 21541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_224).Padding(PaddingMode::RSA_OAEP)); 21551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 21571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 21581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::DECRYPT, 21591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_OAEP))); 21601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 21611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext, &result)); 21621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 21631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepTooLarge 21671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to encrypt a 21691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * too-large message. 21701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepTooLarge) { 21721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2174a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 21751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 21761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1))); 21771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden constexpr size_t digest_size = 160 /* SHA1 */ / 8; 21781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden constexpr size_t oaep_overhead = 2 * digest_size + 2; 21791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 - oaep_overhead + 1, 'a'); 21801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 21811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::ENCRYPT, 21821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::SHA1))); 21831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 21841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &result)); 21851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 21861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaPkcs1Success 21901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA PKCS encryption/decrypts works. 21921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaPkcs1Success) { 21941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2196a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 21971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); 21981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 22001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); 22011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 22021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext1.size()); 22031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params); 22051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext2.size()); 22061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // PKCS1 v1.5 randomizes padding so every result should be different. 22081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 22091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params); 22111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 22121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypting corrupted ciphertext should fail. 22141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t offset_to_corrupt = random() % ciphertext1.size(); 22151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char corrupt_byte; 22161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden do { 22171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden corrupt_byte = static_cast<char>(random() % 256); 22181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } while (corrupt_byte == ciphertext1[offset_to_corrupt]); 22191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext1[offset_to_corrupt] = corrupt_byte; 22201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 22221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 22231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result)); 22241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 22251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaPkcs1TooLarge 22291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA PKCS encryption fails in the correct way when the mssage is too large. 22311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) { 22331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 22341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 2235a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaEncryptionKey(1024, 65537) 22361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); 22371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 - 10, 'a'); 22381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); 22401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 22411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 22421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &result)); 22431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 22441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.EcdsaEncrypt 22481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to use ECDSA keys to encrypt fails in the correct way. 22501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, EcdsaEncrypt) { 22521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 22531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 22548a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu .EcdsaSigningKey(256) 22551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 22561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::NONE); 22571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::ENCRYPT, params)); 22581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::DECRYPT, params)); 22591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.HmacEncrypt 22631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to use HMAC keys to encrypt fails in the correct way. 22651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, HmacEncrypt) { 22671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 22681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 22691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 22701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 22711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 22721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 22731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 22741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 22751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 22761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 22771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::ENCRYPT, params)); 22781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::DECRYPT, params)); 22791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbRoundTripSuccess 22831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES ECB mode works. 22851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbRoundTripSuccess) { 22871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 22881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 22891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 22901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 22911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 22921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE); 22941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Two-block message. 22961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 22971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 22981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 22991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(string(message), params); 23011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext2.size()); 23021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // ECB is deterministic. 23041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext1, ciphertext2); 23051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params); 23071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 23081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbRoundTripSuccess 23121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES encryption fails in the correct way when an unauthorized mode is specified. 23141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesWrongMode) { 23161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 23171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 23181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 23191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 23201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 23211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Two-block message. 23221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 23231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 23241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::INCOMPATIBLE_BLOCK_MODE, 23251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::ENCRYPT, 23261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE))); 23271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbNoPaddingWrongInputSize 23311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES encryption fails in the correct way when provided an input that is not a 23331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * multiple of the block size and no padding is specified. 23341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) { 23361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 23371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 23381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 23391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 23401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 23411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Message is slightly shorter than two blocks. 23421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(16 * 2 - 1, 'a'); 23431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE); 23451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 23461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 23471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &ciphertext)); 23481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, ciphertext.size()); 23491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbPkcs7Padding 23531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES PKCS7 padding works for any message length. 23551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbPkcs7Padding) { 23571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 23581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 23591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 23601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 23611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 23621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 23641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Try various message lengths; all should work. 23661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < 32; ++i) { 23671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(i, 'a'); 23681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 23691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(i + 16 - (i % 16), ciphertext.size()); 23701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 23711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 23721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 23731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbWrongPadding 23771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES enryption fails in the correct way when an unauthorized padding mode is 23791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * specified. 23801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbWrongPadding) { 23821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 23831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 23841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 23851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 23861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 23871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 23891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Try various message lengths; all should fail 23911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < 32; ++i) { 23921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(i, 'a'); 23931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, Begin(KeyPurpose::ENCRYPT, params)); 23941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 23951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbPkcs7PaddingCorrupted 23991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 24001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES decryption fails in the correct way when the padding is corrupted. 24011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) { 24031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 24041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 24051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 24061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 24071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 24081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 24101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "a"; 24121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 24131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, ciphertext.size()); 24141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext, message); 24151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++ciphertext[ciphertext.size() / 2]; 24161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 24181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 24191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &plaintext)); 24201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 24211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenHidlBuf CopyIv(const AuthorizationSet& set) { 24231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto iv = set.GetTagValue(TAG_NONCE); 24241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(iv.isOk()); 24251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return iv.value(); 24261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 24271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 24291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrRoundTripSuccess 24301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 24311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES CTR mode works. 24321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrRoundTripSuccess) { 24341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 24351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 24361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 24371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CTR) 24381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 24391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::CTR).Padding(PaddingMode::NONE); 24411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123"; 24431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 24441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params, &out_params); 24451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv1 = CopyIv(out_params); 24461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, iv1.size()); 24471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 24491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 24511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params, &out_params); 24521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv2 = CopyIv(out_params); 24531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, iv2.size()); 24541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // IVs should be random, so ciphertexts should differ. 24561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 24571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params_iv1 = 24591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorizations(params).Authorization(TAG_NONCE, iv1); 24601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params_iv2 = 24611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorizations(params).Authorization(TAG_NONCE, iv2); 24621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params_iv1); 24641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 24651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext2, params_iv2); 24661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 24671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Using the wrong IV will result in a "valid" decryption, but the data will be garbage. 24691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext1, params_iv2); 24701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 24711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext2, params_iv1); 24721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 24731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 24741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 24761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesIncremental 24771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 24781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES works, all modes, when provided data in various size increments. 24791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesIncremental) { 24811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto block_modes = { 24821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BlockMode::ECB, BlockMode::CBC, BlockMode::CTR, BlockMode::GCM, 24831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 24841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 24861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 24871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 24881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(block_modes) 24891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 24901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 24911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (int increment = 1; increment <= 240; ++increment) { 24931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto block_mode : block_modes) { 24941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(240, 'a'); 24951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 24961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(block_mode) 24971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 24981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128) /* for GCM */; 24991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet output_params; 25011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &output_params)); 25021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 25041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 25051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string to_send; 25061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < message.size(); i += increment) { 25071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send.append(message.substr(i, increment)); 25081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(to_send, &ciphertext, &input_consumed)); 25098a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu EXPECT_EQ(to_send.length(), input_consumed); 25101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send = to_send.substr(input_consumed); 25118a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu EXPECT_EQ(0U, to_send.length()); 25121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (block_mode) { 25141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::ECB: 25151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CBC: 25161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Implementations must take as many blocks as possible, leaving less than 25171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // a block. 25181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_LE(to_send.length(), 16U); 25191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 25201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::GCM: 25211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CTR: 25221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Implementations must always take all the data. 25231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, to_send.length()); 25241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 25251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext)) << "Error sending " << to_send; 25281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (block_mode) { 25301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::GCM: 25311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size() + 16, ciphertext.size()); 25321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 25331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CTR: 25341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 25351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 25361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CBC: 25371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::ECB: 25381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size() + message.size() % 16, ciphertext.size()); 25391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 25401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto iv = output_params.GetTagValue(TAG_NONCE); 25431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (block_mode) { 25441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CBC: 25451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::GCM: 25461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CTR: 25471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(iv.isOk()) << "No IV for block mode " << block_mode; 25481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(block_mode == BlockMode::GCM ? 12U : 16U, iv.value().size()); 25491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, iv.value()); 25501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 25511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::ECB: 25531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(iv.isOk()) << "ECB mode should not generate IV"; 25541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 25551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)) 25581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Decrypt begin() failed for block mode " << block_mode; 25591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 25611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < ciphertext.size(); i += increment) { 25621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send.append(ciphertext.substr(i, increment)); 25631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(to_send, &plaintext, &input_consumed)); 25641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send = to_send.substr(input_consumed); 25651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = Finish(to_send, &plaintext); 25671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, error) << "Decryption failed for block mode " << block_mode 25681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << " and increment " << increment; 25691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error == ErrorCode::OK) { 25701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(message, plaintext) << "Decryption didn't match for block mode " 25711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << block_mode << " and increment " << increment; 25721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 25761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstruct AesCtrSp80038aTestVector { 25781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* key; 25791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* nonce; 25801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* plaintext; 25811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* ciphertext; 25821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 25831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// These test vectors are taken from 25851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5. 25861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstatic const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = { 25871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AES-128 25881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden { 25891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 25901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" 25911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", 25921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff" 25931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee", 25941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }, 25951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AES-192 25961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden { 25971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 25981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" 25991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", 26001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94" 26011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050", 26021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }, 26031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AES-256 26041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden { 26051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", 26061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 26071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" 26081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", 26091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5" 26101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6", 26111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }, 26121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 26131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrSp80038aTestVector 26161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies AES CTR implementation against SP800-38A test vectors. 26181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrSp80038aTestVector) { 26201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < 3; i++) { 26211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]); 26221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string key = hex2str(test.key); 26231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string nonce = hex2str(test.nonce); 26241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string plaintext = hex2str(test.plaintext); 26251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string ciphertext = hex2str(test.ciphertext); 26261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckAesCtrTestVector(key, nonce, plaintext, ciphertext); 26271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 26281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 26291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrIncompatiblePaddingMode 26321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects use of CTR mode with PKCS7 padding in the correct way. 26341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrIncompatiblePaddingMode) { 26361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 26371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 26381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 26391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CTR) 26401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 26411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::CTR).Padding(PaddingMode::NONE); 26421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, Begin(KeyPurpose::ENCRYPT, params)); 26431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 26441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrInvalidCallerNonce 26471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster fails correctly when the user supplies an incorrect-size nonce. 26491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrInvalidCallerNonce) { 26511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 26521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 26531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 26541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CTR) 26551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_CALLER_NONCE) 26561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 26571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 26591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 26601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 26611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf(string(1, 'a'))); 26621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_NONCE, Begin(KeyPurpose::ENCRYPT, params)); 26631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 26651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 26661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 26671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf(string(15, 'a'))); 26681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_NONCE, Begin(KeyPurpose::ENCRYPT, params)); 26691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 26711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 26721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 26731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf(string(17, 'a'))); 26741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_NONCE, Begin(KeyPurpose::ENCRYPT, params)); 26751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 26761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrInvalidCallerNonce 26791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster fails correctly when the user supplies an incorrect-size nonce. 26811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCbcRoundTripSuccess) { 26831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 26841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 26851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 26861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 26871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 26881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Two-block message. 26891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 26901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 26911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 26921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params, &out_params); 26931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv1 = CopyIv(out_params); 26941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 26951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 26971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params, &out_params); 26991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv2 = CopyIv(out_params); 27001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext2.size()); 27011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // IVs should be random, so ciphertexts should differ. 27031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 27041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, iv1); 27061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params); 27071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 27081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCallerNonce 27121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES caller-provided nonces work correctly. 27141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 27151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCallerNonce) { 27161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 27171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 27181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 27191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 27201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_CALLER_NONCE) 27211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 27221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 27241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Don't specify nonce, should get a random one. 27261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder params = 27271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 27281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 27291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params, &out_params); 27301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 27311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE).value().size()); 27321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE).value()); 27341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 27351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 27361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now specify a nonce, should also work. 27381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 27391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CBC) 27401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 27411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf("abcdefghijklmnop")); 27421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 27431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext = EncryptMessage(message, params, &out_params); 27441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt with correct nonce. 27461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext, params); 27471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 27481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Try with wrong nonce. 27501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 27511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CBC) 27521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 27531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf("aaaaaaaaaaaaaaaa")); 27541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext, params); 27551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 27561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCallerNonceProhibited 27601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that caller-provided nonces are not permitted when not specified in the key 27621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * authorizations. 27631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 27641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCallerNonceProhibited) { 27651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 27661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 27671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 27681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 27691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 27701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 27721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Don't specify nonce, should get a random one. 27741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder params = 27751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 27761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 27771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params, &out_params); 27781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 27791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE).value().size()); 27801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE).value()); 27821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 27831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 27841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now specify a nonce, should fail 27861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 27871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CBC) 27881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 27891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf("abcdefghijklmnop")); 27901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 27911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::CALLER_NONCE_PROHIBITED, Begin(KeyPurpose::ENCRYPT, params, &out_params)); 27921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmRoundTripSuccess 27961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode works. 27981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 27991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmRoundTripSuccess) { 28001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 28011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 28021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 28031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::GCM) 28041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 28051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 28061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "foobar"; 28081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 28091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 28111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 28121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 28131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 28141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto update_params = 28161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 28171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 28191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 28201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)) 28211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Begin encrypt"; 28221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 28231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet update_out_params; 28241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 28251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, update_params, message, "", &update_out_params, &ciphertext)); 28261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28278a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu ASSERT_EQ(ciphertext.length(), message.length() + 16); 28288a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 28291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 28301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(begin_out_params); 28311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 28331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)) << "Begin decrypt"; 28341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 28351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 28361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Update(op_handle_, update_params, ciphertext, &update_out_params, 28371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext, &input_consumed)); 28381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext.size(), input_consumed); 28391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish("", &plaintext)); 28408a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu EXPECT_EQ(message.length(), plaintext.length()); 28411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 28421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 28431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 28451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmTooShortTag 28461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 28471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when a too-short tag length is specified. 28481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 28491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmTooShortTag) { 28501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 28511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 28521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 28531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 28541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 28551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 28561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 28571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 28581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 28591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 28601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 96); 28611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_MAC_LENGTH, Begin(KeyPurpose::ENCRYPT, params)); 28631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 28641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 28661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmTooShortTagOnDecrypt 28671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 28681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when a too-short tag is provided to decryption. 28691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 28701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) { 28711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 28721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 28731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 28741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 28751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 28761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 28771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "foobar"; 28781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 28791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 28801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 28811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 28821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 28831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 28851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 28861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 28881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 28891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params)); 28901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1U, begin_out_params.size()); 28911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(begin_out_params.GetTagValue(TAG_NONCE).isOk()); 28921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 28941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 28951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 28961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 28971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 28991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorizations(begin_out_params) 29001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 29011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 29021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 96); 29031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 29051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_MAC_LENGTH, Begin(KeyPurpose::DECRYPT, params)); 29061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 29071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 29091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmCorruptKey 29101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 29111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when the decryption key is incorrect. 29121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 29131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmCorruptKey) { 29141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t nonce_bytes[] = { 29151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f, 29161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 29171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string nonce = make_string(nonce_bytes); 29181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t ciphertext_bytes[] = { 29191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16, 29201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a, 29211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76, 29221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd, 29231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0, 29241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 29251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = make_string(ciphertext_bytes); 29261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 29281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 29291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 29301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128) 29311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, nonce.data(), nonce.size()); 29321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto import_params = AuthorizationSetBuilder() 29341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 29351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 29361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 29371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 29381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_CALLER_NONCE) 29391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128); 29401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Import correct key and decrypt 29421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t key_bytes[] = { 29431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d, 29441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb, 29451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 29461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key = make_string(key_bytes); 29471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(import_params, KeyFormat::RAW, key)); 29481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 29491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 29501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt key and attempt to decrypt 29521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key[0] = 0; 29531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(import_params, KeyFormat::RAW, key)); 29541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 29551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext)); 29561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 29571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 29581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 29601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmAadNoData 29611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 29621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode works when provided additional authenticated data, but no data to 29631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * encrypt. 29641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 29651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmAadNoData) { 29661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 29671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 29681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 29691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 29701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 29711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 29721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "1234567890123456"; 29741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 29751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 29761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 29771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 29781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 29801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 29811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 29831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 29841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params)); 29851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 29861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 29871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, "" /* input */, "" /* signature */, 29881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 29891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 29901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 29921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(begin_out_params); 29931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 29951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 29961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 29971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, ciphertext, "" /* signature */, 29981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &plaintext)); 29991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 30011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ("", plaintext); 30031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 30041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 30061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmMultiPartAad 30071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 30081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode works when provided additional authenticated data in multiple chunks. 30091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 30101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmMultiPartAad) { 30111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 30121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 30131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 30141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 30151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 30161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 30171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 30191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 30201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 30211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 30221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 30231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 30241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto update_params = 30261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3); 30271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 30291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // No data, AAD only. 30311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 30321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 30331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet update_out_params; 30341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, "" /* input */, &update_out_params, 30351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 30361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, input_consumed); 30371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, ciphertext.size()); 30381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 30391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AAD and data. 30411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, message, &update_out_params, 30421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 30431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), input_consumed); 30441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 30451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 30461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish("" /* input */, &ciphertext)); 30481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce. 30501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(begin_out_params); 30511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt 30531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden update_params = 30541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foofoo", (size_t)6); 30551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)); 30571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 30581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, update_params, ciphertext, "" /* signature */, 30591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &update_out_params, &plaintext)); 30601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 30611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 30621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 30631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 30651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmAadOutOfOrder 30661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 30671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when given AAD after data to encipher. 30681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 30691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmAadOutOfOrder) { 30701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 30711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 30721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 30731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 30741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 30751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 30761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 30781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 30791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 30801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 30811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 30821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 30831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto update_params = 30851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3); 30861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 30881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // No data, AAD only. 30901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 30911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 30921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet update_out_params; 30931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, "" /* input */, &update_out_params, 30941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 30951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, input_consumed); 30961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, ciphertext.size()); 30971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 30981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AAD and data. 31001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, message, &update_out_params, 31011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 31021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), input_consumed); 31031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 31041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 31051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // More AAD 31071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_TAG, Update(op_handle_, update_params, "", &update_out_params, 31081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 31091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; 31111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 31121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 31141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmBadAad 31151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 31161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM decryption fails correctly when additional authenticated date is wrong. 31171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 31181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmBadAad) { 31191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 31201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 31211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 31221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 31231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 31241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 31251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 31271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 31281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 31291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 31301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 31311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 31331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6); 31341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 31361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 31371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 31381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 31391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 31401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 31411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 31421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 31441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(begin_out_params); 31451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_params = AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, 31471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "barfoo" /* Wrong AAD */, (size_t)6); 31481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 31501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params)); 31511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 31521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, 31531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, finish_params, ciphertext, "" /* signature */, &finish_out_params, 31541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext)); 31551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 31561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 31581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmWrongNonce 31591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 31601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM decryption fails correctly when the nonce is incorrect. 31611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 31621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmWrongNonce) { 31631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 31641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 31651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 31661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 31671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 31681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 31691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 31711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 31721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 31731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 31741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 31751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 31771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6); 31781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 31801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 31811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 31821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 31831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 31841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 31851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 31861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Wrong nonce 31881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(TAG_NONCE, HidlBuf("123456789012")); 31891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 31911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params)); 31921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 31931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, 31941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, finish_params, ciphertext, "" /* signature */, &finish_out_params, 31951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext)); 31961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // With wrong nonce, should have gotten garbage plaintext (or none). 31981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 31991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 32001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 32021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmCorruptTag 32031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 32041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM decryption fails correctly when the tag is wrong. 32051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 32061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmCorruptTag) { 32071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 32081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 32091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 32101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 32111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 32121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 32131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "1234567890123456"; 32151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 32161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 32181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 32191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 32201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 32211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 32231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 32241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 32261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 32271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params)); 32281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 32291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 32301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 32311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 32321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 32331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt tag 32351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++(*ciphertext.rbegin()); 32361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 32381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(begin_out_params); 32391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 32411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 32421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 32431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, 32441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, finish_params, ciphertext, "" /* signature */, &finish_out_params, 32451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext)); 32461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 32471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 32481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32498823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 32508823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesEcbRoundTripSuccess 32518823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 32528823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that 3DES is basically functional. 32538823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 32548823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesEcbRoundTripSuccess) { 32558823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto auths = AuthorizationSetBuilder() 3256a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 32578823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::ECB) 325808839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 32598823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE); 32608823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 32618823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(auths)); 32628823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Two-block message. 32638823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "1234567890123456"; 32648823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto inParams = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE); 32658823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext1 = EncryptMessage(message, inParams); 32668823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 32678823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 32688823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext2 = EncryptMessage(string(message), inParams); 32698823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message.size(), ciphertext2.size()); 32708823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 32718823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // ECB is deterministic. 32728823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ciphertext1, ciphertext2); 32738823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 32748823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext = DecryptMessage(ciphertext1, inParams); 32758823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 32768823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 32778823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 32788823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 32798823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesEcbNotAuthorized 32808823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 32818823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that CBC keys reject ECB usage. 32828823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 32838823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesEcbNotAuthorized) { 32848823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3285a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 32868823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 328708839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 32888823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 32898823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 32908823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto inParams = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE); 32918823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_BLOCK_MODE, Begin(KeyPurpose::ENCRYPT, inParams)); 32928823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 32938823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 32948823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 32958823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesEcbPkcs7Padding 32968823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 32978823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Tests ECB mode with PKCS#7 padding, various message sizes. 32988823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 32998823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesEcbPkcs7Padding) { 33008823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3301a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 33028823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::ECB) 330308839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 33048823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::PKCS7))); 33058823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 33068823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden for (size_t i = 0; i < 32; ++i) { 33078823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message(i, 'a'); 33088823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto inParams = 33098823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 33108823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext = EncryptMessage(message, inParams); 33118823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(i + 8 - (i % 8), ciphertext.size()); 33128823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext = DecryptMessage(ciphertext, inParams); 33138823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 33148823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden } 33158823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 33168823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 33178823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 33188823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesEcbNoPaddingKeyWithPkcs7Padding 33198823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 33208823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that keys configured for no padding reject PKCS7 padding 33218823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 33228823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesEcbNoPaddingKeyWithPkcs7Padding) { 33238823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3324a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 33258823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::ECB) 332608839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 33278823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 33288823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden for (size_t i = 0; i < 32; ++i) { 33298823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto inParams = 33308823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 33318823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, Begin(KeyPurpose::ENCRYPT, inParams)); 33328823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden } 33338823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 33348823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 33358823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 33368823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesEcbPkcs7PaddingCorrupted 33378823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 33388823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that corrupted padding is detected. 33398823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 33408823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesEcbPkcs7PaddingCorrupted) { 33418823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3342a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 33438823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::ECB) 334408839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 33458823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::PKCS7))); 33468823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 33478823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "a"; 33488823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext = EncryptMessage(message, BlockMode::ECB, PaddingMode::PKCS7); 33498823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(8U, ciphertext.size()); 33508823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_NE(ciphertext, message); 33518823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ++ciphertext[ciphertext.size() / 2]; 33528823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 33538823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSetBuilder begin_params; 33548823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden begin_params.push_back(TAG_BLOCK_MODE, BlockMode::ECB); 33558823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden begin_params.push_back(TAG_PADDING, PaddingMode::PKCS7); 33568823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)); 33578823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext; 33588823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden size_t input_consumed; 33598823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext, &input_consumed)); 33608823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ciphertext.size(), input_consumed); 33618823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(&plaintext)); 33628823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 33638823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 33648823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willdenstruct TripleDesTestVector { 33658823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const char* name; 33668823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const KeyPurpose purpose; 33678823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const BlockMode block_mode; 33688823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const PaddingMode padding_mode; 33698823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const char* key; 33708823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const char* iv; 33718823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const char* input; 33728823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden const char* output; 33738823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden}; 33748823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 33758823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden// These test vectors are from NIST CAVP, plus a few custom variants to test padding, since all of 33768823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden// the NIST vectors are multiples of the block size. 33778823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willdenstatic const TripleDesTestVector kTripleDesTestVectors[] = { 33788823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 33798823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TECBMMT3 Encrypt 0", KeyPurpose::ENCRYPT, BlockMode::ECB, PaddingMode::NONE, 33808823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "a2b5bc67da13dc92cd9d344aa238544a0e1fa79ef76810cd", // key 33818823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "", // IV 33828823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "329d86bdf1bc5af4", // input 33838823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "d946c2756d78633f", // output 33848823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 33858823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 33868823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TECBMMT3 Encrypt 1", KeyPurpose::ENCRYPT, BlockMode::ECB, PaddingMode::NONE, 33878823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "49e692290d2a5e46bace79b9648a4c5d491004c262dc9d49", // key 33888823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "", // IV 33898823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "6b1540781b01ce1997adae102dbf3c5b", // input 33908823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "4d0dc182d6e481ac4a3dc6ab6976ccae", // output 33918823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 33928823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 33938823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TECBMMT3 Decrypt 0", KeyPurpose::DECRYPT, BlockMode::ECB, PaddingMode::NONE, 33948823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "52daec2ac7dc1958377392682f37860b2cc1ea2304bab0e9", // key 33958823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "", // IV 33968823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "6daad94ce08acfe7", // input 33978823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "660e7d32dcc90e79", // output 33988823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 33998823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 34008823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TECBMMT3 Decrypt 1", KeyPurpose::DECRYPT, BlockMode::ECB, PaddingMode::NONE, 34018823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "7f8fe3d3f4a48394fb682c2919926d6ddfce8932529229ce", // key 34028823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "", // IV 34038823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "e9653a0a1f05d31b9acd12d73aa9879d", // input 34048823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "9b2ae9d998efe62f1b592e7e1df8ff38", // output 34058823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 34068823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 34078823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TCBCMMT3 Encrypt 0", KeyPurpose::ENCRYPT, BlockMode::CBC, PaddingMode::NONE, 34088823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "b5cb1504802326c73df186e3e352a20de643b0d63ee30e37", // key 34098823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "43f791134c5647ba", // IV 34108823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "dcc153cef81d6f24", // input 34118823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "92538bd8af18d3ba", // output 34128823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 34138823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 34148823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TCBCMMT3 Encrypt 1", KeyPurpose::ENCRYPT, BlockMode::CBC, PaddingMode::NONE, 34158823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358", // key 34168823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "c2e999cb6249023c", // IV 34178823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "c689aee38a301bb316da75db36f110b5", // input 34188823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "e9afaba5ec75ea1bbe65506655bb4ecb", // output 34198823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 34208823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 34218823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TCBCMMT3 Encrypt 1 PKCS7 variant", KeyPurpose::ENCRYPT, BlockMode::CBC, PaddingMode::PKCS7, 34228823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358", // key 34238823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "c2e999cb6249023c", // IV 34248823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "c689aee38a301bb316da75db36f110b500", // input 34258823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "e9afaba5ec75ea1bbe65506655bb4ecb825aa27ec0656156", // output 34268823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 34278823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 34288823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TCBCMMT3 Encrypt 1 PKCS7 decrypted", KeyPurpose::DECRYPT, BlockMode::CBC, 34298823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden PaddingMode::PKCS7, 34308823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358", // key 34318823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "c2e999cb6249023c", // IV 34328823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "e9afaba5ec75ea1bbe65506655bb4ecb825aa27ec0656156", // input 34338823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "c689aee38a301bb316da75db36f110b500", // output 34348823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 34358823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 34368823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TCBCMMT3 Decrypt 0", KeyPurpose::DECRYPT, BlockMode::CBC, PaddingMode::NONE, 34378823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "5eb6040d46082c7aa7d06dfd08dfeac8c18364c1548c3ba1", // key 34388823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "41746c7e442d3681", // IV 34398823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "c53a7b0ec40600fe", // input 34408823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "d4f00eb455de1034", // output 34418823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 34428823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden { 34438823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "TCBCMMT3 Decrypt 1", KeyPurpose::DECRYPT, BlockMode::CBC, PaddingMode::NONE, 34448823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "5b1cce7c0dc1ec49130dfb4af45785ab9179e567f2c7d549", // key 34458823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "3982bc02c3727d45", // IV 34468823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "6006f10adef52991fcc777a1238bbb65", // input 34478823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden "edae09288e9e3bc05746d872b48e3b29", // output 34488823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden }, 34498823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden}; 34508823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 34518823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 34528823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesTestVector 34538823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 34548823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that NIST (plus a few extra) test vectors produce the correct results. 34558823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 34568823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesTestVector) { 34578823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden constexpr size_t num_tests = sizeof(kTripleDesTestVectors) / sizeof(TripleDesTestVector); 34588823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden for (auto* test = kTripleDesTestVectors; test < kTripleDesTestVectors + num_tests; ++test) { 34598823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden SCOPED_TRACE(test->name); 34608823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden CheckTripleDesTestVector(test->purpose, test->block_mode, test->padding_mode, 34618823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden hex2str(test->key), hex2str(test->iv), hex2str(test->input), 34628823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden hex2str(test->output)); 34638823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden } 34648823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 34658823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 34668823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 34678823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesCbcRoundTripSuccess 34688823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 34698823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Validates CBC mode functionality. 34708823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 34718823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCbcRoundTripSuccess) { 34728823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3473a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 34748823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 347508839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 34768823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 34778823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Two-block message. 34788823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "1234567890123456"; 34798823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden HidlBuf iv1; 34808823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext1 = EncryptMessage(message, BlockMode::CBC, PaddingMode::NONE, &iv1); 34818823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 34828823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 34838823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden HidlBuf iv2; 34848823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext2 = EncryptMessage(message, BlockMode::CBC, PaddingMode::NONE, &iv2); 34858823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message.size(), ciphertext2.size()); 34868823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 34878823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // IVs should be random, so ciphertexts should differ. 34888823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_NE(iv1, iv2); 34898823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 34908823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 34918823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext = DecryptMessage(ciphertext1, BlockMode::CBC, PaddingMode::NONE, iv1); 34928823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 34938823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 34948823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 34958823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 34968823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesCallerIv 34978823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 34988823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Validates that 3DES keys can allow caller-specified IVs, and use them correctly. 34998823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 35008823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCallerIv) { 35018823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3502a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 35038823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 350408839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 35058823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Authorization(TAG_CALLER_NONCE) 35068823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 35078823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "1234567890123456"; 35088823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden HidlBuf iv; 35098823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Don't specify IV, should get a random one. 35108823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext1 = EncryptMessage(message, BlockMode::CBC, PaddingMode::NONE, &iv); 35118823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 35128823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(8U, iv.size()); 35138823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35148823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext = DecryptMessage(ciphertext1, BlockMode::CBC, PaddingMode::NONE, iv); 35158823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 35168823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35178823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Now specify an IV, should also work. 35188823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden iv = HidlBuf("abcdefgh"); 35198823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext2 = EncryptMessage(message, BlockMode::CBC, PaddingMode::NONE, iv); 35208823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35218823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Decrypt with correct IV. 35228823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden plaintext = DecryptMessage(ciphertext2, BlockMode::CBC, PaddingMode::NONE, iv); 35238823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 35248823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35258823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Now try with wrong IV. 35268823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden plaintext = DecryptMessage(ciphertext2, BlockMode::CBC, PaddingMode::NONE, HidlBuf("aaaaaaaa")); 35278823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_NE(message, plaintext); 35288823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 35298823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35308823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 35318823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest, TripleDesCallerNonceProhibited. 35328823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 35338823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that 3DES keys without TAG_CALLER_NONCE do not allow caller-specified IVS. 35348823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 35358823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCallerNonceProhibited) { 35368823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3537a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 35388823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 353908839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 35408823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 35418823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35428823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "12345678901234567890123456789012"; 35438823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden HidlBuf iv; 35448823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Don't specify nonce, should get a random one. 35458823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext1 = EncryptMessage(message, BlockMode::CBC, PaddingMode::NONE, &iv); 35468823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 35478823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(8U, iv.size()); 35488823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35498823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext = DecryptMessage(ciphertext1, BlockMode::CBC, PaddingMode::NONE, iv); 35508823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 35518823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35528823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Now specify a nonce, should fail. 35538823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto input_params = AuthorizationSetBuilder() 35548823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Authorization(TAG_NONCE, HidlBuf("abcdefgh")) 35558823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 35568823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE); 35578823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSet output_params; 35588823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::CALLER_NONCE_PROHIBITED, 35598823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden Begin(KeyPurpose::ENCRYPT, input_params, &output_params)); 35608823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 35618823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35628823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 35638823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesCbcNotAuthorized 35648823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 35658823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that 3DES ECB-only keys do not allow CBC usage. 35668823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 35678823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCbcNotAuthorized) { 35688823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3569a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 35708823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::ECB) 357108839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 35728823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 35738823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Two-block message. 35748823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "1234567890123456"; 35758823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto begin_params = 35768823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 35778823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_BLOCK_MODE, Begin(KeyPurpose::ENCRYPT, begin_params)); 35788823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 35798823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35808823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 35818823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesCbcNoPaddingWrongInputSize 35828823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 35838823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that unpadded CBC operations reject inputs that are not a multiple of block size. 35848823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 35858823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCbcNoPaddingWrongInputSize) { 35868823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3587a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 35888823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 358908839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 35908823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 35918823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Message is slightly shorter than two blocks. 35928823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "123456789012345"; 35938823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 35948823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto begin_params = 35958823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 35968823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSet output_params; 35978823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &output_params)); 35988823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext; 35998823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, "", &ciphertext)); 36008823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 36018823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36028823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 36038823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest, TripleDesCbcPkcs7Padding. 36048823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 36058823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that PKCS7 padding works correctly in CBC mode. 36068823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 36078823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCbcPkcs7Padding) { 36088823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3609a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 36108823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 361108839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 36128823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::PKCS7))); 36138823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36148823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Try various message lengths; all should work. 36158823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden for (size_t i = 0; i < 32; ++i) { 36168823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message(i, 'a'); 36178823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden HidlBuf iv; 36188823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext = EncryptMessage(message, BlockMode::CBC, PaddingMode::PKCS7, &iv); 36198823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(i + 8 - (i % 8), ciphertext.size()); 36208823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext = DecryptMessage(ciphertext, BlockMode::CBC, PaddingMode::PKCS7, iv); 36218823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 36228823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden } 36238823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 36248823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36258823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 36268823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesCbcNoPaddingKeyWithPkcs7Padding 36278823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 36288823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that a key that requires PKCS7 padding cannot be used in unpadded mode. 36298823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 36308823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCbcNoPaddingKeyWithPkcs7Padding) { 36318823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3632a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 36338823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 363408839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 36358823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 36368823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36378823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Try various message lengths; all should fail. 36388823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden for (size_t i = 0; i < 32; ++i) { 36398823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto begin_params = 36408823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::PKCS7); 36418823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, Begin(KeyPurpose::ENCRYPT, begin_params)); 36428823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden } 36438823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 36448823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36458823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 36468823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest.TripleDesCbcPkcs7PaddingCorrupted 36478823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 36488823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that corrupted PKCS7 padding is rejected during decryption. 36498823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 36508823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCbcPkcs7PaddingCorrupted) { 36518823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3652a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 36538823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 365408839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 36558823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::PKCS7))); 36568823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36578823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message = "a"; 36588823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden HidlBuf iv; 36598823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext = EncryptMessage(message, BlockMode::CBC, PaddingMode::PKCS7, &iv); 36608823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(8U, ciphertext.size()); 36618823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_NE(ciphertext, message); 36628823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ++ciphertext[ciphertext.size() / 2]; 36638823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36648823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden auto begin_params = AuthorizationSetBuilder() 36658823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 36668823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::PKCS7) 36678823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Authorization(TAG_NONCE, iv); 36688823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)); 36698823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext; 36708823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden size_t input_consumed; 36718823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext, &input_consumed)); 36728823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ciphertext.size(), input_consumed); 36738823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(&plaintext)); 36748823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 36758823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36768823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden/* 36778823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * EncryptionOperationsTest, TripleDesCbcIncrementalNoPadding. 36788823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * 36798823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden * Verifies that 3DES CBC works with many different input sizes. 36808823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden */ 36818823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn WilldenTEST_F(EncryptionOperationsTest, TripleDesCbcIncrementalNoPadding) { 36828823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3683a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .TripleDesEncryptionKey(168) 36848823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .BlockMode(BlockMode::CBC) 368508839105dc93d9431f03c8cb1cd3c4e7d85866fdShawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 36868823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden .Padding(PaddingMode::NONE))); 36878823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36888823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden int increment = 7; 36898823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string message(240, 'a'); 36908823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSet input_params = 36918823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 36928823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden AuthorizationSet output_params; 36938823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, input_params, &output_params)); 36948823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 36958823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string ciphertext; 36968823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden size_t input_consumed; 36978823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden for (size_t i = 0; i < message.size(); i += increment) 36988823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, 36998823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden Update(message.substr(i, increment), &ciphertext, &input_consumed)); 37008823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(&ciphertext)); 37018823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 37028823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 37038823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden // Move TAG_NONCE into input_params 37048823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden input_params = output_params; 37058823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden input_params.push_back(TAG_BLOCK_MODE, BlockMode::CBC); 37068823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden input_params.push_back(TAG_PADDING, PaddingMode::NONE); 37078823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden output_params.Clear(); 37088823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 37098823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, input_params, &output_params)); 37108823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden string plaintext; 37118823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden for (size_t i = 0; i < ciphertext.size(); i += increment) 37128823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, 37138823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden Update(ciphertext.substr(i, increment), &plaintext, &input_consumed)); 37148823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(&plaintext)); 37158823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(ciphertext.size(), plaintext.size()); 37168823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden EXPECT_EQ(message, plaintext); 37178823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden} 37188823a4415c96ad6481a685c02aa5dcdfdff599f9Shawn Willden 37191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest MaxOperationsTest; 37201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * MaxOperationsTest.TestLimitAes 37231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the max uses per boot tag works correctly with AES keys. 37251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(MaxOperationsTest, TestLimitAes) { 37278a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu if (SecLevel() == SecurityLevel::STRONGBOX) return; 37288a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 37291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 37301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 37311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 37321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 37331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 37341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAX_USES_PER_BOOT, 3))); 37351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1234567890123456"; 37371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().EcbMode().Padding(PaddingMode::NONE); 37391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EncryptMessage(message, params); 37411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EncryptMessage(message, params); 37421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EncryptMessage(message, params); 37431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Fourth time should fail. 37451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::KEY_MAX_OPS_EXCEEDED, Begin(KeyPurpose::ENCRYPT, params)); 37461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * MaxOperationsTest.TestLimitAes 37501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the max uses per boot tag works correctly with RSA keys. 37521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(MaxOperationsTest, TestLimitRsa) { 37548a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu if (SecLevel() == SecurityLevel::STRONGBOX) return; 37558a678bca72cd4ce498da57c33bb651862de7ecebnagendra modadugu 37561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 37571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 3758a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 37591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .NoDigestOrPadding() 37601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAX_USES_PER_BOOT, 3))); 37611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1234567890123456"; 37631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().NoDigestOrPadding(); 37651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, params); 37671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, params); 37681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, params); 37691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Fourth time should fail. 37711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::KEY_MAX_OPS_EXCEEDED, Begin(KeyPurpose::SIGN, params)); 37721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest AddEntropyTest; 37751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AddEntropyTest.AddEntropy 37781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the addRngEntropy method doesn't blow up. There's no way to test that entropy is 37801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * actually added. 37811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AddEntropyTest, AddEntropy) { 37831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, keymaster().addRngEntropy(HidlBuf("foo"))); 37841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AddEntropyTest.AddEmptyEntropy 37881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the addRngEntropy method doesn't blow up when given an empty buffer. 37901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AddEntropyTest, AddEmptyEntropy) { 37921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, keymaster().addRngEntropy(HidlBuf())); 37931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AddEntropyTest.AddLargeEntropy 37971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the addRngEntropy method doesn't blow up when given a largish amount of data. 37991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AddEntropyTest, AddLargeEntropy) { 38011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, keymaster().addRngEntropy(HidlBuf(string(2 * 1024, 'a')))); 38021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest AttestationTest; 38051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.RsaAttestation 38081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to RSA keys works and generates the expected output. 38101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, RsaAttestation) { 38121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 3814a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 38151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 38161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 38171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 38211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 38221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 38231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 38241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GE(cert_chain.size(), 2U); 38261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_chain(cert_chain)); 38271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_attestation_record("challenge", "foo", // 38281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.softwareEnforced, // 38291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.hardwareEnforced, // 38301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden cert_chain[0])); 38311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.RsaAttestationRequiresAppId 38351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to RSA requires app ID. 38371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, RsaAttestationRequiresAppId) { 38391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 3841a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 38421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 38431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 38441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, 38481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, 38491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf("challenge")), 38501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.EcAttestation 38551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to EC keys works and generates the expected output. 38571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, EcAttestation) { 38591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 38611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_256) 38621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 38631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 38671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 38681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 38691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 38701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GE(cert_chain.size(), 2U); 38721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_chain(cert_chain)); 38731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_attestation_record("challenge", "foo", // 38751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.softwareEnforced, // 38761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.hardwareEnforced, // 38771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden cert_chain[0])); 38781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.EcAttestationRequiresAttestationAppId 38821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to EC keys requires app ID 38841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, EcAttestationRequiresAttestationAppId) { 38861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 38881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_256) 38891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 38901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, 38941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, 38951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf("challenge")), 38961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 39001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.AesAttestation 39011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to AES keys fails in the expected way. 39031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 39041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, AesAttestation) { 39051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 39061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 39071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 39081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 39091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 39101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 39121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_ALGORITHM, 39131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 39141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 39151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 39161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 39171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 39181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 39201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.HmacAttestation 39211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to HMAC keys fails in the expected way. 39231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 39241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, HmacAttestation) { 39251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 39261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 39271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 39281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 39291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 39301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 39311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 39331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_ALGORITHM, 39341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 39351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 39361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 39371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 39381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 39391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest KeyDeletionTest; 39411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/** 39431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * KeyDeletionTest.DeleteKey 39441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * This test checks that if rollback protection is implemented, DeleteKey invalidates a formerly 39461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * valid key blob. 39471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * TODO(swillden): Update to incorporate changes in rollback resistance semantics. 39491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 39501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(KeyDeletionTest, DeleteKey) { 39511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3952a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 39531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 39541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 39551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 39561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete must work if rollback protection is implemented 39581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced); 39591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE); 39601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 39621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */)); 39631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 39641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto delete_result = DeleteKey(true /* keep key blob */); 39651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(delete_result == ErrorCode::OK | delete_result == ErrorCode::UNIMPLEMENTED); 39661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 39671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 39691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 39701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 39721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 39731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 39741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 39751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 39761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 39771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 39781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 39791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 39801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 39811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 39821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AbortIfNeeded(); 39831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob_ = HidlBuf(); 39841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 39851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/** 39871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * KeyDeletionTest.DeleteInvalidKey 39881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * This test checks that the HAL excepts invalid key blobs. 39901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * TODO(swillden): Update to incorporate changes in rollback resistance semantics. 39921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 39931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(KeyDeletionTest, DeleteInvalidKey) { 39941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Generate key just to check if rollback protection is implemented 39951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 3996a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 39971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 39981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 39991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 40001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete must work if rollback protection is implemented 40021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced); 40031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE); 40041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete the key we don't care about the result at this point. 40061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden DeleteKey(); 40071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now create an invalid key blob and delete it. 40091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob_ = HidlBuf("just some garbage data which is not a valid key blob"); 40101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 40121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, DeleteKey()); 40131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 40141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto delete_result = DeleteKey(); 40151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(delete_result == ErrorCode::OK | delete_result == ErrorCode::UNIMPLEMENTED); 40161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 40181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/** 40201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * KeyDeletionTest.DeleteAllKeys 40211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * This test is disarmed by default. To arm it use --arm_deleteAllKeys. 40231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * BEWARE: This test has serious side effects. All user keys will be lost! This includes 40251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * FBE/FDE encryption keys, which means that the device will not even boot until after the 40261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * device has been wiped manually (e.g., fastboot flashall -w), and new FBE/FDE keys have 40271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * been provisioned. Use this test only on dedicated testing devices that have no valuable 40281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * credentials stored in Keystore/Keymaster. 40291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * TODO(swillden): Update to incorporate changes in rollback resistance semantics. 40311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 40321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(KeyDeletionTest, DeleteAllKeys) { 40331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!arm_deleteAllKeys) return; 40341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 4035a63596436b1347699575e5bc78c1655c6e7db707nagendra modadugu .RsaSigningKey(1024, 65537) 40361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 40371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 40381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 40391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete must work if rollback protection is implemented 40411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced); 40421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE); 40431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, DeleteAllKeys()); 40451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 40471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 40481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 40501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 40511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 40521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 40531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 40541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 40551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 40561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 40571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 40581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 40591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AbortIfNeeded(); 40611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob_ = HidlBuf(); 40621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 40631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenusing UpgradeKeyTest = KeymasterHidlTest; 40651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 40671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * UpgradeKeyTest.UpgradeKey 40681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that calling upgrade key on an up-to-date key works (i.e. does nothing). 40701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 40711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(UpgradeKeyTest, UpgradeKey) { 40721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 40731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 40741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 40751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 40761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto result = UpgradeKey(key_blob_); 40781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Key doesn't need upgrading. Should get okay, but no new key blob. 40801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(result, std::make_pair(ErrorCode::OK, HidlBuf())); 40811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 40821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace test 40841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace V4_0 40851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace keymaster 40861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace hardware 40871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace android 40881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenusing android::hardware::keymaster::V4_0::test::KeymasterHidlEnvironment; 40901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenint main(int argc, char** argv) { 40921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ::testing::AddGlobalTestEnvironment(KeymasterHidlEnvironment::Instance()); 40931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ::testing::InitGoogleTest(&argc, argv); 40941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeymasterHidlEnvironment::Instance()->init(&argc, argv); 40951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (int i = 1; i < argc; ++i) { 40961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (argv[i][0] == '-') { 40971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (std::string(argv[i]) == "--arm_deleteAllKeys") { 40981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden arm_deleteAllKeys = true; 40991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 41001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (std::string(argv[i]) == "--dump_attestations") { 41011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden dump_Attestations = true; 41021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 41031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 41041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 41051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden int status = RUN_ALL_TESTS(); 41061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ALOGI("Test result = %d", status); 41071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return status; 41081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 4109