keymaster_hidl_hal_test.cpp revision 1e50c676f6fe5cfa726b66b2c6ba57084a3888e8
11e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Copyright (C) 2017 The Android Open Source Project 31e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 41e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 51e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * you may not use this file except in compliance with the License. 61e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * You may obtain a copy of the License at 71e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 81e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * http://www.apache.org/licenses/LICENSE-2.0 91e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Unless required by applicable law or agreed to in writing, software 111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * See the License for the specific language governing permissions and 141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * limitations under the License. 151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#define LOG_TAG "keymaster_hidl_hal_test" 181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <cutils/log.h> 191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <iostream> 211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <openssl/evp.h> 231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <openssl/x509.h> 241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <android/hardware/keymaster/4.0/IKeymaster.h> 261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <android/hardware/keymaster/4.0/types.h> 271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <cutils/properties.h> 281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymaster/keymaster_configuration.h> 291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <VtsHalHidlTargetTestBase.h> 311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymasterV4_0/attestation_record.h> 331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymasterV4_0/authorization_set.h> 341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymasterV4_0/key_param_output.h> 351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden#include <keymasterV4_0/openssl_utils.h> 361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenusing ::android::sp; 381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenusing ::std::string; 401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstatic bool arm_deleteAllKeys = false; 421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstatic bool dump_Attestations = false; 431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace android { 451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace hardware { 461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <typename T> 481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool operator==(const hidl_vec<T>& a, const hidl_vec<T>& b) { 491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (a.size() != b.size()) { 501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return false; 511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < a.size(); ++i) { 531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (a[i] != b[i]) { 541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return false; 551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return true; 581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace keymaster { 611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace V4_0 { 621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool operator==(const KeyParameter& a, const KeyParameter& b) { 641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (a.tag != b.tag) { 651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return false; 661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (a.tag) { 691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden /* Boolean tags */ 701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::INVALID: 711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::CALLER_NONCE: 721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::INCLUDE_UNIQUE_ID: 731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::BOOTLOADER_ONLY: 741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::NO_AUTH_REQUIRED: 751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ALLOW_WHILE_ON_BODY: 761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ROLLBACK_RESISTANCE: 771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::RESET_SINCE_ID_ROTATION: 781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return true; 791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden /* Integer tags */ 811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::KEY_SIZE: 821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::MIN_MAC_LENGTH: 831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::MIN_SECONDS_BETWEEN_OPS: 841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::MAX_USES_PER_BOOT: 851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::OS_VERSION: 861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::OS_PATCHLEVEL: 871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::MAC_LENGTH: 881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::AUTH_TIMEOUT: 891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.integer == b.f.integer; 901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden /* Long integer tags */ 921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::RSA_PUBLIC_EXPONENT: 931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::USER_SECURE_ID: 941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.longInteger == b.f.longInteger; 951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden /* Date-time tags */ 971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ACTIVE_DATETIME: 981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ORIGINATION_EXPIRE_DATETIME: 991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::USAGE_EXPIRE_DATETIME: 1001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::CREATION_DATETIME: 1011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.dateTime == b.f.dateTime; 1021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden /* Bytes tags */ 1041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::APPLICATION_ID: 1051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::APPLICATION_DATA: 1061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ROOT_OF_TRUST: 1071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::UNIQUE_ID: 1081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_CHALLENGE: 1091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_APPLICATION_ID: 1101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_BRAND: 1111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_DEVICE: 1121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_PRODUCT: 1131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_SERIAL: 1141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_IMEI: 1151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_MEID: 1161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_MANUFACTURER: 1171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ATTESTATION_ID_MODEL: 1181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ASSOCIATED_DATA: 1191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::NONCE: 1201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.blob == b.blob; 1211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden /* Enum tags */ 1231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::PURPOSE: 1241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.purpose == b.f.purpose; 1251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ALGORITHM: 1261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.algorithm == b.f.algorithm; 1271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::BLOCK_MODE: 1281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.blockMode == b.f.blockMode; 1291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::DIGEST: 1301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.digest == b.f.digest; 1311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::PADDING: 1321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.paddingMode == b.f.paddingMode; 1331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::EC_CURVE: 1341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.ecCurve == b.f.ecCurve; 1351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::BLOB_USAGE_REQUIREMENTS: 1361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.keyBlobUsageRequirements == b.f.keyBlobUsageRequirements; 1371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::USER_AUTH_TYPE: 1381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.integer == b.f.integer; 1391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case Tag::ORIGIN: 1401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.f.origin == b.f.origin; 1411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 1421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return false; 1441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool operator==(const AuthorizationSet& a, const AuthorizationSet& b) { 1471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin()); 1481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool operator==(const KeyCharacteristics& a, const KeyCharacteristics& b) { 1511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // This isn't very efficient. Oh, well. 1521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet a_sw(a.softwareEnforced); 1531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet b_sw(b.softwareEnforced); 1541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet a_tee(b.hardwareEnforced); 1551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet b_tee(b.hardwareEnforced); 1561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden a_sw.Sort(); 1581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b_sw.Sort(); 1591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden a_tee.Sort(); 1601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b_tee.Sort(); 1611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return a_sw == b_sw && a_tee == b_tee; 1631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) { 1661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (set.size() == 0) 1671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden os << "(Empty)" << ::std::endl; 1681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden else { 1691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden os << "\n"; 1701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl; 1711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 1721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return os; 1731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace test { 1761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdennamespace { 1771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <TagType tag_type, Tag tag, typename ValueT> 1791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool contains(hidl_vec<KeyParameter>& set, TypedTag<tag_type, tag> ttag, ValueT expected_value) { 1801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t count = std::count_if(set.begin(), set.end(), [&](const KeyParameter& param) { 1811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return param.tag == tag && accessTagValue(ttag, param) == expected_value; 1821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }); 1831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return count == 1; 1841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <TagType tag_type, Tag tag> 1871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool contains(hidl_vec<KeyParameter>& set, TypedTag<tag_type, tag>) { 1881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t count = std::count_if(set.begin(), set.end(), 1891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](const KeyParameter& param) { return param.tag == tag; }); 1901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return count > 0; 1911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 1921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 1931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenconstexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9' 1971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F' 1981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 1991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f' 2001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 2081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 2091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring hex2str(string a) { 2111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string b; 2121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t num = a.size() / 2; 2131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b.resize(num); 2141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < num; i++) { 2151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); 2161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 2171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return b; 2181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenchar nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', 2211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; 2221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring bin2hex(const hidl_vec<uint8_t>& data) { 2241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string retval; 2251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden retval.reserve(data.size() * 2 + 1); 2261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (uint8_t byte : data) { 2271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden retval.push_back(nibble2hex[0x0F & (byte >> 4)]); 2281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden retval.push_back(nibble2hex[0x0F & byte]); 2291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 2301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return retval; 2311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring rsa_key = hex2str( 2341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30820275020100300d06092a864886f70d01010105000482025f3082025b" 2351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "02010002818100c6095409047d8634812d5a218176e45c41d60a75b13901" 2361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "f234226cffe776521c5a77b9e389417b71c0b6a44d13afe4e4a2805d46c9" 2371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "da2935adb1ff0c1f24ea06e62b20d776430a4d435157233c6f916783c30e" 2381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "310fcbd89b85c2d56771169785ac12bca244abda72bfb19fc44d27c81e1d" 2391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "92de284f4061edfd99280745ea6d2502030100010281801be0f04d9cae37" 2401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "18691f035338308e91564b55899ffb5084d2460e6630257e05b3ceab0297" 2411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "2dfabcd6ce5f6ee2589eb67911ed0fac16e43a444b8c861e544a05933657" 2421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "72f8baf6b22fc9e3c5f1024b063ac080a7b2234cf8aee8f6c47bbf4fd3ac" 2431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "e7240290bef16c0b3f7f3cdd64ce3ab5912cf6e32f39ab188358afcccd80" 2441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "81024100e4b49ef50f765d3b24dde01aceaaf130f2c76670a91a61ae08af" 2451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "497b4a82be6dee8fcdd5e3f7ba1cfb1f0c926b88f88c92bfab137fba2285" 2461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "227b83c342ff7c55024100ddabb5839c4c7f6bf3d4183231f005b31aa58a" 2471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "ffdda5c79e4cce217f6bc930dbe563d480706c24e9ebfcab28a6cdefd324" 2481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "b77e1bf7251b709092c24ff501fd91024023d4340eda3445d8cd26c14411" 2491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "da6fdca63c1ccd4b80a98ad52b78cc8ad8beb2842c1d280405bc2f6c1bea" 2501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "214a1d742ab996b35b63a82a5e470fa88dbf823cdd02401b7b57449ad30d" 2511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1518249a5f56bb98294d4b6ac12ffc86940497a5a5837a6cf946262b4945" 2521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "26d328c11e1126380fde04c24f916dec250892db09a6d77cdba351024077" 2531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "62cd8f4d050da56bd591adb515d24d7ccd32cca0d05f866d583514bd7324" 2541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "d5f33645e8ed8b4a1cb3cc4a1d67987399f2a09f5b3fb68c88d5e5d90ac3" 2551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "3492d6"); 2561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring ec_256_key = hex2str( 2581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "308187020100301306072a8648ce3d020106082a8648ce3d030107046d30" 2591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6b0201010420737c2ecd7b8d1940bf2930aa9b4ed3ff941eed09366bc032" 2601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "99986481f3a4d859a14403420004bf85d7720d07c25461683bc648b4778a" 2611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "9a14dd8a024e3bdd8c7ddd9ab2b528bbc7aa1b51f14ebbbb0bd0ce21bcc4" 2621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1c6eb00083cf3376d11fd44949e0b2183bfe"); 2631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstring ec_521_key = hex2str( 2651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "3081EE020100301006072A8648CE3D020106052B810400230481D63081D3" 2661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "02010104420011458C586DB5DAA92AFAB03F4FE46AA9D9C3CE9A9B7A006A" 2671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "8384BEC4C78E8E9D18D7D08B5BCFA0E53C75B064AD51C449BAE0258D54B9" 2681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "4B1E885DED08ED4FB25CE9A1818903818600040149EC11C6DF0FA122C6A9" 2691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "AFD9754A4FA9513A627CA329E349535A5629875A8ADFBE27DCB932C05198" 2701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6377108D054C28C6F39B6F2C9AF81802F9F326B842FF2E5F3C00AB7635CF" 2711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "B36157FC0882D574A10D839C1A0C049DC5E0D775E2EE50671A208431BB45" 2721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "E78E70BEFE930DB34818EE4D5C26259F5C6B8E28A652950F9F88D7B4B2C9" 2731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "D9"); 2741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstruct RSA_Delete { 2761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void operator()(RSA* p) { RSA_free(p); } 2771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 2781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenX509* parse_cert_blob(const hidl_vec<uint8_t>& blob) { 2801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = blob.data(); 2811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return d2i_X509(nullptr, &p, blob.size()); 2821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 2831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) { 2851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < chain.size() - 1; ++i) { 2861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_Ptr key_cert(parse_cert_blob(chain[i])); 2871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_Ptr signing_cert; 2881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (i < chain.size() - 1) { 2891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signing_cert.reset(parse_cert_blob(chain[i + 1])); 2901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 2911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signing_cert.reset(parse_cert_blob(chain[i])); 2921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 2931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!key_cert.get() && !!signing_cert.get()); 2941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!key_cert.get() || !signing_cert.get()) return false; 2951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 2961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr signing_pubkey(X509_get_pubkey(signing_cert.get())); 2971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!signing_pubkey.get()); 2981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!signing_pubkey.get()) return false; 2991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, X509_verify(key_cert.get(), signing_pubkey.get())) 3011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Verification of certificate " << i << " failed"; 3021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char* cert_issuer = // 3041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_NAME_oneline(X509_get_issuer_name(key_cert.get()), nullptr, 0); 3051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char* signer_subj = 3061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_NAME_oneline(X509_get_subject_name(signing_cert.get()), nullptr, 0); 3071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_STREQ(cert_issuer, signer_subj) << "Cert " << i << " has wrong issuer."; 3081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (i == 0) { 3091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char* cert_sub = X509_NAME_oneline(X509_get_subject_name(key_cert.get()), nullptr, 0); 3101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_STREQ("/CN=Android Keystore Key", cert_sub) 3111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Cert " << i << " has wrong subject."; 3121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden free(cert_sub); 3131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden free(cert_issuer); 3161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden free(signer_subj); 3171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (dump_Attestations) std::cout << bin2hex(chain[i]) << std::endl; 3191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return true; 3221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 3231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// Extract attestation record from cert. Returned object is still part of cert; don't free it 3251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// separately. 3261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenASN1_OCTET_STRING* get_attestation_record(X509* certificate) { 3271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASN1_OBJECT_Ptr oid(OBJ_txt2obj(kAttestionRecordOid, 1 /* dotted string format */)); 3281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!oid.get()); 3291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!oid.get()) return nullptr; 3301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden int location = X509_get_ext_by_OBJ(certificate, oid.get(), -1 /* search from beginning */); 3321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(-1, location) << "Attestation extension not found in certificate"; 3331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (location == -1) return nullptr; 3341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_EXTENSION* attest_rec_ext = X509_get_ext(certificate, location); 3361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!attest_rec_ext) 3371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Found attestation extension but couldn't retrieve it? Probably a BoringSSL bug."; 3381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!attest_rec_ext) return nullptr; 3391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASN1_OCTET_STRING* attest_rec = X509_EXTENSION_get_data(attest_rec_ext); 3411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!attest_rec) << "Attestation extension contained no data"; 3421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return attest_rec; 3431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 3441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool tag_in_list(const KeyParameter& entry) { 3461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Attestations don't contain everything in key authorization lists, so we need to filter 3471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // the key lists to produce the lists that we expect to match the attestations. 3481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto tag_list = { 3491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, 3501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Tag::EC_CURVE /* Tag::EC_CURVE will be included by KM2 implementations */, 3511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 3521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return std::find(tag_list.begin(), tag_list.end(), entry.tag) != tag_list.end(); 3531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 3541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenAuthorizationSet filter_tags(const AuthorizationSet& set) { 3561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet filtered; 3571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden std::remove_copy_if(set.begin(), set.end(), std::back_inserter(filtered), tag_in_list); 3581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return filtered; 3591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 3601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstd::string make_string(const uint8_t* data, size_t length) { 3621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return std::string(reinterpret_cast<const char*>(data), length); 3631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 3641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentemplate <size_t N> 3661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstd::string make_string(const uint8_t (&a)[N]) { 3671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return make_string(a, N); 3681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 3691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenclass HidlBuf : public hidl_vec<uint8_t> { 3711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden typedef hidl_vec<uint8_t> super; 3721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden public: 3741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf() {} 3751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf(const super& other) : super(other) {} 3761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf(super&& other) : super(std::move(other)) {} 3771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden explicit HidlBuf(const std::string& other) : HidlBuf() { *this = other; } 3781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf& operator=(const super& other) { 3801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden super::operator=(other); 3811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return *this; 3821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf& operator=(super&& other) { 3851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden super::operator=(std::move(other)); 3861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return *this; 3871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf& operator=(const string& other) { 3901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden resize(other.size()); 3911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < other.size(); ++i) { 3921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden (*this)[i] = static_cast<uint8_t>(other[i]); 3931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return *this; 3951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 3961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 3971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string to_string() const { return string(reinterpret_cast<const char*>(data()), size()); } 3981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 3991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenconstexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF; 4011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace 4031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenclass KeymasterHidlEnvironment : public ::testing::VtsHalHidlTargetTestEnvBase { 4051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden public: 4061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // get the test environment singleton 4071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static KeymasterHidlEnvironment* Instance() { 4081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static KeymasterHidlEnvironment* instance = new KeymasterHidlEnvironment; 4091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return instance; 4101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void registerTestServices() override { registerTestService<IKeymaster>(); } 4131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden private: 4151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeymasterHidlEnvironment(){}; 4161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GTEST_DISALLOW_COPY_AND_ASSIGN_(KeymasterHidlEnvironment); 4181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 4191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenclass KeymasterHidlTest : public ::testing::VtsHalHidlTargetTestBase { 4211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden public: 4221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void TearDown() override { 4231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (key_blob_.size()) { 4241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 4251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AbortIfNeeded(); 4271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // SetUpTestCase runs only once per test case, not once per test. 4301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static void SetUpTestCase() { 4311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string service_name = KeymasterHidlEnvironment::Instance()->getServiceName<IKeymaster>(); 4321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden keymaster_ = ::testing::VtsHalHidlTargetTestBase::getService<IKeymaster>(service_name); 4331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_NE(keymaster_, nullptr); 4341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(keymaster_ 4361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->getHardwareInfo([&](bool is_secure, const hidl_string& name, 4371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const hidl_string& author) { 4381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden is_secure_ = is_secure; 4391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden name_ = name; 4401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden author_ = author; 4411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 4421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 4431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden os_version_ = ::keymaster::GetOsVersion(); 4451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden os_patch_level_ = ::keymaster::GetOsPatchlevel(); 4461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static void TearDownTestCase() { keymaster_.clear(); } 4491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static IKeymaster& keymaster() { return *keymaster_; } 4511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static uint32_t os_version() { return os_version_; } 4521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static uint32_t os_patch_level() { return os_patch_level_; } 4531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob, 4551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics* key_characteristics) { 4561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug"; 4571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, key_blob->size()) << "Key blob not empty before generating key. Test bug."; 4581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(key_characteristics, nullptr) 4591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Previous characteristics not deleted before generating key. Test bug."; 4601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error; 4621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(keymaster_ 4631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->generateKey(key_desc.hidl_data(), 4641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob, 4651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const KeyCharacteristics& hidl_key_characteristics) { 4661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error; 4671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *key_blob = hidl_key_blob; 4681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *key_characteristics = hidl_key_characteristics; 4691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 4701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 4711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // On error, blob & characteristics should be empty. 4721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 4731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, key_blob->size()); 4741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() + 4751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics->hardwareEnforced.size())); 4761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 4781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode GenerateKey(const AuthorizationSet& key_desc) { 4811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return GenerateKey(key_desc, &key_blob_, &key_characteristics_); 4821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 4831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 4841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format, 4851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string& key_material, HidlBuf* key_blob, 4861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics* key_characteristics) { 4871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error; 4881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(keymaster_ 4891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->importKey(key_desc.hidl_data(), format, HidlBuf(key_material), 4901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob, 4911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const KeyCharacteristics& hidl_key_characteristics) { 4921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error; 4931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *key_blob = hidl_key_blob; 4941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *key_characteristics = hidl_key_characteristics; 4951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 4961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 4971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // On error, blob & characteristics should be empty. 4981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 4991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, key_blob->size()); 5001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, (key_characteristics->softwareEnforced.size() + 5011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics->hardwareEnforced.size())); 5021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 5041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format, 5071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string& key_material) { 5081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return ImportKey(key_desc, format, key_material, &key_blob_, &key_characteristics_); 5091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode ExportKey(KeyFormat format, const HidlBuf& key_blob, const HidlBuf& client_id, 5121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const HidlBuf& app_data, HidlBuf* key_material) { 5131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error; 5141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 5151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden keymaster_ 5161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->exportKey(format, key_blob, client_id, app_data, 5171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error_code, const HidlBuf& hidl_key_material) { 5181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error_code; 5191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *key_material = hidl_key_material; 5201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 5211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 5221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // On error, blob should be empty. 5231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 5241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, key_material->size()); 5251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 5271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode ExportKey(KeyFormat format, HidlBuf* key_material) { 5301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf client_id, app_data; 5311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return ExportKey(format, key_blob_, client_id, app_data, key_material); 5321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode DeleteKey(HidlBuf* key_blob, bool keep_key_blob = false) { 5351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto rc = keymaster_->deleteKey(*key_blob); 5361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!keep_key_blob) *key_blob = HidlBuf(); 5371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR; 5381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return rc; 5391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode DeleteKey(bool keep_key_blob = false) { return DeleteKey(&key_blob_, keep_key_blob); } 5421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode DeleteAllKeys() { 5441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = keymaster_->deleteAllKeys(); 5451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 5461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob = false) { 5491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto rc = DeleteKey(key_blob, keep_key_blob); 5501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED); 5511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckedDeleteKey() { CheckedDeleteKey(&key_blob_); } 5541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id, 5561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const HidlBuf& app_data, KeyCharacteristics* key_characteristics) { 5571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = ErrorCode::UNKNOWN_ERROR; 5581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 5591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden keymaster_ 5601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->getKeyCharacteristics( 5611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob, client_id, app_data, 5621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error, const KeyCharacteristics& hidl_key_characteristics) { 5631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error, *key_characteristics = hidl_key_characteristics; 5641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 5651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 5661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 5671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode GetCharacteristics(const HidlBuf& key_blob, KeyCharacteristics* key_characteristics) { 5701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf client_id, app_data; 5711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return GetCharacteristics(key_blob, client_id, app_data, key_characteristics); 5721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Begin(KeyPurpose purpose, const HidlBuf& key_blob, const AuthorizationSet& in_params, 5751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet* out_params, OperationHandle* op_handle) { 5761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Begin"); 5771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error; 5781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden OperationHandle saved_handle = *op_handle; 5791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 5801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden keymaster_ 5811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->begin(purpose, key_blob, in_params.hidl_data(), HardwareAuthToken(), 5821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params, 5831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint64_t hidl_op_handle) { 5841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error; 5851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *out_params = hidl_out_params; 5861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *op_handle = hidl_op_handle; 5871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 5881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 5891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 5901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Some implementations may modify *op_handle on error. 5911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *op_handle = saved_handle; 5921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 5941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 5951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 5961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params, 5971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet* out_params) { 5981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Begin"); 5991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(kOpHandleSentinel, op_handle_); 6001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return Begin(purpose, key_blob_, in_params, out_params, &op_handle_); 6011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params) { 6041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Begin"); 6051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 6061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = Begin(purpose, in_params, &out_params); 6071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(out_params.empty()); 6081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Update(OperationHandle op_handle, const AuthorizationSet& in_params, 6121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string& input, AuthorizationSet* out_params, string* output, 6131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t* input_consumed) { 6141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Update"); 6151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error; 6161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(keymaster_ 6171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->update(op_handle, in_params.hidl_data(), HidlBuf(input), 6181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HardwareAuthToken(), 6191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error, uint32_t hidl_input_consumed, 6201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const hidl_vec<KeyParameter>& hidl_out_params, 6211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const HidlBuf& hidl_output) { 6221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error; 6231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params->push_back(AuthorizationSet(hidl_out_params)); 6241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden output->append(hidl_output.to_string()); 6251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *input_consumed = hidl_input_consumed; 6261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 6271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 6281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Update(const string& input, string* out, size_t* input_consumed) { 6321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Update"); 6331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 6341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = Update(op_handle_, AuthorizationSet() /* in_params */, input, &out_params, 6351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out, input_consumed); 6361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(out_params.empty()); 6371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Finish(OperationHandle op_handle, const AuthorizationSet& in_params, 6411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string& input, const string& signature, AuthorizationSet* out_params, 6421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string* output) { 6431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Finish"); 6441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error; 6451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 6461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden keymaster_ 6471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ->finish(op_handle, in_params.hidl_data(), HidlBuf(input), HidlBuf(signature), 6481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HardwareAuthToken(), 6491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error, const hidl_vec<KeyParameter>& hidl_out_params, 6501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const HidlBuf& hidl_output) { 6511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error; 6521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *out_params = hidl_out_params; 6531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden output->append(hidl_output.to_string()); 6541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) 6551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .isOk()); 6561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort(). 6571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Finish(const string& message, string* output) { 6611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Finish"); 6621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 6631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string finish_output; 6641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, 6651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "" /* signature */, &out_params, output); 6661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 6671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, out_params.size()); 6701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Finish(const string& message, const string& signature, string* output) { 6741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Finish"); 6751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 6761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = Finish(op_handle_, AuthorizationSet() /* in_params */, message, signature, 6771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &out_params, output); 6781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; // So dtor doesn't Abort(). 6791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 6801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, out_params.size()); 6831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 6841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode Abort(OperationHandle op_handle) { 6871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("Abort"); 6881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto retval = keymaster_->abort(op_handle); 6891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(retval.isOk()); 6901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return retval; 6911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 6931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void AbortIfNeeded() { 6941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("AbortIfNeeded"); 6951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (op_handle_ != kOpHandleSentinel) { 6961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Abort(op_handle_)); 6971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; 6981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 6991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode AttestKey(const HidlBuf& key_blob, const AuthorizationSet& attest_params, 7021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>>* cert_chain) { 7031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("AttestKey"); 7041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error; 7051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto rc = keymaster_->attestKey( 7061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob, attest_params.hidl_data(), 7071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode hidl_error, const hidl_vec<hidl_vec<uint8_t>>& hidl_cert_chain) { 7081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden error = hidl_error; 7091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden *cert_chain = hidl_cert_chain; 7101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }); 7111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(rc.isOk()) << rc.description(); 7131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!rc.isOk()) return ErrorCode::UNKNOWN_ERROR; 7141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return error; 7161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode AttestKey(const AuthorizationSet& attest_params, 7191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>>* cert_chain) { 7201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("AttestKey"); 7211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return AttestKey(key_blob_, attest_params, cert_chain); 7221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ProcessMessage(const HidlBuf& key_blob, KeyPurpose operation, const string& message, 7251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AuthorizationSet& in_params, AuthorizationSet* out_params) { 7261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("ProcessMessage"); 7271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 7281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 7291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_)); 7301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string unused; 7321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_params; 7331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 7341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string output; 7351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 7361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, finish_params, message, unused, &finish_out_params, &output)); 7371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; 7381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params->push_back(begin_out_params); 7401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params->push_back(finish_out_params); 7411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return output; 7421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string SignMessage(const HidlBuf& key_blob, const string& message, 7451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AuthorizationSet& params) { 7461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("SignMessage"); 7471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 7481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = ProcessMessage(key_blob, KeyPurpose::SIGN, message, params, &out_params); 7491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(out_params.empty()); 7501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return signature; 7511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string SignMessage(const string& message, const AuthorizationSet& params) { 7541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("SignMessage"); 7551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return SignMessage(key_blob_, message, params); 7561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string MacMessage(const string& message, Digest digest, size_t mac_length) { 7591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("MacMessage"); 7601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return SignMessage( 7611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob_, message, 7621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(digest).Authorization(TAG_MAC_LENGTH, mac_length)); 7631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckHmacTestVector(const string& key, const string& message, Digest digest, 7661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string& expected_mac) { 7671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("CheckHmacTestVector"); 7681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 7691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 7701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 7711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(key.size() * 8) 7721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, expected_mac.size() * 8) 7731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digest), 7741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key)); 7751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = MacMessage(message, digest, expected_mac.size() * 8); 7761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(expected_mac, signature) 7771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Test vector didn't match for key of size " << key.size() << " message of size " 7781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << message.size() << " and digest " << digest; 7791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 7801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 7811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message, 7831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string& expected_ciphertext) { 7841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("CheckAesCtrTestVector"); 7851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 7861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 7871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(key.size() * 8) 7881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 7891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_CALLER_NONCE) 7901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE), 7911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key)); 7921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 7931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 7941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, nonce.data(), nonce.size()) 7951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 7961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE); 7971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 7981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(key_blob_, message, params, &out_params); 7991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(expected_ciphertext, ciphertext); 8001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void VerifyMessage(const HidlBuf& key_blob, const string& message, const string& signature, 8031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AuthorizationSet& params) { 8041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("VerifyMessage"); 8051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 8061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 8071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_)); 8081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string unused; 8101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_params; 8111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 8121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string output; 8131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, signature, 8141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &output)); 8151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; 8161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(output.empty()); 8171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void VerifyMessage(const string& message, const string& signature, 8201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AuthorizationSet& params) { 8211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("VerifyMessage"); 8221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(key_blob_, message, signature, params); 8231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string EncryptMessage(const HidlBuf& key_blob, const string& message, 8261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AuthorizationSet& in_params, AuthorizationSet* out_params) { 8271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("EncryptMessage"); 8281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return ProcessMessage(key_blob, KeyPurpose::ENCRYPT, message, in_params, out_params); 8291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string EncryptMessage(const string& message, const AuthorizationSet& params, 8321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet* out_params) { 8331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("EncryptMessage"); 8341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return EncryptMessage(key_blob_, message, params, out_params); 8351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string EncryptMessage(const string& message, const AuthorizationSet& params) { 8381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("EncryptMessage"); 8391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 8401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params, &out_params); 8411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(out_params.empty()) 8421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Output params should be empty. Contained: " << out_params; 8431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return ciphertext; 8441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string DecryptMessage(const HidlBuf& key_blob, const string& ciphertext, 8471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AuthorizationSet& params) { 8481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("DecryptMessage"); 8491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 8501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = 8511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ProcessMessage(key_blob, KeyPurpose::DECRYPT, ciphertext, params, &out_params); 8521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(out_params.empty()); 8531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return plaintext; 8541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string DecryptMessage(const string& ciphertext, const AuthorizationSet& params) { 8571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("DecryptMessage"); 8581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return DecryptMessage(key_blob_, ciphertext, params); 8591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden std::pair<ErrorCode, HidlBuf> UpgradeKey(const HidlBuf& key_blob) { 8621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden std::pair<ErrorCode, HidlBuf> retval; 8631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden keymaster_->upgradeKey(key_blob, hidl_vec<KeyParameter>(), 8641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden [&](ErrorCode error, const hidl_vec<uint8_t>& upgraded_blob) { 8651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden retval = std::tie(error, upgraded_blob); 8661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }); 8671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return retval; 8681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 8691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static bool IsSecure() { return is_secure_; } 8711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf key_blob_; 8731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics key_characteristics_; 8741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden OperationHandle op_handle_ = kOpHandleSentinel; 8751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden private: 8771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static sp<IKeymaster> keymaster_; 8781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static uint32_t os_version_; 8791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static uint32_t os_patch_level_; 8801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static bool is_secure_; 8821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static hidl_string name_; 8831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden static hidl_string author_; 8841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 8851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool verify_attestation_record(const string& challenge, const string& app_id, 8871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet expected_sw_enforced, 8881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet expected_tee_enforced, 8891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const hidl_vec<uint8_t>& attestation_cert) { 8901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden X509_Ptr cert(parse_cert_blob(attestation_cert)); 8911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!cert.get()); 8921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!cert.get()) return false; 8931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get()); 8951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(!!attest_rec); 8961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!attest_rec) return false; 8971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 8981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet att_sw_enforced; 8991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet att_tee_enforced; 9001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint32_t att_attestation_version; 9011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint32_t att_keymaster_version; 9021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SecurityLevel att_attestation_security_level; 9031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SecurityLevel att_keymaster_security_level; 9041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf att_challenge; 9051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf att_unique_id; 9061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf att_app_id; 9071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 9081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden parse_attestation_record(attest_rec->data, // 9091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden attest_rec->length, // 9101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_attestation_version, // 9111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_attestation_security_level, // 9121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_keymaster_version, // 9131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_keymaster_security_level, // 9141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_challenge, // 9151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_sw_enforced, // 9161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_tee_enforced, // 9171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &att_unique_id)); 9181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(att_attestation_version == 1 || att_attestation_version == 2); 9201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, HidlBuf(app_id)); 9221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GE(att_keymaster_version, 3U); 9241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT 9251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden : SecurityLevel::SOFTWARE, 9261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_keymaster_security_level); 9271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT 9281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden : SecurityLevel::SOFTWARE, 9291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_attestation_security_level); 9301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(challenge.length(), att_challenge.size()); 9321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); 9331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_sw_enforced.Sort(); 9351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden expected_sw_enforced.Sort(); 9361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(filter_tags(expected_sw_enforced), filter_tags(att_sw_enforced)); 9371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden att_tee_enforced.Sort(); 9391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden expected_tee_enforced.Sort(); 9401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(filter_tags(expected_tee_enforced), filter_tags(att_tee_enforced)); 9411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return true; 9431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 9441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdensp<IKeymaster> KeymasterHidlTest::keymaster_; 9461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenuint32_t KeymasterHidlTest::os_version_; 9471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenuint32_t KeymasterHidlTest::os_patch_level_; 9481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenbool KeymasterHidlTest::is_secure_; 9491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenhidl_string KeymasterHidlTest::name_; 9501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenhidl_string KeymasterHidlTest::author_; 9511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenclass NewKeyGenerationTest : public KeymasterHidlTest { 9531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden protected: 9541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckBaseParams(const KeyCharacteristics& keyCharacteristics) { 9551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // TODO(swillden): Distinguish which params should be in which auth list. 9561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet auths(keyCharacteristics.hardwareEnforced); 9581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auths.push_back(AuthorizationSet(keyCharacteristics.softwareEnforced)); 9591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::GENERATED)); 9611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN)); 9621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::VERIFY)); 9631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verify that App ID, App data and ROT are NOT included. 9651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_ROOT_OF_TRUST)); 9661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_APPLICATION_ID)); 9671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_APPLICATION_DATA)); 9681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Check that some unexpected tags/values are NOT present. 9701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::ENCRYPT)); 9711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::DECRYPT)); 9721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(auths.Contains(TAG_AUTH_TIMEOUT, 301U)); 9731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now check that unspecified, defaulted tags are correct. 9751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_CREATION_DATETIME)); 9761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version())) 9781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "OS version is " << os_version() << " key reported " 9791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << auths.GetTagValue(TAG_OS_VERSION); 9801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level())) 9811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "OS patch level is " << os_patch_level() << " key reported " 9821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << auths.GetTagValue(TAG_OS_PATCHLEVEL); 9831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 9841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckCharacteristics(const HidlBuf& key_blob, 9861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const KeyCharacteristics& key_characteristics) { 9871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics retrieved_chars; 9881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GetCharacteristics(key_blob, &retrieved_chars)); 9891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(key_characteristics, retrieved_chars); 9901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 9911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 9921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 9931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 9941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.Rsa 9951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 9961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster can generate all required RSA key sizes, and that the resulting keys have 9971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct characteristics. 9981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 9991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, Rsa) { 10001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (uint32_t key_size : {1024, 2048, 3072, 4096}) { 10011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf key_blob; 10021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics key_characteristics; 10031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 10041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(key_size, 3) 10051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 10061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE), 10071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &key_blob, &key_characteristics)); 10081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_GT(key_blob.size(), 0U); 10101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckBaseParams(key_characteristics); 10111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob, key_characteristics); 10121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet crypto_params; 10141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 10151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.hardwareEnforced; 10161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 10171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.softwareEnforced; 10181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 10191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::RSA)); 10211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) 10221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 10231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 3U)); 10241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&key_blob); 10261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 10271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.RsaNoDefaultSize 10311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that failing to specify a key size for RSA key generation returns UNSUPPORTED_KEY_SIZE. 10331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, RsaNoDefaultSize) { 10351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 10361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 10371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::RSA) 10381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3U) 10391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey())); 10401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.Ecdsa 10441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster can generate all required EC key sizes, and that the resulting keys have 10461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct characteristics. 10471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, Ecdsa) { 10491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (uint32_t key_size : {224, 256, 384, 521}) { 10501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf key_blob; 10511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics key_characteristics; 10521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 10531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 10541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE), 10551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &key_blob, &key_characteristics)); 10561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_GT(key_blob.size(), 0U); 10571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckBaseParams(key_characteristics); 10581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob, key_characteristics); 10591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet crypto_params; 10611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 10621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.hardwareEnforced; 10631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 10641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden crypto_params = key_characteristics.softwareEnforced; 10651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 10661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::EC)); 10681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) 10691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 10701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&key_blob); 10721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 10731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaDefaultSize 10771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that failing to specify a key size for EC key generation returns UNSUPPORTED_KEY_SIZE. 10791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaDefaultSize) { 10811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 10821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 10831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::EC) 10841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey() 10851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 10861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 10891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaInvalidSize 10901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 10911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that failing to specify an invalid key size for EC key generation returns 10921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * UNSUPPORTED_KEY_SIZE. 10931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 10941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaInvalidSize) { 10951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 10961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(Digest::NONE))); 10971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 10981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 10991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaMismatchKeySize 11011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that specifying mismatched key size and curve for EC key generation returns 11031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * INVALID_ARGUMENT. 11041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaMismatchKeySize) { 11061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INVALID_ARGUMENT, 11071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 11081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(224) 11091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_EC_CURVE, EcCurve::P_256) 11101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 11111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaAllValidSizes 11151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all required EC key sizes. 11171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaAllValidSizes) { 11191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t valid_sizes[] = {224, 256, 384, 521}; 11201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t size : valid_sizes) { 11211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 11221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(Digest::NONE))) 11231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate size: " << size; 11241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 11251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 11261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 11271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.EcdsaAllValidCurves 11311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all required EC curves. 11331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, EcdsaAllValidCurves) { 11351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden V4_0::EcCurve curves[] = {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521}; 11361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (V4_0::EcCurve curve : curves) { 11371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 11381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 11391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(curve).Digest(Digest::SHA_2_512))) 11401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate key on curve: " << curve; 11411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 11421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 11431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 11441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.Hmac 11481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all required digests, and that the resulting keys have correct 11501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * characteristics. 11511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, Hmac) { 11531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : {Digest::MD5, Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, 11541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA_2_384, Digest::SHA_2_512}) { 11551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf key_blob; 11561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics key_characteristics; 11571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden constexpr size_t key_size = 128; 11581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 11591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 11601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().HmacKey(key_size).Digest(digest).Authorization( 11611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden TAG_MIN_MAC_LENGTH, 128), 11621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &key_blob, &key_characteristics)); 11631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_GT(key_blob.size(), 0U); 11651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckBaseParams(key_characteristics); 11661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob, key_characteristics); 11671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced = key_characteristics.hardwareEnforced; 11691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet softwareEnforced = key_characteristics.softwareEnforced; 11701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 11711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(hardwareEnforced.Contains(TAG_ALGORITHM, Algorithm::HMAC)); 11721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(hardwareEnforced.Contains(TAG_KEY_SIZE, key_size)) 11731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 11741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 11751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(softwareEnforced.Contains(TAG_ALGORITHM, Algorithm::HMAC)); 11761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(softwareEnforced.Contains(TAG_KEY_SIZE, key_size)) 11771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Key size " << key_size << "missing"; 11781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 11791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&key_blob); 11811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 11821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 11831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 11841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 11851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacCheckKeySizes 11861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 11871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all key sizes, and rejects all invalid key sizes. 11881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 11891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacCheckKeySizes) { 11901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t key_size = 0; key_size <= 512; ++key_size) { 11911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (key_size < 64 || key_size % 8 != 0) { 11921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // To keep this test from being very slow, we only test a random fraction of non-byte 11931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // key sizes. We test only ~10% of such cases. Since there are 392 of them, we expect 11941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // to run ~40 of them in each run. 11951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (key_size % 8 == 0 || random() % 10 == 0) { 11961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, 11971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 11981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(key_size) 11991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 12001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256))) 12011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "HMAC key size " << key_size << " invalid"; 12021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 12031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 12041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 12051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(key_size) 12061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 12071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256))) 12081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate HMAC key of size " << key_size; 12091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 12101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 12111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 12121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 12131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 12141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 12161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacCheckMinMacLengths 12171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 12181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster supports all required MAC lengths and rejects all invalid lengths. This 12191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * test is probabilistic in order to keep the runtime down, but any failure prints out the specific 12201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * MAC length that failed, so reproducing a failed run will be easy. 12211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 12221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacCheckMinMacLengths) { 12231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t min_mac_length = 0; min_mac_length <= 256; ++min_mac_length) { 12241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (min_mac_length < 64 || min_mac_length % 8 != 0) { 12251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // To keep this test from being very long, we only test a random fraction of non-byte 12261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // lengths. We test only ~10% of such cases. Since there are 172 of them, we expect to 12271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // run ~17 of them in each run. 12281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (min_mac_length % 8 == 0 || random() % 10 == 0) { 12291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH, 12301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 12311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 12321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 12331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, min_mac_length))) 12341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "HMAC min mac length " << min_mac_length << " invalid."; 12351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 12361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 12371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 12381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 12391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 12401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 12411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, min_mac_length))) 12421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to generate HMAC key with min MAC length " << min_mac_length; 12431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCharacteristics(key_blob_, key_characteristics_); 12441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 12451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 12461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 12471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 12481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 12501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacMultipleDigests 12511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 12521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects HMAC key generation with multiple specified digest algorithms. 12531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 12541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacMultipleDigests) { 12551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, 12561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 12571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 12581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1) 12591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 12601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 12611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 12621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 12641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * NewKeyGenerationTest.HmacDigestNone 12651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 12661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects HMAC key generation with no digest or Digest::NONE 12671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 12681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(NewKeyGenerationTest, HmacDigestNone) { 12691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 12701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::UNSUPPORTED_DIGEST, 12711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder().HmacKey(128).Authorization(TAG_MIN_MAC_LENGTH, 128))); 12721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, 12741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 12751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 12761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 12771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 12781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 12791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest SigningOperationsTest; 12811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 12831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaSuccess 12841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 12851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA signature operations succeed. 12861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 12871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaSuccess) { 12881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 12891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 12901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 12911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 12921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 12931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 12941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 12951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 12961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 12971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 12981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 12991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssSha256Success 13001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-PSS signature operations succeed. 13021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 13031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPssSha256Success) { 13041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 13051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 13061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 13071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS) 13081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 13091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Use large message, which won't work without digesting. 13101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 13111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 13121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS)); 13131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 13141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 13161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPaddingNoneDoesNotAllowOther 13171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects signature operations that specify a padding mode when the key 13191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * supports only unpadded operations. 13201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 13211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) { 13221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 13231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 13241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 13251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 13261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 13271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 13281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature; 13291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, 13311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 13321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 13331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 13341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 13351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 13371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPkcs1Sha256Success 13381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that digested RSA-PKCS1 signature operations succeed. 13401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 13411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) { 13421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 13431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 13441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 13451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 13461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 13471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 13481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, AuthorizationSetBuilder() 13491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 13501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); 13511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 13521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 13541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPkcs1NoDigestSuccess 13551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that undigested RSA-PKCS1 signature operations succeed. 13571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 13581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPkcs1NoDigestSuccess) { 13591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 13601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 13611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 13621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 13631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 13641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(53, 'a'); 13651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 13661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, 13671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); 13681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 13691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 13711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPkcs1NoDigestTooLarge 13721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that undigested RSA-PKCS1 signature operations fail with the correct error code when 13741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * given a too-long message. 13751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 13761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPkcs1NoDigestTooLong) { 13771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 13781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 13791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 13801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 13811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 13821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(129, 'a'); 13831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 13851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 13861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 13871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 13881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature; 13891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &signature)); 13901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 13911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 13921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 13931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssSha512TooSmallKey 13941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that undigested RSA-PSS signature operations fail with the correct error code when 13961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * used with a key that is too small for the message. 13971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 13981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * A PSS-padded message is of length salt_size + digest_size + 16 (sizes in bits), and the keymaster 13991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * specification requires that salt_size == digest_size, so the message will be digest_size * 2 + 14001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16. Such a message can only be signed by a given key if the key is at least that size. This test 14011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * uses SHA512, which has a digest_size == 512, so the message size is 1040 bits, too large for a 14021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 1024-bit key. 14031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 14041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaPssSha512TooSmallKey) { 14051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 14061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 14071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_512) 14081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 14091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS))); 14101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 14111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::INCOMPATIBLE_DIGEST, 14121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 14131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_512).Padding(PaddingMode::RSA_PSS))); 14141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 14151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 14171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaNoPaddingTooLong 14181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 14191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA signature operations fail with the correct error code when 14201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * given a too-long message. 14211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 14221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaNoPaddingTooLong) { 14231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 14241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 14251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 14261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 14271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 14281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // One byte too long 14291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 + 1, 'a'); 14301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 14311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 14321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 14331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 14341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 14351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode finish_error_code = Finish(message, &result); 14361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_error_code == ErrorCode::INVALID_INPUT_LENGTH || 14371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_error_code == ErrorCode::INVALID_ARGUMENT); 14381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Very large message that should exceed the transfer buffer size of any reasonable TEE. 14401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = string(128 * 1024, 'a'); 14411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 14421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 14431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 14441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 14451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_error_code = Finish(message, &result); 14461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_error_code == ErrorCode::INVALID_INPUT_LENGTH || 14471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_error_code == ErrorCode::INVALID_ARGUMENT); 14481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 14491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 14511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaAbort 14521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 14531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that operations can be aborted correctly. Uses an RSA signing operation for the test, 14541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * but the behavior should be algorithm and purpose-independent. 14551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 14561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaAbort) { 14571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 14581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 14591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 14601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 14611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 14621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 14641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 14651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))); 14661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Abort(op_handle_)); 14671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Another abort should fail 14691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_OPERATION_HANDLE, Abort(op_handle_)); 14701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Set to sentinel, so TearDown() doesn't try to abort again. 14721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; 14731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 14741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 14761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaUnsupportedPadding 14771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 14781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA operations fail with the correct error (but key gen succeeds) when used with a 14791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * padding mode inappropriate for RSA. 14801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 14811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaUnsupportedPadding) { 14821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 14831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 14841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 14851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256 /* supported digest */) 14861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 14871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ( 14881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::UNSUPPORTED_PADDING_MODE, 14891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 14901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::PKCS7))); 14911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 14921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 14931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 14941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssNoDigest 14951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 14961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA PSS operations fail when no digest is used. PSS requires a digest. 14971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 14981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaNoDigest) { 14991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 15001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 15011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 15031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS))); 15041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, 15051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 15061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::RSA_PSS))); 15071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, 15091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Padding(PaddingMode::RSA_PSS))); 15101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaPssNoDigest 15141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA operations fail when no padding mode is specified. PaddingMode::NONE is 15161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * supported in some cases (as validated in other tests), but a mode must be specified. 15171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaNoPadding) { 15191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Padding must be specified 15201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 15211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaKey(1024, 3) 15221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey() 15241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 15251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PADDING_MODE, 15261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE))); 15271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaShortMessage 15311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA signatures succeed with a message shorter than the key size. 15331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaTooShortMessage) { 15351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 15361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 15381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 15391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 15401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Barely shorter 15421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 - 1, 'a'); 15431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 15441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Much shorter 15461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = "a"; 15471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 15481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaSignWithEncryptionKey 15521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA encryption keys cannot be used to sign. 15541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaSignWithEncryptionKey) { 15561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 15571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 15591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 15601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 15611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, 15621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, 15631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))); 15641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.RsaSignTooLargeMessage 15681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting a raw signature of a message which is the same length as the key, but 15701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * numerically larger than the public modulus, fails with the correct error. 15711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, RsaSignTooLargeMessage) { 15731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 15741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 15761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 15771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 15781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Largest possible message will always be larger than the public modulus. 15801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8, static_cast<char>(0xff)); 15811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() 15821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 15831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 15841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 15851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature; 15861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &signature)); 15871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 15881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 15891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 15901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.EcdsaAllSizesAndHashes 15911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 15921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that ECDSA operations succeed with all possible key sizes and hashes. 15931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 15941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, EcdsaAllSizesAndHashes) { 15951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto key_size : {224, 256, 384, 521}) { 15961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : { 15971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384, 15981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA_2_512, 15991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }) { 16001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = GenerateKey(AuthorizationSetBuilder() 16011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 16021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(key_size) 16031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digest)); 16041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with size " << key_size 16051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << " and digest " << digest; 16061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) continue; 16071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 16091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (digest == Digest::NONE) message.resize(key_size / 8); 16101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(digest)); 16111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 16121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.EcdsaAllCurves 16181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that ECDSA operations succeed with all possible curves. 16201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, EcdsaAllCurves) { 16221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto curve : {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521}) { 16231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = GenerateKey(AuthorizationSetBuilder() 16241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 16251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(curve) 16261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256)); 16271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with curve " << curve; 16281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) continue; 16291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024, 'a'); 16311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); 16321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 16331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.EcdsaNoDigestHugeData 16381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that ECDSA operations support very large messages, even without digesting. This should 16401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * work because ECDSA actually only signs the leftmost L_n bits of the message, however large it may 16411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * be. Not using digesting is a bad idea, but in some cases digesting is done by the framework. 16421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, EcdsaNoDigestHugeData) { 16441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 16451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 16461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(224) 16471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 16481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(2 * 1024, 'a'); 16491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE)); 16501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.AesEcbSign 16541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempts to use AES keys to sign fail in the correct way. 16561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, AesEcbSign) { 16581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 16591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 16601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .SigningKey() 16611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 16621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB))); 16631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 16651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, 16661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, AuthorizationSet() /* in_params */, &out_params)); 16671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, 16681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, AuthorizationSet() /* in_params */, &out_params)); 16691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacAllDigests 16731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that HMAC works with all digests. 16751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacAllDigests) { 16771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384, 16781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA_2_512}) { 16791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 16801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 16811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 16821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digest) 16831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 160))) 16841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to create HMAC key with digest " << digest; 16851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 16861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = MacMessage(message, digest, 160); 16871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(160U / 8U, signature.size()) 16881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Failed to sign with HMAC key with digest " << digest; 16891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 16901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 16911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 16921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 16931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 16941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacSha256TooLargeMacLength 16951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 16961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that HMAC fails in the correct way when asked to generate a MAC larger than the digest 16971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * size. 16981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 16991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacSha256TooLargeMacLength) { 17001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 17011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 17021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 17031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 17041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256))); 17051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet output_params; 17061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 17071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::UNSUPPORTED_MAC_LENGTH, 17081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin( 17091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyPurpose::SIGN, key_blob_, 17101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Authorization(TAG_MAC_LENGTH, 264), 17111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &output_params, &op_handle_)); 17121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacSha256TooSmallMacLength 17161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that HMAC fails in the correct way when asked to generate a MAC smaller than the 17181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * specified minimum MAC length. 17191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacSha256TooSmallMacLength) { 17211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 17221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 17231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 17241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 17251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 17261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet output_params; 17271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 17281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::INVALID_MAC_LENGTH, 17291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin( 17301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyPurpose::SIGN, key_blob_, 17311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Authorization(TAG_MAC_LENGTH, 120), 17321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &output_params, &op_handle_)); 17331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase3 17371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 3. 17391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase3) { 17411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(20, 0xaa); 17421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(50, 0xdd); 17431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 17441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6, 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a, 17451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xd2, 0x64, 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1, 0xec, 0x83, 0x33, 0xea, 17461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 17481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, 0x85, 0x4d, 0xb8, 17491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xeb, 0xd0, 0x91, 0x81, 0xa7, 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 17501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc1, 0x22, 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe, 17511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 17531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a, 0x0a, 0xa2, 0xac, 0xe0, 17541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x14, 0xc8, 0xa8, 0x6f, 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb, 17551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b, 0x2a, 0x5a, 0xb3, 0x9d, 17561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc1, 0x38, 0x14, 0xb9, 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27, 17571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 17591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84, 0xef, 0xb0, 0xf0, 0x75, 0x6c, 17601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x89, 0x0b, 0xe9, 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36, 0x55, 0xf8, 17611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39, 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22, 17621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc8, 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07, 0xb9, 0x46, 0xa3, 0x37, 17631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xbe, 0xe8, 0x94, 0x26, 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb, 17641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 17671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 17681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 17691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 17701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 17711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 17731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase5 17741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 17751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 5. 17761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 17771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase5) { 17781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(20, 0x0c); 17791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Test With Truncation"; 17801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 17821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x0e, 0x2a, 0xea, 0x68, 0xa9, 0x0c, 0x8d, 0x37, 17831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc9, 0x88, 0xbc, 0xdb, 0x9f, 0xca, 0x6f, 0xa8, 17841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 17861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0, 17871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b, 17881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 17901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23, 17911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97, 17921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 17941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x41, 0x5f, 0xad, 0x62, 0x71, 0x58, 0x0a, 0x53, 17951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x1d, 0x41, 0x79, 0xbc, 0x89, 0x1d, 0x87, 0xa6, 17961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 17971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 17981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 17991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 18001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 18011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 18021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 18031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 18051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase6 18061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 18071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 6. 18081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 18091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase6) { 18101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(131, 0xaa); 18111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Test Using Larger Than Block-Size Key - Hash Key First"; 18121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 18141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad, 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d, 18151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xbc, 0xe2, 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27, 0x3f, 0xa6, 0x87, 0x0e, 18161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 18181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, 0x0d, 0x8a, 0x26, 18191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 18201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xc5, 0x14, 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54, 18211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 18231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90, 0x88, 0xd2, 0xc6, 0x3a, 18241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x04, 0x1b, 0xc5, 0xb4, 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f, 18251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6, 0x0c, 0x2e, 0xf6, 0xab, 18261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x40, 0x30, 0xfe, 0x82, 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52, 18271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 18291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb, 0xb7, 0x14, 0x93, 0xc1, 0xdd, 18301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x7b, 0xe8, 0xb4, 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1, 0x12, 0x1b, 18311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52, 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, 18321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x98, 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52, 0x95, 0xe6, 0x4f, 0x73, 18331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xf6, 0x3f, 0x0a, 0xec, 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98, 18341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 18371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 18381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 18391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 18401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 18411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 18431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * SigningOperationsTest.HmacRfc4231TestCase7 18441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 18451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Validates against the test vectors from RFC 4231 test case 7. 18461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 18471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(SigningOperationsTest, HmacRfc4231TestCase7) { 18481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key(131, 0xaa); 18491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = 18501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "This is a test using a larger than block-size key and a larger than " 18511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "block-size data. The key needs to be hashed before being used by the HMAC " 18521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "algorithm."; 18531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_224_expected[] = { 18551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02, 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3, 18561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x9d, 0xbd, 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9, 0xf6, 0xf5, 0x65, 0xd1, 18571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_256_expected[] = { 18591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, 0x27, 0x63, 0x5f, 18601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xbc, 0xd5, 0xb0, 0xe9, 0x44, 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 18611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x13, 0x93, 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2, 18621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_384_expected[] = { 18641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d, 0x35, 0x1e, 0x2f, 0x25, 18651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x4e, 0x8f, 0xd3, 0x2c, 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a, 18661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5, 0xa6, 0x78, 0xcc, 0x31, 18671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xe7, 0x99, 0x17, 0x6d, 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e, 18681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden uint8_t sha_512_expected[] = { 18701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba, 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, 18711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x5e, 0x3f, 0xfd, 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86, 0x5d, 0xf5, 18721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44, 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, 18731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xb1, 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15, 0x13, 0x46, 0x76, 0xfb, 18741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x6d, 0xe0, 0x44, 0x60, 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58, 18751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 18761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_224, make_string(sha_224_expected)); 18781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_256, make_string(sha_256_expected)); 18791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_384, make_string(sha_384_expected)); 18801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckHmacTestVector(key, message, Digest::SHA_2_512, make_string(sha_512_expected)); 18811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 18821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest VerificationOperationsTest; 18841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 18851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 18861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.RsaSuccess 18871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 18881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that a simple RSA signature/verification sequence succeeds. 18891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 18901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, RsaSuccess) { 18911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 18921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 18931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 18941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 18951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 18961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 18971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 18981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 18991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, 19001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); 19011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 19021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 19041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.RsaSuccess 19051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 19061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies RSA signature/verification for all padding modes and digests. 19071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 19081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, RsaAllPaddingsAndDigests) { 19091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 19101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden GenerateKey(AuthorizationSetBuilder() 19111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 19121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(2048, 3) 19131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE, Digest::MD5, Digest::SHA1, Digest::SHA_2_224, 19141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512) 19151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 19161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS) 19171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); 19181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(128, 'a'); 19201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_message(message); 19211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupt_message[corrupt_message.size() / 2]; 19221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto padding : 19241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden {PaddingMode::NONE, PaddingMode::RSA_PSS, PaddingMode::RSA_PKCS1_1_5_SIGN}) { 19251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : {Digest::NONE, Digest::MD5, Digest::SHA1, Digest::SHA_2_224, 19261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512}) { 19271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (padding == PaddingMode::NONE && digest != Digest::NONE) { 19281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Digesting only makes sense with padding. 19291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden continue; 19301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 19311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (padding == PaddingMode::RSA_PSS && digest == Digest::NONE) { 19331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // PSS requires digesting. 19341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden continue; 19351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 19361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = 19381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, AuthorizationSetBuilder().Digest(digest).Padding(padding)); 19391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, 19401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(digest).Padding(padding)); 19411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (digest != Digest::NONE) { 19431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verify with OpenSSL. 19441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf pubkey; 19451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &pubkey)); 19461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = pubkey.data(); 19481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size())); 19491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(pkey.get()); 19501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX digest_ctx; 19521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_init(&digest_ctx); 19531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_CTX* pkey_ctx; 19541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const EVP_MD* md = openssl_digest(digest); 19551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_NE(md, nullptr); 19561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, md, nullptr /* engine */, 19571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden pkey.get())); 19581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (padding) { 19601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case PaddingMode::RSA_PSS: 19611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GT(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING), 0); 19621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GT(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, EVP_MD_size(md)), 0); 19631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 19641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case PaddingMode::RSA_PKCS1_1_5_SIGN: 19651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // PKCS1 is the default; don't need to set anything. 19661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 19671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden default: 19681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden FAIL(); 19691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 19701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 19711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size())); 19731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyFinal( 19741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()), 19751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signature.size())); 19761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_cleanup(&digest_ctx); 19771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 19781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt signature shouldn't verify. 19801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_signature(signature); 19811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupt_signature[corrupt_signature.size() / 2]; 19821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 19841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, 19851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(digest).Padding(padding))); 19861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 19871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(message, corrupt_signature, &result)); 19881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt message shouldn't verify 19901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 19911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, 19921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(digest).Padding(padding))); 19931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(corrupt_message, signature, &result)); 19941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 19951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 19961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 19971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 19981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 19991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.RsaSuccess 20001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 20011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies ECDSA signature/verification for all digests and curves. 20021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 20031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, EcdsaAllDigestsAndCurves) { 20041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto digests = { 20051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::NONE, Digest::SHA1, Digest::SHA_2_224, 20061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512, 20071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 20081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1234567890"; 20101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_message = "2234567890"; 20111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto curve : {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521}) { 20121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = GenerateKey(AuthorizationSetBuilder() 20131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 20141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(curve) 20151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digests)); 20161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate key for EC curve " << curve; 20171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error != ErrorCode::OK) { 20181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden continue; 20191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 20201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : digests) { 20221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, AuthorizationSetBuilder().Digest(digest)); 20231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(digest)); 20241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verify with OpenSSL 20261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (digest != Digest::NONE) { 20271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf pubkey; 20281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &pubkey)) 20291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = pubkey.data(); 20321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr /* alloc new */, &p, pubkey.size())); 20331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(pkey.get()); 20341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX digest_ctx; 20361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_init(&digest_ctx); 20371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_CTX* pkey_ctx; 20381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const EVP_MD* md = openssl_digest(digest); 20391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, md, nullptr /* engine */, 20411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden pkey.get())) 20421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(), message.size())) 20451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1, EVP_DigestVerifyFinal( 20481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &digest_ctx, reinterpret_cast<const uint8_t*>(signature.data()), 20491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signature.size())) 20501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_MD_CTX_cleanup(&digest_ctx); 20531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 20541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt signature shouldn't verify. 20561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string corrupt_signature(signature); 20571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupt_signature[corrupt_signature.size() / 2]; 20581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 20601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, AuthorizationSetBuilder().Digest(digest))) 20611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 20641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(message, corrupt_signature, &result)) 20651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt message shouldn't verify 20681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 20691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, AuthorizationSetBuilder().Digest(digest))) 20701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(corrupt_message, signature, &result)) 20731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << curve << ' ' << digest; 20741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 20751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto rc = DeleteKey(); 20771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED); 20781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 20791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 20801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 20821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * VerificationOperationsTest.HmacSigningKeyCannotVerify 20831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 20841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies HMAC signing and verification, but that a signing key cannot be used to verify. 20851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 20861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(VerificationOperationsTest, HmacSigningKeyCannotVerify) { 20871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key_material = "HelloThisIsAKey"; 20881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 20891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf signing_key, verification_key; 20901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyCharacteristics signing_key_chars, verification_key_chars; 20911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 20921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 20931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 20941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::HMAC) 20951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_PURPOSE, KeyPurpose::SIGN) 20961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1) 20971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 160), 20981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key_material, &signing_key, &signing_key_chars)); 20991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 21001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 21011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 21021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ALGORITHM, Algorithm::HMAC) 21031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_PURPOSE, KeyPurpose::VERIFY) 21041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1) 21051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 160), 21061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key_material, &verification_key, &verification_key_chars)); 21071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "This is a message."; 21091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage( 21101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden signing_key, message, 21111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1).Authorization(TAG_MAC_LENGTH, 160)); 21121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Signing key should not work. 21141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 21151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, 21161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::VERIFY, signing_key, AuthorizationSetBuilder().Digest(Digest::SHA1), 21171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &out_params, &op_handle_)); 21181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Verification key should work. 21201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(verification_key, message, signature, 21211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA1)); 21221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&signing_key); 21241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(&verification_key); 21251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest ExportKeyTest; 21281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.RsaUnsupportedKeyFormat 21311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export RSA keys in PKCS#8 format fails with the correct error. 21331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) { 21351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 21371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 21381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 21391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 21401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::PKCS8, &export_data)); 21411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.RsaCorruptedKeyBlob 21451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export RSA keys from corrupted key blobs fails. This is essentially 21471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * a poor-man's key blob fuzzer. 21481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, RsaCorruptedKeyBlob) { 21501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 21521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 21531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 21541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 21551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < key_blob_.size(); ++i) { 21561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf corrupted(key_blob_); 21571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupted[i]; 21581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 21601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 21611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ExportKey(KeyFormat::X509, corrupted, HidlBuf(), HidlBuf(), &export_data)) 21621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Blob corrupted at offset " << i << " erroneously accepted as valid"; 21631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 21641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.RsaCorruptedKeyBlob 21681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export ECDSA keys from corrupted key blobs fails. This is 21701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * essentially a poor-man's key blob fuzzer. 21711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, EcCorruptedKeyBlob) { 21731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 21751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_256) 21761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 21771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < key_blob_.size(); ++i) { 21781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf corrupted(key_blob_); 21791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++corrupted[i]; 21801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 21821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 21831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ExportKey(KeyFormat::X509, corrupted, HidlBuf(), HidlBuf(), &export_data)) 21841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Blob corrupted at offset " << i << " erroneously accepted as valid"; 21851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 21861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 21871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 21881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 21891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ExportKeyTest.AesKeyUnexportable 21901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 21911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to export AES keys fails in the expected way. 21921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 21931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ExportKeyTest, AesKeyUnexportable) { 21941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 21951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 21961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 21971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 21981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 21991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf export_data; 22011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::X509, &export_data)); 22021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::PKCS8, &export_data)); 22031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNSUPPORTED_KEY_FORMAT, ExportKey(KeyFormat::RAW, &export_data)); 22041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenclass ImportKeyTest : public KeymasterHidlTest { 22071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden public: 22081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden template <TagType tag_type, Tag tag, typename ValueT> 22091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckCryptoParam(TypedTag<tag_type, tag> ttag, ValueT expected) { 22101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("CheckCryptoParam"); 22111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 22121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(contains(key_characteristics_.hardwareEnforced, ttag, expected)) 22131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " with value " << expected << " not found"; 22141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(contains(key_characteristics_.softwareEnforced, ttag)) 22151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " found"; 22161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 22171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(contains(key_characteristics_.softwareEnforced, ttag, expected)) 22181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " with value " << expected << " not found"; 22191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(contains(key_characteristics_.hardwareEnforced, ttag)) 22201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Tag " << tag << " found"; 22211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 22221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 22231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden void CheckOrigin() { 22251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SCOPED_TRACE("CheckOrigin"); 22261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (IsSecure()) { 22271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 22281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden contains(key_characteristics_.hardwareEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); 22291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 22301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE( 22311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden contains(key_characteristics_.softwareEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); 22321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 22331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 22341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 22351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.RsaSuccess 22381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an RSA key pair works correctly. 22401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, RsaSuccess) { 22421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 22431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 22441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 65537) 22451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 22461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PSS), 22471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, rsa_key)); 22481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::RSA); 22501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 1024U); 22511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_RSA_PUBLIC_EXPONENT, 65537U); 22521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 22531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_PADDING, PaddingMode::RSA_PSS); 22541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 22551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8, 'a'); 22571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS); 22581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, params); 22591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, params); 22601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.RsaKeySizeMismatch 22641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an RSA key pair with a size that doesn't match the key fails in the 22661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct way. 22671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, RsaKeySizeMismatch) { 22691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 22701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 22711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(2048 /* Doesn't match key */, 65537) 22721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 22731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE), 22741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, rsa_key)); 22751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.RsaPublicExponentMismatch 22791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an RSA key pair with a public exponent that doesn't match the key fails 22811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * in the correct way. 22821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, RsaPublicExponentMismatch) { 22841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 22851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 22861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3 /* Doesn't match key */) 22871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 22881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE), 22891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, rsa_key)); 22901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 22911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 22921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 22931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.EcdsaSuccess 22941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 22951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an ECDSA P-256 key pair works correctly. 22961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 22971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, EcdsaSuccess) { 22981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 22991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 23001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(256) 23011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256), 23021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_256_key)); 23031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); 23051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 256U); 23061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 23071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_256); 23081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 23101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(32, 'a'); 23121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); 23131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, params); 23141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, params); 23151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.Ecdsa521Success 23191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an ECDSA P-521 key pair works correctly. 23211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, Ecdsa521Success) { 23231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 23241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 23251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(521) 23261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256), 23271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_521_key)); 23281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); 23301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 521U); 23311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 23321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_521); 23331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 23341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(32, 'a'); 23361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); 23371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = SignMessage(message, params); 23381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, params); 23391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.EcdsaSizeMismatch 23431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an ECDSA key pair with a size that doesn't match the key fails in the 23451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct way. 23461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, EcdsaSizeMismatch) { 23481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 23491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 23501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(224 /* Doesn't match key */) 23511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE), 23521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_256_key)); 23531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.EcdsaCurveMismatch 23571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing an ECDSA key pair with a curve that doesn't match the key fails in the 23591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * correct way. 23601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, EcdsaCurveMismatch) { 23621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, 23631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ImportKey(AuthorizationSetBuilder() 23641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_224 /* Doesn't match key */) 23651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE), 23661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::PKCS8, ec_256_key)); 23671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.AesSuccess 23711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an AES key works. 23731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 23741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, AesSuccess) { 23751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 23761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 23771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 23781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(key.size() * 8) 23791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 23801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7), 23811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key)); 23821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::AES); 23841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 128U); 23851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_PADDING, PaddingMode::PKCS7); 23861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_BLOCK_MODE, BlockMode::ECB); 23871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 23881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 23901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 23911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 23921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 23931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 23941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 23951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 23961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 23971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * ImportKeyTest.AesSuccess 23981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 23991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that importing and using an HMAC key works. 24001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(ImportKeyTest, HmacKeySuccess) { 24021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 24031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() 24041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 24051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(key.size() * 8) 24061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 24071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 256), 24081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeyFormat::RAW, key)); 24091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_ALGORITHM, Algorithm::HMAC); 24111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_KEY_SIZE, 128U); 24121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); 24131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckOrigin(); 24141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 24161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string signature = MacMessage(message, Digest::SHA_2_256, 256); 24171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); 24181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 24191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest EncryptionOperationsTest; 24211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 24231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingSuccess 24241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 24251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption works. 24261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingSuccess) { 24281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 24291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 24301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 24311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 24321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = string(1024 / 8, 'a'); 24341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 24351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 24361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext1.size()); 24371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params); 24391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext2.size()); 24401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Unpadded RSA is deterministic 24421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext1, ciphertext2); 24431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 24441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 24461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingShortMessage 24471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 24481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption of short messages works. 24491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingShortMessage) { 24511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 24521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 24531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 24541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 24551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1"; 24571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 24581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 24601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext.size()); 24611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string expected_plaintext = string(1024 / 8 - 1, 0) + message; 24631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 24641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(expected_plaintext, plaintext); 24661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Degenerate case, encrypting a numeric 1 yields 0x00..01 as the ciphertext. 24681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = static_cast<char>(1); 24691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext = EncryptMessage(message, params); 24701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext.size()); 24711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext, string(1024 / 8 - 1, 0) + message); 24721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 24731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 24751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingTooLong 24761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 24771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption of too-long messages fails in the expected way. 24781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingTooLong) { 24801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 24811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 24821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 24831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 24841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 + 1, 'a'); 24861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 24881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 24891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 24911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &result)); 24921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 24931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 24941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 24951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaNoPaddingTooLarge 24961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 24971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that raw RSA encryption of too-large (numerically) messages fails in the expected way. 24981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 24991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaNoPaddingTooLarge) { 25001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 25011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 25021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 25031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 25041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf exported; 25061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &exported)); 25071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t* p = exported.data(); 25091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr /* alloc new */, &p, exported.size())); 25101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden RSA_Ptr rsa(EVP_PKEY_get1_RSA(pkey.get())); 25111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t modulus_len = BN_num_bytes(rsa->n); 25131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(1024U / 8, modulus_len); 25141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden std::unique_ptr<uint8_t[]> modulus_buf(new uint8_t[modulus_len]); 25151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BN_bn2bin(rsa->n, modulus_buf.get()); 25161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // The modulus is too big to encrypt. 25181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len); 25191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); 25211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 25221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 25241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &result)); 25251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // One smaller than the modulus is okay. 25271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BN_sub(rsa->n, rsa->n, BN_value_one()); 25281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden modulus_len = BN_num_bytes(rsa->n); 25291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(1024U / 8, modulus_len); 25301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BN_bn2bin(rsa->n, modulus_buf.get()); 25311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message = string(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len); 25321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 25331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(message, &result)); 25341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 25351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 25371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepSuccess 25381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 25391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations work, with all digests. 25401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 25411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepSuccess) { 25421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto digests = {Digest::MD5, Digest::SHA1, Digest::SHA_2_224, 25431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512}; 25441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t key_size = 2048; // Need largish key for SHA-512 test. 25461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 25471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 25481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(key_size, 3) 25491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 25501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(digests))); 25511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello"; 25531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto digest : digests) { 25551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(digest).Padding(PaddingMode::RSA_OAEP); 25561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 25571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (HasNonfatalFailure()) std::cout << "-->" << digest << std::endl; 25581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(key_size / 8, ciphertext1.size()); 25591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params); 25611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(key_size / 8, ciphertext2.size()); 25621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // OAEP randomizes padding so every result should be different (with astronomically high 25641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // probability). 25651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 25661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext1 = DecryptMessage(ciphertext1, params); 25681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext1) << "RSA-OAEP failed with digest " << digest; 25691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext2 = DecryptMessage(ciphertext2, params); 25701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext2) << "RSA-OAEP failed with digest " << digest; 25711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypting corrupted ciphertext should fail. 25731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t offset_to_corrupt = random() % ciphertext1.size(); 25741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char corrupt_byte; 25751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden do { 25761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden corrupt_byte = static_cast<char>(random() % 256); 25771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } while (corrupt_byte == ciphertext1[offset_to_corrupt]); 25781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext1[offset_to_corrupt] = corrupt_byte; 25791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 25811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 25821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result)); 25831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 25841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 25851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 25861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 25871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 25881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepInvalidDigest 25891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 25901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to operate 25911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * without a digest. 25921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 25931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepInvalidDigest) { 25941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 25951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 25961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 25971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 25981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 25991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 26001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::NONE); 26021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, Begin(KeyPurpose::ENCRYPT, params)); 26031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 26041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepInvalidDigest 26071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to decrypt with a 26091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * different digest than was used to encrypt. 26101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) { 26121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 26131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 26141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 26151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 26161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256, Digest::SHA_2_224))); 26171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 26181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage( 26191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden message, 26201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_224).Padding(PaddingMode::RSA_OAEP)); 26211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 26231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::OK, 26241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::DECRYPT, 26251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_OAEP))); 26261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 26271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext, &result)); 26281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 26291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 26301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaOaepTooLarge 26331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to encrypt a 26351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * too-large message. 26361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaOaepTooLarge) { 26381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 26391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 26401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 26411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_OAEP) 26421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA1))); 26431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden constexpr size_t digest_size = 160 /* SHA1 */ / 8; 26441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden constexpr size_t oaep_overhead = 2 * digest_size + 2; 26451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 - oaep_overhead + 1, 'a'); 26461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 26471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::ENCRYPT, 26481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::SHA1))); 26491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 26501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &result)); 26511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 26521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 26531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaPkcs1Success 26561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA PKCS encryption/decrypts works. 26581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaPkcs1Success) { 26601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 26611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 26621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 26631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); 26641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "Hello World!"; 26661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); 26671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 26681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext1.size()); 26691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params); 26711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1024U / 8, ciphertext2.size()); 26721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // PKCS1 v1.5 randomizes padding so every result should be different. 26741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 26751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params); 26771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 26781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypting corrupted ciphertext should fail. 26801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t offset_to_corrupt = random() % ciphertext1.size(); 26811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden char corrupt_byte; 26821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden do { 26831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden corrupt_byte = static_cast<char>(random() % 256); 26841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } while (corrupt_byte == ciphertext1[offset_to_corrupt]); 26851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext1[offset_to_corrupt] = corrupt_byte; 26861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 26881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 26891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result)); 26901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 26911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 26921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 26931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 26941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.RsaPkcs1TooLarge 26951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 26961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that RSA PKCS encryption fails in the correct way when the mssage is too large. 26971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 26981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) { 26991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 27001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 27011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaEncryptionKey(1024, 3) 27021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); 27031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(1024 / 8 - 10, 'a'); 27041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); 27061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 27071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string result; 27081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(message, &result)); 27091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, result.size()); 27101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.EcdsaEncrypt 27141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to use ECDSA keys to encrypt fails in the correct way. 27161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 27171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, EcdsaEncrypt) { 27181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 27191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 27201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(224) 27211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE))); 27221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().Digest(Digest::NONE); 27231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::ENCRYPT, params)); 27241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::DECRYPT, params)); 27251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.HmacEncrypt 27291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attempting to use HMAC keys to encrypt fails in the correct way. 27311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 27321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, HmacEncrypt) { 27331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 27341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 27351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 27361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 27371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 27381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 27391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 27401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 27411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 27421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 27431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::ENCRYPT, params)); 27441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::DECRYPT, params)); 27451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbRoundTripSuccess 27491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES ECB mode works. 27511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 27521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbRoundTripSuccess) { 27531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 27541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 27551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 27561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 27571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 27581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE); 27601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Two-block message. 27621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 27631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params); 27641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 27651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(string(message), params); 27671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext2.size()); 27681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // ECB is deterministic. 27701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext1, ciphertext2); 27711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params); 27731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 27741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbRoundTripSuccess 27781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES encryption fails in the correct way when an unauthorized mode is specified. 27801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 27811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesWrongMode) { 27821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 27831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 27841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 27851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 27861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 27871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Two-block message. 27881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 27891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ( 27901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode::INCOMPATIBLE_BLOCK_MODE, 27911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::ENCRYPT, 27921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE))); 27931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 27941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 27951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 27961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbNoPaddingWrongInputSize 27971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 27981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES encryption fails in the correct way when provided an input that is not a 27991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * multiple of the block size and no padding is specified. 28001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 28011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) { 28021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 28031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 28041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 28051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 28061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 28071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Message is slightly shorter than two blocks. 28081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(16 * 2 - 1, 'a'); 28091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE); 28111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); 28121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 28131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &ciphertext)); 28141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, ciphertext.size()); 28151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 28161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 28181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbPkcs7Padding 28191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 28201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES PKCS7 padding works for any message length. 28211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 28221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbPkcs7Padding) { 28231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 28241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 28251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 28261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 28271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 28281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 28301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Try various message lengths; all should work. 28321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < 32; ++i) { 28331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(i, 'a'); 28341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 28351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(i + 16 - (i % 16), ciphertext.size()); 28361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 28371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 28381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 28391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 28401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 28421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbWrongPadding 28431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 28441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES enryption fails in the correct way when an unauthorized padding mode is 28451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * specified. 28461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 28471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbWrongPadding) { 28481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 28491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 28501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 28511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 28521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 28531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 28551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Try various message lengths; all should fail 28571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < 32; ++i) { 28581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(i, 'a'); 28591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, Begin(KeyPurpose::ENCRYPT, params)); 28601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 28611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 28621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 28641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesEcbPkcs7PaddingCorrupted 28651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 28661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES decryption fails in the correct way when the padding is corrupted. 28671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 28681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) { 28691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 28701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 28711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 28721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::ECB) 28731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 28741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); 28761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "a"; 28781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params); 28791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, ciphertext.size()); 28801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext, message); 28811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++ciphertext[ciphertext.size() / 2]; 28821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 28841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 28851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &plaintext)); 28861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 28871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenHidlBuf CopyIv(const AuthorizationSet& set) { 28891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto iv = set.GetTagValue(TAG_NONCE); 28901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(iv.isOk()); 28911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return iv.value(); 28921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 28931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 28941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 28951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrRoundTripSuccess 28961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 28971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES CTR mode works. 28981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 28991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrRoundTripSuccess) { 29001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 29011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 29021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 29031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CTR) 29041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 29051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::CTR).Padding(PaddingMode::NONE); 29071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123"; 29091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 29101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params, &out_params); 29111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv1 = CopyIv(out_params); 29121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, iv1.size()); 29131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 29151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 29171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params, &out_params); 29181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv2 = CopyIv(out_params); 29191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, iv2.size()); 29201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // IVs should be random, so ciphertexts should differ. 29221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 29231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params_iv1 = 29251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorizations(params).Authorization(TAG_NONCE, iv1); 29261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params_iv2 = 29271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorizations(params).Authorization(TAG_NONCE, iv2); 29281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params_iv1); 29301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 29311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext2, params_iv2); 29321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 29331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Using the wrong IV will result in a "valid" decryption, but the data will be garbage. 29351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext1, params_iv2); 29361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 29371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext2, params_iv1); 29381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 29391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 29401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 29421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesIncremental 29431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 29441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES works, all modes, when provided data in various size increments. 29451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 29461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesIncremental) { 29471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto block_modes = { 29481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden BlockMode::ECB, BlockMode::CBC, BlockMode::CTR, BlockMode::GCM, 29491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 29501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 29521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 29531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 29541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(block_modes) 29551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 29561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 29571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (int increment = 1; increment <= 240; ++increment) { 29591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (auto block_mode : block_modes) { 29601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message(240, 'a'); 29611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 29621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(block_mode) 29631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 29641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128) /* for GCM */; 29651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet output_params; 29671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &output_params)); 29681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 29701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 29711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string to_send; 29721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < message.size(); i += increment) { 29731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send.append(message.substr(i, increment)); 29741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(to_send, &ciphertext, &input_consumed)); 29751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send = to_send.substr(input_consumed); 29761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (block_mode) { 29781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::ECB: 29791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CBC: 29801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Implementations must take as many blocks as possible, leaving less than 29811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // a block. 29821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_LE(to_send.length(), 16U); 29831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 29841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::GCM: 29851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CTR: 29861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Implementations must always take all the data. 29871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, to_send.length()); 29881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 29891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 29901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 29911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext)) << "Error sending " << to_send; 29921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 29931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (block_mode) { 29941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::GCM: 29951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size() + 16, ciphertext.size()); 29961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 29971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CTR: 29981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 29991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 30001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CBC: 30011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::ECB: 30021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size() + message.size() % 16, ciphertext.size()); 30031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 30041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 30051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto iv = output_params.GetTagValue(TAG_NONCE); 30071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden switch (block_mode) { 30081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CBC: 30091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::GCM: 30101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::CTR: 30111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(iv.isOk()) << "No IV for block mode " << block_mode; 30121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(block_mode == BlockMode::GCM ? 12U : 16U, iv.value().size()); 30131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, iv.value()); 30141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 30151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden case BlockMode::ECB: 30171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_FALSE(iv.isOk()) << "ECB mode should not generate IV"; 30181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden break; 30191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 30201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)) 30221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Decrypt begin() failed for block mode " << block_mode; 30231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 30251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < ciphertext.size(); i += increment) { 30261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send.append(ciphertext.substr(i, increment)); 30271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(to_send, &plaintext, &input_consumed)); 30281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden to_send = to_send.substr(input_consumed); 30291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 30301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ErrorCode error = Finish(to_send, &plaintext); 30311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, error) << "Decryption failed for block mode " << block_mode 30321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << " and increment " << increment; 30331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (error == ErrorCode::OK) { 30341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(message, plaintext) << "Decryption didn't match for block mode " 30351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << block_mode << " and increment " << increment; 30361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 30371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 30381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 30391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 30401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstruct AesCtrSp80038aTestVector { 30421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* key; 30431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* nonce; 30441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* plaintext; 30451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const char* ciphertext; 30461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 30471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// These test vectors are taken from 30491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, section F.5. 30501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenstatic const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = { 30511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AES-128 30521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden { 30531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "2b7e151628aed2a6abf7158809cf4f3c", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 30541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" 30551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", 30561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff" 30571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee", 30581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }, 30591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AES-192 30601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden { 30611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 30621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" 30631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", 30641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94" 30651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050", 30661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }, 30671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AES-256 30681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden { 30691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", 30701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 30711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51" 30721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", 30731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5" 30741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6", 30751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }, 30761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden}; 30771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 30791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrSp80038aTestVector 30801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 30811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies AES CTR implementation against SP800-38A test vectors. 30821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 30831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrSp80038aTestVector) { 30841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (size_t i = 0; i < 3; i++) { 30851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]); 30861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string key = hex2str(test.key); 30871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string nonce = hex2str(test.nonce); 30881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string plaintext = hex2str(test.plaintext); 30891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const string ciphertext = hex2str(test.ciphertext); 30901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckAesCtrTestVector(key, nonce, plaintext, ciphertext); 30911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 30921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 30931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 30941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 30951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrIncompatiblePaddingMode 30961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 30971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster rejects use of CTR mode with PKCS7 padding in the correct way. 30981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 30991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrIncompatiblePaddingMode) { 31001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 31011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 31021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 31031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CTR) 31041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 31051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::CTR).Padding(PaddingMode::NONE); 31061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_PADDING_MODE, Begin(KeyPurpose::ENCRYPT, params)); 31071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 31081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 31101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrInvalidCallerNonce 31111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 31121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster fails correctly when the user supplies an incorrect-size nonce. 31131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 31141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCtrInvalidCallerNonce) { 31151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 31161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 31171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 31181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CTR) 31191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_CALLER_NONCE) 31201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 31211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 31231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 31241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 31251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf(string(1, 'a'))); 31261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_NONCE, Begin(KeyPurpose::ENCRYPT, params)); 31271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 31291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 31301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 31311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf(string(15, 'a'))); 31321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_NONCE, Begin(KeyPurpose::ENCRYPT, params)); 31331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 31351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CTR) 31361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 31371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf(string(17, 'a'))); 31381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_NONCE, Begin(KeyPurpose::ENCRYPT, params)); 31391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 31401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 31421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCtrInvalidCallerNonce 31431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 31441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that keymaster fails correctly when the user supplies an incorrect-size nonce. 31451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 31461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCbcRoundTripSuccess) { 31471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 31481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 31491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 31501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 31511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 31521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Two-block message. 31531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 31541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 31551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 31561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext1 = EncryptMessage(message, params, &out_params); 31571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv1 = CopyIv(out_params); 31581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext1.size()); 31591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 31611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext2 = EncryptMessage(message, params, &out_params); 31631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf iv2 = CopyIv(out_params); 31641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext2.size()); 31651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // IVs should be random, so ciphertexts should differ. 31671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(ciphertext1, ciphertext2); 31681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, iv1); 31701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext1, params); 31711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 31721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 31731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 31751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCallerNonce 31761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 31771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES caller-provided nonces work correctly. 31781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 31791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCallerNonce) { 31801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 31811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 31821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 31831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 31841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_CALLER_NONCE) 31851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 31861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 31881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Don't specify nonce, should get a random one. 31901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder params = 31911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 31921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 31931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params, &out_params); 31941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 31951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE).value().size()); 31961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 31971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE).value()); 31981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 31991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 32001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now specify a nonce, should also work. 32021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 32031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CBC) 32041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 32051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf("abcdefghijklmnop")); 32061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 32071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ciphertext = EncryptMessage(message, params, &out_params); 32081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt with correct nonce. 32101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext, params); 32111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 32121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Try with wrong nonce. 32141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 32151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CBC) 32161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 32171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf("aaaaaaaaaaaaaaaa")); 32181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden plaintext = DecryptMessage(ciphertext, params); 32191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 32201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 32211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 32231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesCallerNonceProhibited 32241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 32251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that caller-provided nonces are not permitted when not specified in the key 32261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * authorizations. 32271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 32281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesCallerNonceProhibited) { 32291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 32301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 32311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 32321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::CBC) 32331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE))); 32341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 32361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Don't specify nonce, should get a random one. 32381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder params = 32391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE); 32401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet out_params; 32411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = EncryptMessage(message, params, &out_params); 32421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 32431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE).value().size()); 32441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE).value()); 32461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 32471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 32481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now specify a nonce, should fail 32501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 32511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::CBC) 32521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 32531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, HidlBuf("abcdefghijklmnop")); 32541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden out_params.Clear(); 32551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::CALLER_NONCE_PROHIBITED, Begin(KeyPurpose::ENCRYPT, params, &out_params)); 32561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 32571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 32591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmRoundTripSuccess 32601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 32611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode works. 32621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 32631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmRoundTripSuccess) { 32641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 32651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 32661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 32671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_BLOCK_MODE, BlockMode::GCM) 32681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 32691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 32701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "foobar"; 32721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 32731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 32751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 32761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 32771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 32781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto update_params = 32801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 32811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 32831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 32841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)) 32851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden << "Begin encrypt"; 32861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 32871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet update_out_params; 32881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 32891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, update_params, message, "", &update_out_params, &ciphertext)); 32901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 32921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(begin_out_params); 32931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 32941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 32951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)) << "Begin decrypt"; 32961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 32971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 32981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, Update(op_handle_, update_params, ciphertext, &update_out_params, 32991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext, &input_consumed)); 33001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ciphertext.size(), input_consumed); 33011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish("", &plaintext)); 33021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 33041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 33051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 33071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmTooShortTag 33081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 33091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when a too-short tag length is specified. 33101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 33111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmTooShortTag) { 33121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 33131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 33141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 33151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 33161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 33171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 33181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 33191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 33201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 33211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 33221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 96); 33231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_MAC_LENGTH, Begin(KeyPurpose::ENCRYPT, params)); 33251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 33261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 33281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmTooShortTagOnDecrypt 33291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 33301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when a too-short tag is provided to decryption. 33311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 33321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) { 33331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 33341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 33351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 33361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 33371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 33381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 33391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "foobar"; 33401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 33411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 33421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 33431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 33441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 33451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 33471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 33481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 33501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 33511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params)); 33521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(1U, begin_out_params.size()); 33531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(begin_out_params.GetTagValue(TAG_NONCE).isOk()); 33541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 33561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 33571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 33581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 33591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params = AuthorizationSetBuilder() 33611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorizations(begin_out_params) 33621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 33631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 33641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 96); 33651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 33671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_MAC_LENGTH, Begin(KeyPurpose::DECRYPT, params)); 33681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 33691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 33711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmCorruptKey 33721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 33731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when the decryption key is incorrect. 33741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 33751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmCorruptKey) { 33761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t nonce_bytes[] = { 33771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xb7, 0x94, 0x37, 0xae, 0x08, 0xff, 0x35, 0x5d, 0x7d, 0x8a, 0x4d, 0x0f, 33781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 33791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string nonce = make_string(nonce_bytes); 33801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t ciphertext_bytes[] = { 33811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xb3, 0xf6, 0x79, 0x9e, 0x8f, 0x93, 0x26, 0xf2, 0xdf, 0x1e, 0x80, 0xfc, 0xd2, 0xcb, 0x16, 33821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xd7, 0x8c, 0x9d, 0xc7, 0xcc, 0x14, 0xbb, 0x67, 0x78, 0x62, 0xdc, 0x6c, 0x63, 0x9b, 0x3a, 33831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x63, 0x38, 0xd2, 0x4b, 0x31, 0x2d, 0x39, 0x89, 0xe5, 0x92, 0x0b, 0x5d, 0xbf, 0xc9, 0x76, 33841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x76, 0x5e, 0xfb, 0xfe, 0x57, 0xbb, 0x38, 0x59, 0x40, 0xa7, 0xa4, 0x3b, 0xdf, 0x05, 0xbd, 33851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xda, 0xe3, 0xc9, 0xd6, 0xa2, 0xfb, 0xbd, 0xfc, 0xc0, 0xcb, 0xa0, 33861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 33871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext = make_string(ciphertext_bytes); 33881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 33901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 33911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 33921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128) 33931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NONCE, nonce.data(), nonce.size()); 33941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 33951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto import_params = AuthorizationSetBuilder() 33961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 33971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 33981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 33991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 34001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_CALLER_NONCE) 34011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128); 34021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Import correct key and decrypt 34041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden const uint8_t key_bytes[] = { 34051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0xba, 0x76, 0x35, 0x4f, 0x0a, 0xed, 0x6e, 0x8d, 34061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 0x91, 0xf4, 0x5c, 0x4f, 0xf5, 0xa0, 0x62, 0xdb, 34071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden }; 34081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string key = make_string(key_bytes); 34091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(import_params, KeyFormat::RAW, key)); 34101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext = DecryptMessage(ciphertext, params); 34111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 34121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt key and attempt to decrypt 34141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key[0] = 0; 34151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, ImportKey(import_params, KeyFormat::RAW, key)); 34161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 34171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext)); 34181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden CheckedDeleteKey(); 34191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 34201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 34221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmAadNoData 34231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 34241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode works when provided additional authenticated data, but no data to 34251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * encrypt. 34261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 34271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmAadNoData) { 34281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 34291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 34301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 34311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 34321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 34331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 34341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "1234567890123456"; 34361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 34371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 34381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 34391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 34401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 34421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 34431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 34451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 34461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params)); 34471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 34481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 34491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, "" /* input */, "" /* signature */, 34501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 34511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 34521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 34541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(begin_out_params); 34551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 34571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 34581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 34591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, ciphertext, "" /* signature */, 34601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &plaintext)); 34611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 34631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ("", plaintext); 34651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 34661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 34681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmMultiPartAad 34691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 34701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode works when provided additional authenticated data in multiple chunks. 34711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 34721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmMultiPartAad) { 34731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 34741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 34751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 34761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 34771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 34781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 34791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 34811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 34821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 34831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 34841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 34851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 34861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto update_params = 34881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3); 34891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 34911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 34921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // No data, AAD only. 34931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 34941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 34951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet update_out_params; 34961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, "" /* input */, &update_out_params, 34971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 34981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, input_consumed); 34991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, ciphertext.size()); 35001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 35011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AAD and data. 35031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, message, &update_out_params, 35041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 35051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), input_consumed); 35061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 35071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 35081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish("" /* input */, &ciphertext)); 35101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce. 35121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(begin_out_params); 35131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt 35151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden update_params = 35161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foofoo", (size_t)6); 35171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)); 35191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 35201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, update_params, ciphertext, "" /* signature */, 35211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &update_out_params, &plaintext)); 35221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 35231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message, plaintext); 35241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 35251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 35271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmAadOutOfOrder 35281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 35291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM mode fails correctly when given AAD after data to encipher. 35301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 35311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmAadOutOfOrder) { 35321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 35331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 35341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 35351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 35361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 35371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 35381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 35401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 35411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 35421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 35431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 35441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 35451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto update_params = 35471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3); 35481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 35501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // No data, AAD only. 35521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 35531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden size_t input_consumed; 35541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet update_out_params; 35551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, "" /* input */, &update_out_params, 35561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 35571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, input_consumed); 35581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(0U, ciphertext.size()); 35591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 35601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // AAD and data. 35621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, message, &update_out_params, 35631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 35641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), input_consumed); 35651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(message.size(), ciphertext.size()); 35661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(update_out_params.empty()); 35671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // More AAD 35691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_TAG, Update(op_handle_, update_params, "", &update_out_params, 35701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &ciphertext, &input_consumed)); 35711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden op_handle_ = kOpHandleSentinel; 35731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 35741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 35761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmBadAad 35771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 35781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM decryption fails correctly when additional authenticated date is wrong. 35791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 35801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmBadAad) { 35811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 35821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 35831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 35841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 35851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 35861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 35871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 35891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 35901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 35911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 35921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 35931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 35951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6); 35961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 35971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 35981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 35991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 36001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 36011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 36021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 36031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 36041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 36061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(begin_out_params); 36071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden finish_params = AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, 36091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden "barfoo" /* Wrong AAD */, (size_t)6); 36101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 36121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params)); 36131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 36141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, 36151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, finish_params, ciphertext, "" /* signature */, &finish_out_params, 36161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext)); 36171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 36181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 36201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmWrongNonce 36211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 36221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM decryption fails correctly when the nonce is incorrect. 36231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 36241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmWrongNonce) { 36251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 36261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 36271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 36281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 36291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 36301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 36311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 36331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto begin_params = AuthorizationSetBuilder() 36341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 36351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 36361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 36371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 36391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6); 36401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 36421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 36431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params)); 36441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 36451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 36461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 36471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 36481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Wrong nonce 36501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden begin_params.push_back(TAG_NONCE, HidlBuf("123456789012")); 36511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 36531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params)); 36541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 36551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, 36561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, finish_params, ciphertext, "" /* signature */, &finish_out_params, 36571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext)); 36581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // With wrong nonce, should have gotten garbage plaintext (or none). 36601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_NE(message, plaintext); 36611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 36621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 36641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * EncryptionOperationsTest.AesGcmCorruptTag 36651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 36661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that AES GCM decryption fails correctly when the tag is wrong. 36671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 36681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(EncryptionOperationsTest, AesGcmCorruptTag) { 36691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 36701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 36711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 36721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 36731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 36741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 36751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string aad = "1234567890123456"; 36771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "123456789012345678901234567890123456"; 36781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder() 36801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .BlockMode(BlockMode::GCM) 36811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 36821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAC_LENGTH, 128); 36831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto finish_params = 36851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size()); 36861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Encrypt 36881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 36891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params)); 36901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string ciphertext; 36911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet finish_out_params; 36921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message, "" /* signature */, 36931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &finish_out_params, &ciphertext)); 36941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 36951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Corrupt tag 36971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ++(*ciphertext.rbegin()); 36981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 36991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Grab nonce 37001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden params.push_back(begin_out_params); 37011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Decrypt. 37031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params)); 37041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string plaintext; 37051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, 37061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Finish(op_handle_, finish_params, ciphertext, "" /* signature */, &finish_out_params, 37071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &plaintext)); 37081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(finish_out_params.empty()); 37091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest MaxOperationsTest; 37121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * MaxOperationsTest.TestLimitAes 37151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the max uses per boot tag works correctly with AES keys. 37171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(MaxOperationsTest, TestLimitAes) { 37191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 37201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 37211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 37221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 37231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 37241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAX_USES_PER_BOOT, 3))); 37251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1234567890123456"; 37271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().EcbMode().Padding(PaddingMode::NONE); 37291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EncryptMessage(message, params); 37311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EncryptMessage(message, params); 37321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EncryptMessage(message, params); 37331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Fourth time should fail. 37351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::KEY_MAX_OPS_EXCEEDED, Begin(KeyPurpose::ENCRYPT, params)); 37361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * MaxOperationsTest.TestLimitAes 37401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the max uses per boot tag works correctly with RSA keys. 37421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(MaxOperationsTest, TestLimitRsa) { 37441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 37451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 37461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 37471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .NoDigestOrPadding() 37481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MAX_USES_PER_BOOT, 3))); 37491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "1234567890123456"; 37511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto params = AuthorizationSetBuilder().NoDigestOrPadding(); 37531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, params); 37551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, params); 37561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden SignMessage(message, params); 37571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Fourth time should fail. 37591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::KEY_MAX_OPS_EXCEEDED, Begin(KeyPurpose::SIGN, params)); 37601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest AddEntropyTest; 37631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AddEntropyTest.AddEntropy 37661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the addRngEntropy method doesn't blow up. There's no way to test that entropy is 37681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * actually added. 37691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AddEntropyTest, AddEntropy) { 37711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, keymaster().addRngEntropy(HidlBuf("foo"))); 37721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AddEntropyTest.AddEmptyEntropy 37761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the addRngEntropy method doesn't blow up when given an empty buffer. 37781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AddEntropyTest, AddEmptyEntropy) { 37801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, keymaster().addRngEntropy(HidlBuf())); 37811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AddEntropyTest.AddLargeEntropy 37851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that the addRngEntropy method doesn't blow up when given a largish amount of data. 37871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AddEntropyTest, AddLargeEntropy) { 37891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, keymaster().addRngEntropy(HidlBuf(string(2 * 1024, 'a')))); 37901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 37911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest AttestationTest; 37931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 37941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 37951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.RsaAttestation 37961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 37971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to RSA keys works and generates the expected output. 37981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 37991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, RsaAttestation) { 38001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 38021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 38031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 38041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 38051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 38091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 38101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 38111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 38121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GE(cert_chain.size(), 2U); 38141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_chain(cert_chain)); 38151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_attestation_record("challenge", "foo", // 38161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.softwareEnforced, // 38171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.hardwareEnforced, // 38181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden cert_chain[0])); 38191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.RsaAttestationRequiresAppId 38231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to RSA requires app ID. 38251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, RsaAttestationRequiresAppId) { 38271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 38291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 38301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 38311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 38321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, 38361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, 38371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf("challenge")), 38381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.EcAttestation 38431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to EC keys works and generates the expected output. 38451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, EcAttestation) { 38471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 38491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_256) 38501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 38511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, 38551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 38561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 38571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 38581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_GE(cert_chain.size(), 2U); 38601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_chain(cert_chain)); 38611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_TRUE(verify_attestation_record("challenge", "foo", // 38631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.softwareEnforced, // 38641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_characteristics_.hardwareEnforced, // 38651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden cert_chain[0])); 38661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.EcAttestationRequiresAttestationAppId 38701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to EC keys requires app ID 38721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, EcAttestationRequiresAttestationAppId) { 38741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 38761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcdsaSigningKey(EcCurve::P_256) 38771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 38781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_INCLUDE_UNIQUE_ID))); 38791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 38811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, 38821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_CHALLENGE, 38831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden HidlBuf("challenge")), 38841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 38851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 38861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 38881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.AesAttestation 38891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 38901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to AES keys fails in the expected way. 38911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 38921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, AesAttestation) { 38931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 38941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 38951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 38961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 38971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::PKCS7))); 38981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 38991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 39001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_ALGORITHM, 39011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 39021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 39031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 39041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 39051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 39061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 39081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * AttestationTest.HmacAttestation 39091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that attesting to HMAC keys fails in the expected way. 39111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 39121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(AttestationTest, HmacAttestation) { 39131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 39141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED) 39151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .HmacKey(128) 39161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .EcbMode() 39171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::SHA_2_256) 39181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_MIN_MAC_LENGTH, 128))); 39191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden hidl_vec<hidl_vec<uint8_t>> cert_chain; 39211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INCOMPATIBLE_ALGORITHM, 39221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AttestKey(AuthorizationSetBuilder() 39231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) 39241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), 39251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &cert_chain)); 39261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 39271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdentypedef KeymasterHidlTest KeyDeletionTest; 39291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/** 39311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * KeyDeletionTest.DeleteKey 39321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * This test checks that if rollback protection is implemented, DeleteKey invalidates a formerly 39341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * valid key blob. 39351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * TODO(swillden): Update to incorporate changes in rollback resistance semantics. 39371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 39381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(KeyDeletionTest, DeleteKey) { 39391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 39401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 39411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 39421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 39431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 39441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete must work if rollback protection is implemented 39461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced); 39471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE); 39481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 39501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */)); 39511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 39521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto delete_result = DeleteKey(true /* keep key blob */); 39531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(delete_result == ErrorCode::OK | delete_result == ErrorCode::UNIMPLEMENTED); 39541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 39551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 39571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 39581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 39601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 39611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 39621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 39631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 39641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 39651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 39661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 39671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 39681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 39691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 39701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AbortIfNeeded(); 39711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob_ = HidlBuf(); 39721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 39731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/** 39751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * KeyDeletionTest.DeleteInvalidKey 39761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * This test checks that the HAL excepts invalid key blobs. 39781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 39791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * TODO(swillden): Update to incorporate changes in rollback resistance semantics. 39801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 39811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(KeyDeletionTest, DeleteInvalidKey) { 39821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Generate key just to check if rollback protection is implemented 39831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 39841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 39851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 39861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 39871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 39881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete must work if rollback protection is implemented 39901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced); 39911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE); 39921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete the key we don't care about the result at this point. 39941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden DeleteKey(); 39951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Now create an invalid key blob and delete it. 39971e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob_ = HidlBuf("just some garbage data which is not a valid key blob"); 39981e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 39991e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 40001e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, DeleteKey()); 40011e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 40021e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto delete_result = DeleteKey(); 40031e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_TRUE(delete_result == ErrorCode::OK | delete_result == ErrorCode::UNIMPLEMENTED); 40041e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40051e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 40061e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40071e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/** 40081e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * KeyDeletionTest.DeleteAllKeys 40091e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40101e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * This test is disarmed by default. To arm it use --arm_deleteAllKeys. 40111e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40121e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * BEWARE: This test has serious side effects. All user keys will be lost! This includes 40131e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * FBE/FDE encryption keys, which means that the device will not even boot until after the 40141e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * device has been wiped manually (e.g., fastboot flashall -w), and new FBE/FDE keys have 40151e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * been provisioned. Use this test only on dedicated testing devices that have no valuable 40161e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * credentials stored in Keystore/Keymaster. 40171e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40181e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * TODO(swillden): Update to incorporate changes in rollback resistance semantics. 40191e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 40201e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(KeyDeletionTest, DeleteAllKeys) { 40211e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (!arm_deleteAllKeys) return; 40221e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 40231e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .RsaSigningKey(1024, 3) 40241e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Digest(Digest::NONE) 40251e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 40261e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 40271e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40281e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Delete must work if rollback protection is implemented 40291e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced); 40301e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden bool rollback_protected = hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE); 40311e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40321e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, DeleteAllKeys()); 40331e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40341e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden string message = "12345678901234567890123456789012"; 40351e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSet begin_out_params; 40361e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40371e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (rollback_protected) { 40381e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, 40391e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 40401e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 40411e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 40421e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } else { 40431e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(ErrorCode::OK, 40441e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden Begin(KeyPurpose::SIGN, key_blob_, 40451e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE), 40461e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden &begin_out_params, &op_handle_)); 40471e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40481e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden AbortIfNeeded(); 40491e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden key_blob_ = HidlBuf(); 40501e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 40511e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40521e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenusing UpgradeKeyTest = KeymasterHidlTest; 40531e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40541e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden/* 40551e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * UpgradeKeyTest.UpgradeKey 40561e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * 40571e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden * Verifies that calling upgrade key on an up-to-date key works (i.e. does nothing). 40581e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden */ 40591e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn WilldenTEST_F(UpgradeKeyTest, UpgradeKey) { 40601e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() 40611e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .AesEncryptionKey(128) 40621e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Padding(PaddingMode::NONE) 40631e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden .Authorization(TAG_NO_AUTH_REQUIRED))); 40641e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40651e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden auto result = UpgradeKey(key_blob_); 40661e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40671e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden // Key doesn't need upgrading. Should get okay, but no new key blob. 40681e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden EXPECT_EQ(result, std::make_pair(ErrorCode::OK, HidlBuf())); 40691e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 40701e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40711e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace test 40721e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace V4_0 40731e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace keymaster 40741e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace hardware 40751e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} // namespace android 40761e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40771e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenusing android::hardware::keymaster::V4_0::test::KeymasterHidlEnvironment; 40781e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden 40791e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willdenint main(int argc, char** argv) { 40801e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ::testing::AddGlobalTestEnvironment(KeymasterHidlEnvironment::Instance()); 40811e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ::testing::InitGoogleTest(&argc, argv); 40821e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden KeymasterHidlEnvironment::Instance()->init(&argc, argv); 40831e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden for (int i = 1; i < argc; ++i) { 40841e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (argv[i][0] == '-') { 40851e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (std::string(argv[i]) == "--arm_deleteAllKeys") { 40861e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden arm_deleteAllKeys = true; 40871e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40881e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden if (std::string(argv[i]) == "--dump_attestations") { 40891e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden dump_Attestations = true; 40901e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40911e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40921e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden } 40931e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden int status = RUN_ALL_TESTS(); 40941e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden ALOGI("Test result = %d", status); 40951e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden return status; 40961e50c676f6fe5cfa726b66b2c6ba57084a3888e8Shawn Willden} 4097