summaryrefslogtreecommitdiff
path: root/security/keymint/aidl/vts/functional/KeyMintTest.cpp
diff options
context:
space:
mode:
authorScott Lobdell <slobdell@google.com>2021-06-04 18:02:44 +0000
committerScott Lobdell <slobdell@google.com>2021-06-04 18:02:44 +0000
commitc85bde0398d2a185e66a61cdabd26e5435bb4807 (patch)
tree3d9efc2d95fccc971f519d1d323a19a4621683cd /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parenta01a9128380dad45a28f4740a57136a058eb9d12 (diff)
parente013dd1a8b8f0df65b20c4de224effa1a7fcc61b (diff)
Merge SP1A.210604.001
Change-Id: I78feee65e602d45bb0e3e90536729623b0f3d4f5
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintTest.cpp')
-rw-r--r--security/keymint/aidl/vts/functional/KeyMintTest.cpp500
1 files changed, 170 insertions, 330 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index cd7d603a09..8b1eb30959 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -482,7 +482,6 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase {
void CheckBaseParams(const vector<KeyCharacteristics>& keyCharacteristics) {
AuthorizationSet auths = CheckCommonParams(keyCharacteristics);
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN));
- EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::VERIFY));
// Check that some unexpected tags/values are NOT present.
EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::ENCRYPT));
@@ -495,7 +494,6 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase {
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::DECRYPT));
EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN));
- EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::VERIFY));
}
AuthorizationSet CheckCommonParams(const vector<KeyCharacteristics>& keyCharacteristics) {
@@ -1986,6 +1984,50 @@ TEST_P(SigningOperationsTest, RsaSuccess) {
string message = "12345678901234567890123456789012";
string signature = SignMessage(
message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
+ LocalVerifyMessage(message, signature,
+ AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
+}
+
+/*
+ * SigningOperationsTest.RsaAllPaddingsAndDigests
+ *
+ * Verifies RSA signature/verification for all padding modes and digests.
+ */
+TEST_P(SigningOperationsTest, RsaAllPaddingsAndDigests) {
+ auto authorizations = AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaSigningKey(2048, 65537)
+ .Digest(ValidDigests(true /* withNone */, true /* withMD5 */))
+ .Padding(PaddingMode::NONE)
+ .Padding(PaddingMode::RSA_PSS)
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
+ .SetDefaultValidity();
+
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(authorizations));
+
+ string message(128, 'a');
+ string corrupt_message(message);
+ ++corrupt_message[corrupt_message.size() / 2];
+
+ for (auto padding :
+ {PaddingMode::NONE, PaddingMode::RSA_PSS, PaddingMode::RSA_PKCS1_1_5_SIGN}) {
+ for (auto digest : ValidDigests(true /* withNone */, true /* withMD5 */)) {
+ if (padding == PaddingMode::NONE && digest != Digest::NONE) {
+ // Digesting only makes sense with padding.
+ continue;
+ }
+
+ if (padding == PaddingMode::RSA_PSS && digest == Digest::NONE) {
+ // PSS requires digesting.
+ continue;
+ }
+
+ string signature =
+ SignMessage(message, AuthorizationSetBuilder().Digest(digest).Padding(padding));
+ LocalVerifyMessage(message, signature,
+ AuthorizationSetBuilder().Digest(digest).Padding(padding));
+ }
+ }
}
/*
@@ -2261,11 +2303,11 @@ TEST_P(SigningOperationsTest, RsaNonUniqueParams) {
.Padding(PaddingMode::NONE)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
- ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST,
- Begin(KeyPurpose::SIGN, AuthorizationSetBuilder()
- .Digest(Digest::NONE)
- .Digest(Digest::SHA1)
- .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
+ auto result = Begin(KeyPurpose::SIGN, AuthorizationSetBuilder()
+ .Digest(Digest::NONE)
+ .Digest(Digest::SHA1)
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN));
+ ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_DIGEST || result == ErrorCode::INVALID_ARGUMENT);
ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST,
Begin(KeyPurpose::SIGN,
@@ -2432,6 +2474,39 @@ TEST_P(SigningOperationsTest, EcdsaAllSizesAndHashes) {
}
/*
+ * SigningOperationsTest.EcdsaAllDigestsAndCurves
+ *
+ * Verifies ECDSA signature/verification for all digests and curves.
+ */
+TEST_P(SigningOperationsTest, EcdsaAllDigestsAndCurves) {
+ auto digests = ValidDigests(true /* withNone */, false /* withMD5 */);
+
+ string message = "1234567890";
+ string corrupt_message = "2234567890";
+ for (auto curve : ValidCurves()) {
+ SCOPED_TRACE(testing::Message() << "Curve::" << curve);
+ ErrorCode error = GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(curve)
+ .Digest(digests)
+ .SetDefaultValidity());
+ EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate key for EC curve " << curve;
+ if (error != ErrorCode::OK) {
+ continue;
+ }
+
+ for (auto digest : digests) {
+ SCOPED_TRACE(testing::Message() << "Digest::" << digest);
+ string signature = SignMessage(message, AuthorizationSetBuilder().Digest(digest));
+ LocalVerifyMessage(message, signature, AuthorizationSetBuilder().Digest(digest));
+ }
+
+ auto rc = DeleteKey();
+ ASSERT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
+ }
+}
+
+/*
* SigningOperationsTest.EcdsaAllCurves
*
* Verifies that ECDSA operations succeed with all possible curves.
@@ -2699,207 +2774,6 @@ INSTANTIATE_KEYMINT_AIDL_TEST(SigningOperationsTest);
typedef KeyMintAidlTestBase VerificationOperationsTest;
/*
- * VerificationOperationsTest.RsaSuccess
- *
- * Verifies that a simple RSA signature/verification sequence succeeds.
- */
-TEST_P(VerificationOperationsTest, RsaSuccess) {
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(2048, 65537)
- .Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)
- .SetDefaultValidity()));
- string message = "12345678901234567890123456789012";
- string signature = SignMessage(
- message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
- VerifyMessage(message, signature,
- AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
-}
-
-/*
- * VerificationOperationsTest.RsaAllPaddingsAndDigests
- *
- * Verifies RSA signature/verification for all padding modes and digests.
- */
-TEST_P(VerificationOperationsTest, RsaAllPaddingsAndDigests) {
- auto authorizations = AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(2048, 65537)
- .Digest(ValidDigests(true /* withNone */, true /* withMD5 */))
- .Padding(PaddingMode::NONE)
- .Padding(PaddingMode::RSA_PSS)
- .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
- .SetDefaultValidity();
-
- ASSERT_EQ(ErrorCode::OK, GenerateKey(authorizations));
-
- string message(128, 'a');
- string corrupt_message(message);
- ++corrupt_message[corrupt_message.size() / 2];
-
- for (auto padding :
- {PaddingMode::NONE, PaddingMode::RSA_PSS, PaddingMode::RSA_PKCS1_1_5_SIGN}) {
- for (auto digest : ValidDigests(true /* withNone */, true /* withMD5 */)) {
- if (padding == PaddingMode::NONE && digest != Digest::NONE) {
- // Digesting only makes sense with padding.
- continue;
- }
-
- if (padding == PaddingMode::RSA_PSS && digest == Digest::NONE) {
- // PSS requires digesting.
- continue;
- }
-
- string signature =
- SignMessage(message, AuthorizationSetBuilder().Digest(digest).Padding(padding));
- VerifyMessage(message, signature,
- AuthorizationSetBuilder().Digest(digest).Padding(padding));
-
- /* TODO(seleneh) add exportkey tests back later when we have decided on
- * the new api.
- if (digest != Digest::NONE) {
- // Verify with OpenSSL.
- vector<uint8_t> pubkey;
- ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &pubkey));
-
- const uint8_t* p = pubkey.data();
- EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr, &p, pubkey.size()));
- ASSERT_TRUE(pkey.get());
-
- EVP_MD_CTX digest_ctx;
- EVP_MD_CTX_init(&digest_ctx);
- EVP_PKEY_CTX* pkey_ctx;
- const EVP_MD* md = openssl_digest(digest);
- ASSERT_NE(md, nullptr);
- EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, md,
- nullptr, pkey.get()));
-
- switch (padding) {
- case PaddingMode::RSA_PSS:
- EXPECT_GT(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx,
- RSA_PKCS1_PSS_PADDING), 0); EXPECT_GT(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx,
- EVP_MD_size(md)), 0); break; case PaddingMode::RSA_PKCS1_1_5_SIGN:
- // PKCS1 is the default; don't need to set anything.
- break;
- default:
- FAIL();
- break;
- }
-
- EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(),
- message.size())); EXPECT_EQ(1, EVP_DigestVerifyFinal(&digest_ctx,
- reinterpret_cast<const
- uint8_t*>(signature.data()), signature.size())); EVP_MD_CTX_cleanup(&digest_ctx);
- }
- */
-
- // Corrupt signature shouldn't verify.
- string corrupt_signature(signature);
- ++corrupt_signature[corrupt_signature.size() / 2];
-
- EXPECT_EQ(ErrorCode::OK,
- Begin(KeyPurpose::VERIFY,
- AuthorizationSetBuilder().Digest(digest).Padding(padding)));
- string result;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(message, corrupt_signature, &result));
-
- // Corrupt message shouldn't verify
- EXPECT_EQ(ErrorCode::OK,
- Begin(KeyPurpose::VERIFY,
- AuthorizationSetBuilder().Digest(digest).Padding(padding)));
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(corrupt_message, signature, &result));
- }
- }
-}
-
-/*
- * VerificationOperationsTest.RsaAllDigestsAndCurves
- *
- * Verifies ECDSA signature/verification for all digests and curves.
- */
-TEST_P(VerificationOperationsTest, EcdsaAllDigestsAndCurves) {
- auto digests = ValidDigests(true /* withNone */, false /* withMD5 */);
-
- string message = "1234567890";
- string corrupt_message = "2234567890";
- for (auto curve : ValidCurves()) {
- ErrorCode error = GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .EcdsaSigningKey(curve)
- .Digest(digests)
- .SetDefaultValidity());
- EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate key for EC curve " << curve;
- if (error != ErrorCode::OK) {
- continue;
- }
-
- for (auto digest : digests) {
- string signature = SignMessage(message, AuthorizationSetBuilder().Digest(digest));
- VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(digest));
-
- /* TODO(seleneh) add exportkey tests back later when we have decided on
- * the new api.
-
- // Verify with OpenSSL
- if (digest != Digest::NONE) {
- vector<uint8_t> pubkey;
- ASSERT_EQ(ErrorCode::OK, ExportKey(KeyFormat::X509, &pubkey))
- << curve << ' ' << digest;
-
- const uint8_t* p = pubkey.data();
- EVP_PKEY_Ptr pkey(d2i_PUBKEY(nullptr, &p, pubkey.size()));
- ASSERT_TRUE(pkey.get());
-
- EVP_MD_CTX digest_ctx;
- EVP_MD_CTX_init(&digest_ctx);
- EVP_PKEY_CTX* pkey_ctx;
- const EVP_MD* md = openssl_digest(digest);
-
- EXPECT_EQ(1, EVP_DigestVerifyInit(&digest_ctx, &pkey_ctx, md,
- nullptr, pkey.get()))
- << curve << ' ' << digest;
-
- EXPECT_EQ(1, EVP_DigestVerifyUpdate(&digest_ctx, message.data(),
- message.size()))
- << curve << ' ' << digest;
-
- EXPECT_EQ(1,
- EVP_DigestVerifyFinal(&digest_ctx,
- reinterpret_cast<const
- uint8_t*>(signature.data()), signature.size()))
- << curve << ' ' << digest;
-
- EVP_MD_CTX_cleanup(&digest_ctx);
- }
- */
- // Corrupt signature shouldn't verify.
- string corrupt_signature(signature);
- ++corrupt_signature[corrupt_signature.size() / 2];
-
- EXPECT_EQ(ErrorCode::OK,
- Begin(KeyPurpose::VERIFY, AuthorizationSetBuilder().Digest(digest)))
- << curve << ' ' << digest;
-
- string result;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(message, corrupt_signature, &result))
- << curve << ' ' << digest;
-
- // Corrupt message shouldn't verify
- EXPECT_EQ(ErrorCode::OK,
- Begin(KeyPurpose::VERIFY, AuthorizationSetBuilder().Digest(digest)))
- << curve << ' ' << digest;
-
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(corrupt_message, signature, &result))
- << curve << ' ' << digest;
- }
-
- auto rc = DeleteKey();
- ASSERT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
- }
-}
-
-/*
* VerificationOperationsTest.HmacSigningKeyCannotVerify
*
* Verifies HMAC signing and verification, but that a signing key cannot be used to verify.
@@ -3016,7 +2890,7 @@ TEST_P(ImportKeyTest, RsaSuccess) {
string message(1024 / 8, 'a');
auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS);
string signature = SignMessage(message, params);
- VerifyMessage(message, signature, params);
+ LocalVerifyMessage(message, signature, params);
}
/*
@@ -3058,7 +2932,7 @@ TEST_P(ImportKeyTest, RsaSuccessWithoutParams) {
string message(1024 / 8, 'a');
auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS);
string signature = SignMessage(message, params);
- VerifyMessage(message, signature, params);
+ LocalVerifyMessage(message, signature, params);
}
/*
@@ -3116,7 +2990,7 @@ TEST_P(ImportKeyTest, EcdsaSuccess) {
string message(32, 'a');
auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
string signature = SignMessage(message, params);
- VerifyMessage(message, signature, params);
+ LocalVerifyMessage(message, signature, params);
}
/*
@@ -3143,7 +3017,7 @@ TEST_P(ImportKeyTest, EcdsaP256RFC5915Success) {
string message(32, 'a');
auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
string signature = SignMessage(message, params);
- VerifyMessage(message, signature, params);
+ LocalVerifyMessage(message, signature, params);
}
/*
@@ -3169,7 +3043,7 @@ TEST_P(ImportKeyTest, EcdsaP256SEC1Success) {
string message(32, 'a');
auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
string signature = SignMessage(message, params);
- VerifyMessage(message, signature, params);
+ LocalVerifyMessage(message, signature, params);
}
/*
@@ -3195,7 +3069,7 @@ TEST_P(ImportKeyTest, Ecdsa521Success) {
string message(32, 'a');
auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
string signature = SignMessage(message, params);
- VerifyMessage(message, signature, params);
+ LocalVerifyMessage(message, signature, params);
}
/*
@@ -3329,7 +3203,7 @@ TEST_P(ImportKeyTest, TripleDesSuccess) {
*/
TEST_P(ImportKeyTest, TripleDesFailure) {
string key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
- uint32_t bitlen = key.size() * 8;
+ uint32_t bitlen = key.size() * 7;
for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
// Explicit key size doesn't match that of the provided key.
auto result = ImportKey(AuthorizationSetBuilder()
@@ -3343,19 +3217,19 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
<< "unexpected result: " << result;
}
// Explicit key size matches that of the provided key, but it's not a valid size.
- string long_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+ string long_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f735800");
ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .TripleDesEncryptionKey(long_key.size() * 8)
+ .TripleDesEncryptionKey(long_key.size() * 7)
.EcbMode()
.Padding(PaddingMode::PKCS7),
KeyFormat::RAW, long_key));
- string short_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+ string short_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f73");
ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .TripleDesEncryptionKey(short_key.size() * 8)
+ .TripleDesEncryptionKey(short_key.size() * 7)
.EcbMode()
.Padding(PaddingMode::PKCS7),
KeyFormat::RAW, short_key));
@@ -3753,7 +3627,7 @@ typedef KeyMintAidlTestBase EncryptionOperationsTest;
/*
* EncryptionOperationsTest.RsaNoPaddingSuccess
*
- * Verifies that raw RSA encryption works.
+ * Verifies that raw RSA decryption works.
*/
TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
for (uint64_t exponent : {3, 65537}) {
@@ -3765,10 +3639,10 @@ TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
string message = string(2048 / 8, 'a');
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
- string ciphertext1 = EncryptMessage(message, params);
+ string ciphertext1 = LocalRsaEncryptMessage(message, params);
EXPECT_EQ(2048U / 8, ciphertext1.size());
- string ciphertext2 = EncryptMessage(message, params);
+ string ciphertext2 = LocalRsaEncryptMessage(message, params);
EXPECT_EQ(2048U / 8, ciphertext2.size());
// Unpadded RSA is deterministic
@@ -3781,7 +3655,7 @@ TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
/*
* EncryptionOperationsTest.RsaNoPaddingShortMessage
*
- * Verifies that raw RSA encryption of short messages works.
+ * Verifies that raw RSA decryption of short messages works.
*/
TEST_P(EncryptionOperationsTest, RsaNoPaddingShortMessage) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
@@ -3793,76 +3667,47 @@ TEST_P(EncryptionOperationsTest, RsaNoPaddingShortMessage) {
string message = "1";
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
- string ciphertext = EncryptMessage(message, params);
+ string ciphertext = LocalRsaEncryptMessage(message, params);
EXPECT_EQ(2048U / 8, ciphertext.size());
string expected_plaintext = string(2048U / 8 - 1, 0) + message;
string plaintext = DecryptMessage(ciphertext, params);
EXPECT_EQ(expected_plaintext, plaintext);
-
- // Degenerate case, encrypting a numeric 1 yields 0x00..01 as the ciphertext.
- message = static_cast<char>(1);
- ciphertext = EncryptMessage(message, params);
- EXPECT_EQ(2048U / 8, ciphertext.size());
- EXPECT_EQ(ciphertext, string(2048U / 8 - 1, 0) + message);
}
/*
- * EncryptionOperationsTest.RsaNoPaddingTooLong
- *
- * Verifies that raw RSA encryption of too-long messages fails in the expected way.
- */
-TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) {
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::NONE)
- .SetDefaultValidity()));
-
- string message(2048 / 8 + 1, 'a');
-
- auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
-
- string result;
- EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &result));
-}
-
-/*
- * EncryptionOperationsTest.RsaNoPaddingTooLarge
- *
- * Verifies that raw RSA encryption of too-large (numerically) messages fails in the expected
- * way.
- */
-// TODO(seleneh) add RsaNoPaddingTooLarge test back after decided and implemented new
-// version of ExportKey inside generateKey
-
-/*
* EncryptionOperationsTest.RsaOaepSuccess
*
- * Verifies that RSA-OAEP encryption operations work, with all digests.
+ * Verifies that RSA-OAEP decryption operations work, with all digests.
*/
TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
auto digests = ValidDigests(false /* withNone */, true /* withMD5 */);
size_t key_size = 2048; // Need largish key for SHA-512 test.
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(key_size, 65537)
- .Padding(PaddingMode::RSA_OAEP)
- .Digest(digests)
- .SetDefaultValidity()));
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaEncryptionKey(key_size, 65537)
+ .Padding(PaddingMode::RSA_OAEP)
+ .Digest(digests)
+ .Authorization(TAG_RSA_OAEP_MGF_DIGEST, Digest::SHA1)
+ .SetDefaultValidity()));
string message = "Hello";
for (auto digest : digests) {
- auto params = AuthorizationSetBuilder().Digest(digest).Padding(PaddingMode::RSA_OAEP);
- string ciphertext1 = EncryptMessage(message, params);
+ SCOPED_TRACE(testing::Message() << "digest-" << digest);
+
+ auto params = AuthorizationSetBuilder()
+ .Digest(digest)
+ .Padding(PaddingMode::RSA_OAEP)
+ .Authorization(TAG_RSA_OAEP_MGF_DIGEST, Digest::SHA1);
+ string ciphertext1 = LocalRsaEncryptMessage(message, params);
if (HasNonfatalFailure()) std::cout << "-->" << digest << std::endl;
EXPECT_EQ(key_size / 8, ciphertext1.size());
- string ciphertext2 = EncryptMessage(message, params);
+ string ciphertext2 = LocalRsaEncryptMessage(message, params);
EXPECT_EQ(key_size / 8, ciphertext2.size());
// OAEP randomizes padding so every result should be different (with astronomically high
@@ -3892,7 +3737,7 @@ TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
/*
* EncryptionOperationsTest.RsaOaepInvalidDigest
*
- * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to operate
+ * Verifies that RSA-OAEP decryption operations fail in the correct way when asked to operate
* without a digest.
*/
TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
@@ -3904,13 +3749,13 @@ TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) {
.SetDefaultValidity()));
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::NONE);
- EXPECT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, Begin(KeyPurpose::ENCRYPT, params));
+ EXPECT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, Begin(KeyPurpose::DECRYPT, params));
}
/*
* EncryptionOperationsTest.RsaOaepInvalidPadding
*
- * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to operate
+ * Verifies that RSA-OAEP decryption operations fail in the correct way when asked to operate
* with a padding value that is only suitable for signing/verifying.
*/
TEST_P(EncryptionOperationsTest, RsaOaepInvalidPadding) {
@@ -3922,13 +3767,13 @@ TEST_P(EncryptionOperationsTest, RsaOaepInvalidPadding) {
.SetDefaultValidity()));
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PSS).Digest(Digest::NONE);
- EXPECT_EQ(ErrorCode::UNSUPPORTED_PADDING_MODE, Begin(KeyPurpose::ENCRYPT, params));
+ EXPECT_EQ(ErrorCode::UNSUPPORTED_PADDING_MODE, Begin(KeyPurpose::DECRYPT, params));
}
/*
* EncryptionOperationsTest.RsaOaepDecryptWithWrongDigest
*
- * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to decrypt
+ * Verifies that RSA-OAEP decryption operations fail in the correct way when asked to decrypt
* with a different digest than was used to encrypt.
*/
TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
@@ -3941,7 +3786,7 @@ TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
.Digest(Digest::SHA_2_224, Digest::SHA_2_256)
.SetDefaultValidity()));
string message = "Hello World!";
- string ciphertext = EncryptMessage(
+ string ciphertext = LocalRsaEncryptMessage(
message,
AuthorizationSetBuilder().Digest(Digest::SHA_2_224).Padding(PaddingMode::RSA_OAEP));
@@ -3954,34 +3799,9 @@ TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
}
/*
- * EncryptionOperationsTest.RsaOaepTooLarge
- *
- * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to encrypt a
- * too-large message.
- */
-TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) {
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::SHA_2_256)
- .SetDefaultValidity()));
- constexpr size_t digest_size = 256 /* SHA_2_256 */ / 8;
- constexpr size_t oaep_overhead = 2 * digest_size + 2;
- string message(2048 / 8 - oaep_overhead + 1, 'a');
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, AuthorizationSetBuilder()
- .Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::SHA_2_256)));
- string result;
- ErrorCode error = Finish(message, &result);
- EXPECT_TRUE(error == ErrorCode::INVALID_INPUT_LENGTH || error == ErrorCode::INVALID_ARGUMENT);
- EXPECT_EQ(0U, result.size());
-}
-
-/*
* EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess
*
- * Verifies that RSA-OAEP encryption operations work, with all SHA 256 digests and all type of MGF1
+ * Verifies that RSA-OAEP decryption operations work, with all SHA 256 digests and all type of MGF1
* digests.
*/
TEST_P(EncryptionOperationsTest, RsaOaepWithMGFDigestSuccess) {
@@ -4003,11 +3823,11 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFDigestSuccess) {
.Authorization(TAG_RSA_OAEP_MGF_DIGEST, digest)
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_OAEP);
- string ciphertext1 = EncryptMessage(message, params);
+ string ciphertext1 = LocalRsaEncryptMessage(message, params);
if (HasNonfatalFailure()) std::cout << "-->" << digest << std::endl;
EXPECT_EQ(key_size / 8, ciphertext1.size());
- string ciphertext2 = EncryptMessage(message, params);
+ string ciphertext2 = LocalRsaEncryptMessage(message, params);
EXPECT_EQ(key_size / 8, ciphertext2.size());
// OAEP randomizes padding so every result should be different (with astronomically high
@@ -4037,7 +3857,7 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFDigestSuccess) {
/*
* EncryptionOperationsTest.RsaOaepWithMGFIncompatibleDigest
*
- * Verifies that RSA-OAEP encryption operations fail in the correct way when asked to operate
+ * Verifies that RSA-OAEP decryption operations fail in the correct way when asked to operate
* with incompatible MGF digest.
*/
TEST_P(EncryptionOperationsTest, RsaOaepWithMGFIncompatibleDigest) {
@@ -4055,7 +3875,7 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFIncompatibleDigest) {
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::SHA_2_256)
.Authorization(TAG_RSA_OAEP_MGF_DIGEST, Digest::SHA_2_224);
- EXPECT_EQ(ErrorCode::INCOMPATIBLE_MGF_DIGEST, Begin(KeyPurpose::ENCRYPT, params));
+ EXPECT_EQ(ErrorCode::INCOMPATIBLE_MGF_DIGEST, Begin(KeyPurpose::DECRYPT, params));
}
/*
@@ -4079,7 +3899,7 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFUnsupportedDigest) {
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::SHA_2_256)
.Authorization(TAG_RSA_OAEP_MGF_DIGEST, Digest::NONE);
- EXPECT_EQ(ErrorCode::UNSUPPORTED_MGF_DIGEST, Begin(KeyPurpose::ENCRYPT, params));
+ EXPECT_EQ(ErrorCode::UNSUPPORTED_MGF_DIGEST, Begin(KeyPurpose::DECRYPT, params));
}
/*
@@ -4096,10 +3916,10 @@ TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
string message = "Hello World!";
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT);
- string ciphertext1 = EncryptMessage(message, params);
+ string ciphertext1 = LocalRsaEncryptMessage(message, params);
EXPECT_EQ(2048U / 8, ciphertext1.size());
- string ciphertext2 = EncryptMessage(message, params);
+ string ciphertext2 = LocalRsaEncryptMessage(message, params);
EXPECT_EQ(2048U / 8, ciphertext2.size());
// PKCS1 v1.5 randomizes padding so every result should be different.
@@ -4123,27 +3943,6 @@ TEST_P(EncryptionOperationsTest, RsaPkcs1Success) {
}
/*
- * EncryptionOperationsTest.RsaPkcs1TooLarge
- *
- * Verifies that RSA PKCS encryption fails in the correct way when the message is too large.
- */
-TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) {
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)
- .SetDefaultValidity()));
- string message(2048 / 8 - 10, 'a');
-
- auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT);
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
- string result;
- ErrorCode error = Finish(message, &result);
- EXPECT_TRUE(error == ErrorCode::INVALID_INPUT_LENGTH || error == ErrorCode::INVALID_ARGUMENT);
- EXPECT_EQ(0U, result.size());
-}
-
-/*
* EncryptionOperationsTest.EcdsaEncrypt
*
* Verifies that attempting to use ECDSA keys to encrypt fails in the correct way.
@@ -6521,7 +6320,13 @@ INSTANTIATE_KEYMINT_AIDL_TEST(DestroyAttestationIdsTest);
using EarlyBootKeyTest = KeyMintAidlTestBase;
+/*
+ * EarlyBootKeyTest.CreateEarlyBootKeys
+ *
+ * Verifies that creating early boot keys succeeds, even at a later stage (after boot).
+ */
TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) {
+ // Early boot keys can be created after early boot.
auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] =
CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK);
@@ -6531,6 +6336,41 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) {
CheckedDeleteKey(&ecdsaKeyData.blob);
}
+/*
+ * EarlyBootKeyTest.UsetEarlyBootKeyFailure
+ *
+ * Verifies that using early boot keys at a later stage fails.
+ */
+TEST_P(EarlyBootKeyTest, UseEarlyBootKeyFailure) {
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .Authorization(TAG_EARLY_BOOT_ONLY)
+ .HmacKey(128)
+ .Digest(Digest::SHA_2_256)
+ .Authorization(TAG_MIN_MAC_LENGTH, 256)));
+ AuthorizationSet output_params;
+ EXPECT_EQ(ErrorCode::EARLY_BOOT_ENDED, Begin(KeyPurpose::SIGN, key_blob_,
+ AuthorizationSetBuilder()
+ .Digest(Digest::SHA_2_256)
+ .Authorization(TAG_MAC_LENGTH, 256),
+ &output_params));
+}
+
+/*
+ * EarlyBootKeyTest.ImportEarlyBootKeyFailure
+ *
+ * Verifies that importing early boot keys fails.
+ */
+TEST_P(EarlyBootKeyTest, ImportEarlyBootKeyFailure) {
+ ASSERT_EQ(ErrorCode::EARLY_BOOT_ENDED, ImportKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .Authorization(TAG_EARLY_BOOT_ONLY)
+ .EcdsaSigningKey(256)
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity(),
+ KeyFormat::PKCS8, ec_256_key));
+}
+
// This is a more comprehensive test, but it can only be run on a machine which is still in early
// boot stage, which no proper Android device is by the time we can run VTS. To use this,
// un-disable it and modify vold to remove the call to earlyBootEnded(). Running the test will end
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 15:24:26 +0000