diff options
author | Shawn Willden <swillden@google.com> | 2015-06-22 05:25:59 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2015-06-22 15:34:23 -0600 |
commit | d530305019e1ccc1e30a4f8edeb88db3d126e235 (patch) | |
tree | cdd74425a31da12f69c32ca9b3eb6882a134d2d0 /android_keymaster_test.cpp | |
parent | 0f906ec40f6ade7955c6b967ea522aade54ea2e4 (diff) | |
download | keymaster-d530305019e1ccc1e30a4f8edeb88db3d126e235.tar.gz |
Validate input sizes for RSA and ECDSA signing/verification ops.
Bug: 21955742
Change-Id: I4385a6539229b174facd5f04ce0391e2e8c3608d
Diffstat (limited to 'android_keymaster_test.cpp')
-rw-r--r-- | android_keymaster_test.cpp | 87 |
1 files changed, 77 insertions, 10 deletions
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp index 542d430..2005e46 100644 --- a/android_keymaster_test.cpp +++ b/android_keymaster_test.cpp @@ -485,6 +485,40 @@ TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) { EXPECT_EQ(3, GetParam()->keymaster0_calls()); } +TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) { + ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(512, 3) + .Digest(KM_DIGEST_NONE) + .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); + string message(53, 'a'); + string signature; + SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_RSA_PKCS1_1_5_SIGN); + + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) + EXPECT_EQ(3, GetParam()->keymaster0_calls()); +} + +TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLarge) { + ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(512, 3) + .Digest(KM_DIGEST_NONE) + .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); + string message(54, 'a'); + + AuthorizationSet begin_params(client_params()); + begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); + begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); + EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); + string result; + size_t input_consumed; + EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); + string signature; + EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature)); + + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) + EXPECT_EQ(2, GetParam()->keymaster0_calls()); +} + TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) { // Key must be at least 10 bytes larger than hash, to provide eight bytes of random salt, so // verify that nine bytes larger than hash won't work. @@ -501,6 +535,25 @@ TEST_P(SigningOperationsTest, RsaPssSha256TooSmallKey) { EXPECT_EQ(KM_ERROR_INCOMPATIBLE_DIGEST, BeginOperation(KM_PURPOSE_SIGN, begin_params)); } +TEST_P(SigningOperationsTest, RsaNoPaddingHugeData) { + ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(256, 3) + .Digest(KM_DIGEST_NONE) + .Padding(KM_PAD_RSA_PKCS1_1_5_SIGN))); + string message(64 * 1024, 'a'); + string signature; + AuthorizationSet begin_params(client_params()); + begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); + begin_params.push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); + ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); + string result; + size_t input_consumed; + EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed)); + + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) + EXPECT_EQ(2, GetParam()->keymaster0_calls()); +} + TEST_P(SigningOperationsTest, RsaAbort) { ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(256, 3) @@ -587,7 +640,7 @@ TEST_P(SigningOperationsTest, RsaTooShortMessage) { EXPECT_EQ(31U, input_consumed); string signature; - ASSERT_EQ(KM_ERROR_UNKNOWN_ERROR, FinishOperation(&signature)); + ASSERT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&signature)); EXPECT_EQ(0U, signature.length()); if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) @@ -608,7 +661,7 @@ TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) { TEST_P(SigningOperationsTest, EcdsaSuccess) { ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE))); - string message(1024, 'a'); + string message(224 / 8, 'a'); string signature; SignMessage(message, &signature, KM_DIGEST_NONE); @@ -627,6 +680,22 @@ TEST_P(SigningOperationsTest, EcdsaSha256Success) { EXPECT_EQ(3, GetParam()->keymaster0_calls()); } +TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) { + ASSERT_EQ(KM_ERROR_OK, + GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(KM_DIGEST_NONE))); + string message(64 * 1024, 'a'); + string signature; + AuthorizationSet begin_params(client_params()); + begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE); + ASSERT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params)); + string result; + size_t input_consumed; + EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed)); + + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) + EXPECT_EQ(2, GetParam()->keymaster0_calls()); +} + TEST_P(SigningOperationsTest, AesEcbSign) { ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization( @@ -1227,7 +1296,7 @@ TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) { TEST_P(VerificationOperationsTest, EcdsaSuccess) { ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE))); - string message = "123456789012345678901234567890123456789012345678"; + string message = "12345678901234567890123456789012"; string signature; SignMessage(message, &signature, KM_DIGEST_NONE); VerifyMessage(message, signature, KM_DIGEST_NONE); @@ -1241,7 +1310,7 @@ TEST_P(VerificationOperationsTest, EcdsaSha256Success) { .EcdsaSigningKey(256) .Digest(KM_DIGEST_SHA_2_256) .Digest(KM_DIGEST_NONE))); - string message = "123456789012345678901234567890123456789012345678"; + string message = "12345678901234567890123456789012"; string signature; SignMessage(message, &signature, KM_DIGEST_SHA_2_256); VerifyMessage(message, signature, KM_DIGEST_SHA_2_256); @@ -1496,7 +1565,7 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); - string message(1024 / 8, 'a'); + string message(32, 'a'); string signature; SignMessage(message, &signature, KM_DIGEST_NONE); VerifyMessage(message, signature, KM_DIGEST_NONE); @@ -1525,7 +1594,7 @@ TEST_P(ImportKeyTest, EcdsaSizeSpecified) { EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); - string message(1024 / 8, 'a'); + string message(32, 'a'); string signature; SignMessage(message, &signature, KM_DIGEST_NONE); VerifyMessage(message, signature, KM_DIGEST_NONE); @@ -1638,9 +1707,7 @@ TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) { string result; size_t input_consumed; - EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed)); - EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, FinishOperation(&result)); - EXPECT_EQ(0U, result.size()); + EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &result, &input_consumed)); if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) EXPECT_EQ(2, GetParam()->keymaster0_calls()); @@ -2666,7 +2733,7 @@ TEST_P(Keymaster0AdapterTest, OldSoftwareKeymaster1EcdsaBlob) { memcpy(key_data, km1_sw.data(), km1_sw.length()); set_key_blob(key_data, km1_sw.length()); - string message(64, 'a'); + string message(32, static_cast<char>(0xFF)); string signature; SignMessage(message, &signature, KM_DIGEST_NONE, KM_PAD_NONE); |