From 3f127ca4d117a9dc94e208f9d69f07bb73b776f2 Mon Sep 17 00:00:00 2001 From: Baranidharan Muthukumaran Date: Fri, 24 Aug 2018 13:31:35 -0700 Subject: [PATCH] Fix KM VTS tests for Strongbox implementations Modify RSA keysize used in various tests to ensure both TEE and Strongbox implementations can be validated. Skip invalid keysizes that Strongbox does not support. Test: Patches the strongbox tests Bug: 112189538 Bug: 119172331 Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9 Signed-off-by: Max Bires (cherry picked from commit 88a376b0a0c2f3bfc434e9890c02c189b6d235b0) --- .../4.0/vts/functional/KeymasterHidlTest.cpp | 2 + .../functional/keymaster_hidl_hal_test.cpp | 94 ++++++++++--------- 2 files changed, 51 insertions(+), 45 deletions(-) diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp index c89abd90a3..6ed61daa5e 100644 --- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp +++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp @@ -651,6 +651,8 @@ std::vector KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) { return {3072, 4096}; case Algorithm::EC: return {224, 384, 521}; + case Algorithm::AES: + return {192}; default: return {}; } diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp index 3919a69dbf..89bcca6a33 100644 --- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp @@ -773,7 +773,7 @@ TEST_F(SigningOperationsTest, NoUserConfirmation) { */ TEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::SHA_2_256) .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); @@ -790,7 +790,7 @@ TEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) { */ TEST_F(SigningOperationsTest, RsaPkcs1NoDigestSuccess) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); @@ -808,11 +808,11 @@ TEST_F(SigningOperationsTest, RsaPkcs1NoDigestSuccess) { */ TEST_F(SigningOperationsTest, RsaPkcs1NoDigestTooLong) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); - string message(129, 'a'); + string message(257, 'a'); EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() @@ -855,12 +855,12 @@ TEST_F(SigningOperationsTest, RsaPssSha512TooSmallKey) { */ TEST_F(SigningOperationsTest, RsaNoPaddingTooLong) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); // One byte too long - string message(1024 / 8 + 1, 'a'); + string message(2048 / 8 + 1, 'a'); ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() .Digest(Digest::NONE) @@ -889,7 +889,7 @@ TEST_F(SigningOperationsTest, RsaNoPaddingTooLong) { */ TEST_F(SigningOperationsTest, RsaAbort) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); @@ -914,7 +914,7 @@ TEST_F(SigningOperationsTest, RsaAbort) { */ TEST_F(SigningOperationsTest, RsaUnsupportedPadding) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) .Digest(Digest::SHA_2_256 /* supported digest */) .Padding(PaddingMode::PKCS7))); @@ -931,7 +931,7 @@ TEST_F(SigningOperationsTest, RsaUnsupportedPadding) { */ TEST_F(SigningOperationsTest, RsaNoDigest) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) .Digest(Digest::NONE) .Padding(PaddingMode::RSA_PSS))); @@ -952,7 +952,7 @@ TEST_F(SigningOperationsTest, RsaNoDigest) { TEST_F(SigningOperationsTest, RsaNoPadding) { // Padding must be specified ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaKey(1024, 65537) + .RsaKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) .SigningKey() .Digest(Digest::NONE))); @@ -968,12 +968,12 @@ TEST_F(SigningOperationsTest, RsaNoPadding) { TEST_F(SigningOperationsTest, RsaTooShortMessage) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE))); // Barely shorter - string message(1024 / 8 - 1, 'a'); + string message(2048 / 8 - 1, 'a'); SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); // Much shorter @@ -989,7 +989,7 @@ TEST_F(SigningOperationsTest, RsaTooShortMessage) { TEST_F(SigningOperationsTest, RsaSignWithEncryptionKey) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE))); ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, @@ -1006,12 +1006,12 @@ TEST_F(SigningOperationsTest, RsaSignWithEncryptionKey) { TEST_F(SigningOperationsTest, RsaSignTooLargeMessage) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE))); // Largest possible message will always be larger than the public modulus. - string message(1024 / 8, static_cast(0xff)); + string message(2048 / 8, static_cast(0xff)); ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .Digest(Digest::NONE) @@ -1328,7 +1328,7 @@ typedef KeymasterHidlTest VerificationOperationsTest; TEST_F(VerificationOperationsTest, RsaSuccess) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE))); string message = "12345678901234567890123456789012"; @@ -1567,7 +1567,7 @@ typedef KeymasterHidlTest ExportKeyTest; */ TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE))); HidlBuf export_data; @@ -1583,7 +1583,7 @@ TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) { TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE))); for (size_t i = 0; i < key_blob_.size(); ++i) { @@ -1975,16 +1975,16 @@ typedef KeymasterHidlTest EncryptionOperationsTest; TEST_F(EncryptionOperationsTest, RsaNoPaddingSuccess) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::NONE))); - string message = string(1024 / 8, 'a'); + string message = string(2048 / 8, 'a'); auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); string ciphertext1 = EncryptMessage(message, params); - EXPECT_EQ(1024U / 8, ciphertext1.size()); + EXPECT_EQ(2048U / 8, ciphertext1.size()); string ciphertext2 = EncryptMessage(message, params); - EXPECT_EQ(1024U / 8, ciphertext2.size()); + EXPECT_EQ(2048U / 8, ciphertext2.size()); // Unpadded RSA is deterministic EXPECT_EQ(ciphertext1, ciphertext2); @@ -1998,16 +1998,16 @@ TEST_F(EncryptionOperationsTest, RsaNoPaddingSuccess) { TEST_F(EncryptionOperationsTest, RsaNoPaddingShortMessage) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::NONE))); string message = "1"; auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); string ciphertext = EncryptMessage(message, params); - EXPECT_EQ(1024U / 8, ciphertext.size()); + EXPECT_EQ(2048U / 8, ciphertext.size()); - string expected_plaintext = string(1024 / 8 - 1, 0) + message; + string expected_plaintext = string(2048U / 8 - 1, 0) + message; string plaintext = DecryptMessage(ciphertext, params); EXPECT_EQ(expected_plaintext, plaintext); @@ -2015,8 +2015,8 @@ TEST_F(EncryptionOperationsTest, RsaNoPaddingShortMessage) { // Degenerate case, encrypting a numeric 1 yields 0x00..01 as the ciphertext. message = static_cast(1); ciphertext = EncryptMessage(message, params); - EXPECT_EQ(1024U / 8, ciphertext.size()); - EXPECT_EQ(ciphertext, string(1024 / 8 - 1, 0) + message); + EXPECT_EQ(2048U / 8, ciphertext.size()); + EXPECT_EQ(ciphertext, string(2048U / 8 - 1, 0) + message); } /* @@ -2027,10 +2027,10 @@ TEST_F(EncryptionOperationsTest, RsaNoPaddingShortMessage) { TEST_F(EncryptionOperationsTest, RsaNoPaddingTooLong) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::NONE))); - string message(1024 / 8 + 1, 'a'); + string message(2048 / 8 + 1, 'a'); auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); @@ -2047,7 +2047,7 @@ TEST_F(EncryptionOperationsTest, RsaNoPaddingTooLong) { TEST_F(EncryptionOperationsTest, RsaNoPaddingTooLarge) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::NONE))); HidlBuf exported; @@ -2058,7 +2058,7 @@ TEST_F(EncryptionOperationsTest, RsaNoPaddingTooLarge) { RSA_Ptr rsa(EVP_PKEY_get1_RSA(pkey.get())); size_t modulus_len = BN_num_bytes(rsa->n); - ASSERT_EQ(1024U / 8, modulus_len); + ASSERT_EQ(2048U / 8, modulus_len); std::unique_ptr modulus_buf(new uint8_t[modulus_len]); BN_bn2bin(rsa->n, modulus_buf.get()); @@ -2074,7 +2074,7 @@ TEST_F(EncryptionOperationsTest, RsaNoPaddingTooLarge) { // One smaller than the modulus is okay. BN_sub(rsa->n, rsa->n, BN_value_one()); modulus_len = BN_num_bytes(rsa->n); - ASSERT_EQ(1024U / 8, modulus_len); + ASSERT_EQ(2048U / 8, modulus_len); BN_bn2bin(rsa->n, modulus_buf.get()); message = string(reinterpret_cast(modulus_buf.get()), modulus_len); EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); @@ -2140,7 +2140,7 @@ TEST_F(EncryptionOperationsTest, RsaOaepSuccess) { TEST_F(EncryptionOperationsTest, RsaOaepInvalidDigest) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_OAEP) .Digest(Digest::NONE))); string message = "Hello World!"; @@ -2186,12 +2186,12 @@ TEST_F(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) { TEST_F(EncryptionOperationsTest, RsaOaepTooLarge) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_OAEP) .Digest(Digest::SHA_2_256))); constexpr size_t digest_size = 256 /* SHA_2_256 */ / 8; constexpr size_t oaep_overhead = 2 * digest_size + 2; - string message(1024 / 8 - oaep_overhead + 1, 'a'); + string message(2048 / 8 - oaep_overhead + 1, 'a'); EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::SHA_2_256))); @@ -2208,16 +2208,16 @@ TEST_F(EncryptionOperationsTest, RsaOaepTooLarge) { TEST_F(EncryptionOperationsTest, RsaPkcs1Success) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); string message = "Hello World!"; auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); string ciphertext1 = EncryptMessage(message, params); - EXPECT_EQ(1024U / 8, ciphertext1.size()); + EXPECT_EQ(2048U / 8, ciphertext1.size()); string ciphertext2 = EncryptMessage(message, params); - EXPECT_EQ(1024U / 8, ciphertext2.size()); + EXPECT_EQ(2048U / 8, ciphertext2.size()); // PKCS1 v1.5 randomizes padding so every result should be different. EXPECT_NE(ciphertext1, ciphertext2); @@ -2247,9 +2247,9 @@ TEST_F(EncryptionOperationsTest, RsaPkcs1Success) { TEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaEncryptionKey(1024, 65537) + .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); - string message(1024 / 8 - 10, 'a'); + string message(2048 / 8 - 10, 'a'); auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params)); @@ -2632,9 +2632,13 @@ static const AesCtrSp80038aTestVector kAesCtrSp80038aTestVectors[] = { * Verifies AES CTR implementation against SP800-38A test vectors. */ TEST_F(EncryptionOperationsTest, AesCtrSp80038aTestVector) { + std::vector InvalidSizes = InvalidKeySizes(Algorithm::AES); for (size_t i = 0; i < 3; i++) { const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]); const string key = hex2str(test.key); + if (std::find(InvalidSizes.begin(), InvalidSizes.end(), (key.size() * 8)) != + InvalidSizes.end()) + continue; const string nonce = hex2str(test.nonce); const string plaintext = hex2str(test.plaintext); const string ciphertext = hex2str(test.ciphertext); @@ -3827,7 +3831,7 @@ typedef KeymasterHidlTest AttestationTest; TEST_F(AttestationTest, RsaAttestation) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_INCLUDE_UNIQUE_ID))); @@ -3854,7 +3858,7 @@ TEST_F(AttestationTest, RsaAttestation) { TEST_F(AttestationTest, RsaAttestationRequiresAppId) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_INCLUDE_UNIQUE_ID))); @@ -3965,7 +3969,7 @@ typedef KeymasterHidlTest KeyDeletionTest; */ TEST_F(KeyDeletionTest, DeleteKey) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_NO_AUTH_REQUIRED))); @@ -4009,7 +4013,7 @@ TEST_F(KeyDeletionTest, DeleteKey) { TEST_F(KeyDeletionTest, DeleteInvalidKey) { // Generate key just to check if rollback protection is implemented ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_NO_AUTH_REQUIRED))); @@ -4048,7 +4052,7 @@ TEST_F(KeyDeletionTest, DeleteInvalidKey) { TEST_F(KeyDeletionTest, DeleteAllKeys) { if (!arm_deleteAllKeys) return; ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) + .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_NO_AUTH_REQUIRED)));