diff options
| author | David Drysdale <drysdale@google.com> | 2021-04-15 13:29:45 +0100 |
|---|---|---|
| committer | David Drysdale <drysdale@google.com> | 2021-04-30 19:15:39 +0100 |
| commit | d2cc8c2c5ed28edcba795cf1c6cdee7675481e18 (patch) | |
| tree | a9d1a83134cad577cb6a51d33e7b4718cf72174b /security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | |
| parent | b5ee70f12558a7d4c25b35757647d0cd740526d8 (diff) | |
More KeyMint VTS testcases
Tests for:
- non-prime RSA exponent (fails with CF KeyMint)
- RSA exponent value of 3
- key size > 512 for `STRONGBOX`
- unknown tag inclusion
- CBC input size not block size multiple
- challenge omitted for attestation (fails with CF KeyMint)
- import RSA key with implicit params
- vestigial upgradeKey test
- importWrappedKey errors
- importWrappedKey sids ignored
- duplicate/missing params on begin()
- more tests for incompatible params on begin()
- HMAC size not multiple of 8 (fails with CF KeyMint)
- wrong size caller IV for 3DES rejected
- too large MIN_MAC_LENGTH for HMAC
- invalid AES-GCM minimum MAC length values
- check failed updateAad() cancels operation
- check that auto-generated nonces are distinct
- (DISABLED_) invoke destroyAttestationIds()
- omitting optional RSA keygen tags
Also add commenting to illustrate the ASN.1 structure of hex data.
Test: VtsKeyMintAidlTargetTest
Change-Id: I4663c42671cbb094ffe8d603e0352ffa9f1dbf2e
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index f0dfff11a0..47892042e7 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -167,6 +167,7 @@ void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyM securityLevel_ = info.securityLevel; name_.assign(info.keyMintName.begin(), info.keyMintName.end()); author_.assign(info.keyMintAuthorName.begin(), info.keyMintAuthorName.end()); + timestamp_token_required_ = info.timestampTokenRequired; os_version_ = getOsVersion(); os_patch_level_ = getOsPatchlevel(); @@ -273,7 +274,8 @@ ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFo ErrorCode KeyMintAidlTestBase::ImportWrappedKey(string wrapped_key, string wrapping_key, const AuthorizationSet& wrapping_key_desc, string masking_key, - const AuthorizationSet& unwrapping_params) { + const AuthorizationSet& unwrapping_params, + int64_t password_sid, int64_t biometric_sid) { EXPECT_EQ(ErrorCode::OK, ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key)); key_characteristics_.clear(); @@ -282,8 +284,7 @@ ErrorCode KeyMintAidlTestBase::ImportWrappedKey(string wrapped_key, string wrapp Status result = keymint_->importWrappedKey( vector<uint8_t>(wrapped_key.begin(), wrapped_key.end()), key_blob_, vector<uint8_t>(masking_key.begin(), masking_key.end()), - unwrapping_params.vector_data(), 0 /* passwordSid */, 0 /* biometricSid */, - &creationResult); + unwrapping_params.vector_data(), password_sid, biometric_sid, &creationResult); if (result.isOk()) { EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(), @@ -332,6 +333,11 @@ ErrorCode KeyMintAidlTestBase::DeleteAllKeys() { return GetReturnErrorCode(result); } +ErrorCode KeyMintAidlTestBase::DestroyAttestationIds() { + Status result = keymint_->destroyAttestationIds(); + return GetReturnErrorCode(result); +} + void KeyMintAidlTestBase::CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob) { ErrorCode result = DeleteKey(key_blob, keep_key_blob); EXPECT_TRUE(result == ErrorCode::OK || result == ErrorCode::UNIMPLEMENTED) << result << endl; @@ -654,6 +660,18 @@ string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode bloc return ciphertext; } +string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode, + PaddingMode padding, uint8_t mac_length_bits) { + SCOPED_TRACE("EncryptMessage"); + auto params = AuthorizationSetBuilder() + .BlockMode(block_mode) + .Padding(padding) + .Authorization(TAG_MAC_LENGTH, mac_length_bits); + AuthorizationSet out_params; + string ciphertext = EncryptMessage(message, params, &out_params); + return ciphertext; +} + string KeyMintAidlTestBase::DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext, const AuthorizationSet& params) { |