Merge "Fix AES corrupt padding test" am: b474607b7c am: b661792d06 am: 2e449950d6

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2059787 Change-Id: I1a4bf228d73452cbc718ab126165bf09e0cdf833 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: David Drysdale <drysdale@google.com> 2022-04-11 13:16:23 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-04-11 13:16:23 +0000
commit: 2c19304e56e71ea7275a662dbf921fc8b437c41a (patch)
tree: b8624e3cf854522db1547d7b0db2185cafcbeb3c /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent: 8431b21a7bae08f1b92fd7671a7397d9eb00e972 (diff)
parent: 2e449950d6279b2c72f005ea6fb88879d24a931f (diff)
1 files changed, 30 insertions, 3 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index e73f46c21f..cbe4512ab3 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -5481,18 +5481,45 @@ TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) {
 
         EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
         string plaintext;
-        ErrorCode error = Finish(message, &plaintext);
-        if (error == ErrorCode::INVALID_INPUT_LENGTH) {
+        ErrorCode error = Finish(ciphertext, &plaintext);
+        if (error == ErrorCode::INVALID_ARGUMENT) {
             // This is the expected error, we can exit the test now.
             return;
         } else {
             // Very small chance we got valid decryption, so try again.
-            ASSERT_EQ(error, ErrorCode::OK);
+            ASSERT_EQ(error, ErrorCode::OK)
+                    << "Expected INVALID_ARGUMENT or (rarely) OK, got " << error;
         }
     }
     FAIL() << "Corrupt ciphertext should have failed to decrypt by now.";
 }
 
+/*
+ * EncryptionOperationsTest.AesEcbPkcs7CiphertextTooShort
+ *
+ * Verifies that AES decryption fails in the correct way when the padding is corrupted.
+ */
+TEST_P(EncryptionOperationsTest, AesEcbPkcs7CiphertextTooShort) {
+    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+                                                 .Authorization(TAG_NO_AUTH_REQUIRED)
+                                                 .AesEncryptionKey(128)
+                                                 .Authorization(TAG_BLOCK_MODE, BlockMode::ECB)
+                                                 .Padding(PaddingMode::PKCS7)));
+
+    auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7);
+
+    string message = "a";
+    string ciphertext = EncryptMessage(message, params);
+    EXPECT_EQ(16U, ciphertext.size());
+    EXPECT_NE(ciphertext, message);
+
+    // Shorten the ciphertext.
+    ciphertext.resize(ciphertext.size() - 1);
+    EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
+    string plaintext;
+    EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(ciphertext, &plaintext));
+}
+
 vector<uint8_t> CopyIv(const AuthorizationSet& set) {
     auto iv = set.GetTagValue(TAG_NONCE);
     EXPECT_TRUE(iv);
author	David Drysdale <drysdale@google.com>	2022-04-11 13:16:23 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-04-11 13:16:23 +0000
commit	2c19304e56e71ea7275a662dbf921fc8b437c41a (patch)
tree	b8624e3cf854522db1547d7b0db2185cafcbeb3c /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent	8431b21a7bae08f1b92fd7671a7397d9eb00e972 (diff)
parent	2e449950d6279b2c72f005ea6fb88879d24a931f (diff)