Merge "vts: Correct the parameters on strongbox"

1 files changed, 13 insertions, 9 deletions

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 56dc836cbb..016a09e302 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -634,9 +634,8 @@ TEST_P(NewKeyGenerationTest, AesInvalidPadding) {
             for (auto padding_mode : InvalidPaddingModes(Algorithm::AES, block_mode)) {
                 SCOPED_TRACE(testing::Message()
                              << "AES-" << key_size << "-" << block_mode << "-" << padding_mode);
-                vector<uint8_t> key_blob;
-                vector<KeyCharacteristics> key_characteristics;
                 auto builder = AuthorizationSetBuilder()
+                                       .Authorization(TAG_NO_AUTH_REQUIRED)
                                        .AesEncryptionKey(key_size)
                                        .BlockMode(block_mode)
                                        .Padding(padding_mode)
@@ -645,11 +644,14 @@ TEST_P(NewKeyGenerationTest, AesInvalidPadding) {
                     builder.Authorization(TAG_MIN_MAC_LENGTH, 128);
                 }
 
-                auto result = GenerateKey(builder, &key_blob, &key_characteristics);
+                auto result = GenerateKey(builder);
                 if (result == ErrorCode::OK) {
                     // Key creation was OK but has generated a key that cannot be used.
                     auto params =
                             AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
+                    if (block_mode == BlockMode::GCM) {
+                        params.Authorization(TAG_MAC_LENGTH, 128);
+                    }
                     auto result = Begin(KeyPurpose::ENCRYPT, params);
                     EXPECT_TRUE(result == ErrorCode::INCOMPATIBLE_PADDING_MODE ||
                                 result == ErrorCode::INVALID_KEY_BLOB);
@@ -3261,13 +3263,14 @@ TEST_P(ImportKeyTest, AesFailure) {
     string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
     uint32_t bitlen = key.size() * 8;
     for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
-        ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
-                  ImportKey(AuthorizationSetBuilder()
+        auto result = ImportKey(AuthorizationSetBuilder()
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .AesEncryptionKey(key_size)
                                     .EcbMode()
                                     .Padding(PaddingMode::PKCS7),
-                            KeyFormat::RAW, key));
+                                KeyFormat::RAW, key);
+        ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
     }
 }
 
@@ -3307,13 +3310,14 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
     string key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
     uint32_t bitlen = key.size() * 8;
     for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
-        ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
-                  ImportKey(AuthorizationSetBuilder()
+        auto result = ImportKey(AuthorizationSetBuilder()
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .TripleDesEncryptionKey(key_size)
                                     .EcbMode()
                                     .Padding(PaddingMode::PKCS7),
-                            KeyFormat::RAW, key));
+                                KeyFormat::RAW, key);
+        ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
     }
 }