Merge changes I32ad8ad2,I86047955

* changes: KeyMint VTS: symmetric import test with bad keylen KeyMint HAL: restore getKeyCharacteristics() docs
author: David Drysdale <drysdale@google.com> 2021-05-06 05:26:31 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2021-05-06 05:26:31 +0000
commit: 6d454d5f28c202dd9e71c4cfde8788739e351aba (patch)
tree: be0aa5cb6231c09c08f419cc4ddad52b455bc069 /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent: aef2a7562e5437ae94c44bff96d9fb650cf12640 (diff)
parent: c9bc2f742d084b7ec4e367b78ae009c3bdae7efe (diff)
1 files changed, 43 insertions, 3 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 016a09e302..cd7d603a09 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -654,7 +654,8 @@ TEST_P(NewKeyGenerationTest, AesInvalidPadding) {
                     }
                     auto result = Begin(KeyPurpose::ENCRYPT, params);
                     EXPECT_TRUE(result == ErrorCode::INCOMPATIBLE_PADDING_MODE ||
-                                result == ErrorCode::INVALID_KEY_BLOB);
+                                result == ErrorCode::INVALID_KEY_BLOB)
+                            << "unexpected result: " << result;
                 } else {
                     // The KeyMint implementation detected that the generated key
                     // is unusable.
@@ -3263,6 +3264,7 @@ TEST_P(ImportKeyTest, AesFailure) {
     string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
     uint32_t bitlen = key.size() * 8;
     for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
+        // Explicit key size doesn't match that of the provided key.
         auto result = ImportKey(AuthorizationSetBuilder()
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .AesEncryptionKey(key_size)
@@ -3270,8 +3272,27 @@ TEST_P(ImportKeyTest, AesFailure) {
                                     .Padding(PaddingMode::PKCS7),
                                 KeyFormat::RAW, key);
         ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
-                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+                << "unexpected result: " << result;
     }
+
+    // Explicit key size matches that of the provided key, but it's not a valid size.
+    string long_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .AesEncryptionKey(long_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, long_key));
+    string short_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .AesEncryptionKey(short_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, short_key));
 }
 
 /*
@@ -3310,6 +3331,7 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
     string key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
     uint32_t bitlen = key.size() * 8;
     for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
+        // Explicit key size doesn't match that of the provided key.
         auto result = ImportKey(AuthorizationSetBuilder()
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .TripleDesEncryptionKey(key_size)
@@ -3317,8 +3339,26 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
                                     .Padding(PaddingMode::PKCS7),
                                 KeyFormat::RAW, key);
         ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
-                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+                << "unexpected result: " << result;
     }
+    // Explicit key size matches that of the provided key, but it's not a valid size.
+    string long_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .TripleDesEncryptionKey(long_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, long_key));
+    string short_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .TripleDesEncryptionKey(short_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, short_key));
 }
 
 /*
author	David Drysdale <drysdale@google.com>	2021-05-06 05:26:31 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2021-05-06 05:26:31 +0000
commit	6d454d5f28c202dd9e71c4cfde8788739e351aba (patch)
tree	be0aa5cb6231c09c08f419cc4ddad52b455bc069 /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent	aef2a7562e5437ae94c44bff96d9fb650cf12640 (diff)
parent	c9bc2f742d084b7ec4e367b78ae009c3bdae7efe (diff)