KeyMint VTS: symmetric import test with bad keylen

Test: VtsAidlKeyMintTargetTest Change-Id: I32ad8ad2ca2b18d3279ebe77ba63b34457ab888d
author: David Drysdale <drysdale@google.com> 2021-05-04 10:47:58 +0100
committer: David Drysdale <drysdale@google.com> 2021-05-05 15:59:39 +0100
commit: c9bc2f742d084b7ec4e367b78ae009c3bdae7efe (patch)
tree: 08a33ce3a64225360fe324b1f90891324eb3c0cf /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent: d0bc4b9e6469c961f89b9b7ec67bd9c98b21f805 (diff)
1 files changed, 43 insertions, 3 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 016a09e302..cd7d603a09 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -654,7 +654,8 @@ TEST_P(NewKeyGenerationTest, AesInvalidPadding) {
                     }
                     auto result = Begin(KeyPurpose::ENCRYPT, params);
                     EXPECT_TRUE(result == ErrorCode::INCOMPATIBLE_PADDING_MODE ||
-                                result == ErrorCode::INVALID_KEY_BLOB);
+                                result == ErrorCode::INVALID_KEY_BLOB)
+                            << "unexpected result: " << result;
                 } else {
                     // The KeyMint implementation detected that the generated key
                     // is unusable.
@@ -3263,6 +3264,7 @@ TEST_P(ImportKeyTest, AesFailure) {
     string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
     uint32_t bitlen = key.size() * 8;
     for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
+        // Explicit key size doesn't match that of the provided key.
         auto result = ImportKey(AuthorizationSetBuilder()
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .AesEncryptionKey(key_size)
@@ -3270,8 +3272,27 @@ TEST_P(ImportKeyTest, AesFailure) {
                                     .Padding(PaddingMode::PKCS7),
                                 KeyFormat::RAW, key);
         ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
-                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+                << "unexpected result: " << result;
     }
+
+    // Explicit key size matches that of the provided key, but it's not a valid size.
+    string long_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .AesEncryptionKey(long_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, long_key));
+    string short_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .AesEncryptionKey(short_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, short_key));
 }
 
 /*
@@ -3310,6 +3331,7 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
     string key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
     uint32_t bitlen = key.size() * 8;
     for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
+        // Explicit key size doesn't match that of the provided key.
         auto result = ImportKey(AuthorizationSetBuilder()
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .TripleDesEncryptionKey(key_size)
@@ -3317,8 +3339,26 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
                                     .Padding(PaddingMode::PKCS7),
                                 KeyFormat::RAW, key);
         ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
-                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+                << "unexpected result: " << result;
     }
+    // Explicit key size matches that of the provided key, but it's not a valid size.
+    string long_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .TripleDesEncryptionKey(long_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, long_key));
+    string short_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .TripleDesEncryptionKey(short_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, short_key));
 }
 
 /*
author	David Drysdale <drysdale@google.com>	2021-05-04 10:47:58 +0100
committer	David Drysdale <drysdale@google.com>	2021-05-05 15:59:39 +0100
commit	c9bc2f742d084b7ec4e367b78ae009c3bdae7efe (patch)
tree	08a33ce3a64225360fe324b1f90891324eb3c0cf /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent	d0bc4b9e6469c961f89b9b7ec67bd9c98b21f805 (diff)