Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1a637199 authored by David Drysdale's avatar David Drysdale
Browse files

Key{Mint,Master} VTS: fix incremental AES tags 

Change Id62fdce65131ee00c88e5849955a937f1c171748 split up the AES
incremental encryption tests into individual tests for each encryption
mode.  This meant that each generated key is only valid for a single
mode, which in turn means that for non-GCM mode keys it is not valid
to specify MIN_MAC_LENGTH.

Bug: 223934835
Test: VtsAidlKeyMintTargetTest
Change-Id: I38f34f60116bde3d23f203365d62e5b25d7b254b
parent cbc6a330

keymaster/4.0/vts/functional/KeymasterHidlTest.cpp

+9 −6
Original line number Diff line number Diff line
@@ -445,12 +445,15 @@ string KeymasterHidlTest::MacMessage(const string& message, Digest digest, size_ 


void KeymasterHidlTest::CheckAesIncrementalEncryptOperation(BlockMode block_mode,

                                                            int message_size) {

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

    auto builder = AuthorizationSetBuilder()

                           .Authorization(TAG_NO_AUTH_REQUIRED)

                           .AesEncryptionKey(128)

                           .BlockMode(block_mode)

                                                 .Padding(PaddingMode::NONE)

                                                 .Authorization(TAG_MIN_MAC_LENGTH, 128)));

                           .Padding(PaddingMode::NONE);

    if (block_mode == BlockMode::GCM) {

        builder.Authorization(TAG_MIN_MAC_LENGTH, 128);

    }

    ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));



    for (int increment = 1; increment <= message_size; ++increment) {

        string message(message_size, 'a');

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+9 −6
Original line number Diff line number Diff line
@@ -667,12 +667,15 @@ string KeyMintAidlTestBase::MacMessage(const string& message, Digest digest, siz 


void KeyMintAidlTestBase::CheckAesIncrementalEncryptOperation(BlockMode block_mode,

                                                              int message_size) {

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

    auto builder = AuthorizationSetBuilder()

                           .Authorization(TAG_NO_AUTH_REQUIRED)

                           .AesEncryptionKey(128)

                           .BlockMode(block_mode)

                                                 .Padding(PaddingMode::NONE)

                                                 .Authorization(TAG_MIN_MAC_LENGTH, 128)));

                           .Padding(PaddingMode::NONE);

    if (block_mode == BlockMode::GCM) {

        builder.Authorization(TAG_MIN_MAC_LENGTH, 128);

    }

    ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));



    for (int increment = 1; increment <= message_size; ++increment) {

        string message(message_size, 'a');