KeyMint VTS: symmetric import test with bad keylen (c9bc2f74) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+43 −3

Original line number	Diff line number	Diff line
		@@ -654,7 +654,8 @@ TEST_P(NewKeyGenerationTest, AesInvalidPadding) {
		}
		auto result = Begin(KeyPurpose::ENCRYPT, params);
		EXPECT_TRUE(result == ErrorCode::INCOMPATIBLE_PADDING_MODE \|\|
		result == ErrorCode::INVALID_KEY_BLOB);
		result == ErrorCode::INVALID_KEY_BLOB)
		<< "unexpected result: " << result;
		} else {
		// The KeyMint implementation detected that the generated key
		// is unusable.
		@@ -3263,6 +3264,7 @@ TEST_P(ImportKeyTest, AesFailure) {
		string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
		uint32_t bitlen = key.size() * 8;
		for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
		// Explicit key size doesn't match that of the provided key.
		auto result = ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.AesEncryptionKey(key_size)
		@@ -3270,8 +3272,27 @@ TEST_P(ImportKeyTest, AesFailure) {
		.Padding(PaddingMode::PKCS7),
		KeyFormat::RAW, key);
		ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH \|\|
		result == ErrorCode::UNSUPPORTED_KEY_SIZE);
		result == ErrorCode::UNSUPPORTED_KEY_SIZE)
		<< "unexpected result: " << result;
		}

		// Explicit key size matches that of the provided key, but it's not a valid size.
		string long_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
		ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
		ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.AesEncryptionKey(long_key.size() * 8)
		.EcbMode()
		.Padding(PaddingMode::PKCS7),
		KeyFormat::RAW, long_key));
		string short_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
		ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
		ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.AesEncryptionKey(short_key.size() * 8)
		.EcbMode()
		.Padding(PaddingMode::PKCS7),
		KeyFormat::RAW, short_key));
		}

		/*
		@@ -3310,6 +3331,7 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
		string key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
		uint32_t bitlen = key.size() * 8;
		for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
		// Explicit key size doesn't match that of the provided key.
		auto result = ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.TripleDesEncryptionKey(key_size)
		@@ -3317,8 +3339,26 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
		.Padding(PaddingMode::PKCS7),
		KeyFormat::RAW, key);
		ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH \|\|
		result == ErrorCode::UNSUPPORTED_KEY_SIZE);
		result == ErrorCode::UNSUPPORTED_KEY_SIZE)
		<< "unexpected result: " << result;
		}
		// Explicit key size matches that of the provided key, but it's not a valid size.
		string long_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
		ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
		ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.TripleDesEncryptionKey(long_key.size() * 8)
		.EcbMode()
		.Padding(PaddingMode::PKCS7),
		KeyFormat::RAW, long_key));
		string short_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
		ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
		ImportKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.TripleDesEncryptionKey(short_key.size() * 8)
		.EcbMode()
		.Padding(PaddingMode::PKCS7),
		KeyFormat::RAW, short_key));
		}

		/*