Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cb822166 authored May 26, 2022 by David Drysdale Committed by Automerger Merge Worker May 26, 2022

KeyMint VTS: abandon tests when Begin fails am: 7fc26b99 am: 1eacf174

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2106464

Change-Id: I9383f156e0071a204ef7156dd40010b4ff39722a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

parents 03c6920c 1eacf174

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+24 −24

Original line number	Original line	Diff line number	Diff line
	@@ -6186,7 +6186,7 @@ TEST_P(EncryptionOperationsTest, AesGcmAadNoData) {

	// Encrypt		// Encrypt
	AuthorizationSet begin_out_params;		AuthorizationSet begin_out_params;
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
	string ciphertext;		string ciphertext;
	AuthorizationSet finish_out_params;		AuthorizationSet finish_out_params;
	ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));		ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
	@@ -6229,7 +6229,7 @@ TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
	.Authorization(TAG_MAC_LENGTH, tag_bits);		.Authorization(TAG_MAC_LENGTH, tag_bits);
	AuthorizationSet begin_out_params;		AuthorizationSet begin_out_params;

	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));

	// No data, AAD only.		// No data, AAD only.
	EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));		EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
	@@ -6245,7 +6245,7 @@ TEST_P(EncryptionOperationsTest, AesGcmMultiPartAad) {
	begin_params.push_back(begin_out_params);		begin_params.push_back(begin_out_params);

	// Decrypt		// Decrypt
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
	EXPECT_EQ(ErrorCode::OK, UpdateAad("foofoo"));		EXPECT_EQ(ErrorCode::OK, UpdateAad("foofoo"));
	string plaintext;		string plaintext;
	EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));		EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
	@@ -6272,7 +6272,7 @@ TEST_P(EncryptionOperationsTest, AesGcmAadOutOfOrder) {
	.Authorization(TAG_MAC_LENGTH, 128);		.Authorization(TAG_MAC_LENGTH, 128);
	AuthorizationSet begin_out_params;		AuthorizationSet begin_out_params;

	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));

	EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));		EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
	string ciphertext;		string ciphertext;
	@@ -6306,7 +6306,7 @@ TEST_P(EncryptionOperationsTest, AesGcmBadAad) {

	// Encrypt		// Encrypt
	AuthorizationSet begin_out_params;		AuthorizationSet begin_out_params;
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
	EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));		EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
	string ciphertext;		string ciphertext;
	EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));		EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
	@@ -6315,7 +6315,7 @@ TEST_P(EncryptionOperationsTest, AesGcmBadAad) {
	begin_params.push_back(begin_out_params);		begin_params.push_back(begin_out_params);

	// Decrypt.		// Decrypt.
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
	EXPECT_EQ(ErrorCode::OK, UpdateAad("barfoo"));		EXPECT_EQ(ErrorCode::OK, UpdateAad("barfoo"));
	string plaintext;		string plaintext;
	EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));		EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
	@@ -6342,7 +6342,7 @@ TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {

	// Encrypt		// Encrypt
	AuthorizationSet begin_out_params;		AuthorizationSet begin_out_params;
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
	EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));		EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
	string ciphertext;		string ciphertext;
	AuthorizationSet finish_out_params;		AuthorizationSet finish_out_params;
	@@ -6352,7 +6352,7 @@ TEST_P(EncryptionOperationsTest, AesGcmWrongNonce) {
	begin_params.push_back(TAG_NONCE, AidlBuf("123456789012"));		begin_params.push_back(TAG_NONCE, AidlBuf("123456789012"));

	// Decrypt.		// Decrypt.
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
	EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));		EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
	string plaintext;		string plaintext;
	EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));		EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
	@@ -6384,7 +6384,7 @@ TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {

	// Encrypt		// Encrypt
	AuthorizationSet begin_out_params;		AuthorizationSet begin_out_params;
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
	EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));		EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
	string ciphertext;		string ciphertext;
	EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));		EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
	@@ -6396,7 +6396,7 @@ TEST_P(EncryptionOperationsTest, AesGcmCorruptTag) {
	params.push_back(begin_out_params);		params.push_back(begin_out_params);

	// Decrypt.		// Decrypt.
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
	EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));		EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
	string plaintext;		string plaintext;
	EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));		EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
	@@ -6509,7 +6509,7 @@ TEST_P(EncryptionOperationsTest, TripleDesEcbPkcs7PaddingCorrupted) {
	for (size_t i = 0; i < kMaxPaddingCorruptionRetries; ++i) {		for (size_t i = 0; i < kMaxPaddingCorruptionRetries; ++i) {
	++ciphertext[ciphertext.size() / 2];		++ciphertext[ciphertext.size() / 2];

	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
	string plaintext;		string plaintext;
	EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));		EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
	ErrorCode error = Finish(&plaintext);		ErrorCode error = Finish(&plaintext);
	@@ -6781,7 +6781,7 @@ TEST_P(EncryptionOperationsTest, TripleDesEcbCbcNoPaddingWrongInputSize) {
	auto begin_params =		auto begin_params =
	AuthorizationSetBuilder().BlockMode(blockMode).Padding(PaddingMode::NONE);		AuthorizationSetBuilder().BlockMode(blockMode).Padding(PaddingMode::NONE);
	AuthorizationSet output_params;		AuthorizationSet output_params;
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &output_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &output_params));
	string ciphertext;		string ciphertext;
	EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, "", &ciphertext));		EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, "", &ciphertext));

	@@ -6860,7 +6860,7 @@ TEST_P(EncryptionOperationsTest, TripleDesCbcPkcs7PaddingCorrupted) {
	for (size_t i = 0; i < kMaxPaddingCorruptionRetries; ++i) {		for (size_t i = 0; i < kMaxPaddingCorruptionRetries; ++i) {
	SCOPED_TRACE(testing::Message() << "i = " << i);		SCOPED_TRACE(testing::Message() << "i = " << i);
	++ciphertext[ciphertext.size() / 2];		++ciphertext[ciphertext.size() / 2];
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
	string plaintext;		string plaintext;
	EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));		EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
	ErrorCode error = Finish(&plaintext);		ErrorCode error = Finish(&plaintext);
	@@ -6892,7 +6892,7 @@ TEST_P(EncryptionOperationsTest, TripleDesCbcIncrementalNoPadding) {
	AuthorizationSet input_params =		AuthorizationSet input_params =
	AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE);		AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE);
	AuthorizationSet output_params;		AuthorizationSet output_params;
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, input_params, &output_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, input_params, &output_params));

	string ciphertext;		string ciphertext;
	for (size_t i = 0; i < message.size(); i += increment)		for (size_t i = 0; i < message.size(); i += increment)
	@@ -6906,7 +6906,7 @@ TEST_P(EncryptionOperationsTest, TripleDesCbcIncrementalNoPadding) {
	input_params.push_back(TAG_PADDING, PaddingMode::NONE);		input_params.push_back(TAG_PADDING, PaddingMode::NONE);
	output_params.Clear();		output_params.Clear();

	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, input_params, &output_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, input_params, &output_params));
	string plaintext;		string plaintext;
	for (size_t i = 0; i < ciphertext.size(); i += increment)		for (size_t i = 0; i < ciphertext.size(); i += increment)
	EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));		EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));
	@@ -7023,7 +7023,7 @@ TEST_P(UsageCountLimitTest, TestSingleUseAes) {
	} else {		} else {
	// Usage count limit tag is enforced by keystore, keymint does nothing.		// Usage count limit tag is enforced by keystore, keymint does nothing.
	EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U));		EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U));
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
	}		}
	}		}

	@@ -7070,7 +7070,7 @@ TEST_P(UsageCountLimitTest, TestLimitedUseAes) {
	} else {		} else {
	// Usage count limit tag is enforced by keystore, keymint does nothing.		// Usage count limit tag is enforced by keystore, keymint does nothing.
	EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 3U));		EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 3U));
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
	}		}
	}		}

	@@ -7116,7 +7116,7 @@ TEST_P(UsageCountLimitTest, TestSingleUseRsa) {
	} else {		} else {
	// Usage count limit tag is enforced by keystore, keymint does nothing.		// Usage count limit tag is enforced by keystore, keymint does nothing.
	EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U));		EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U));
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));
	}		}
	}		}

	@@ -7163,7 +7163,7 @@ TEST_P(UsageCountLimitTest, TestLimitUseRsa) {
	} else {		} else {
	// Usage count limit tag is enforced by keystore, keymint does nothing.		// Usage count limit tag is enforced by keystore, keymint does nothing.
	EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 3U));		EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 3U));
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));
	}		}
	}		}

	@@ -7476,7 +7476,7 @@ TEST_P(ClearOperationsTest, TooManyOperations) {
	EXPECT_EQ(ErrorCode::OK, Abort(op_handles[j]))		EXPECT_EQ(ErrorCode::OK, Abort(op_handles[j]))
	<< "Aboort failed for i = " << j << std::endl;		<< "Aboort failed for i = " << j << std::endl;
	}		}
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params));
	AbortIfNeeded();		AbortIfNeeded();
	}		}

	@@ -7501,7 +7501,7 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
	AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE);		AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE);

	AuthorizationSet out_params;		AuthorizationSet out_params;
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, cipher_params, &out_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, cipher_params, &out_params));

	string plain_message = std::string(1 << msg_size, 'x');		string plain_message = std::string(1 << msg_size, 'x');
	string encrypted_message;		string encrypted_message;
	@@ -7512,7 +7512,7 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
	<< "Encrypt finish returned OK, but did not consume all of the given input";		<< "Encrypt finish returned OK, but did not consume all of the given input";
	cipher_params.push_back(out_params);		cipher_params.push_back(out_params);

	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, cipher_params));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, cipher_params));

	string decrypted_message;		string decrypted_message;
	rc = Finish(encrypted_message, &decrypted_message);		rc = Finish(encrypted_message, &decrypted_message);
	@@ -7678,7 +7678,7 @@ TEST_P(KeyAgreementTest, Ecdh) {
	if (curve != localCurve) {		if (curve != localCurve) {
	// If the keys are using different curves KeyMint should fail with		// If the keys are using different curves KeyMint should fail with
	// ErrorCode:INVALID_ARGUMENT. Check that.		// ErrorCode:INVALID_ARGUMENT. Check that.
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));
	string ZabFromKeyMintStr;		string ZabFromKeyMintStr;
	EXPECT_EQ(ErrorCode::INVALID_ARGUMENT,		EXPECT_EQ(ErrorCode::INVALID_ARGUMENT,
	Finish(string(localPublicKey.begin(), localPublicKey.end()),		Finish(string(localPublicKey.begin(), localPublicKey.end()),
	@@ -7818,7 +7818,7 @@ TEST_P(KeyAgreementTest, EcdhCurve25519Mismatch) {
	vector<uint8_t> encodedPublicKey;		vector<uint8_t> encodedPublicKey;
	GenerateLocalEcKey(localCurve, &privKey, &encodedPublicKey);		GenerateLocalEcKey(localCurve, &privKey, &encodedPublicKey);

	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));		ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));
	string ZabFromKeyMintStr;		string ZabFromKeyMintStr;
	EXPECT_EQ(ErrorCode::INVALID_ARGUMENT,		EXPECT_EQ(ErrorCode::INVALID_ARGUMENT,
	Finish(string(encodedPublicKey.begin(), encodedPublicKey.end()),		Finish(string(encodedPublicKey.begin(), encodedPublicKey.end()),