Update the VTS module according to the refactoring in aosp/2826571
Test: atest VtsAidlAuthGraphRoleTest, atest VtsAidlAuthGraphSessionTest
Change-Id: I6cc3bd17952f602b58668d35e09c6a5385c7de61
diff --git a/security/authgraph/aidl/vts/functional/lib.rs b/security/authgraph/aidl/vts/functional/lib.rs
index 7b9b2b9..da3fa1c 100644
--- a/security/authgraph/aidl/vts/functional/lib.rs
+++ b/security/authgraph/aidl/vts/functional/lib.rs
@@ -24,22 +24,19 @@
PlainPubKey::PlainPubKey, PubKey::PubKey, SessionIdSignature::SessionIdSignature,
};
use authgraph_boringssl as boring;
-use authgraph_core::keyexchange as ke;
-use authgraph_core::{arc, key, traits};
-use authgraph_nonsecure::StdClock;
+use authgraph_core::{error::Error as AgError, keyexchange as ke};
use coset::CborSerializable;
pub mod sink;
pub mod source;
-/// Return a collection of AuthGraph trait implementations suitable for testing.
-pub fn test_impls() -> traits::TraitImpl {
- // Note that the local implementation is using a clock with a potentially different epoch than
- // the implementation under test.
- boring::trait_impls(
+/// Return an AuthGraphParticipant suitable for testing.
+pub fn test_ag_participant() -> Result<ke::AuthGraphParticipant, AgError> {
+ Ok(ke::AuthGraphParticipant::new(
+ boring::crypto_trait_impls(),
Box::<boring::test_device::AgDevice>::default(),
- Some(Box::new(StdClock::default())),
- )
+ ke::MAX_OPENED_SESSIONS,
+ )?)
}
fn build_plain_pub_key(pub_key: &Option<Vec<u8>>) -> PubKey {
@@ -56,14 +53,6 @@
}
}
-fn verification_key_from_identity(impls: &traits::TraitImpl, identity: &[u8]) -> key::EcVerifyKey {
- let identity = key::Identity::from_slice(identity).expect("invalid identity CBOR");
- impls
- .device
- .process_peer_cert_chain(&identity.cert_chain, &*impls.ecdsa)
- .expect("failed to extract signing key")
-}
-
fn vec_to_identity(data: &[u8]) -> Identity {
Identity {
identity: data.to_vec(),
@@ -75,26 +64,3 @@
signature: data.to_vec(),
}
}
-
-/// Decrypt a pair of AES-256 keys encrypted with the AuthGraph PBK.
-pub fn decipher_aes_keys(imp: &traits::TraitImpl, arc: &[Vec<u8>; 2]) -> [key::AesKey; 2] {
- [
- decipher_aes_key(imp, &arc[0]),
- decipher_aes_key(imp, &arc[1]),
- ]
-}
-
-/// Decrypt an AES-256 key encrypted with the AuthGraph PBK.
-pub fn decipher_aes_key(imp: &traits::TraitImpl, arc: &[u8]) -> key::AesKey {
- let pbk = imp.device.get_per_boot_key().expect("no PBK available");
- let arc::ArcContent {
- payload,
- protected_headers: _,
- unprotected_headers: _,
- } = arc::decipher_arc(&pbk, arc, &*imp.aes_gcm).expect("failed to decrypt arc");
- assert_eq!(payload.0.len(), 32);
- let mut key = key::AesKey([0; 32]);
- key.0.copy_from_slice(&payload.0);
- assert_ne!(key.0, [0; 32], "agreed AES-256 key should be non-zero");
- key
-}