Separate updateAad from update & other cleanups
Test: VtsKeyMintAidlTargetTest
Change-Id: Ib4ab43dbf2604a7642fb2b551646fd7f0adac615
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index d61a081..3e87b6b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -386,122 +386,50 @@
return result;
}
-ErrorCode KeyMintAidlTestBase::Update(const AuthorizationSet& in_params, const string& input,
- AuthorizationSet* out_params, string* output,
- int32_t* input_consumed) {
+ErrorCode KeyMintAidlTestBase::UpdateAad(const string& input) {
+ return GetReturnErrorCode(op_->updateAad(vector<uint8_t>(input.begin(), input.end()),
+ {} /* hardwareAuthToken */,
+ {} /* verificationToken */));
+}
+
+ErrorCode KeyMintAidlTestBase::Update(const string& input, string* output) {
SCOPED_TRACE("Update");
Status result;
- EXPECT_NE(op_, nullptr);
- if (!op_) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
+ if (!output) return ErrorCode::UNEXPECTED_NULL_POINTER;
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
+ std::vector<uint8_t> o_put;
+ result = op_->update(vector<uint8_t>(input.begin(), input.end()), {}, {}, &o_put);
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- optional<KeyParameterArray> out_keyParams;
- optional<ByteArray> o_put;
- result = op_->update(in_keyParams, vector<uint8_t>(input.begin(), input.end()), {}, {},
- &out_keyParams, &o_put, input_consumed);
-
- if (result.isOk()) {
- if (o_put) {
- output->append(o_put->data.begin(), o_put->data.end());
- }
-
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
- }
+ if (result.isOk()) output->append(o_put.begin(), o_put.end());
return GetReturnErrorCode(result);
}
-ErrorCode KeyMintAidlTestBase::Update(const string& input, string* out, int32_t* input_consumed) {
- SCOPED_TRACE("Update");
- AuthorizationSet out_params;
- ErrorCode result =
- Update(AuthorizationSet() /* in_params */, input, &out_params, out, input_consumed);
- EXPECT_TRUE(out_params.empty());
- return result;
-}
-
-ErrorCode KeyMintAidlTestBase::Finish(const AuthorizationSet& in_params, const string& input,
- const string& signature, AuthorizationSet* out_params,
+ErrorCode KeyMintAidlTestBase::Finish(const string& input, const string& signature,
string* output) {
SCOPED_TRACE("Finish");
Status result;
EXPECT_NE(op_, nullptr);
- if (!op_) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
-
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
-
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- optional<KeyParameterArray> out_keyParams;
- optional<vector<uint8_t>> o_put;
+ if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
vector<uint8_t> oPut;
- result = op_->finish(in_keyParams, vector<uint8_t>(input.begin(), input.end()),
- vector<uint8_t>(signature.begin(), signature.end()), {}, {},
- &out_keyParams, &oPut);
+ result = op_->finish(vector<uint8_t>(input.begin(), input.end()),
+ vector<uint8_t>(signature.begin(), signature.end()), {} /* authToken */,
+ {} /* timestampToken */, {} /* confirmationToken */, &oPut);
- if (result.isOk()) {
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
+ if (result.isOk()) output->append(oPut.begin(), oPut.end());
- output->append(oPut.begin(), oPut.end());
- }
-
- op_.reset();
+ op_ = {};
return GetReturnErrorCode(result);
}
-ErrorCode KeyMintAidlTestBase::Finish(const string& message, string* output) {
- SCOPED_TRACE("Finish");
- AuthorizationSet out_params;
- string finish_output;
- ErrorCode result = Finish(AuthorizationSet() /* in_params */, message, "" /* signature */,
- &out_params, output);
- if (result != ErrorCode::OK) {
- return result;
- }
- EXPECT_EQ(0U, out_params.size());
- return result;
-}
-
-ErrorCode KeyMintAidlTestBase::Finish(const string& message, const string& signature,
- string* output) {
- SCOPED_TRACE("Finish");
- AuthorizationSet out_params;
- ErrorCode result =
- Finish(AuthorizationSet() /* in_params */, message, signature, &out_params, output);
-
- if (result != ErrorCode::OK) {
- return result;
- }
-
- EXPECT_EQ(0U, out_params.size());
- return result;
-}
-
ErrorCode KeyMintAidlTestBase::Abort(const std::shared_ptr<IKeyMintOperation>& op) {
SCOPED_TRACE("Abort");
EXPECT_NE(op, nullptr);
- if (!op) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
+ if (!op) return ErrorCode::UNEXPECTED_NULL_POINTER;
Status retval = op->abort();
EXPECT_TRUE(retval.isOk());
@@ -512,9 +440,7 @@
SCOPED_TRACE("Abort");
EXPECT_NE(op_, nullptr);
- if (!op_) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
+ if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
Status retval = op_->abort();
return static_cast<ErrorCode>(retval.getServiceSpecificError());
@@ -530,30 +456,13 @@
auto KeyMintAidlTestBase::ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
const string& message, const AuthorizationSet& in_params)
- -> std::tuple<ErrorCode, string, AuthorizationSet /* out_params */> {
+ -> std::tuple<ErrorCode, string> {
AuthorizationSet begin_out_params;
ErrorCode result = Begin(operation, key_blob, in_params, &begin_out_params);
- AuthorizationSet out_params(std::move(begin_out_params));
- if (result != ErrorCode::OK) {
- return {result, {}, out_params};
- }
+ if (result != ErrorCode::OK) return {result, {}};
string output;
- int32_t consumed = 0;
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
- result = Update(update_params, message, &update_out_params, &output, &consumed);
- out_params.push_back(update_out_params);
- if (result != ErrorCode::OK) {
- return {result, output, out_params};
- }
-
- string unused;
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- result = Finish(finish_params, message.substr(consumed), unused, &finish_out_params, &output);
- out_params.push_back(finish_out_params);
- return {result, output, out_params};
+ return {Finish(message, &output), output};
}
string KeyMintAidlTestBase::ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
@@ -561,30 +470,14 @@
AuthorizationSet* out_params) {
SCOPED_TRACE("ProcessMessage");
AuthorizationSet begin_out_params;
- ErrorCode result = Begin(operation, key_blob, in_params, &begin_out_params);
+ ErrorCode result = Begin(operation, key_blob, in_params, out_params);
EXPECT_EQ(ErrorCode::OK, result);
if (result != ErrorCode::OK) {
return "";
}
string output;
- int32_t consumed = 0;
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
- result = Update(update_params, message, &update_out_params, &output, &consumed);
- EXPECT_EQ(ErrorCode::OK, result);
- if (result != ErrorCode::OK) {
- return "";
- }
-
- string unused;
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message.substr(consumed), unused, &finish_out_params, &output));
-
- out_params->push_back(begin_out_params);
- out_params->push_back(finish_out_params);
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &output));
return output;
}
@@ -674,21 +567,9 @@
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params));
string output;
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
- int32_t consumed;
- ASSERT_EQ(ErrorCode::OK,
- Update(update_params, message, &update_out_params, &output, &consumed));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, signature, &output));
EXPECT_TRUE(output.empty());
- EXPECT_GT(consumed, 0U);
-
- string unused;
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK, Finish(finish_params, message.substr(consumed), signature,
- &finish_out_params, &output));
- op_.reset();
- EXPECT_TRUE(output.empty());
+ op_ = {};
}
void KeyMintAidlTestBase::VerifyMessage(const string& message, const string& signature,
@@ -955,14 +836,14 @@
}
ErrorCode KeyMintAidlTestBase::UseAesKey(const vector<uint8_t>& aesKeyBlob) {
- auto [result, ciphertext, out_params] = ProcessMessage(
+ auto [result, ciphertext] = ProcessMessage(
aesKeyBlob, KeyPurpose::ENCRYPT, "1234567890123456",
AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE));
return result;
}
ErrorCode KeyMintAidlTestBase::UseHmacKey(const vector<uint8_t>& hmacKeyBlob) {
- auto [result, mac, out_params] = ProcessMessage(
+ auto [result, mac] = ProcessMessage(
hmacKeyBlob, KeyPurpose::SIGN, "1234567890123456",
AuthorizationSetBuilder().Authorization(TAG_MAC_LENGTH, 128).Digest(Digest::SHA_2_256));
return result;
@@ -970,16 +851,15 @@
ErrorCode KeyMintAidlTestBase::UseRsaKey(const vector<uint8_t>& rsaKeyBlob) {
std::string message(2048 / 8, 'a');
- auto [result, signature, out_params] = ProcessMessage(
+ auto [result, signature] = ProcessMessage(
rsaKeyBlob, KeyPurpose::SIGN, message,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
return result;
}
ErrorCode KeyMintAidlTestBase::UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob) {
- auto [result, signature, out_params] =
- ProcessMessage(ecdsaKeyBlob, KeyPurpose::SIGN, "a",
- AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
+ auto [result, signature] = ProcessMessage(ecdsaKeyBlob, KeyPurpose::SIGN, "a",
+ AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
return result;
}
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 452d2b6..e79fe80 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -112,15 +112,14 @@
AuthorizationSet* out_params);
ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
- ErrorCode Update(const AuthorizationSet& in_params, const string& input,
- AuthorizationSet* out_params, string* output, int32_t* input_consumed);
- ErrorCode Update(const string& input, string* out, int32_t* input_consumed);
+ ErrorCode UpdateAad(const string& input);
+ ErrorCode Update(const string& input, string* output);
- ErrorCode Finish(const AuthorizationSet& in_params, const string& input,
- const string& signature, AuthorizationSet* out_params, string* output);
- ErrorCode Finish(const string& message, string* output);
ErrorCode Finish(const string& message, const string& signature, string* output);
- ErrorCode Finish(string* output) { return Finish(string(), output); }
+ ErrorCode Finish(const string& message, string* output) {
+ return Finish(message, {} /* signature */, output);
+ }
+ ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
ErrorCode Abort();
ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
@@ -129,9 +128,9 @@
string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
const string& message, const AuthorizationSet& in_params,
AuthorizationSet* out_params);
- std::tuple<ErrorCode, std::string /* processedMessage */, AuthorizationSet /* out_params */>
- ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
- const std::string& message, const AuthorizationSet& in_params);
+ std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
+ const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
+ const AuthorizationSet& in_params);
string SignMessage(const vector<uint8_t>& key_blob, const string& message,
const AuthorizationSet& params);
string SignMessage(const string& message, const AuthorizationSet& params);
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 71aae90..f8eca6b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -2751,39 +2751,22 @@
for (int increment = 1; increment <= 240; ++increment) {
for (auto block_mode : block_modes) {
string message(240, 'a');
- auto params = AuthorizationSetBuilder()
- .BlockMode(block_mode)
- .Padding(PaddingMode::NONE)
- .Authorization(TAG_MAC_LENGTH, 128) /* for GCM */;
+ auto params =
+ AuthorizationSetBuilder().BlockMode(block_mode).Padding(PaddingMode::NONE);
+ if (block_mode == BlockMode::GCM) {
+ params.Authorization(TAG_MAC_LENGTH, 128) /* for GCM */;
+ }
AuthorizationSet output_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &output_params));
string ciphertext;
- int32_t input_consumed;
string to_send;
for (size_t i = 0; i < message.size(); i += increment) {
- to_send.append(message.substr(i, increment));
- EXPECT_EQ(ErrorCode::OK, Update(to_send, &ciphertext, &input_consumed));
- EXPECT_EQ(to_send.length(), input_consumed);
- to_send = to_send.substr(input_consumed);
- EXPECT_EQ(0U, to_send.length());
-
- switch (block_mode) {
- case BlockMode::ECB:
- case BlockMode::CBC:
- // Implementations must take as many blocks as possible, leaving less
- // than a block.
- EXPECT_LE(to_send.length(), 16U);
- break;
- case BlockMode::GCM:
- case BlockMode::CTR:
- // Implementations must always take all the data.
- EXPECT_EQ(0U, to_send.length());
- break;
- }
+ EXPECT_EQ(ErrorCode::OK, Update(message.substr(i, increment), &ciphertext));
}
- EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext)) << "Error sending " << to_send;
+ EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext))
+ << "Error sending " << to_send << " with block mode " << block_mode;
switch (block_mode) {
case BlockMode::GCM:
@@ -2818,9 +2801,7 @@
string plaintext;
for (size_t i = 0; i < ciphertext.size(); i += increment) {
- to_send.append(ciphertext.substr(i, increment));
- EXPECT_EQ(ErrorCode::OK, Update(to_send, &plaintext, &input_consumed));
- to_send = to_send.substr(input_consumed);
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));
}
ErrorCode error = Finish(to_send, &plaintext);
ASSERT_EQ(ErrorCode::OK, error) << "Decryption failed for block mode " << block_mode
@@ -3077,17 +3058,13 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params))
<< "Begin encrypt";
string ciphertext;
- AuthorizationSet update_out_params;
- ASSERT_EQ(ErrorCode::OK, Finish(update_params, message, "", &update_out_params, &ciphertext));
-
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
+ ASSERT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
ASSERT_EQ(ciphertext.length(), message.length() + 16);
// Grab nonce
@@ -3095,12 +3072,9 @@
// Decrypt.
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)) << "Begin decrypt";
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
string plaintext;
- int32_t input_consumed;
- ASSERT_EQ(ErrorCode::OK,
- Update(update_params, ciphertext, &update_out_params, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
- EXPECT_EQ(ErrorCode::OK, Finish("", &plaintext));
+ EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
EXPECT_EQ(message.length(), plaintext.length());
EXPECT_EQ(message, plaintext);
}
@@ -3127,17 +3101,15 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params))
<< "Begin encrypt";
string ciphertext;
AuthorizationSet update_out_params;
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
sleep(5);
- ASSERT_EQ(ErrorCode::OK, Finish(update_params, message, "", &update_out_params, &ciphertext));
+ ASSERT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
ASSERT_EQ(ciphertext.length(), message.length() + 16);
@@ -3147,11 +3119,9 @@
// Decrypt.
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)) << "Begin decrypt";
string plaintext;
- int32_t input_consumed;
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
sleep(5);
- ASSERT_EQ(ErrorCode::OK,
- Update(update_params, ciphertext, &update_out_params, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
+ ASSERT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
sleep(5);
EXPECT_EQ(ErrorCode::OK, Finish("", &plaintext));
EXPECT_EQ(message.length(), plaintext.length());
@@ -3230,9 +3200,6 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
@@ -3241,8 +3208,8 @@
AuthorizationSet finish_out_params;
string ciphertext;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
params = AuthorizationSetBuilder()
.Authorizations(begin_out_params)
@@ -3326,16 +3293,13 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
string ciphertext;
AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK, Finish(finish_params, "" /* input */, "" /* signature */,
- &finish_out_params, &ciphertext));
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
+ EXPECT_EQ(ErrorCode::OK, Finish(&ciphertext));
EXPECT_TRUE(finish_out_params.empty());
// Grab nonce
@@ -3343,9 +3307,9 @@
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
string plaintext;
- EXPECT_EQ(ErrorCode::OK, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
+ EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
EXPECT_TRUE(finish_out_params.empty());
@@ -3374,43 +3338,26 @@
.Authorization(TAG_MAC_LENGTH, tag_bits);
AuthorizationSet begin_out_params;
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3);
-
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
// No data, AAD only.
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
string ciphertext;
- int32_t input_consumed;
- AuthorizationSet update_out_params;
- EXPECT_EQ(ErrorCode::OK, Update(update_params, "" /* input */, &update_out_params, &ciphertext,
- &input_consumed));
- EXPECT_EQ(0U, input_consumed);
- EXPECT_EQ(0U, ciphertext.size());
- EXPECT_TRUE(update_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Update(message, &ciphertext));
+ EXPECT_EQ(ErrorCode::OK, Finish(&ciphertext));
- // AAD and data.
- EXPECT_EQ(ErrorCode::OK,
- Update(update_params, message, &update_out_params, &ciphertext, &input_consumed));
- EXPECT_EQ(message.size(), input_consumed);
- EXPECT_TRUE(update_out_params.empty());
-
- EXPECT_EQ(ErrorCode::OK, Finish("" /* input */, &ciphertext));
// Expect 128-bit (16-byte) tag appended to ciphertext.
- EXPECT_EQ(message.size() + (tag_bits >> 3), ciphertext.size());
+ EXPECT_EQ(message.size() + (tag_bits / 8), ciphertext.size());
// Grab nonce.
begin_params.push_back(begin_out_params);
// Decrypt
- update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foofoo", (size_t)6);
-
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foofoo"));
string plaintext;
- EXPECT_EQ(ErrorCode::OK, Finish(update_params, ciphertext, "" /* signature */,
- &update_out_params, &plaintext));
- EXPECT_TRUE(update_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
EXPECT_EQ(message, plaintext);
}
@@ -3434,32 +3381,14 @@
.Authorization(TAG_MAC_LENGTH, 128);
AuthorizationSet begin_out_params;
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3);
-
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
- // No data, AAD only.
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
string ciphertext;
- int32_t input_consumed;
- AuthorizationSet update_out_params;
- EXPECT_EQ(ErrorCode::OK, Update(update_params, "" /* input */, &update_out_params, &ciphertext,
- &input_consumed));
- EXPECT_EQ(0U, input_consumed);
- EXPECT_EQ(0U, ciphertext.size());
- EXPECT_TRUE(update_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Update(message, &ciphertext));
+ EXPECT_EQ(ErrorCode::INVALID_TAG, UpdateAad("foo"));
- // AAD and data.
- EXPECT_EQ(ErrorCode::OK,
- Update(update_params, message, &update_out_params, &ciphertext, &input_consumed));
- EXPECT_EQ(message.size(), input_consumed);
- EXPECT_TRUE(update_out_params.empty());
-
- // More AAD
- EXPECT_EQ(ErrorCode::INVALID_TAG,
- Update(update_params, "", &update_out_params, &ciphertext, &input_consumed));
-
- op_.reset();
+ op_ = {};
}
/*
@@ -3481,28 +3410,21 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6);
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string ciphertext;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
// Grab nonce
begin_params.push_back(begin_out_params);
- finish_params = AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA,
- "barfoo" /* Wrong AAD */, (size_t)6);
-
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("barfoo"));
string plaintext;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
+ EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
}
/*
@@ -3524,25 +3446,22 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6);
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string ciphertext;
AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
// Wrong nonce
begin_params.push_back(TAG_NONCE, AidlBuf("123456789012"));
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string plaintext;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
+ EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
// With wrong nonce, should have gotten garbage plaintext (or none).
EXPECT_NE(message, plaintext);
@@ -3569,17 +3488,12 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
string ciphertext;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
- EXPECT_TRUE(finish_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
// Corrupt tag
++(*ciphertext.rbegin());
@@ -3589,10 +3503,9 @@
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
string plaintext;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
- EXPECT_TRUE(finish_out_params.empty());
+ EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
}
/*
@@ -3704,9 +3617,7 @@
begin_params.push_back(TAG_PADDING, PaddingMode::PKCS7);
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
string plaintext;
- int32_t input_consumed;
- EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(&plaintext));
}
@@ -4020,9 +3931,7 @@
.Authorization(TAG_NONCE, iv);
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
string plaintext;
- int32_t input_consumed;
- EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(&plaintext));
}
@@ -4046,10 +3955,8 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, input_params, &output_params));
string ciphertext;
- int32_t input_consumed;
for (size_t i = 0; i < message.size(); i += increment)
- EXPECT_EQ(ErrorCode::OK,
- Update(message.substr(i, increment), &ciphertext, &input_consumed));
+ EXPECT_EQ(ErrorCode::OK, Update(message.substr(i, increment), &ciphertext));
EXPECT_EQ(ErrorCode::OK, Finish(&ciphertext));
EXPECT_EQ(message.size(), ciphertext.size());
@@ -4062,8 +3969,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, input_params, &output_params));
string plaintext;
for (size_t i = 0; i < ciphertext.size(); i += increment)
- EXPECT_EQ(ErrorCode::OK,
- Update(ciphertext.substr(i, increment), &plaintext, &input_consumed));
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));
EXPECT_EQ(ErrorCode::OK, Finish(&plaintext));
EXPECT_EQ(ciphertext.size(), plaintext.size());
EXPECT_EQ(message, plaintext);
diff --git a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
index f87ca78..6c795f5 100644
--- a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
+++ b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
@@ -206,41 +206,15 @@
return std::move(builder);
}
- optional<string> Process(const string& message, const AuthorizationSet& /*in_params*/,
- AuthorizationSet* out_params, const string& signature = "") {
- static const int HIDL_BUFFER_LIMIT = 1 << 14; // 16KB
+ optional<string> Process(const string& message, const string& signature = "") {
ErrorCode result;
- // Update
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
string output;
- string aidl_output;
- int32_t input_consumed = 0;
- int32_t aidl_input_consumed = 0;
- while (message.length() - input_consumed > 0) {
- result = Update(update_params, message.substr(input_consumed, HIDL_BUFFER_LIMIT),
- &update_out_params, &aidl_output, &aidl_input_consumed);
- if (result != ErrorCode::OK) {
- error_ = result;
- return {};
- }
- output.append(aidl_output);
- input_consumed += aidl_input_consumed;
- aidl_output.clear();
- }
-
- // Finish
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- result = Finish(finish_params, message.substr(input_consumed), signature,
- &finish_out_params, &aidl_output);
+ result = Finish(message, signature, &output);
if (result != ErrorCode::OK) {
error_ = result;
return {};
}
- output.append(aidl_output);
- out_params->push_back(finish_out_params);
return output;
}
@@ -296,66 +270,36 @@
name_.assign(info.keyMintName.begin(), info.keyMintName.end());
}
- ErrorCode Finish(const AuthorizationSet& in_params, const string& input,
- const string& signature, AuthorizationSet* out_params, string* output) {
- Status result;
+ ErrorCode Finish(const string& input, const string& signature, string* output) {
if (!op_) {
std::cerr << "Finish: Operation is nullptr" << std::endl;
return ErrorCode::UNEXPECTED_NULL_POINTER;
}
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
-
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- std::optional<KeyParameterArray> out_keyParams;
- std::optional<vector<uint8_t>> o_put;
vector<uint8_t> oPut;
- result = op_->finish(in_keyParams, vector<uint8_t>(input.begin(), input.end()),
- vector<uint8_t>(signature.begin(), signature.end()), {}, {},
- &out_keyParams, &oPut);
+ Status result =
+ op_->finish(vector<uint8_t>(input.begin(), input.end()),
+ vector<uint8_t>(signature.begin(), signature.end()), {} /* authToken */,
+ {} /* timestampToken */, {} /* confirmationToken */, &oPut);
- if (result.isOk()) {
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
- output->append(oPut.begin(), oPut.end());
- }
+ if (result.isOk()) output->append(oPut.begin(), oPut.end());
+
op_.reset();
return GetReturnErrorCode(result);
}
- ErrorCode Update(const AuthorizationSet& in_params, const string& input,
- AuthorizationSet* out_params, string* output, int32_t* input_consumed) {
+ ErrorCode Update(const string& input, string* output) {
Status result;
if (!op_) {
std::cerr << "Update: Operation is nullptr" << std::endl;
return ErrorCode::UNEXPECTED_NULL_POINTER;
}
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
+ std::vector<uint8_t> o_put;
+ result = op_->update(vector<uint8_t>(input.begin(), input.end()), {} /* authToken */,
+ {} /* timestampToken */, &o_put);
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- std::optional<KeyParameterArray> out_keyParams;
- std::optional<ByteArray> o_put;
- result = op_->update(in_keyParams, vector<uint8_t>(input.begin(), input.end()), {}, {},
- &out_keyParams, &o_put, input_consumed);
-
- if (result.isOk()) {
- if (o_put) {
- output->append(o_put->data.begin(), o_put->data.end());
- }
-
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
- }
-
+ if (result.isOk() && output) *output = {o_put.begin(), o_put.end()};
return GetReturnErrorCode(result);
}
@@ -493,7 +437,7 @@
}
state.ResumeTiming();
out_params.Clear();
- if (!keymintTest->Process(message, in_params, &out_params)) {
+ if (!keymintTest->Process(message)) {
state.SkipWithError(("Sign error, " + std::to_string(keymintTest->getError())).c_str());
break;
}
@@ -516,7 +460,7 @@
("Error beginning sign, " + std::to_string(keymintTest->getError())).c_str());
return;
}
- std::optional<string> signature = keymintTest->Process(message, in_params, &out_params);
+ std::optional<string> signature = keymintTest->Process(message);
if (!signature) {
state.SkipWithError(("Sign error, " + std::to_string(keymintTest->getError())).c_str());
return;
@@ -534,7 +478,7 @@
return;
}
state.ResumeTiming();
- if (!keymintTest->Process(message, in_params, &out_params, *signature)) {
+ if (!keymintTest->Process(message, *signature)) {
state.SkipWithError(
("Verify error, " + std::to_string(keymintTest->getError())).c_str());
break;
@@ -612,7 +556,7 @@
}
out_params.Clear();
state.ResumeTiming();
- if (!keymintTest->Process(message, in_params, &out_params)) {
+ if (!keymintTest->Process(message)) {
state.SkipWithError(
("Encryption error, " + std::to_string(keymintTest->getError())).c_str());
break;
@@ -636,7 +580,7 @@
("Encryption begin error, " + std::to_string(keymintTest->getError())).c_str());
return;
}
- auto encryptedMessage = keymintTest->Process(message, in_params, &out_params);
+ auto encryptedMessage = keymintTest->Process(message);
if (!encryptedMessage) {
state.SkipWithError(
("Encryption error, " + std::to_string(keymintTest->getError())).c_str());
@@ -653,7 +597,7 @@
return;
}
state.ResumeTiming();
- if (!keymintTest->Process(*encryptedMessage, in_params, &out_params)) {
+ if (!keymintTest->Process(*encryptedMessage)) {
state.SkipWithError(
("Decryption error, " + std::to_string(keymintTest->getError())).c_str());
break;