commit d2cc8c2c5ed28edcba795cf1c6cdee7675481e18
author David Drysdale <drysdale@google.com> Thu Apr 15 13:29:45 2021 +0100
committer David Drysdale <drysdale@google.com> Fri Apr 30 19:15:39 2021 +0100
tree a9d1a83134cad577cb6a51d33e7b4718cf72174b
parent b5ee70f12558a7d4c25b35757647d0cd740526d8

More KeyMint VTS testcases

Tests for:
 - non-prime RSA exponent (fails with CF KeyMint)
 - RSA exponent value of 3
 - key size > 512 for `STRONGBOX`
 - unknown tag inclusion
 - CBC input size not block size multiple
 - challenge omitted for attestation (fails with CF KeyMint)
 - import RSA key with implicit params
 - vestigial upgradeKey test
 - importWrappedKey errors
 - importWrappedKey sids ignored
 - duplicate/missing params on begin()
 - more tests for incompatible params on begin()
 - HMAC size not multiple of 8 (fails with CF KeyMint)
 - wrong size caller IV for 3DES rejected
 - too large MIN_MAC_LENGTH for HMAC
 - invalid AES-GCM minimum MAC length values
 - check failed updateAad() cancels operation
 - check that auto-generated nonces are distinct
 - (DISABLED_) invoke destroyAttestationIds()
 - omitting optional RSA keygen tags

Also add commenting to illustrate the ASN.1 structure of hex data.

Test: VtsKeyMintAidlTargetTest
Change-Id: I4663c42671cbb094ffe8d603e0352ffa9f1dbf2e

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index f0dfff1..4789204 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -167,6 +167,7 @@
     securityLevel_ = info.securityLevel;
     name_.assign(info.keyMintName.begin(), info.keyMintName.end());
     author_.assign(info.keyMintAuthorName.begin(), info.keyMintAuthorName.end());
+    timestamp_token_required_ = info.timestampTokenRequired;
 
     os_version_ = getOsVersion();
     os_patch_level_ = getOsPatchlevel();
@@ -273,7 +274,8 @@
 ErrorCode KeyMintAidlTestBase::ImportWrappedKey(string wrapped_key, string wrapping_key,
                                                 const AuthorizationSet& wrapping_key_desc,
                                                 string masking_key,
-                                                const AuthorizationSet& unwrapping_params) {
+                                                const AuthorizationSet& unwrapping_params,
+                                                int64_t password_sid, int64_t biometric_sid) {
     EXPECT_EQ(ErrorCode::OK, ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key));
 
     key_characteristics_.clear();
@@ -282,8 +284,7 @@
     Status result = keymint_->importWrappedKey(
             vector<uint8_t>(wrapped_key.begin(), wrapped_key.end()), key_blob_,
             vector<uint8_t>(masking_key.begin(), masking_key.end()),
-            unwrapping_params.vector_data(), 0 /* passwordSid */, 0 /* biometricSid */,
-            &creationResult);
+            unwrapping_params.vector_data(), password_sid, biometric_sid, &creationResult);
 
     if (result.isOk()) {
         EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
@@ -332,6 +333,11 @@
     return GetReturnErrorCode(result);
 }
 
+ErrorCode KeyMintAidlTestBase::DestroyAttestationIds() {
+    Status result = keymint_->destroyAttestationIds();
+    return GetReturnErrorCode(result);
+}
+
 void KeyMintAidlTestBase::CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob) {
     ErrorCode result = DeleteKey(key_blob, keep_key_blob);
     EXPECT_TRUE(result == ErrorCode::OK || result == ErrorCode::UNIMPLEMENTED) << result << endl;
@@ -654,6 +660,18 @@
     return ciphertext;
 }
 
+string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode block_mode,
+                                           PaddingMode padding, uint8_t mac_length_bits) {
+    SCOPED_TRACE("EncryptMessage");
+    auto params = AuthorizationSetBuilder()
+                          .BlockMode(block_mode)
+                          .Padding(padding)
+                          .Authorization(TAG_MAC_LENGTH, mac_length_bits);
+    AuthorizationSet out_params;
+    string ciphertext = EncryptMessage(message, params, &out_params);
+    return ciphertext;
+}
+
 string KeyMintAidlTestBase::DecryptMessage(const vector<uint8_t>& key_blob,
                                            const string& ciphertext,
                                            const AuthorizationSet& params) {