commit d2cc8c2c5ed28edcba795cf1c6cdee7675481e18
author David Drysdale <drysdale@google.com> Thu Apr 15 13:29:45 2021 +0100
committer David Drysdale <drysdale@google.com> Fri Apr 30 19:15:39 2021 +0100
tree a9d1a83134cad577cb6a51d33e7b4718cf72174b
parent b5ee70f12558a7d4c25b35757647d0cd740526d8

More KeyMint VTS testcases

Tests for:
 - non-prime RSA exponent (fails with CF KeyMint)
 - RSA exponent value of 3
 - key size > 512 for `STRONGBOX`
 - unknown tag inclusion
 - CBC input size not block size multiple
 - challenge omitted for attestation (fails with CF KeyMint)
 - import RSA key with implicit params
 - vestigial upgradeKey test
 - importWrappedKey errors
 - importWrappedKey sids ignored
 - duplicate/missing params on begin()
 - more tests for incompatible params on begin()
 - HMAC size not multiple of 8 (fails with CF KeyMint)
 - wrong size caller IV for 3DES rejected
 - too large MIN_MAC_LENGTH for HMAC
 - invalid AES-GCM minimum MAC length values
 - check failed updateAad() cancels operation
 - check that auto-generated nonces are distinct
 - (DISABLED_) invoke destroyAttestationIds()
 - omitting optional RSA keygen tags

Also add commenting to illustrate the ASN.1 structure of hex data.

Test: VtsKeyMintAidlTargetTest
Change-Id: I4663c42671cbb094ffe8d603e0352ffa9f1dbf2e

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 88998d5..cb38938 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -95,13 +95,22 @@
 
     ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
                                const AuthorizationSet& wrapping_key_desc, string masking_key,
-                               const AuthorizationSet& unwrapping_params);
+                               const AuthorizationSet& unwrapping_params, int64_t password_sid,
+                               int64_t biometric_sid);
+    ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
+                               const AuthorizationSet& wrapping_key_desc, string masking_key,
+                               const AuthorizationSet& unwrapping_params) {
+        return ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, masking_key,
+                                unwrapping_params, 0 /* password_sid */, 0 /* biometric_sid */);
+    }
 
     ErrorCode DeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
     ErrorCode DeleteKey(bool keep_key_blob = false);
 
     ErrorCode DeleteAllKeys();
 
+    ErrorCode DestroyAttestationIds();
+
     void CheckedDeleteKey(vector<uint8_t>* key_blob, bool keep_key_blob = false);
     void CheckedDeleteKey();
 
@@ -166,6 +175,8 @@
                           const vector<uint8_t>& iv_in);
     string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
                           uint8_t mac_length_bits, const vector<uint8_t>& iv_in);
+    string EncryptMessage(const string& message, BlockMode block_mode, PaddingMode padding,
+                          uint8_t mac_length_bits);
 
     string DecryptMessage(const vector<uint8_t>& key_blob, const string& ciphertext,
                           const AuthorizationSet& params);
@@ -268,6 +279,7 @@
     uint32_t os_version_;
     uint32_t os_patch_level_;
     uint32_t vendor_patch_level_;
+    bool timestamp_token_required_;
 
     SecurityLevel securityLevel_;
     string name_;