commit 4c6193c217b88777a85191e8b5d099e017591dfe
author Rajesh Nyamagoud <nyamagoud@google.com> Thu Feb 03 01:15:34 2022 +0000
committer Rajesh Nyamagoud <nyamagoud@google.com> Wed Aug 31 18:22:08 2022 +0000
tree 784623c2f446aa586bff0d61de25a35985c5bc9f
parent 6ec53e3489dc7a24b72c5fadeaad60a6c04610d4

Added HMAC key generation tests.

- Generate HMAC keys with digest modes [SHA1, SHA_2_224, SHA_2_256,
  SHA_2_384, SHA_2_512], should be able to create operations using
  generated keys successfully.

- Try to generate HAMC keys with key size in the range 0..513. For
  invalid key size, key generation should fail with an error code
  `UNSUPPORTED_KEY_SIZE`.

- Generate HMAC keys with min-mac-lengths in the range 0..257. For
  invalid min-mac-length, key generation should fail with an error
  code `UNSUPPORTED_MIN_MAC_LENGTH`.

- Try to generate HMAC key with multiple digest modes, key generation
  should fail with an error code `UNSUPPORTED_DIGEST`.

- Try to generate HMAC key without providing digest mode, key
  generation should fail with an error code `UNSUPPORTED_DIGEST`.

- Try to generate HMAC key with digest mode `NONE`, key
  generation should fail with an error code `UNSUPPORTED_DIGEST`.

- Generate HMAC key with min-mac-length of 128 bits and digests
  [SHA1, SHA-2-224], try to create operations with mac-len greater than
  digest lengths. Test should fail to create an operation with an error
  code `UNSUPPORTED_MAC_LENGTH`.

- Generate HMAC key with min-mac-length of 128 bits and digests
  [SHA1, SHA-2-224], try to create operations with mac-len less than
  min-mac-length. Test should fail to create an operation with an error
  code `INVALID_MAC_LENGTH`.

Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I594c9718b0f6a67f2655faca4bf100abf2ced3a3

keystore2/test_utils/key_generations.rs

diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs
index c25d928..17d8914 100644
--- a/keystore2/test_utils/key_generations.rs
+++ b/keystore2/test_utils/key_generations.rs
@@ -297,3 +297,42 @@
     assert!(key_metadata.certificateChain.is_none());
     Ok(key_metadata)
 }
+
+/// Generate HMAC key.
+pub fn generate_hmac_key(
+    sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>,
+    alias: &str,
+    key_size: i32,
+    min_mac_len: i32,
+    digest: Digest,
+) -> binder::Result<KeyMetadata> {
+    let gen_params = AuthSetBuilder::new()
+        .no_auth_required()
+        .algorithm(Algorithm::HMAC)
+        .purpose(KeyPurpose::SIGN)
+        .purpose(KeyPurpose::VERIFY)
+        .key_size(key_size)
+        .min_mac_length(min_mac_len)
+        .digest(digest);
+
+    let key_metadata = sec_level.generateKey(
+        &KeyDescriptor {
+            domain: Domain::APP,
+            nspace: -1,
+            alias: Some(alias.to_string()),
+            blob: None,
+        },
+        None,
+        &gen_params,
+        0,
+        b"entropy",
+    )?;
+
+    // Should not have public certificate.
+    assert!(key_metadata.certificate.is_none());
+
+    // Should not have an attestation record.
+    assert!(key_metadata.certificateChain.is_none());
+
+    Ok(key_metadata)
+}