Merge "Verify that imported keys have the correct characteristics." am: a5468b5127

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2086763

Change-Id: I30b0f08cbfba52a0607f36f22747b7bf48e5fd28
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2022-06-27 21:23:47 +00:00 committed by Automerger Merge Worker
commit 820eda6b7f

View file

@ -613,7 +613,7 @@ bool matching_rp_instance(const string& km_name,
class NewKeyGenerationTest : public KeyMintAidlTestBase { class NewKeyGenerationTest : public KeyMintAidlTestBase {
protected: protected:
void CheckBaseParams(const vector<KeyCharacteristics>& keyCharacteristics) { void CheckBaseParams(const vector<KeyCharacteristics>& keyCharacteristics) {
AuthorizationSet auths = CheckCommonParams(keyCharacteristics); AuthorizationSet auths = CheckCommonParams(keyCharacteristics, KeyOrigin::GENERATED);
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN)); EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN));
// Check that some unexpected tags/values are NOT present. // Check that some unexpected tags/values are NOT present.
@ -622,20 +622,21 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase {
} }
void CheckSymmetricParams(const vector<KeyCharacteristics>& keyCharacteristics) { void CheckSymmetricParams(const vector<KeyCharacteristics>& keyCharacteristics) {
AuthorizationSet auths = CheckCommonParams(keyCharacteristics); AuthorizationSet auths = CheckCommonParams(keyCharacteristics, KeyOrigin::GENERATED);
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::ENCRYPT)); EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::ENCRYPT));
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::DECRYPT)); EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::DECRYPT));
EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN)); EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN));
} }
AuthorizationSet CheckCommonParams(const vector<KeyCharacteristics>& keyCharacteristics) { AuthorizationSet CheckCommonParams(const vector<KeyCharacteristics>& keyCharacteristics,
const KeyOrigin expectedKeyOrigin) {
// TODO(swillden): Distinguish which params should be in which auth list. // TODO(swillden): Distinguish which params should be in which auth list.
AuthorizationSet auths; AuthorizationSet auths;
for (auto& entry : keyCharacteristics) { for (auto& entry : keyCharacteristics) {
auths.push_back(AuthorizationSet(entry.authorizations)); auths.push_back(AuthorizationSet(entry.authorizations));
} }
EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::GENERATED)); EXPECT_TRUE(auths.Contains(TAG_ORIGIN, expectedKeyOrigin));
// Verify that App data, ROT and auth timeout are NOT included. // Verify that App data, ROT and auth timeout are NOT included.
EXPECT_FALSE(auths.Contains(TAG_ROOT_OF_TRUST)); EXPECT_FALSE(auths.Contains(TAG_ROOT_OF_TRUST));
@ -3801,7 +3802,7 @@ typedef KeyMintAidlTestBase ExportKeyTest;
// TODO(seleneh) add ExportKey to GenerateKey // TODO(seleneh) add ExportKey to GenerateKey
// check result // check result
class ImportKeyTest : public KeyMintAidlTestBase { class ImportKeyTest : public NewKeyGenerationTest {
public: public:
template <TagType tag_type, Tag tag, typename ValueT> template <TagType tag_type, Tag tag, typename ValueT>
void CheckCryptoParam(TypedTag<tag_type, tag> ttag, ValueT expected) { void CheckCryptoParam(TypedTag<tag_type, tag> ttag, ValueT expected) {
@ -4511,6 +4512,65 @@ TEST_P(ImportKeyTest, HmacKeySuccess) {
VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
} }
/*
* ImportKeyTest.GetKeyCharacteristics
*
* Verifies that imported keys have the correct characteristics.
*/
TEST_P(ImportKeyTest, GetKeyCharacteristics) {
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
auto base_builder = AuthorizationSetBuilder()
.Padding(PaddingMode::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
.SetDefaultValidity();
vector<Algorithm> algorithms = {Algorithm::RSA, Algorithm::EC, Algorithm::HMAC, Algorithm::AES,
Algorithm::TRIPLE_DES};
ErrorCode result;
string symKey = hex2str("a49d7564199e97cb529d2c9d97bf2f98"); // 128 bits
string tdesKey = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358"); // 192 bits
for (auto alg : algorithms) {
SCOPED_TRACE(testing::Message() << "Algorithm-" << alg);
AuthorizationSetBuilder builder(base_builder);
switch (alg) {
case Algorithm::RSA:
builder.RsaSigningKey(2048, 65537).Digest(Digest::NONE);
result = ImportKey(builder, KeyFormat::PKCS8, rsa_2048_key, &key_blob,
&key_characteristics);
break;
case Algorithm::EC:
builder.EcdsaSigningKey(EcCurve::P_256).Digest(Digest::NONE);
result = ImportKey(builder, KeyFormat::PKCS8, ec_256_key, &key_blob,
&key_characteristics);
break;
case Algorithm::HMAC:
builder.HmacKey(128)
.Digest(Digest::SHA_2_256)
.Authorization(TAG_MIN_MAC_LENGTH, 128);
result =
ImportKey(builder, KeyFormat::RAW, symKey, &key_blob, &key_characteristics);
break;
case Algorithm::AES:
builder.AesEncryptionKey(128).BlockMode(BlockMode::ECB);
result =
ImportKey(builder, KeyFormat::RAW, symKey, &key_blob, &key_characteristics);
break;
case Algorithm::TRIPLE_DES:
builder.TripleDesEncryptionKey(168).BlockMode(BlockMode::ECB);
result = ImportKey(builder, KeyFormat::RAW, tdesKey, &key_blob,
&key_characteristics);
break;
default:
ADD_FAILURE() << "Invalid Algorithm " << uint32_t(alg);
continue;
}
ASSERT_EQ(ErrorCode::OK, result);
CheckCharacteristics(key_blob, key_characteristics);
CheckCommonParams(key_characteristics, KeyOrigin::IMPORTED);
}
}
INSTANTIATE_KEYMINT_AIDL_TEST(ImportKeyTest); INSTANTIATE_KEYMINT_AIDL_TEST(ImportKeyTest);
auto wrapped_key = hex2str( auto wrapped_key = hex2str(