- Generate RSA signing keys with combinations of digest modes [NONE,
MD5, SHA1, SHA_2_224, SHA_2_256, SHA_2_384, SHA_2_512] and padding
modes [NONE, RSA_PKCS1_1_5_SIGN, RSA_PSS]. Should be able to
create operations using these keys except in below cases.
- when padding mode is RSA_PSS and digest mode is NONE
- when padding mode is NONE and digest is other than NONE.
- Generate RSA encrypt/decrypt keys with OAEP padding mode, combinations
of digests [MD5, SHA1, SHA_2_224, SHA_2_256, SHA_2_384, SHA_2_512] and
mgf-digests [MD5, SHA1, SHA_2_224, SHA_2_256, SHA_2_384, SHA_2_512].
Should be able to create operations with these generated keys
successfully.
- Generate RSA encrypt/decrypt keys with combinations of padding modes
[NONE, RSA_PKCS1_1_5_ENCRYPT, RSA_OAEP], digests [NONE, MD5, SHA1,
SHA_2_224, SHA_2_256, SHA_2_384, SHA_2_512]. Should be able to create
operations with these generated keys successfully except in below case
- with padding mode RSA_OAEP and digest mode NONE an error is
expected.
- Generate RSA encrypt/decrypt keys with padding modes [NONE,
RSA_PKCS1_1_5_ENCRYPT, RSA_OAEP] and without digests. Should be able
to create operations with these generated keys successfully.
- Generate RSA keys without padding modes and digest modes. Creation of
an operation should fail with unsupported padding mode error.
- Tests to validate failure of generating RSA keys with incompatible
purpose, unsupported purpose, unsupported padding mode, unsupported
digest and unsupported key sizes.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I16843932cc170d0e820208f558587aacf13b9272
Test 1: Should fail to generate a key with domain not listed
in keystore2::Domain.
Test 2: Should fail to generate a EC key without providing curve.
Test 3: Should fail to generate a EC key with 25519 curve having
sign and agree_key purposes.
Test 4: Generate a EC keys with `NONE, MD5, SHA1, SHA-2 224,
SHA-2 256, SHA-2 384 and SHA-2 512` digest modes and P_224,
P_256, P_384, P_521 ec curves combinations. Should be able
to create operations with these keys successfully for all
digest modes except NONE and MD5.
Test 5: Generate a EC key with curve CURVE_25519 and digest mode NONE.
Should be able to create an operation with digest mode NONE.
Test 6: Generate a EC keys with curve CURVE_25519 and digest modes
`MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
combinations. Creation of an operation should fail with
unsupported digest error.
Test 7: Should fail to create an operation with incompatible digest
mode in key authorizations.
Test 8: Test for key owner validation. Generate a key in one user and
try to use it in another user context where it should fail to
load the key as it doesn't own the key generated by prior user.
Test 9: Generate a key with Domain::BLOB. Verify that key descriptor
holds the key blob. Try to use this key to perform an operation
successfully.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I8b923cfdd9dbd50d1ebaab03560e9378ede7cdee
Verify that the clients (for ex: clients with `vold` context) with
`req_forced_op` permission are allowed to create forced (unpruneable)
operations otherwise the creation of forced operation is denied.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I73d85ac127274e623095e233368b0211f6738d6e
- Forced operation creation with all slots filled with normal operations
- Forced operation creation with all slots filled with forced operations
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I493ea1c25d09597c44add430a20b5ca9c983e8d3
Creates multiple child procs and creates opearations in it and
parent proc waits for all child procs operations status, expects
one or more opearations to fail with backeend busy error.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I52f95a7cfd031d80c88bfc2ca478a26572f40150
- authorizations: helper struct to create set of key authorizations
- key_generations: helper methods to generate various keys.
Test: N/A
Change-Id: I23250838b7b6d8ad59f5ef8682861a07e856299f
This CL adds run_as_child which starts a child asynchronously and
returns a handle that allows waiting for and communicating with the
child process.
Test: keystore2_test_utils_test
Change-Id: Ibde858f249c94295b5f1c0c0cb29b8a98fb98a3a
The run_as function allows a test with sufficient privileges to run a
closure as different identity given by a tuple of UID, GID, and SELinux
context. This is infrastructure in preparation for the keystore2 vts
test.
Test: keystore2_test_utils_test
Bug: 182508302
Change-Id: Ic1923028e5bc4ca4b1112e34669d52687450fd14
